← Back to branch summary

~ubuntu-branches/ubuntu/saucy/curl/saucy-201307251546

« back to all changes in this revision

Viewing changes to lib/gtls.c

  • Committer: Bazaar Package Importer
  • Author(s): Ramakrishnan Muthukrishnan
  • Date: 2011-02-28 19:35:36 UTC
  • mto: (3.6.1 experimental) (1.3.1)
  • mto: This revision was merged to the branch mainline in revision 47.
  • Revision ID: james.westby@ubuntu.com-20110228193536-p3a9jawxxofcsz7o
Tags: upstream-7.21.4
ImportĀ upstreamĀ versionĀ 7.21.4

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/gtls.c
5
5
 *                            | (__| |_| |  _ <| |___
6
6
 *                             \___|\___/|_| \_\_____|
7
7
 *
8
 
 * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
 
8
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
9
9
 *
10
10
 * This software is licensed as described in the file COPYING, which
11
11
 * you should have received as part of this distribution. The terms
170
170
                     const char *text,
171
171
                     time_t stamp)
172
172
{
173
 
  struct tm *tm;
174
 
#ifdef HAVE_GMTIME_R
175
173
  struct tm buffer;
176
 
  tm = (struct tm *)gmtime_r(&stamp, &buffer);
177
 
#else
178
 
  tm = gmtime(&stamp);
179
 
#endif
 
174
  const struct tm *tm = &buffer;
 
175
  CURLcode result = Curl_gmtime(stamp, &buffer);
 
176
  if(result)
 
177
    return;
 
178
 
180
179
  snprintf(data->state.buffer,
181
180
           BUFSIZE,
182
181
           "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT\n",
238
237
 
239
238
  for(;;) {
240
239
    /* check allowed time left */
241
 
    timeout_ms = Curl_timeleft(conn, NULL, duringconnect);
 
240
    timeout_ms = Curl_timeleft(data, NULL, duringconnect);
242
241
 
243
242
    if(timeout_ms < 0) {
244
243
      /* no need to continue if time already is up */
346
345
    return CURLE_SSL_CONNECT_ERROR;
347
346
  }
348
347
 
 
348
#ifdef USE_TLS_SRP
 
349
  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
 
350
    infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
 
351
 
 
352
    rc = gnutls_srp_allocate_client_credentials(
 
353
           &conn->ssl[sockindex].srp_client_cred);
 
354
    if(rc != GNUTLS_E_SUCCESS) {
 
355
      failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
 
356
            gnutls_strerror(rc));
 
357
      return CURLE_OUT_OF_MEMORY;
 
358
    }
 
359
 
 
360
    rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].srp_client_cred,
 
361
                                           data->set.ssl.username,
 
362
                                           data->set.ssl.password);
 
363
    if(rc != GNUTLS_E_SUCCESS) {
 
364
      failf(data, "gnutls_srp_set_client_cred() failed: %s",
 
365
            gnutls_strerror(rc));
 
366
      return CURLE_BAD_FUNCTION_ARGUMENT;
 
367
    }
 
368
  }
 
369
#endif
 
370
 
349
371
  if(data->set.ssl.CAfile) {
350
372
    /* set the trusted CA cert bundle file */
351
373
    gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
431
453
    }
432
454
  }
433
455
 
 
456
#ifdef USE_TLS_SRP
434
457
  /* put the credentials to the current session */
435
 
  rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
436
 
                              conn->ssl[sockindex].cred);
 
458
  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
 
459
    rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
 
460
                                conn->ssl[sockindex].srp_client_cred);
 
461
    if (rc != GNUTLS_E_SUCCESS) {
 
462
      failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
 
463
    }
 
464
  } else
 
465
#endif
 
466
    rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
 
467
                                conn->ssl[sockindex].cred);
437
468
 
438
469
  /* set the connection handle (file descriptor for the socket) */
439
470
  gnutls_transport_set_ptr(session,
483
514
  int rc;
484
515
  int incache;
485
516
  void *ssl_sessionid;
 
517
  CURLcode result = CURLE_OK;
486
518
 
487
519
  /* This function will return the peer's raw certificate (chain) as sent by
488
520
     the peer. These certificates are in raw format (DER encoded for
495
527
    if(data->set.ssl.verifypeer ||
496
528
       data->set.ssl.verifyhost ||
497
529
       data->set.ssl.issuercert) {
498
 
      failf(data, "failed to get server cert");
499
 
      return CURLE_PEER_FAILED_VERIFICATION;
 
530
#ifdef USE_TLS_SRP
 
531
      if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
 
532
         && data->set.ssl.username != NULL
 
533
         && !data->set.ssl.verifypeer
 
534
         && gnutls_cipher_get(session)) {
 
535
        /* no peer cert, but auth is ok if we have SRP user and cipher and no
 
536
           peer verify */
 
537
      }
 
538
      else {
 
539
#endif
 
540
        failf(data, "failed to get server cert");
 
541
        return CURLE_PEER_FAILED_VERIFICATION;
 
542
#ifdef USE_TLS_SRP
 
543
      }
 
544
#endif
500
545
    }
501
546
    infof(data, "\t common name: WARNING couldn't obtain\n");
502
547
  }
529
574
    else
530
575
      infof(data, "\t server certificate verification OK\n");
531
576
  }
532
 
  else
 
577
  else {
533
578
    infof(data, "\t server certificate verification SKIPPED\n");
 
579
    goto after_server_cert_verification;
 
580
  }
534
581
 
535
582
  /* initialize an X.509 certificate structure. */
536
583
  gnutls_x509_crt_init(&x509_cert);
660
707
 
661
708
  gnutls_x509_crt_deinit(x509_cert);
662
709
 
 
710
after_server_cert_verification:
 
711
 
663
712
  /* compression algorithm (if any) */
664
713
  ptr = gnutls_compression_get_name(gnutls_compression_get(session));
665
714
  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
701
750
      }
702
751
 
703
752
      /* store this session id */
704
 
      return Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
 
753
      result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
 
754
      if(result) {
 
755
        free(connect_sessionid);
 
756
        result = CURLE_OUT_OF_MEMORY;
 
757
      }
705
758
    }
 
759
    else
 
760
      result = CURLE_OUT_OF_MEMORY;
706
761
  }
707
762
 
708
 
  return CURLE_OK;
 
763
  return result;
709
764
}
710
765
 
711
766
 
813
868
    gnutls_certificate_free_credentials(conn->ssl[idx].cred);
814
869
    conn->ssl[idx].cred = NULL;
815
870
  }
 
871
#ifdef USE_TLS_SRP
 
872
  if (conn->ssl[idx].srp_client_cred) {
 
873
    gnutls_srp_free_client_credentials(conn->ssl[idx].srp_client_cred);
 
874
    conn->ssl[idx].srp_client_cred = NULL;
 
875
  }
 
876
#endif
816
877
}
817
878
 
818
879
void Curl_gtls_close(struct connectdata *conn, int sockindex)
882
943
  }
883
944
  gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);
884
945
 
 
946
#ifdef USE_TLS_SRP
 
947
  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
 
948
     && data->set.ssl.username != NULL)
 
949
    gnutls_srp_free_client_credentials(conn->ssl[sockindex].srp_client_cred);
 
950
#endif
 
951
 
885
952
  conn->ssl[sockindex].cred = NULL;
886
953
  conn->ssl[sockindex].session = NULL;
887
954