curl_mfprintf(stderr, "|<%d>| %s", level, str);
}
#endif
-static bool gtls_inited = FALSE;
#if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x03010a)
#error "too old GnuTLS version"
return (ssize_t)nread;
}
-/* gtls_init()
+/**
+ * gtls_init()
*
* Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
- * are not thread-safe and thus this function itself is not thread-safe and
- * must only be called from within curl_global_init() to keep the thread
- * situation under control!
+ * are not thread-safe (It is thread safe since GnuTLS 3.3.0) and thus this
+ * function itself is not thread-safe and must only be called from within
+ * curl_global_init() to keep the thread situation under control!
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
*/
static int gtls_init(void)
{
int ret = 1;
- if(!gtls_inited) {
- ret = gnutls_global_init() ? 0 : 1;
+ ret = gnutls_global_init() ? 0 : 1;
#ifdef GTLSDEBUG
- gnutls_global_set_log_function(tls_log_func);
- gnutls_global_set_log_level(2);
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
#endif
- gtls_inited = TRUE;
- }
return ret;
}
static void gtls_cleanup(void)
{
- if(gtls_inited) {
- gnutls_global_deinit();
- gtls_inited = FALSE;
- }
+ gnutls_global_deinit();
}
#ifndef CURL_DISABLE_VERBOSE_STRINGS
struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
unsigned int init_flags;
int rc;
- bool sni = TRUE; /* default is SNI enabled */
const char *prioritylist;
bool tls13support;
CURLcode result;
- if(!gtls_inited)
- gtls_init();
-
- if(config->version == CURL_SSLVERSION_SSLv2) {
- failf(data, "GnuTLS does not support SSLv2");
+ if(config->version == CURL_SSLVERSION_SSLv2 ||
+ config->version == CURL_SSLVERSION_SSLv3) {
+ failf(data, "GnuTLS does not support SSLv2 or SSLv3");
return CURLE_SSL_CONNECT_ERROR;
}
- else if(config->version == CURL_SSLVERSION_SSLv3)
- sni = FALSE; /* SSLv3 has no SNI */
/* allocate a shared creds struct */
result = Curl_gtls_shared_creds_create(data, >ls->shared_creds);
return CURLE_SSL_CONNECT_ERROR;
}
- if(sni && peer->sni) {
+ if(peer->sni) {
if(gnutls_server_name_set(gtls->session, GNUTLS_NAME_DNS,
peer->sni, strlen(peer->sni)) < 0) {
failf(data, "Failed to set SNI");
/* "In GnuTLS 3.6.5, TLS 1.3 is enabled by default" */
tls13support = !!gnutls_check_version("3.6.5");
- /* Ensure +SRP comes at the *end* of all relevant strings so that it can be
- * removed if a runtime error indicates that SRP is not supported by this
- * GnuTLS version */
-
- if(config->version == CURL_SSLVERSION_SSLv2 ||
- config->version == CURL_SSLVERSION_SSLv3) {
- failf(data, "GnuTLS does not support SSLv2 or SSLv3");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
if(config->version == CURL_SSLVERSION_TLSv1_3) {
if(!tls13support) {
failf(data, "This GnuTLS installation does not support TLS 1.3");
if(sess_reuse_cb) {
result = sess_reuse_cb(cf, data, &alpns, scs, &do_early_data);
if(result)
- goto out;
+ goto out;
}
if(do_early_data) {
/* We only try the ALPN protocol the session used before,
goto out;
}
- gnutls_ocsp_resp_init(&ocsp_resp);
+ rc = gnutls_ocsp_resp_init(&ocsp_resp);
+ if(rc < 0) {
+ failf(data, "Failed to initialize OCSP response object");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto out;
+ }
rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
if(rc < 0) {
projects / thirdparty / curl.git / commitdiff
