gtls: fix build with HTTP2

vtls: Removed unimplemented overrides of curlssl_close_all()

Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls

vtls: Removed unimplemented overrides of curlssl_close_all()

Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()

show more ...

copyright years: after OCSP stapling changes

gtls: add support for the Certificate Status Request TLS extension

Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or highe

gtls: add support for the Certificate Status Request TLS extension

Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.

show more ...

vtls: Use bool for Curl_ssl_getsessionid() return type

The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as we

vtls: Use bool for Curl_ssl_getsessionid() return type

The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as well as
the variables that store the return value, to avoid any confusion.

show more ...

gtls: Use preferred 'CURLcode result'

http2: avoid logging neg "failure" if h2 was not requested

gnutls: removed dead code

Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien

pinning: minor code style policing

Factorize pinned public key code into generic file handling and backend specific

GnuTLS: Implement public key pinning

gtls: only define Curl_gtls_seed if Nettle is not being used

vtls: make the random function mandatory in the TLS backend

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then

vtls: make the random function mandatory in the TLS backend

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.

show more ...

gnutls: fix compiler warning

conversion to 'int' from 'long int' may alter its value

gnutls: detect lack of SRP support in GnuTLS at run-time and try without

Reported-by: David Woodhouse

gnutls: handle IP address in cert name check

Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
didn't actually check IP addresses in SubjectAltName, even though it was

gnutls: handle IP address in cert name check

Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
didn't actually check IP addresses in SubjectAltName, even though it was
explicitly documented as doing so. So do it ourselves...

show more ...

gnutls: improved error message if setting cipher list fails

Reported-by: David Woodhouse

gnutls: fixed a couple of uninitialized variable references

gnutls: fixed compilation against versions < 2.12.0

The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
the code path in which they're referenced here is only ever used fo

gnutls: fixed compilation against versions < 2.12.0

The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
the code path in which they're referenced here is only ever used for
somewhat older GnuTLS versions. This caused undeclared identifier errors
when compiling against those.

show more ...

gnutls: explicitly added SRP to the priority string

This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTL

gnutls: explicitly added SRP to the priority string

This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.

show more ...

gnutls: ignore invalid certificate dates with VERIFYPEER disabled

This makes the behaviour consistent with what happens if a date can
be extracted from the certificate but is expired.

gnutls: allow building with nghttp2 but without ALPN support

It might not be the most useful combo, but...

gnutls: don't use deprecated type names anymore

gtls: fix NULL pointer dereference

gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Di

gtls: fix NULL pointer dereference

gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon

show more ...

http2: remove _DRAFT09 from the NPN_HTTP2 enum

We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.