#include "curl_memory.h"
#include "memdebug.h"
-/* Count of the backend ssl objects to allocate */
-#ifdef USE_SSL
-# ifndef CURL_DISABLE_PROXY
-# define SSL_BACKEND_CNT 4
-# else
-# define SSL_BACKEND_CNT 2
-# endif
-#endif
-
static void conn_free(struct connectdata *conn);
/* Some parts of the code (e.g. chunked encoding) assume this buffer has at
/* close the SSL stuff before we close any sockets since they will/may
write to the sockets */
Curl_ssl_close(data, conn, FIRSTSOCKET);
+#ifndef CURL_DISABLE_FTP
Curl_ssl_close(data, conn, SECONDARYSOCKET);
+#endif
/* close possibly still open sockets */
if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
Note that these backend pointers can be swapped by vtls (eg ssl backend
data becomes proxy backend data). */
{
- size_t sslsize = Curl_ssl->sizeof_ssl_backend_data;
- char *ssl = calloc(SSL_BACKEND_CNT, sslsize);
+ size_t onesize = Curl_ssl->sizeof_ssl_backend_data;
+ size_t totalsize = onesize;
+ char *ssl;
+
+#ifndef CURL_DISABLE_FTP
+ totalsize *= 2;
+#endif
+#ifndef CURL_DISABLE_PROXY
+ totalsize *= 2;
+#endif
+
+ ssl = calloc(1, totalsize);
if(!ssl) {
free(conn);
return NULL;
}
conn->ssl_extra = ssl;
- conn->ssl[0].backend = (void *)ssl;
- conn->ssl[1].backend = (void *)(ssl + sslsize);
+ conn->ssl[FIRSTSOCKET].backend = (void *)ssl;
+#ifndef CURL_DISABLE_FTP
+ ssl += onesize;
+ conn->ssl[SECONDARYSOCKET].backend = (void *)ssl;
+#endif
#ifndef CURL_DISABLE_PROXY
- conn->proxy_ssl[0].backend = (void *)(ssl + 2 * sslsize);
- conn->proxy_ssl[1].backend = (void *)(ssl + 3 * sslsize);
+ ssl += onesize;
+ conn->proxy_ssl[FIRSTSOCKET].backend = (void *)ssl;
+#ifndef CURL_DISABLE_FTP
+ ssl += onesize;
+ conn->proxy_ssl[SECONDARYSOCKET].backend = (void *)ssl;
+#endif
#endif
}
#endif
struct in_addr addr;
#endif
+ DEBUGASSERT(backend);
+
switch(SSL_CONN_CONFIG(version)) {
case CURL_SSLVERSION_SSLv2:
failf(data, "BearSSL does not support SSLv2");
ssize_t ret;
int err;
+ DEBUGASSERT(backend);
+
for(;;) {
state = br_ssl_engine_current_state(&backend->ctx.eng);
if(state & BR_SSL_CLOSED) {
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret;
+ DEBUGASSERT(backend);
+
ret = bearssl_run_until(data, conn, sockindex,
BR_SSL_SENDAPP | BR_SSL_RECVAPP);
if(ret == CURLE_AGAIN)
CURLcode ret;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+ DEBUGASSERT(backend);
if(conn->bits.tls_enable_alpn) {
const char *protocol;
unsigned char *app;
size_t applen;
+ DEBUGASSERT(backend);
+
for(;;) {
*err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP);
if (*err != CURLE_OK)
unsigned char *app;
size_t applen;
+ DEBUGASSERT(backend);
+
*err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP);
if(*err != CURLE_OK)
return -1;
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
}
CURLINFO info UNUSED_PARAM)
{
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return &backend->ctx;
}
struct ssl_backend_data *backend = connssl->backend;
size_t i;
+ DEBUGASSERT(backend);
+
if(backend->active) {
br_ssl_engine_close(&backend->ctx.eng);
(void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED);
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
Qso_OverlappedIO_t cstat;
+ DEBUGASSERT(BACKEND);
+
if(QsoCancelOperation(conn->sock[sockindex], 0) > 0)
QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL);
}
static void close_async_handshake(struct ssl_connect_data *connssl)
{
+ DEBUGASSERT(BACKEND);
QsoDestroyIOCompletionPort(BACKEND->iocport);
BACKEND->iocport = -1;
}
int ret = 0;
char buf[CURL_MAX_WRITE_SIZE];
+ DEBUGASSERT(BACKEND);
+ DEBUGASSERT(connproxyssl->backend);
+
if(!connssl->use || !connproxyssl->use)
