#include "vtls/openssl.h"
#elif defined(USE_GNUTLS)
#include <ngtcp2/ngtcp2_crypto_gnutls.h>
+#include "vtls/gtls.h"
#endif
#include "urldata.h"
#include "sendf.h"
static CURLcode ng_has_connected(struct Curl_easy *data,
struct connectdata *conn, int tempindex)
{
+ CURLcode result = CURLE_OK;
conn->recv[FIRSTSOCKET] = ngh3_stream_recv;
conn->send[FIRSTSOCKET] = ngh3_stream_send;
conn->handler = &Curl_handler_http3;
conn->bundle->multiuse = BUNDLE_MULTIPLEX;
conn->quic = &conn->hequic[tempindex];
-#ifdef USE_OPENSSL
if(conn->ssl_config.verifyhost) {
+#ifdef USE_OPENSSL
X509 *server_cert;
CURLcode result;
server_cert = SSL_get_peer_certificate(conn->quic->ssl);
if(result)
return result;
infof(data, "Verified certificate just fine");
+#else
+ result = Curl_gtls_verifyserver(data, conn, conn->quic->ssl, FIRSTSOCKET);
+#endif
}
else
infof(data, "Skipped certificate verification");
-#else
- (void)data;
-#endif
- return CURLE_OK;
+ return result;
}
/*
goto error;
if(ngtcp2_conn_get_handshake_completed(qs->qconn)) {
- *done = TRUE;
result = ng_has_connected(data, conn, sockindex);
+ if(!result)
+ *done = TRUE;
}
return result;
static Curl_recv gtls_recv;
static Curl_send gtls_send;
-static CURLcode
-gtls_connect_step3(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex)
+CURLcode
+Curl_gtls_verifyserver(struct Curl_easy *data,
+ struct connectdata *conn,
+ gnutls_session_t session,
+ int sockindex)
{
unsigned int cert_list_size;
const gnutls_datum_t *chainp;
size_t size;
time_t certclock;
const char *ptr;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct ssl_backend_data *backend = connssl->backend;
- gnutls_session_t session = backend->session;
int rc;
gnutls_datum_t proto;
CURLcode result = CURLE_OK;
}
conn->ssl[sockindex].state = ssl_connection_complete;
- conn->recv[sockindex] = gtls_recv;
- conn->send[sockindex] = gtls_send;
if(SSL_SET_OPTION(primary.sessionid)) {
/* we always unconditionally get the session id here, as even if we
/* Finish connecting once the handshake is done */
if(ssl_connect_1 == connssl->connecting_state) {
- rc = gtls_connect_step3(data, conn, sockindex);
+ struct ssl_backend_data *backend = connssl->backend;
+ gnutls_session_t session = backend->session;
+ rc = Curl_gtls_verifyserver(data, conn, session, sockindex);
if(rc)
return rc;
+ conn->recv[sockindex] = gtls_recv;
+ conn->send[sockindex] = gtls_send;
}
*done = ssl_connect_1 == connssl->connecting_state;
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#include "urldata.h"
+CURLcode
+Curl_gtls_verifyserver(struct Curl_easy *data, struct connectdata *conn,
+ gnutls_session_t session,
+ int sockindex);
extern const struct Curl_ssl Curl_ssl_gnutls;
#endif /* USE_GNUTLS */
projects / thirdparty / curl.git / commitdiff
