Commit 6e619393 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

GnuTLS support added. There's now a "generic" SSL layer that we use all over 

internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
parent 015a6181

lib/Makefile.inc

+4 −2
Original line number Original line Diff line number Diff line
@@ -8,7 +8,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ 
  content_encoding.c share.c http_digest.c md5.c http_negotiate.c	\

  content_encoding.c share.c http_digest.c md5.c http_negotiate.c	\

  http_ntlm.c inet_pton.c strtoofft.c strerror.c hostares.c hostasyn.c	\

  http_ntlm.c inet_pton.c strtoofft.c strerror.c hostares.c hostasyn.c	\

  hostip4.c hostip6.c hostsyn.c hostthre.c inet_ntop.c parsedate.c	\

  hostip4.c hostip6.c hostsyn.c hostthre.c inet_ntop.c parsedate.c	\

  select.c

  select.c gtls.c sslgen.c





HHEADERS = arpa_telnet.h netrc.h file.h timeval.h base64.h hostip.h	\

HHEADERS = arpa_telnet.h netrc.h file.h timeval.h base64.h hostip.h	\

  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\

  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -17,4 +17,6 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h base64.h hostip.h \ 
  http_chunks.h strtok.h connect.h llist.h hash.h content_encoding.h	\

  http_chunks.h strtok.h connect.h llist.h hash.h content_encoding.h	\

  share.h md5.h http_digest.h http_negotiate.h http_ntlm.h ca-bundle.h	\

  share.h md5.h http_digest.h http_negotiate.h http_ntlm.h ca-bundle.h	\

  inet_pton.h strtoofft.h strerror.h inet_ntop.h curlx.h memory.h	\

  inet_pton.h strtoofft.h strerror.h inet_ntop.h curlx.h memory.h	\

  setup.h transfer.h select.h easyif.h multiif.h parsedate.h
 
  setup.h transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h   \

  gtls.h

lib/TODO.gnutls

0 → 100644
+21 −0
Original line number Original line Diff line number Diff line 
Things to fix for the GnuTLS support

====================================



* set LD_LIBRARY_PATH in configure when the GnuTLS lib was found, to fix link

  problems that othwerwise might happen within configure. Compare with OpenSSL

  stuff.



* make the configure --with-ssl option first check for OpenSSL and then for

  GnuTLS if OpenSSL wasn't detected.



* Get NTLM working using the functions provided by libgcrypt, since GnuTLS

  already depends on that to function. Not strictly SSL/TLS related, but

  hey... Another option is to get available DES and MD4 source code from the

  cryptopp library. They are fine license-wise, but are C++.



* SSL engine stuff?



  SRP for TLS



* Work out a common method with Peter Sylvester's OpenSSL-patch for SRP

  on the TLS to provide name and password

lib/easy.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -75,7 +75,7 @@ 
#include "urldata.h"

#include "urldata.h"

#include <curl/curl.h>

#include <curl/curl.h>

#include "transfer.h"

#include "transfer.h"

#include "ssluse.h"

#include "sslgen.h"

#include "url.h"

#include "url.h"

#include "getinfo.h"

#include "getinfo.h"

#include "hostip.h"

#include "hostip.h"
@@ -201,7 +201,7 @@ CURLcode curl_global_init(long flags) 
  Curl_ccalloc = (curl_calloc_callback)calloc;

  Curl_ccalloc = (curl_calloc_callback)calloc;





  if (flags & CURL_GLOBAL_SSL)

  if (flags & CURL_GLOBAL_SSL)

    if (!Curl_SSL_init())

    if (!Curl_ssl_init())

      return CURLE_FAILED_INIT;

      return CURLE_FAILED_INIT;





  if (flags & CURL_GLOBAL_WIN32)

  if (flags & CURL_GLOBAL_WIN32)
@@ -266,7 +266,7 @@ void curl_global_cleanup(void) 
  Curl_global_host_cache_dtor();

  Curl_global_host_cache_dtor();





  if (init_flags & CURL_GLOBAL_SSL)

  if (init_flags & CURL_GLOBAL_SSL)