return 0; /* No SSL over SSL: OK. */
static void close_one(struct ssl_connect_data *connssl, struct Curl_easy *data,
struct connectdata *conn, int sockindex)
{
+ DEBUGASSERT(BACKEND);
if(BACKEND->handle) {
gskit_status(data, gsk_secure_soc_close(&BACKEND->handle),
"gsk_secure_soc_close()", 0);
CURLcode cc = CURLE_SEND_ERROR;
int written;
+ DEBUGASSERT(BACKEND);
+
if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) >= 0) {
cc = gskit_status(data,
gsk_secure_soc_write(BACKEND->handle,
int nread;
CURLcode cc = CURLE_RECV_ERROR;
+ DEBUGASSERT(BACKEND);
+
if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
#endif
/* Create SSL environment, start (preferably asynchronous) handshake. */
+ DEBUGASSERT(BACKEND);
BACKEND->handle = (gsk_handle) NULL;
BACKEND->iocport = -1;
CURLcode result;
/* Poll or wait for end of SSL asynchronous handshake. */
+ DEBUGASSERT(BACKEND);
for(;;) {
timediff_t timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
CURLcode result;
/* SSL handshake done: gather certificate info and verify host. */
+ DEBUGASSERT(BACKEND);
if(gskit_status(data, gsk_attribute_get_cert_info(BACKEND->handle,
GSK_PARTNER_CERT_INFO,
char buf[120];
int loop = 10; /* don't get stuck */
+ DEBUGASSERT(BACKEND);
+
if(!BACKEND->handle)
return 0;
int errlen;
/* The only thing that can be tested here is at the socket level. */
+ DEBUGASSERT(BACKEND);
if(!BACKEND->handle)
return 0; /* connection has been closed */
CURLINFO info UNUSED_PARAM)
{
(void)info;
+ DEBUGASSERT(BACKEND);
return BACKEND->handle;
}
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- gnutls_session_t session = backend->session;
+ gnutls_session_t session;
curl_socket_t sockfd = conn->sock[sockindex];
+ DEBUGASSERT(backend);
+ session = backend->session;
+
for(;;) {
timediff_t timeout_ms;
int rc;
const char *tls13support;
CURLcode result;
+ DEBUGASSERT(backend);
+
if(connssl->state == ssl_connection_complete)
/* to make us tolerant against being called more than once for the
same connection */
#ifndef CURL_DISABLE_PROXY
if(conn->proxy_ssl[sockindex].use) {
- transport_ptr = conn->proxy_ssl[sockindex].backend->session;
+ struct ssl_backend_data *proxy_backend;
+ proxy_backend = conn->proxy_ssl[sockindex].backend;
+ DEBUGASSERT(proxy_backend);
+ transport_ptr = proxy_backend->session;
gnutls_transport_push = gtls_push_ssl;
gnutls_transport_pull = gtls_pull_ssl;
}
/* Finish connecting once the handshake is done */
if(ssl_connect_1 == connssl->connecting_state) {
struct ssl_backend_data *backend = connssl->backend;
- gnutls_session_t session = backend->session;
+ gnutls_session_t session;
+ DEBUGASSERT(backend);
+ session = backend->session;
rc = Curl_gtls_verifyserver(data, conn, session, sockindex);
if(rc)
return rc;
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
bool res = FALSE;
struct ssl_backend_data *backend = connssl->backend;
+
+ DEBUGASSERT(backend);
+
if(backend->session &&
0 != gnutls_record_check_pending(backend->session))
res = TRUE;
#ifndef CURL_DISABLE_PROXY
connssl = &conn->proxy_ssl[connindex];
backend = connssl->backend;
+ DEBUGASSERT(backend);
if(backend->session &&
0 != gnutls_record_check_pending(backend->session))
res = TRUE;
struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- ssize_t rc = gnutls_record_send(backend->session, mem, len);
+ ssize_t rc;
+
+ DEBUGASSERT(backend);
+ rc = gnutls_record_send(backend->session, mem, len);
if(rc < 0) {
*curlcode = (rc == GNUTLS_E_AGAIN)
static void close_one(struct ssl_connect_data *connssl)
{
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
if(backend->session) {
char buf[32];
/* Maybe the server has already sent a close notify alert.
