OS400: sync RPG wrapper, zlib support, fix header file names, ...

#define SEND_TYPE_RETV int

#define SEND_TYPE_RETV int

/* Define to use the QsoSSL package. */

/* Define to use the QsoSSL package. */

#define USE_QSOSSL

#undef USE_QSOSSL

/* Define to use the GSKit package. */

/* Define to use the GSKit package. */

#undef USE_GSKIT

#define USE_GSKIT

/* Use the system keyring as the default CA bundle. */

/* Use the system keyring as the default CA bundle. */

#define CURL_CA_BUNDLE  "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"

#define CURL_CA_BUNDLE  "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"

#define GSK_SSL_EXTN_SERVERNAME_REQUEST         230

#define GSK_SSL_EXTN_SERVERNAME_REQUEST         230

#endif

#endif

#ifndef GSK_TLSV10_CIPHER_SPECS

#define GSK_TLSV10_CIPHER_SPECS                 236

#endif

#ifndef GSK_TLSV11_CIPHER_SPECS

#define GSK_TLSV11_CIPHER_SPECS                 237

#endif

#ifndef GSK_TLSV12_CIPHER_SPECS

#define GSK_TLSV12_CIPHER_SPECS                 238

#endif

#ifndef GSK_PROTOCOL_TLSV11

#define GSK_PROTOCOL_TLSV11                     437

#endif

#ifndef GSK_PROTOCOL_TLSV12

#define GSK_PROTOCOL_TLSV12                     438

#endif

#ifndef GSK_FALSE

#define GSK_FALSE                               0

#endif

#ifndef GSK_TRUE

#define GSK_TRUE                                1

#endif

#ifdef HAVE_LIMITS_H

#ifdef HAVE_LIMITS_H

#  include <limits.h>

#  include <limits.h>

#endif

#endif

#include "memdebug.h"

#include "memdebug.h"

/* SSL version flags. */

#define CURL_GSKPROTO_SSLV2     0

#define CURL_GSKPROTO_SSLV2_MASK        (1 << CURL_GSKPROTO_SSLV2)

#define CURL_GSKPROTO_SSLV3     1

#define CURL_GSKPROTO_SSLV3_MASK        (1 << CURL_GSKPROTO_SSLV3)

#define CURL_GSKPROTO_TLSV10    2

#define CURL_GSKPROTO_TLSV10_MASK        (1 << CURL_GSKPROTO_TLSV10)

#define CURL_GSKPROTO_TLSV11    3

#define CURL_GSKPROTO_TLSV11_MASK        (1 << CURL_GSKPROTO_TLSV11)

#define CURL_GSKPROTO_TLSV12    4

#define CURL_GSKPROTO_TLSV12_MASK        (1 << CURL_GSKPROTO_TLSV12)

#define CURL_GSKPROTO_LAST      5

/* Supported ciphers. */

/* Supported ciphers. */

typedef struct {

typedef struct {

  const char *  name;           /* Cipher name. */

  const char *  name;           /* Cipher name. */

  const char *  gsktoken;       /* Corresponding token for GSKit String. */

  const char *  gsktoken;       /* Corresponding token for GSKit String. */

  int           sslver;         /* SSL version. */

  unsigned int  versions;       /* SSL version flags. */

}  gskit_cipher;

}  gskit_cipher;

static const gskit_cipher  ciphertable[] = {

static const gskit_cipher  ciphertable[] = {

  { "null-md5",         "01",   CURL_SSLVERSION_SSLv3 },

  { "null-md5",         "01",

  { "null-sha",         "02",   CURL_SSLVERSION_SSLv3 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

  { "exp-rc4-md5",      "03",   CURL_SSLVERSION_SSLv3 },

      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },

  { "rc4-md5",          "04",   CURL_SSLVERSION_SSLv3 },

  { "null-sha",         "02",

  { "rc4-sha",          "05",   CURL_SSLVERSION_SSLv3 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