    Curl_SSL_cleanup();

    Curl_ssl_cleanup();





  if (init_flags & CURL_GLOBAL_WIN32)

  if (init_flags & CURL_GLOBAL_WIN32)

    win32_cleanup();

    win32_cleanup();

lib/ftp.c

+6 −6
Original line number Original line Diff line number Diff line
@@ -87,7 +87,7 @@ 




#include "strtoofft.h"

#include "strtoofft.h"

#include "strequal.h"

#include "strequal.h"

#include "ssluse.h"

#include "sslgen.h"

#include "connect.h"

#include "connect.h"

#include "strerror.h"

#include "strerror.h"

#include "memory.h"

#include "memory.h"
@@ -2013,7 +2013,7 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, 
       do the TLS stuff */

       do the TLS stuff */

    infof(data, "Doing the SSL/TLS handshake on the data stream\n");

    infof(data, "Doing the SSL/TLS handshake on the data stream\n");

    /* BLOCKING */

    /* BLOCKING */

    result = Curl_SSLConnect(conn, SECONDARYSOCKET);

    result = Curl_ssl_connect(conn, SECONDARYSOCKET);

    if(result)

    if(result)

      return result;

      return result;

  }

  }
@@ -2121,7 +2121,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, 
      /* since we only have a plaintext TCP connection here, we must now

      /* since we only have a plaintext TCP connection here, we must now

         do the TLS stuff */

         do the TLS stuff */

      infof(data, "Doing the SSL/TLS handshake on the data stream\n");

      infof(data, "Doing the SSL/TLS handshake on the data stream\n");

      result = Curl_SSLConnect(conn, SECONDARYSOCKET);

      result = Curl_ssl_connect(conn, SECONDARYSOCKET);

      if(result)

      if(result)

        return result;

        return result;

    }

    }
@@ -2373,8 +2373,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) 
       */

       */





      if((ftpcode == 234) || (ftpcode == 334)) {

      if((ftpcode == 234) || (ftpcode == 334)) {

        /* Curl_SSLConnect is BLOCKING */

        /* Curl_ssl_connect is BLOCKING */

        result = Curl_SSLConnect(conn, FIRSTSOCKET);

        result = Curl_ssl_connect(conn, FIRSTSOCKET);

        if(CURLE_OK == result) {

        if(CURLE_OK == result) {

          conn->protocol |= PROT_FTPS;

          conn->protocol |= PROT_FTPS;

          conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */

          conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
@@ -2748,7 +2748,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn, 
    /* BLOCKING */

    /* BLOCKING */

    /* FTPS is simply ftp with SSL for the control channel */

    /* FTPS is simply ftp with SSL for the control channel */

    /* now, perform the SSL initialization for this socket */

    /* now, perform the SSL initialization for this socket */

    result = Curl_SSLConnect(conn, FIRSTSOCKET);

    result = Curl_ssl_connect(conn, FIRSTSOCKET);

    if(result)

    if(result)

      return result;

      return result;

  }

  }

lib/getinfo.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -33,7 +33,7 @@ 
#include <stdarg.h>

#include <stdarg.h>

#include <stdlib.h>

#include <stdlib.h>

#include "memory.h"

#include "memory.h"

#include "ssluse.h"

#include "sslgen.h"





/* Make this the last #include */

/* Make this the last #include */

#include "memdebug.h"

#include "memdebug.h"
@@ -182,7 +182,7 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...) 
    *param_longp = data->info.numconnects;

    *param_longp = data->info.numconnects;

    break;

    break;

  case CURLINFO_SSL_ENGINES:

  case CURLINFO_SSL_ENGINES:

    *param_slistp = Curl_SSL_engines_list(data);

    *param_slistp = Curl_ssl_engines_list(data);

    break;

    break;

  default:

  default:

    return CURLE_BAD_FUNCTION_ARGUMENT;

    return CURLE_BAD_FUNCTION_ARGUMENT;