[GNUnet-SVN] [gnurl] 99/205: mbedtls: add support for CURLOPT_SSL_CTX

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 99/205: mbedtls: add support for CURLOPT_SSL_CTX_FU

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 99/205: mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
Date:	Thu, 20 Apr 2017 16:20:39 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.54.0
in repository gnurl.

commit a360906de63debbf1f2f2a0eb008443a2df17291
Author: Ales Mlakar <address@hidden>
AuthorDate: Tue Feb 21 13:15:56 2017 +0100

    mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
    
    Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html
    
    Closes https://github.com/curl/curl/pull/1272
---
 docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 21 ++++++++++++---------
 lib/vtls/mbedtls.c                           | 10 ++++++++++
 lib/vtls/mbedtls.h                           |  3 +++
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 
b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
index b26012670..2f71495b7 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -22,7 +22,7 @@
 .\"
 .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" 
"curl_easy_setopt options"
 .SH NAME
-CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL
+CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL/CyaSSL 
or mbedTLS
 .SH SYNOPSIS
 .nf
 #include <curl/curl.h>
@@ -32,8 +32,9 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void 
*userptr);
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
                           ssl_ctx_callback);
 .SH DESCRIPTION
-This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If
-libcurl was built against another SSL library this functionality is absent.
+This option only works for libcurl powered by OpenSSL, wolfSSL/CyaSSL or
+mbedTLS. If libcurl was built against another SSL library this functionality is
+absent.
 
 Pass a pointer to your callback function, which should match the prototype
 shown above.
@@ -42,13 +43,15 @@ This callback function gets called by libcurl just before 
the initialization
 of an SSL connection after having processed all other SSL related options to
 give a last chance to an application to modify the behaviour of the SSL
 initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
-library's \fISSL_CTX\fP. If an error is returned from the callback no attempt
-to establish a connection is made and the perform operation will return the
-callback's error code. Set the \fIuserptr\fP argument with the
+library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to
+\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback
+no attempt to establish a connection is made and the perform operation will
+return the callback's error code. Set the \fIuserptr\fP argument with the
 \fICURLOPT_SSL_CTX_DATA(3)\fP option.
 
 This function will get called on all new connections made to a server, during
-the SSL negotiation. The SSL_CTX pointer will be a new one every time.
+the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object
+each time, but note the pointer may be the same as from a prior call.
 
 To use this properly, a non-trivial amount of knowledge of your SSL library is
 necessary. For example, you can use this function to call library-specific
@@ -133,8 +136,8 @@ int main(void)
 }
 .fi
 .SH AVAILABILITY
-Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
-backends not supported.
+Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Added in
+7.54.0 for mbedTLS. Other SSL backends not supported.
 .SH RETURN VALUE
 CURLE_OK if supported; or an error such as:
 
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index b13171363..7cd2d6d0f 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -495,6 +495,16 @@ mbed_connect_step1(struct connectdata *conn,
   mbedtls_debug_set_threshold(4);
 #endif
 
+  /* give application a chance to interfere with mbedTLS set up. */
+  if(data->set.ssl.fsslctx) {
+    ret = (*data->set.ssl.fsslctx)(data, &connssl->config,
+                                   data->set.ssl.fsslctxp);
+    if(ret) {
+      failf(data, "error signaled by ssl ctx callback");
+      return ret;
+    }
+  }
+
   connssl->connecting_state = ssl_connect_2;
 
   return CURLE_OK;
diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index 5b0bcf6d7..71d17a491 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -56,6 +56,9 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned 
char *entropy,
 /* this backends supports CURLOPT_PINNEDPUBLICKEY */
 #define have_curlssl_pinnedpubkey 1
 
+/* this backend supports CURLOPT_SSL_CTX_* */
+#define have_curlssl_ssl_ctx 1
+
 /* API setup for mbedTLS */
 #define curlssl_init() Curl_mbedtls_init()
 #define curlssl_cleanup() Curl_mbedtls_cleanup()

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 171/205: schannel: fix compiler warnings, (continued)
- [GNUnet-SVN] [gnurl] 171/205: schannel: fix compiler warnings, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 183/205: poll: prefer <poll.h> over <sys/poll.h>, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 43/205: Makefile.am: Added scripts/updatemanpages.pl to EXTRA_DIST, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 194/205: .gitattributes: force shell scripts to LF, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 68/205: mbedtls: fix typo in variable name, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 198/205: openssl: make SSL_ERROR_to_str more future-proof, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 178/205: libcurl-thread.3: also mention threaded-resolver, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 145/205: docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 156/205: tool: fix Windows Unicode build, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 59/205: openssl: add two /* FALLTHROUGH */ to satisfy coverity, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 99/205: mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION, gnunet <=
- [GNUnet-SVN] [gnurl] 203/205: RELEASE-NOTES: curl 7.54.0, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 112/205: spelling fixes, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 93/205: RELEASE-NOTES: synced with 6e0f26c8a8c28df, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 111/205: curl: check for end of input in writeout backslash handling, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 163/205: test1541: ignore the curl_off_t variable type name comparison, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 107/205: openssl: made the error table static const, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 151/205: llist: replace Curl_llist_alloc with Curl_llist_init, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 164/205: INSTALL.cmake: more problems, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 133/205: gcc7: fix ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context], gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 148/205: include: curl/system.h is a run-time version of curlbuild.h, gnunet, 2017/04/20

Prev by Date: [GNUnet-SVN] [gnurl] 59/205: openssl: add two /* FALLTHROUGH */ to satisfy coverity
Next by Date: [GNUnet-SVN] [gnurl] 203/205: RELEASE-NOTES: curl 7.54.0
Previous by thread: [GNUnet-SVN] [gnurl] 59/205: openssl: add two /* FALLTHROUGH */ to satisfy coverity
Next by thread: [GNUnet-SVN] [gnurl] 203/205: RELEASE-NOTES: curl 7.54.0
Index(es):
- Date
- Thread