struct ssl_backend_data *backend = connssl->backend;
int retval = 0;
+ DEBUGASSERT(backend);
+
#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
struct ssl_backend_data *backend = connssl->backend;
ssize_t ret;
+ DEBUGASSERT(backend);
+
ret = gnutls_record_recv(backend->session, buf, buffersize);
if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
*curlcode = CURLE_AGAIN;
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return backend->session;
}
long ssl_version_max = SSL_CONN_CONFIG(version_max);
CURLcode result = CURLE_OK;
+ DEBUGASSERT(backend);
+
switch(ssl_version) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
int ret = -1;
char errorbuf[128];
+ DEBUGASSERT(backend);
+
if((SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) ||
(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)) {
failf(data, "Not supported SSL version");
const mbedtls_x509_crt *peercert;
const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
+ DEBUGASSERT(backend);
+
conn->recv[sockindex] = mbed_recv;
conn->send[sockindex] = mbed_send;
struct ssl_backend_data *backend = connssl->backend;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+ DEBUGASSERT(backend);
if(SSL_SET_OPTION(primary.sessionid)) {
int ret;
struct ssl_backend_data *backend = connssl->backend;
int ret = -1;
+ DEBUGASSERT(backend);
+
ret = mbedtls_ssl_write(&backend->ssl, (unsigned char *)mem, len);
if(ret < 0) {
char buf[32];
(void) data;
+ DEBUGASSERT(backend);
+
/* Maybe the server has already sent a close notify alert.
Read it to avoid an RST on the TCP connection. */
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
int ret = -1;
ssize_t len = -1;
+ DEBUGASSERT(backend);
+
ret = mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf,
buffersize);
{
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return mbedtls_ssl_get_bytes_avail(&backend->ssl) != 0;
}
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return &backend->ssl;
}
const int slot_id = (cacert) ? 0 : 1;
char *slot_name = aprintf("PEM Token #%d", slot_id);
struct ssl_backend_data *backend = connssl->backend;
+
+ DEBUGASSERT(backend);
+
if(!slot_name)
return CURLE_OUT_OF_MEMORY;
{
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = backend->data;
+ struct Curl_easy *data = NULL;
CERTCertificate *cert;
+ DEBUGASSERT(backend);
+ data = backend->data;
+
if(!pinnedpubkey)
/* no pinned public key specified */
return CURLE_OK;
{
struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = backend->data;
- const char *nickname = backend->client_nickname;
+ struct Curl_easy *data = NULL;
+ const char *nickname = NULL;
static const char pem_slotname[] = "PEM Token #1";
+ DEBUGASSERT(backend);
+
+ data = backend->data;
+ nickname = backend->client_nickname;
+
if(backend->obj_clicert) {
/* use the cert/key provided by PEM reader */
SECItem cert_der = { 0, NULL, 0 };
int rc;
char buf;
+ DEBUGASSERT(backend);
+
rc =
PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK,
PR_SecondsToInterval(1));
{
/* before the cleanup, check whether we are using a client certificate */
struct ssl_backend_data *backend = connssl->backend;
- const bool client_cert = (backend->client_nickname != NULL)
+ bool client_cert = true;
+
+ DEBUGASSERT(backend);
+
+ client_cert = (backend->client_nickname != NULL)
|| (backend->obj_clicert != NULL);
if(backend->handle) {
struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
#endif
struct ssl_backend_data *backend = connssl->backend;
-
(void)data;
+
+ DEBUGASSERT(backend);
+#ifndef CURL_DISABLE_PROXY
+ DEBUGASSERT(connssl_proxy->backend != NULL);
+#endif
+
if(backend->handle
#ifndef CURL_DISABLE_PROXY
|| connssl_proxy->backend->handle
{
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
if(is_nss_error(curlerr)) {
/* read NSPR error code */
PRErrorCode err = PR_GetError();
{
PRSocketOptionData sock_opt;
struct ssl_backend_data *backend = connssl->backend;
+
+ DEBUGASSERT(backend);
+
sock_opt.option = PR_SockOpt_Nonblocking;
sock_opt.value.non_blocking = !blocking;
return CURLE_SSL_CONNECT_ERROR;
}
+ DEBUGASSERT(backend);
+
backend->data = data;
/* list of all NSS objects we need to destroy in nss_do_close() */
#ifndef CURL_DISABLE_PROXY