  { "exp-rc2-cbc-md5",  "06",   CURL_SSLVERSION_SSLv3 },

      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },

  { "exp-des-cbc-sha",  "09",   CURL_SSLVERSION_SSLv3 },

  { "exp-rc4-md5",      "03",

  { "des-cbc3-sha",     "0A",   CURL_SSLVERSION_SSLv3 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },

  { "aes128-sha",       "2F",   CURL_SSLVERSION_TLSv1 },

  { "rc4-md5",          "04",

  { "aes256-sha",       "35",   CURL_SSLVERSION_TLSv1 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

  { "rc4-md5",          "1",    CURL_SSLVERSION_SSLv2 },

      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },

  { "exp-rc4-md5",      "2",    CURL_SSLVERSION_SSLv2 },

  { "rc4-sha",          "05",

  { "rc2-md5",          "3",    CURL_SSLVERSION_SSLv2 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

  { "exp-rc2-md5",      "4",    CURL_SSLVERSION_SSLv2 },

      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },

  { "des-cbc-md5",      "6",    CURL_SSLVERSION_SSLv2 },

  { "exp-rc2-cbc-md5",  "06",

  { "des-cbc3-md5",     "7",    CURL_SSLVERSION_SSLv2 },

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },

  { "exp-des-cbc-sha",  "09",

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

      CURL_GSKPROTO_TLSV11_MASK },

  { "des-cbc3-sha",     "0A",

      CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

      CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },

  { "aes128-sha",       "2F",

      CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |

      CURL_GSKPROTO_TLSV12_MASK },

  { "aes256-sha",       "35",

      CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |

      CURL_GSKPROTO_TLSV12_MASK },

  { "null-sha256",      "3B",   CURL_GSKPROTO_TLSV12_MASK },

  { "aes128-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },

  { "aes256-sha256",    "3D",   CURL_GSKPROTO_TLSV12_MASK },

  { "rc4-md5",          "1",    CURL_GSKPROTO_SSLV2_MASK },

  { "exp-rc4-md5",      "2",    CURL_GSKPROTO_SSLV2_MASK },

  { "rc2-md5",          "3",    CURL_GSKPROTO_SSLV2_MASK },

  { "exp-rc2-md5",      "4",    CURL_GSKPROTO_SSLV2_MASK },

  { "des-cbc-md5",      "6",    CURL_GSKPROTO_SSLV2_MASK },

  { "des-cbc3-md5",     "7",    CURL_GSKPROTO_SSLV2_MASK },

  { (const char *) NULL, (const char *) NULL, 0       }

  { (const char *) NULL, (const char *) NULL, 0       }

};

};

}

}

static CURLcode set_enum(struct SessionHandle * data,

static CURLcode set_enum(struct SessionHandle * data, gsk_handle h,

                         gsk_handle h, GSK_ENUM_ID id, GSK_ENUM_VALUE value)

                GSK_ENUM_ID id, GSK_ENUM_VALUE value, bool unsupported_ok)

{

{

  int rc = gsk_attribute_set_enum(h, id, value);

  int rc = gsk_attribute_set_enum(h, id, value);

  case GSK_ERROR_IO:

  case GSK_ERROR_IO:

    failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno));

    failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno));

    break;

    break;

  case GSK_ATTRIBUTE_INVALID_ID:

    if(unsupported_ok)

      return CURLE_UNSUPPORTED_PROTOCOL;

  default:

  default:

    failf(data, "gsk_attribute_set_enum(): %s", gsk_strerror(rc));

    failf(data, "gsk_attribute_set_enum(): %s", gsk_strerror(rc));

    break;

    break;

}

}

static CURLcode set_buffer(struct SessionHandle * data,

static CURLcode set_buffer(struct SessionHandle * data, gsk_handle h,

                           gsk_handle h, GSK_BUF_ID id, const char * buffer)

                        GSK_BUF_ID id, const char * buffer, bool unsupported_ok)

