diff options
| author | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-23 01:34:18 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-23 01:34:18 +0300 |
| commit | 70d823f7ee62199b67f5fbe469005124ffe1fe93 (patch) | |
| tree | 82277ba9117d43c5a5f973825b38a2ffe7d95818 /contrib/libs/curl/lib/vtls/sectransp.c | |
| parent | 19b525690e0c7788c39d741ea94023b64ae31a89 (diff) | |
| download | ydb-70d823f7ee62199b67f5fbe469005124ffe1fe93.tar.gz | |
Update contrib/libs/curl to 7.82.0
ref:0a102f02466c720a2ee37f41ed197348e7b727bd
Diffstat (limited to 'contrib/libs/curl/lib/vtls/sectransp.c')
| -rw-r--r-- | contrib/libs/curl/lib/vtls/sectransp.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c index f7a20b20b1..b2e1727278 100644 --- a/contrib/libs/curl/lib/vtls/sectransp.c +++ b/contrib/libs/curl/lib/vtls/sectransp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. * * This software is licensed as described in the file COPYING, which @@ -603,7 +603,7 @@ const static struct st_cipher ciphertable[] = { CIPHER_WEAK_RC_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ "ECDH-ECDSA-DES-CBC3-SHA", - CIPHER_STRONG_ENOUGH), + CIPHER_WEAK_3DES_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ "ECDH-ECDSA-AES128-SHA", CIPHER_STRONG_ENOUGH), @@ -837,12 +837,14 @@ static OSStatus SocketRead(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; OSStatus rtn = noErr; size_t bytesRead; ssize_t rrtn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; for(;;) { @@ -898,13 +900,15 @@ static OSStatus SocketWrite(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; ssize_t length; size_t dataLen = *dataLength; const UInt8 *dataPtr = (UInt8 *)data; OSStatus ortn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; do { @@ -1376,6 +1380,8 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, long ssl_version_max = SSL_CONN_CONFIG(version_max); long max_supported_version_by_os; + DEBUGASSERT(backend); + /* macOS 10.5-10.7 supported TLS 1.0 only. macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ @@ -1684,6 +1690,8 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, #if CURL_BUILD_MAC int darwinver_maj = 0, darwinver_min = 0; + DEBUGASSERT(backend); + GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); #endif /* CURL_BUILD_MAC */ @@ -2028,8 +2036,13 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn->ssl_config.verifyhost) { - err = SSLSetPeerDomainName(backend->ssl_ctx, hostname, - strlen(hostname)); + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); if(err != noErr) { infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d", @@ -2542,6 +2555,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, DEBUGASSERT(ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(backend); /* Here goes nothing: */ err = SSLHandshake(backend->ssl_ctx); @@ -2918,6 +2932,8 @@ collect_server_cert(struct Curl_easy *data, CFIndex i, count; SecTrustRef trust = NULL; + DEBUGASSERT(backend); + if(!show_verbose_server_cert && !data->set.ssl.certinfo) return CURLE_OK; @@ -3162,6 +3178,8 @@ static void sectransp_close(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { (void)SSLClose(backend->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS @@ -3190,6 +3208,8 @@ static int sectransp_shutdown(struct Curl_easy *data, char buf[120]; int loop = 10; /* avoid getting stuck */ + DEBUGASSERT(backend); + if(!backend->ssl_ctx) return 0; @@ -3269,6 +3289,8 @@ static int sectransp_check_cxn(struct connectdata *conn) OSStatus err; SSLSessionState state; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { err = SSLGetSessionState(backend->ssl_ctx, &state); if(err == noErr) @@ -3286,6 +3308,8 @@ static bool sectransp_data_pending(const struct connectdata *conn, OSStatus err; size_t buffer; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { /* SSL is in use */ err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer); if(err == noErr) @@ -3347,6 +3371,8 @@ static ssize_t sectransp_send(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + /* The SSLWrite() function works a little differently than expected. The fourth argument (processed) is currently documented in Apple's documentation as: "On return, the length, in bytes, of the data actually @@ -3414,6 +3440,8 @@ static ssize_t sectransp_recv(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + again: err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed); @@ -3463,6 +3491,7 @@ static void *sectransp_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->ssl_ctx; } |