By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"

schannel: Removed curl_ prefix from source files

Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.

vtls: Separate the SSL backend definition from the API setup

Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.

vtls: Fixed compilation errors when SSL not used

Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_ce

vtls: Fixed compilation errors when SSL not used

Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt

show more ...

url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066

url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.

show more ...

vtls: Use CURLcode for Curl_ssl_init_certinfo() return type

The return type for this function was 0 on success and 1 on error. This
was then examined by the calling functions and, in mos

vtls: Use CURLcode for Curl_ssl_init_certinfo() return type

The return type for this function was 0 on success and 1 on error. This
was then examined by the calling functions and, in most cases, used to
return CURLE_OUT_OF_MEMORY.

Instead use CURLcode for the return type and return the out of memory
error directly, propagating it up the call stack.

show more ...

vtls: Use bool for Curl_ssl_getsessionid() return type

The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as we

vtls: Use bool for Curl_ssl_getsessionid() return type

The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as well as
the variables that store the return value, to avoid any confusion.

show more ...

SSL: Add PEM format support for public key pinning

vtls.h: Fixed compiler warning when compiled without SSL

vtls.c:185:46: warning: unused parameter 'data'

Factorize pinned public key code into generic file handling and backend specific

vtls: remove QsoSSL

vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation

vtls: have vtls.h include the backend header files

It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend

vtls: have vtls.h include the backend header files

It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend
basis but vtls.h didn't include the backend headers.

CURLOPT_CERTINFO was one such feature that was accidentally disabled.

show more ...

ssl: provide Curl_ssl_backend even if no SSL library is available

ssl: generalize how the ssl backend identifier is set

Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.

vtls: repair build without TLS support

... by defining Curl_ssl_random() properly

vtls: make the random function mandatory in the TLS backend

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then

vtls: make the random function mandatory in the TLS backend

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.

show more ...

NTLM: set a fake entropy for debug builds with CURL_ENTROPY set

Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verif

NTLM: set a fake entropy for debug builds with CURL_ENTROPY set

Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations

show more ...

ALPN: fix typo in http/1.1 identifier

According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05
it is "http/1.1" and not "http/1.0".

gtls: add ALPN support

Add ALPN support when using GnuTLS >= 3.2.0. This allows
libcurl to negotiate HTTP/2.0 for https connections when
built with GnuTLS.

See:
http://w

gtls: add ALPN support

Add ALPN support when using GnuTLS >= 3.2.0. This allows
libcurl to negotiate HTTP/2.0 for https connections when
built with GnuTLS.

See:
http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04

show more ...

vtls: renamed sslgen.[ch] to vtls.[ch]