if(conn->proxy_ssl[sockindex].use) {
+ struct ssl_backend_data *proxy_backend;
+ proxy_backend = conn->proxy_ssl[sockindex].backend;
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
- DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
- nspr_io = conn->proxy_ssl[sockindex].backend->handle;
+ DEBUGASSERT(proxy_backend);
+ DEBUGASSERT(proxy_backend->handle);
+ nspr_io = proxy_backend->handle;
second_layer = TRUE;
}
#endif
goto error;
}
+ DEBUGASSERT(backend);
+
/* Force the handshake now */
timeout = PR_MillisecondsToInterval((PRUint32) time_left);
if(SSL_ForceHandshakeWithTimeout(backend->handle, timeout) != SECSuccess) {
struct ssl_backend_data *backend = connssl->backend;
ssize_t rc;
+ DEBUGASSERT(backend);
+
/* The SelectClientCert() hook uses this for infof() and failf() but the
handle stored in nss_setup_connect() could have already been freed. */
backend->data = data;
struct ssl_backend_data *backend = connssl->backend;
ssize_t nread;
+ DEBUGASSERT(backend);
+
/* The SelectClientCert() hook uses this for infof() and failf() but the
handle stored in nss_setup_connect() could have already been freed. */
backend->data = data;
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return backend->handle;
}
struct ssl_connect_data *connssl)
{
struct ssl_backend_data *backend = connssl->backend;
+
+ DEBUGASSERT(backend);
+
if(backend->handle) {
char buf[32];
set_logger(conn, data);
struct ssl_backend_data *backend = connssl->backend;
int loop = 10;
+ DEBUGASSERT(backend);
+
#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
int cert_status, crl_reason;
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
int ret;
+ long len;
- long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
+ DEBUGASSERT(backend);
+
+ len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
if(!status) {
failf(data, "No OCSP response received");
struct connectdata *conn = userp;
struct ssl_connect_data *connssl = &conn->ssl[0];
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = backend->logger;
+ struct Curl_easy *data = NULL;
+
+ DEBUGASSERT(backend);
+ data = backend->logger;
if(!conn || !data || !data->set.fdebug ||
(direction != 0 && direction != 1))
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION);
*ctx_options |= SSL_OP_NO_TLSv1_2;
}
bool imported_native_ca = false;
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
+ DEBUGASSERT(backend);
/* Make funny stuff to get random input */
result = ossl_seed(data);
#ifndef CURL_DISABLE_PROXY
if(conn->proxy_ssl[sockindex].use) {
BIO *const bio = BIO_new(BIO_f_ssl());
- SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
+ struct ssl_backend_data *proxy_backend;
+ SSL* handle = NULL;
+ proxy_backend = conn->proxy_ssl[sockindex].backend;
+ DEBUGASSERT(proxy_backend);
+ handle = proxy_backend->handle;
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
DEBUGASSERT(handle != NULL);
DEBUGASSERT(bio != NULL);
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|| ssl_connect_2_reading == connssl->connecting_state
|| ssl_connect_2_writing == connssl->connecting_state);
+ DEBUGASSERT(backend);
ERR_clear_error();
BIO *mem;
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
sk = SSL_get_peer_cert_chain(backend->handle);
if(!sk) {
return CURLE_OUT_OF_MEMORY;
BIO *mem = BIO_new(BIO_s_mem());
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
if(!mem) {
failf(data,
"BIO_new return NULL, " OSSL_PACKAGE
int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+ DEBUGASSERT(connssl->backend);
if(connssl->backend->handle && SSL_pending(connssl->backend->handle))
return TRUE;
#ifndef CURL_DISABLE_PROXY
{
const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
+ DEBUGASSERT(proxyssl->backend);
if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle))
return TRUE;
}
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
ERR_clear_error();
memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
struct ssl_connect_data *connssl = &conn->ssl[num];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
ERR_clear_error();
buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
{
/* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return info == CURLINFO_TLS_SESSION ?