{

{

  int rc = gsk_attribute_set_buffer(h, id, buffer, 0);

  int rc = gsk_attribute_set_buffer(h, id, buffer, 0);

  case GSK_ERROR_IO:

  case GSK_ERROR_IO:

    failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));

    failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));

    break;

    break;

  case GSK_ATTRIBUTE_INVALID_ID:

    if(unsupported_ok)

      return CURLE_UNSUPPORTED_PROTOCOL;

  default:

  default:

    failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));

    failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));

    break;

    break;

}

}

static CURLcode set_ciphers(struct SessionHandle * data, gsk_handle h)

static CURLcode set_ciphers(struct SessionHandle * data,

                                        gsk_handle h, unsigned int * protoflags)

{

{

  const char * cipherlist = data->set.str[STRING_SSL_CIPHER_LIST];

  const char * cipherlist = data->set.str[STRING_SSL_CIPHER_LIST];

  char * sslv2ciphers;

  char * sslv3ciphers;

  const char * clp;

  const char * clp;

  const gskit_cipher * ctp;

  const gskit_cipher * ctp;

  char * v2p;

  char * v3p;

  int i;

  int i;

  int l;

  bool unsupported;

  CURLcode cc;

  CURLcode cc;

  struct {

    char * buf;

    char * ptr;

  } ciphers[CURL_GSKPROTO_LAST];

  /* Compile cipher list into GSKit-compatible cipher lists. */

  /* Compile cipher list into GSKit-compatible cipher lists. */

  /* We allocate GSKit buffers of the same size as the input string: since

  /* We allocate GSKit buffers of the same size as the input string: since

     GSKit tokens are always shorter than their cipher names, allocated buffers

     GSKit tokens are always shorter than their cipher names, allocated buffers

     will always be large enough to accomodate the result. */

     will always be large enough to accomodate the result. */

  i = strlen(cipherlist) + 1;

  l = strlen(cipherlist) + 1;

  v2p = malloc(i);

  memset((char *) ciphers, 0, sizeof ciphers);

  if(!v2p)

  for(i = 0; i < CURL_GSKPROTO_LAST; i++) {

    return CURLE_OUT_OF_MEMORY;

    ciphers[i].buf = malloc(l);

  v3p = malloc(i);

    if(!ciphers[i].buf) {

  if(!v3p) {

      while(i--)

    free(v2p);

        free(ciphers[i].buf);

      return CURLE_OUT_OF_MEMORY;

      return CURLE_OUT_OF_MEMORY;

    }

    }

  sslv2ciphers = v2p;

    ciphers[i].ptr = ciphers[i].buf;

  sslv3ciphers = v3p;

    *ciphers[i].ptr = '\0';

  }

  /* Process each cipher in input string. */

  /* Process each cipher in input string. */

  unsupported = FALSE;

  cc = CURLE_OK;

  for(;;) {

  for(;;) {

    for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)

    for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)

      cipherlist++;

      cipherlist++;

    i = cipherlist - clp;

    l = cipherlist - clp;

    if(!i)

    if(!l)

      break;

      break;

    /* Search the cipher in our table. */

    /* Search the cipher in our table. */

    for(ctp = ciphertable; ctp->name; ctp++)

    for(ctp = ciphertable; ctp->name; ctp++)

      if(strnequal(ctp->name, clp, i) && !ctp->name[i])

      if(strnequal(ctp->name, clp, l) && !ctp->name[l])

        break;

        break;

    if(!ctp->name)

    if(!ctp->name) {

      failf(data, "Unknown cipher %.*s: ignored", i, clp);

      failf(data, "Unknown cipher %.*s", l, clp);

      cc = CURLE_SSL_CIPHER;

    }

    else {

    else {

      switch (ctp->sslver) {

      unsupported |= !(ctp->versions & (CURL_GSKPROTO_SSLV2_MASK |

      case CURL_SSLVERSION_SSLv2:

                        CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK));

        strcpy(v2p, ctp->gsktoken);

      for(i = 0; i < CURL_GSKPROTO_LAST; i++) {

        v2p += strlen(v2p);

        if(ctp->versions & (1 << i)) {

        break;

          strcpy(ciphers[i].ptr, ctp->gsktoken);

      default:

          ciphers[i].ptr += strlen(ctp->gsktoken);

        /* GSKit wants TLSv1 ciphers with SSLv3 ciphers. */

        }

        strcpy(v3p, ctp->gsktoken);

        v3p += strlen(v3p);

        break;

      }

      }

    }

    }

    while(is_separator(*cipherlist))

    while(is_separator(*cipherlist))

      cipherlist++;

      cipherlist++;

  }

  }

  *v2p = '\0';

  *v3p = '\0';

  /* Disable protocols with empty cipher lists. */

  cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS, sslv2ciphers);

  for(i = 0; i < CURL_GSKPROTO_LAST; i++) {

  if(cc == CURLE_OK)

    if(!(*protoflags & (1 << i)) || !ciphers[i].buf[0]) {

    cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS, sslv3ciphers);

      *protoflags &= ~(1 << i);

  free(sslv2ciphers);

      ciphers[i].buf[0] = '\0';

  free(sslv3ciphers);

    }

  }

  /* Try to set-up TLSv1.1 and TLSv2.1 ciphers. */

  if(*protoflags & CURL_GSKPROTO_TLSV11_MASK) {

    cc = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS,

                    ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE);

    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {

      cc = CURLE_OK;

      if(unsupported) {

        failf(data, "TLSv1.1-only ciphers are not yet supported");

        cc = CURLE_SSL_CIPHER;

      }

    }

  }

  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) {

    cc = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS,

                    ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE);

    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {

      cc = CURLE_OK;

      if(unsupported) {

        failf(data, "TLSv1.2-only ciphers are not yet supported");

        cc = CURLE_SSL_CIPHER;

      }

    }

  }

  /* Try to set-up TLSv1.0 ciphers. If not successful, concatenate them to

     the SSLv3 ciphers. OS/400 prior to version 7.1 will understand it. */

  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) {

    cc = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS,

                    ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE);

    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {

      cc = CURLE_OK;

      strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr,

             ciphers[CURL_GSKPROTO_TLSV10].ptr);

    }

  }

  /* Set-up other ciphers. */

  if(cc == CURLE_OK &&  (*protoflags & CURL_GSKPROTO_SSLV3_MASK))

    cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS,

                    ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE);

  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_SSLV2_MASK))

    cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS,

                    ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE);

  /* Clean-up. */

  for(i = 0; i < CURL_GSKPROTO_LAST; i++)

    free(ciphers[i].buf);

  return cc;

  return cc;

}

}

    return CURLE_SSL_CONNECT_ERROR;

    return CURLE_SSL_CONNECT_ERROR;

  }

  }

  c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION);

  c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE);

  if(c == CURLE_OK && appid)

  if(c == CURLE_OK && appid)

    c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid);

    c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE);

  if(c == CURLE_OK && file)

  if(c == CURLE_OK && file)

    c = set_buffer(data, h, GSK_KEYRING_FILE, file);

    c = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE);

  if(c == CURLE_OK && label)

  if(c == CURLE_OK && label)

    c = set_buffer(data, h, GSK_KEYRING_LABEL, label);

    c = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE);

  if(c == CURLE_OK && password)

  if(c == CURLE_OK && password)

    c = set_buffer(data, h, GSK_KEYRING_PW, password);

    c = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE);

  if(c == CURLE_OK) {

  if(c == CURLE_OK) {

    /* Locate CAs, Client certificate and key according to our settings.

