Commit d2feb717 authored by Kyle L. Huff's avatar Kyle L. Huff Committed by Daniel Stenberg
Browse files

cyassl: add SSL context callback support for CyaSSL 

Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
parent 211f1e3c

docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3

+1 −1
Original line number Diff line number Diff line
@@ -38,7 +38,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. 
.SH EXAMPLE

TODO

.SH AVAILABILITY

Added in 7.11.0. Only used with the OpenSSL backend.

Added in 7.11.0. Only used with the OpenSSL and WolfSSL/CyaSSL backend.

.SH RETURN VALUE

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

.SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3

+3 −3
Original line number Diff line number Diff line
@@ -32,8 +32,8 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); 
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,

                          ssl_ctx_callback);

.SH DESCRIPTION

This option only works for libcurl powered by OpenSSL. If libcurl was built

against another SSL library, this functionality is absent.

This option only works for libcurl powered by OpenSSL and WolfSSL/CyaSSL.

If libcurl was built against another SSL library, this functionality is absent.



Pass a pointer to your callback function, which should match the prototype

shown above.
@@ -63,7 +63,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. 
.SH EXAMPLE

TODO

.SH AVAILABILITY

Added in 7.11.0. Only supported when built with OpenSSL.

Added in 7.11.0. Only supported when built with OpenSSL and WolfSSL/CyaSSL.

.SH RETURN VALUE

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

.SH "SEE ALSO"

lib/vtls/cyassl.c

+18 −0
Original line number Diff line number Diff line
@@ -201,6 +201,24 @@ cyassl_connect_step1(struct connectdata *conn, 
                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,

                     NULL);



  /* give application a chance to interfere with SSL set up. */

  if(data->set.ssl.fsslctx) {

    CURLcode result = CURLE_OK;

    result = (*data->set.ssl.fsslctx)(data, conssl->ctx,

                                       data->set.ssl.fsslctxp);

    if(result) {

      failf(data, "error signaled by ssl ctx callback");

      return result;

    }

  }

#ifdef NO_FILESYSTEM

  else if(data->set.ssl.verifypeer) {

    failf(data, "CyaSSL: unable to verify certificate; no certificate",

          " authorities registered");

    return CURLE_SSL_CONNECT_ERROR;

  }

#endif



  /* Let's make an SSL structure */

  if(conssl->handle)

    SSL_free(conssl->handle);

lib/vtls/cyassl.h

+3 −0
Original line number Diff line number Diff line
@@ -46,6 +46,9 @@ int Curl_cyassl_random(struct SessionHandle *data, 
/* Set the API backend definition to Schannel */

#define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL



/* this backend suppots CURLOPT_SSL_CTX_FUNCTION */

#define have_curlssl_ssl_ctx 1



/* API setup for CyaSSL */

#define curlssl_init Curl_cyassl_init

#define curlssl_cleanup() Curl_nop_stmt