(void *)backend->ctx : (void *)backend->handle;
}
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
/* If we don't have SSL context, do nothing. */
if(!backend->handle)
struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
/* If we don't have SSL context, do nothing. */
if(!backend->handle)
{
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return backend->data_pending;
}
struct connectdata *conn = data->conn;
struct ssl_connect_data *const connssl = &conn->ssl[sockindex];
struct ssl_backend_data *const backend = connssl->backend;
- struct rustls_connection *const rconn = backend->conn;
+ struct rustls_connection *rconn = NULL;
+
size_t n = 0;
size_t tls_bytes_read = 0;
size_t plain_bytes_copied = 0;
char errorbuf[255];
rustls_io_result io_error;
+ DEBUGASSERT(backend);
+ rconn = backend->conn;
+
io_error = rustls_connection_read_tls(rconn, read_cb,
&conn->sock[sockindex], &tls_bytes_read);
if(io_error == EAGAIN || io_error == EWOULDBLOCK) {
struct connectdata *conn = data->conn;
struct ssl_connect_data *const connssl = &conn->ssl[sockindex];
struct ssl_backend_data *const backend = connssl->backend;
- struct rustls_connection *const rconn = backend->conn;
+ struct rustls_connection *rconn = NULL;
size_t plainwritten = 0;
size_t tlswritten = 0;
size_t tlswritten_total = 0;
rustls_result rresult;
rustls_io_result io_error;
+ DEBUGASSERT(backend);
+ rconn = backend->conn;
+
infof(data, "cr_send %ld bytes of plaintext", plainlen);
if(plainlen > 0) {
cr_init_backend(struct Curl_easy *data, struct connectdata *conn,
struct ssl_backend_data *const backend)
{
- struct rustls_connection *rconn = backend->conn;
+ struct rustls_connection *rconn = NULL;
struct rustls_client_config_builder *config_builder = NULL;
struct rustls_root_cert_store *roots = NULL;
const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
{ (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH },
};
+ DEBUGASSERT(backend);
+ rconn = backend->conn;
+
config_builder = rustls_client_config_builder_new();
#ifdef USE_HTTP2
infof(data, "offering ALPN for HTTP/1.1 and HTTP/2");
curl_socket_t writefd;
curl_socket_t readfd;
+ DEBUGASSERT(backend);
+
if(ssl_connection_none == connssl->state) {
result = cr_init_backend(data, conn, connssl->backend);
if(result != CURLE_OK) {
struct ssl_connect_data *const connssl = &conn->ssl[FIRSTSOCKET];
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
struct ssl_backend_data *const backend = connssl->backend;
- struct rustls_connection *rconn = backend->conn;
+ struct rustls_connection *rconn = NULL;
+
+ DEBUGASSERT(backend);
+ rconn = backend->conn;
if(rustls_connection_wants_write(rconn)) {
socks[0] = sockfd;
CURLINFO info UNUSED_PARAM)
{
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
return &backend->conn;
}
CURLcode tmperr = CURLE_OK;
ssize_t n = 0;
+ DEBUGASSERT(backend);
+
if(backend->conn) {
rustls_connection_send_close_notify(backend->conn);
n = cr_send(data, sockindex, NULL, 0, &tmperr);
CURLcode result;
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
/* setup Schannel API options */
memset(&schannel_cred, 0, sizeof(schannel_cred));
schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
char * const hostname = SSL_HOST_NAME();
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %hu (step 1/3)",
hostname, conn->remote_port));
const char *pubkey_ptr;
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
DEBUGF(infof(data,
struct ssl_backend_data *backend = connssl->backend;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+ DEBUGASSERT(backend);
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %hu (step 3/3)",
*/
{
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
conn->sslContext = &backend->ctxt->ctxt_handle;
}
#endif
CURLcode result;
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
/* check if the maximum stream sizes were queried */
if(backend->stream_sizes.cbMaximumMessage == 0) {
sspi_status = s_pSecFn->QueryContextAttributes(
size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE;
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
/****************************************************************************
* Don't return or set backend->recv_unrecoverable_err unless in the cleanup.
* The pattern for return error is set *err, optional infof, goto cleanup.