    /* Locate CAs, Client certificate and key according to our settings.

  char * keyringfile;

  char * keyringfile;

  char * keyringpwd;

  char * keyringpwd;

  char * keyringlabel;

  char * keyringlabel;

  char * v2ciphers;

  char * v3ciphers;

  char * sni;

  char * sni;

  bool sslv2enable, sslv3enable, tlsv1enable;

  unsigned int protoflags;

  long timeout;

  long timeout;

  Qso_OverlappedIO_t commarea;

  Qso_OverlappedIO_t commarea;

    return cc;

    return cc;

  /* Determine which SSL/TLS version should be enabled. */

  /* Determine which SSL/TLS version should be enabled. */

  sslv2enable = sslv3enable = tlsv1enable = false;

  protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |

               CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;

  sni = conn->host.name;

  sni = conn->host.name;

  switch (data->set.ssl.version) {

  switch (data->set.ssl.version) {

  case CURL_SSLVERSION_SSLv2:

  case CURL_SSLVERSION_SSLv2:

    sslv2enable = true;

    protoflags = CURL_GSKPROTO_SSLV2_MASK;

    sni = (char *) NULL;

    sni = (char *) NULL;

    break;

    break;

  case CURL_SSLVERSION_SSLv3:

  case CURL_SSLVERSION_SSLv3:

    sslv3enable = true;

    protoflags = CURL_GSKPROTO_SSLV2_MASK;

    sni = (char *) NULL;

    sni = (char *) NULL;

    break;

    break;

  case CURL_SSLVERSION_TLSv1:

  case CURL_SSLVERSION_TLSv1:

    protoflags = CURL_GSKPROTO_TLSV10_MASK |

                 CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;

    break;

  case CURL_SSLVERSION_TLSv1_0:

  case CURL_SSLVERSION_TLSv1_0:

    tlsv1enable = true;

    protoflags = CURL_GSKPROTO_TLSV10_MASK;

    break;

    break;

  case CURL_SSLVERSION_TLSv1_1:

  case CURL_SSLVERSION_TLSv1_1:

    failf(data, "GSKit doesn't support TLS 1.1!");

    protoflags = CURL_GSKPROTO_TLSV11_MASK;

    cc = CURLE_SSL_CONNECT_ERROR;

    break;

    break;

  case CURL_SSLVERSION_TLSv1_2:

  case CURL_SSLVERSION_TLSv1_2:

    failf(data, "GSKit doesn't support TLS 1.2!");

    protoflags = CURL_GSKPROTO_TLSV12_MASK;

    cc = CURLE_SSL_CONNECT_ERROR;

    break;

  default:              /* CURL_SSLVERSION_DEFAULT. */

    sslv3enable = true;

    tlsv1enable = true;

    break;

    break;

  }

  }

  /* Process SNI. Ignore if not supported (on OS400 < V7R1). */

  /* Process SNI. Ignore if not supported (on OS400 < V7R1). */

  if(sni) {

  if(sni) {

    rc = gsk_attribute_set_buffer(connssl->handle,

    cc = set_buffer(data, connssl->handle,

                                  GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, 0);

                    GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE);

    switch (rc) {

    if(cc == CURLE_UNSUPPORTED_PROTOCOL)

    case GSK_OK:

      cc = CURLE_OK;

    case GSK_ATTRIBUTE_INVALID_ID:

      break;

    case GSK_ERROR_IO:

      failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));

      cc = CURLE_SSL_CONNECT_ERROR;

      break;

    default:

      failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));

      cc = CURLE_SSL_CONNECT_ERROR;

      break;

    }

  }

  }

  /* Set session parameters. */

  /* Set session parameters. */

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

    cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);

    cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

    cc = set_ciphers(data, connssl->handle);

    cc = set_ciphers(data, connssl->handle, &protoflags);

  if(!protoflags) {

    failf(data, "No SSL protocol/cipher combination enabled");

    cc = CURLE_SSL_CIPHER;

  }

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

      cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,

      cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,

                    sslv2enable? GSK_PROTOCOL_SSLV2_ON:

                    (protoflags & CURL_GSKPROTO_SSLV2_MASK)?

                    GSK_PROTOCOL_SSLV2_OFF);

                    GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE);

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,

                  sslv3enable? GSK_PROTOCOL_SSLV3_ON:

                  (protoflags & CURL_GSKPROTO_SSLV3_MASK)?

