Loading lib/curl_darwinssl.c +45 −0 Original line number Diff line number Diff line Loading @@ -704,6 +704,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #endif size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i; SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL; char *ssl_sessionid; size_t ssl_sessionid_len; OSStatus err = noErr; #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) int darwinver_maj = 0, darwinver_min = 0; Loading Loading @@ -990,6 +992,38 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, Curl_safefree(all_ciphers); Curl_safefree(allowed_ciphers); /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid, &ssl_sessionid_len)) { /* we got a session id, use it! */ err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); if(err != noErr) { failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; } /* Informational message */ infof(data, "SSL re-using session ID\n"); } /* If there isn't one, then let's make one up! This has to be done prior to starting the handshake. */ else { CURLcode retcode; ssl_sessionid = malloc(256*sizeof(char)); ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu", conn->host.name, conn->remote_port); err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); if(err != noErr) { failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; } retcode = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len); if(retcode!= CURLE_OK) { failf(data, "failed to store ssl session"); return retcode; } } err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite); if(err != noErr) { failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err); Loading Loading @@ -1462,6 +1496,17 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) return rc; } void Curl_darwinssl_session_free(void *ptr) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private function that does this, but I don't want to have to explain to you why I got your application rejected from the App Store due to the use of a private API, so the best we can do is free up our own char array that we created way back in darwinssl_connect_step1... */ Curl_safefree(ptr); } size_t Curl_darwinssl_version(char *buffer, size_t size) { return snprintf(buffer, size, "SecureTransport"); Loading lib/curl_darwinssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ void Curl_darwinssl_close_all(struct SessionHandle *data); /* close a SSL connection */ void Curl_darwinssl_close(struct connectdata *conn, int sockindex); void Curl_darwinssl_session_free(void *ptr); size_t Curl_darwinssl_version(char *buffer, size_t size); int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex); int Curl_darwinssl_check_cxn(struct connectdata *conn); Loading @@ -56,7 +57,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ #define curlssl_cleanup() Curl_nop_stmt #define curlssl_connect Curl_darwinssl_connect #define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking #define curlssl_session_free(x) Curl_nop_stmt #define curlssl_session_free(x) Curl_darwinssl_session_free(x) #define curlssl_close_all Curl_darwinssl_close_all #define curlssl_close Curl_darwinssl_close #define curlssl_shutdown(x,y) 0 Loading Loading
lib/curl_darwinssl.c +45 −0 Original line number Diff line number Diff line Loading @@ -704,6 +704,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, #endif size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i; SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL; char *ssl_sessionid; size_t ssl_sessionid_len; OSStatus err = noErr; #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) int darwinver_maj = 0, darwinver_min = 0; Loading Loading @@ -990,6 +992,38 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, Curl_safefree(all_ciphers); Curl_safefree(allowed_ciphers); /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid, &ssl_sessionid_len)) { /* we got a session id, use it! */ err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); if(err != noErr) { failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; } /* Informational message */ infof(data, "SSL re-using session ID\n"); } /* If there isn't one, then let's make one up! This has to be done prior to starting the handshake. */ else { CURLcode retcode; ssl_sessionid = malloc(256*sizeof(char)); ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu", conn->host.name, conn->remote_port); err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); if(err != noErr) { failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; } retcode = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len); if(retcode!= CURLE_OK) { failf(data, "failed to store ssl session"); return retcode; } } err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite); if(err != noErr) { failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err); Loading Loading @@ -1462,6 +1496,17 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) return rc; } void Curl_darwinssl_session_free(void *ptr) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private function that does this, but I don't want to have to explain to you why I got your application rejected from the App Store due to the use of a private API, so the best we can do is free up our own char array that we created way back in darwinssl_connect_step1... */ Curl_safefree(ptr); } size_t Curl_darwinssl_version(char *buffer, size_t size) { return snprintf(buffer, size, "SecureTransport"); Loading
lib/curl_darwinssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ void Curl_darwinssl_close_all(struct SessionHandle *data); /* close a SSL connection */ void Curl_darwinssl_close(struct connectdata *conn, int sockindex); void Curl_darwinssl_session_free(void *ptr); size_t Curl_darwinssl_version(char *buffer, size_t size); int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex); int Curl_darwinssl_check_cxn(struct connectdata *conn); Loading @@ -56,7 +57,7 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ #define curlssl_cleanup() Curl_nop_stmt #define curlssl_connect Curl_darwinssl_connect #define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking #define curlssl_session_free(x) Curl_nop_stmt #define curlssl_session_free(x) Curl_darwinssl_session_free(x) #define curlssl_close_all Curl_darwinssl_close_all #define curlssl_close Curl_darwinssl_close #define curlssl_shutdown(x,y) 0 Loading