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
+
if(connssl->use) /* SSL/TLS is in use */
return (backend->decdata_offset > 0 ||
(backend->encdata_offset > 0 && !backend->encdata_is_incomplete));
struct ssl_backend_data *backend = connssl->backend;
DEBUGASSERT(data);
+ DEBUGASSERT(backend);
if(connssl->use) {
infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu",
/* Result is returned to caller */
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ DEBUGASSERT(backend);
+
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
return CURLE_OK;
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return &backend->ctxt->ctxt_handle;
}
HCERTSTORE trust_store = NULL;
const char * const conn_hostname = SSL_HOST_NAME();
+ DEBUGASSERT(BACKEND);
+
sspi_status =
s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT,
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
struct ssl_backend_data *backend = connssl->backend;
- int sock = backend->ssl_sockfd;
+ int sock;
OSStatus rtn = noErr;
size_t bytesRead;
ssize_t rrtn;
int theErr;
+ DEBUGASSERT(backend);
+ sock = backend->ssl_sockfd;
*dataLength = 0;
for(;;) {
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
struct ssl_backend_data *backend = connssl->backend;
- int sock = backend->ssl_sockfd;
+ int sock;
ssize_t length;
size_t dataLen = *dataLength;
const UInt8 *dataPtr = (UInt8 *)data;
OSStatus ortn;
int theErr;
+ DEBUGASSERT(backend);
+ sock = backend->ssl_sockfd;
*dataLength = 0;
do {
long ssl_version_max = SSL_CONN_CONFIG(version_max);
long max_supported_version_by_os;
+ DEBUGASSERT(backend);
+
/* macOS 10.5-10.7 supported TLS 1.0 only.
macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2.
macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */
#if CURL_BUILD_MAC
int darwinver_maj = 0, darwinver_min = 0;
+ DEBUGASSERT(backend);
+
GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
#endif /* CURL_BUILD_MAC */
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|| ssl_connect_2_reading == connssl->connecting_state
|| ssl_connect_2_writing == connssl->connecting_state);
+ DEBUGASSERT(backend);
/* Here goes nothing: */
err = SSLHandshake(backend->ssl_ctx);
CFIndex i, count;
SecTrustRef trust = NULL;
+ DEBUGASSERT(backend);
+
if(!show_verbose_server_cert && !data->set.ssl.certinfo)
return CURLE_OK;
(void) data;
+ DEBUGASSERT(backend);
+
if(backend->ssl_ctx) {
(void)SSLClose(backend->ssl_ctx);
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
char buf[120];
int loop = 10; /* avoid getting stuck */
+ DEBUGASSERT(backend);
+
if(!backend->ssl_ctx)
return 0;
OSStatus err;
SSLSessionState state;
+ DEBUGASSERT(backend);
+
if(backend->ssl_ctx) {
err = SSLGetSessionState(backend->ssl_ctx, &state);
if(err == noErr)
OSStatus err;
size_t buffer;
+ DEBUGASSERT(backend);
+
if(backend->ssl_ctx) { /* SSL is in use */
err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer);
if(err == noErr)
size_t processed = 0UL;
OSStatus err;
+ DEBUGASSERT(backend);
+
/* The SSLWrite() function works a little differently than expected. The
fourth argument (processed) is currently documented in Apple's
documentation as: "On return, the length, in bytes, of the data actually
size_t processed = 0UL;
OSStatus err;
+ DEBUGASSERT(backend);
+
again:
err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed);
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return backend->ssl_ctx;
}
pbdata = conn->proxy_ssl[sockindex].backend;
conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
+ DEBUGASSERT(pbdata != NULL);
+
memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
#define use_sni(x) Curl_nop_stmt
#endif
+ DEBUGASSERT(backend);
+
if(connssl->state == ssl_connection_complete)
return CURLE_OK;
const char * const dispname = SSL_HOST_DISPNAME();
const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
+ DEBUGASSERT(backend);
+
ERR_clear_error();
conn->recv[sockindex] = wolfssl_recv;
struct ssl_backend_data *backend = connssl->backend;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+ DEBUGASSERT(backend);
if(SSL_SET_OPTION(primary.sessionid)) {
bool incache;
int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
int rc;
+ DEBUGASSERT(backend);
+
ERR_clear_error();
rc = SSL_write(backend->handle, mem, memlen);
(void) data;
+ DEBUGASSERT(backend);
+
if(backend->handle) {
char buf[32];
/* Maybe the server has already sent a close notify alert.
int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
int nread;
+ DEBUGASSERT(backend);
+
ERR_clear_error();
nread = SSL_read(backend->handle, buf, buffsize);
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
struct ssl_backend_data *backend = connssl->backend;
+ DEBUGASSERT(backend);
if(backend->handle) /* SSL is in use */
return (0 != SSL_pending(backend->handle)) ? TRUE : FALSE;
else
(void) data;
+ DEBUGASSERT(backend);
+
if(backend->handle) {
ERR_clear_error();
SSL_free(backend->handle);
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
+ DEBUGASSERT(backend);
return backend->handle;
}
projects / thirdparty / curl.git / commitdiff