                  GSK_PROTOCOL_SSLV3_OFF);

                  GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE);

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,

                  tlsv1enable?  GSK_PROTOCOL_TLSV1_ON:

                  (protoflags & CURL_GSKPROTO_TLSV10_MASK)?

                  GSK_PROTOCOL_TLSV1_OFF);

                  GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE);

  if(cc == CURLE_OK) {

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11,

                   (protoflags & CURL_GSKPROTO_TLSV11_MASK)?

                   GSK_TRUE: GSK_FALSE, TRUE);

    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {

      cc = CURLE_OK;

      if(protoflags == CURL_GSKPROTO_TLSV11_MASK) {

        failf(data, "TLS 1.1 not yet supported");

        cc = CURLE_SSL_CIPHER;

      }

    }

  }

  if(cc == CURLE_OK) {

    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12,

                  (protoflags & CURL_GSKPROTO_TLSV12_MASK)?

                  GSK_TRUE: GSK_FALSE, TRUE);

    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {

      cc = CURLE_OK;

      if(protoflags == CURL_GSKPROTO_TLSV12_MASK) {

        failf(data, "TLS 1.2 not yet supported");

        cc = CURLE_SSL_CIPHER;

      }

    }

  }

  if(cc == CURLE_OK)

  if(cc == CURLE_OK)

    cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,

    cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,

                  data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:

                  data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:

                  GSK_SERVER_AUTH_PASSTHRU);

                  GSK_SERVER_AUTH_PASSTHRU, FALSE);

  if(cc == CURLE_OK) {

  if(cc == CURLE_OK) {

    /* Start handshake. Try asynchronous first. */

    /* Start handshake. Try asynchronous first. */

#define sendto                  Curl_os400_sendto

#define sendto                  Curl_os400_sendto

#define recvfrom                Curl_os400_recvfrom

#define recvfrom                Curl_os400_recvfrom

#ifdef HAVE_LIBZ

#define zlibVersion             Curl_os400_zlibVersion

#define inflateInit_            Curl_os400_inflateInit_

#define inflateInit2_           Curl_os400_inflateInit2_

#define inflate                 Curl_os400_inflate

#define inflateEnd              Curl_os400_inflateEnd

#endif

#endif /* HEADER_CURL_SETUP_OS400_H */

#endif /* HEADER_CURL_SETUP_OS400_H */

        CURLOPT_USERAGENT

        CURLOPT_USERAGENT

        CURLOPT_USERNAME

        CURLOPT_USERNAME

        CURLOPT_USERPWD

        CURLOPT_USERPWD

        CURLOPT_XOAUTH2_BEARER

  Else it is the same as for curl_easy_setopt().

  Else it is the same as for curl_easy_setopt().

  Note that CURLOPT_ERRORBUFFER is not in the list above, since it gives the

  Note that CURLOPT_ERRORBUFFER is not in the list above, since it gives the

address of an (empty) character buffer, not the address of a string.

address of an (empty) character buffer, not the address of a string.

  if(testwarn) {

  if(testwarn) {

    testwarn = 0;

    testwarn = 0;

#ifdef USE_TLS_SRP

    if((int) STRING_LAST != (int) STRING_BEARER + 1)

    if((int) STRING_LAST != (int) STRING_TLSAUTH_PASSWORD + 1)

#else

    if((int) STRING_LAST != (int) STRING_MAIL_AUTH + 1)

#endif

      curl_mfprintf(stderr,

      curl_mfprintf(stderr,

       "*** WARNING: curl_easy_setopt_ccsid() should be reworked ***\n");

       "*** WARNING: curl_easy_setopt_ccsid() should be reworked ***\n");

    }

    }

  case CURLOPT_USERAGENT:

  case CURLOPT_USERAGENT:

  case CURLOPT_USERNAME:

  case CURLOPT_USERNAME:

  case CURLOPT_USERPWD:

  case CURLOPT_USERPWD:

  case CURLOPT_XOAUTH2_BEARER:

    s = va_arg(arg, char *);