diff options
author | Elliott Hughes <enh@google.com> | 2018-03-01 00:30:00 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-03-01 00:30:00 +0000 |
commit | 0c6d81f80bf942993566564f6efb1de2ab1d836b (patch) | |
tree | ba15caf6905acc99ac3fbab158d7bf2fb0364a21 /lib/vtls/openssl.c | |
parent | f9711a93659ab05f72b38dbdfbc475b797042693 (diff) | |
parent | 0128fe4043cdbb72cc0c5b8f817749e3f89a7b36 (diff) | |
download | android_external_curl-0c6d81f80bf942993566564f6efb1de2ab1d836b.tar.gz android_external_curl-0c6d81f80bf942993566564f6efb1de2ab1d836b.tar.bz2 android_external_curl-0c6d81f80bf942993566564f6efb1de2ab1d836b.zip |
Merge "Update to 7.58.0 - January 24 2018."
Diffstat (limited to 'lib/vtls/openssl.c')
-rw-r--r-- | lib/vtls/openssl.c | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 7b04edf..93faa6f 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,9 +34,7 @@ #ifdef USE_OPENSSL -#ifdef HAVE_LIMITS_H #include <limits.h> -#endif #include "urldata.h" #include "sendf.h" @@ -68,12 +66,7 @@ #include <openssl/rsa.h> #include <openssl/bio.h> #include <openssl/buffer.h> - -#ifndef OPENSSL_IS_BORINGSSL -/* BoringSSL does not support PKCS12 */ -#define HAVE_PKCS12_SUPPORT 1 #include <openssl/pkcs12.h> -#endif #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP) #include <openssl/ocsp.h> @@ -182,6 +175,8 @@ static unsigned long OpenSSL_version_num(void) "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH" #endif +#define ENABLE_SSLKEYLOGFILE + #ifdef ENABLE_SSLKEYLOGFILE typedef struct ssl_tap_state { int master_key_length; @@ -264,11 +259,11 @@ static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state) if(!session || !keylog_file_fp) return; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that * we have a valid SSL context if we have a non-NULL session. */ SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); - master_key_length = + master_key_length = (int) SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH); #else if(ssl->s3 && session->master_key_length > 0) { @@ -654,7 +649,6 @@ int cert_stuff(struct connectdata *conn, case SSL_FILETYPE_PKCS12: { -#ifdef HAVE_PKCS12_SUPPORT FILE *f; PKCS12 *p12; EVP_PKEY *pri; @@ -741,10 +735,6 @@ int cert_stuff(struct connectdata *conn, if(!cert_done) return 0; /* failure! */ break; -#else - failf(data, "file type P12 for certificate not supported"); - return 0; -#endif } default: failf(data, "not supported file type '%s' for certificate", cert_type); @@ -914,7 +904,7 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) static int Curl_ossl_init(void) { #ifdef ENABLE_SSLKEYLOGFILE - const char *keylog_file_name; + char *keylog_file_name; #endif OPENSSL_load_builtin_modules(); @@ -954,14 +944,22 @@ static int Curl_ossl_init(void) #endif #ifdef ENABLE_SSLKEYLOGFILE - keylog_file_name = curl_getenv("SSLKEYLOGFILE"); - if(keylog_file_name && !keylog_file_fp) { - keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); - if(keylog_file_fp) { - if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) { - fclose(keylog_file_fp); - keylog_file_fp = NULL; + if(!keylog_file_fp) { + keylog_file_name = curl_getenv("SSLKEYLOGFILE"); + if(keylog_file_name) { + keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); + if(keylog_file_fp) { +#ifdef WIN32 + if(setvbuf(keylog_file_fp, NULL, _IONBF, 0)) +#else + if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) +#endif + { + fclose(keylog_file_fp); + keylog_file_fp = NULL; + } } + Curl_safefree(keylog_file_name); } } #endif @@ -2415,8 +2413,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */ #if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK) - if(keylog_file) { - SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback); + if(keylog_file_fp) { + SSL_CTX_set_keylog_callback(BACKEND->ctx, ossl_keylog_callback); } #endif @@ -3393,12 +3391,13 @@ static bool Curl_ossl_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex]; - if(BACKEND->handle) - /* SSL is in use */ - return (0 != SSL_pending(BACKEND->handle) || - (proxyssl->backend->handle && - 0 != SSL_pending(proxyssl->backend->handle))) ? - TRUE : FALSE; + + if(connssl->backend->handle && SSL_pending(connssl->backend->handle)) + return TRUE; + + if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle)) + return TRUE; + return FALSE; } |