Lines Matching refs:octx
755 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_bio_cf_out_write() local
769 octx->io_result = result; in ossl_bio_cf_out_write()
781 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_bio_cf_in_read() local
797 octx->io_result = result; in ossl_bio_cf_in_read()
808 if(!octx->x509_store_setup) { in ossl_bio_cf_in_read()
809 result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx); in ossl_bio_cf_in_read()
811 octx->io_result = result; in ossl_bio_cf_in_read()
814 octx->x509_store_setup = TRUE; in ossl_bio_cf_in_read()
1890 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_shutdown() local
1897 DEBUGASSERT(octx); in ossl_shutdown()
1898 if(!octx->ssl || cf->shutdown) { in ossl_shutdown()
1905 if(!(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { in ossl_shutdown()
1910 nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); in ossl_shutdown()
1915 err = SSL_get_error(octx->ssl, nread); in ossl_shutdown()
1938 if(send_shutdown && !(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { in ossl_shutdown()
1941 if(SSL_shutdown(octx->ssl) == 1) { in ossl_shutdown()
1946 if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) { in ossl_shutdown()
1957 nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); in ossl_shutdown()
1962 err = SSL_get_error(octx->ssl, nread); in ossl_shutdown()
1965 if(SSL_shutdown(octx->ssl) == 1) in ossl_shutdown()
2004 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_close() local
2007 DEBUGASSERT(octx); in ossl_close()
2009 if(octx->ssl) { in ossl_close()
2010 SSL_free(octx->ssl); in ossl_close()
2011 octx->ssl = NULL; in ossl_close()
2013 if(octx->ssl_ctx) { in ossl_close()
2014 SSL_CTX_free(octx->ssl_ctx); in ossl_close()
2015 octx->ssl_ctx = NULL; in ossl_close()
2016 octx->x509_store_setup = FALSE; in ossl_close()
2018 if(octx->bio_method) { in ossl_close()
2019 ossl_bio_cf_method_free(octx->bio_method); in ossl_close()
2020 octx->bio_method = NULL; in ossl_close()
2309 struct ossl_ctx *octx) in verifystatus() argument
2331 DEBUGASSERT(octx); in verifystatus()
2333 len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status); in verifystatus()
2363 ch = SSL_get_peer_cert_chain(octx->ssl); in verifystatus()
2369 st = SSL_CTX_get_cert_store(octx->ssl_ctx); in verifystatus()
2406 cert = SSL_get1_peer_certificate(octx->ssl); in verifystatus()
2822 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_set_ssl_version_min_max_legacy() local
2823 DEBUGASSERT(octx); in ossl_set_ssl_version_min_max_legacy()
2824 SSL_CTX_set_max_proto_version(octx->ssl_ctx, TLS1_3_VERSION); in ossl_set_ssl_version_min_max_legacy()
3475 CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, in Curl_ossl_ctx_init() argument
3558 DEBUGASSERT(!octx->ssl_ctx); in Curl_ossl_ctx_init()
3559 octx->ssl_ctx = SSL_CTX_new(req_method); in Curl_ossl_ctx_init()
3561 if(!octx->ssl_ctx) { in Curl_ossl_ctx_init()
3576 SSL_CTX_set_msg_callback(octx->ssl_ctx, ossl_trace); in Curl_ossl_ctx_init()
3577 SSL_CTX_set_msg_callback_arg(octx->ssl_ctx, cf); in Curl_ossl_ctx_init()
3657 result = ossl_set_ssl_version_min_max(cf, octx->ssl_ctx); in Curl_ossl_ctx_init()
3670 SSL_CTX_set_options(octx->ssl_ctx, ctx_options); in Curl_ossl_ctx_init()
3674 SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); in Curl_ossl_ctx_init()
3679 if(SSL_CTX_set_alpn_protos(octx->ssl_ctx, alpn, (int)alpn_len)) { in Curl_ossl_ctx_init()
3688 !cert_stuff(data, octx->ssl_ctx, in Curl_ossl_ctx_init()
3702 if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, ciphers)) { in Curl_ossl_ctx_init()
3713 if(!SSL_CTX_set_ciphersuites(octx->ssl_ctx, ciphers13)) { in Curl_ossl_ctx_init()
3724 SSL_CTX_set_post_handshake_auth(octx->ssl_ctx, 1); in Curl_ossl_ctx_init()
3731 if(!SSL_CTX_set1_curves_list(octx->ssl_ctx, curves)) { in Curl_ossl_ctx_init()
3745 if(!SSL_CTX_set_srp_username(octx->ssl_ctx, ssl_username)) { in Curl_ossl_ctx_init()
3749 if(!SSL_CTX_set_srp_password(octx->ssl_ctx, ssl_password)) { in Curl_ossl_ctx_init()
3756 if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, "SRP")) { in Curl_ossl_ctx_init()
3768 SSL_CTX_set_verify(octx->ssl_ctx, in Curl_ossl_ctx_init()
3774 SSL_CTX_set_keylog_callback(octx->ssl_ctx, ossl_keylog_callback); in Curl_ossl_ctx_init()
3783 SSL_CTX_set_session_cache_mode(octx->ssl_ctx, in Curl_ossl_ctx_init()
3786 SSL_CTX_sess_set_new_cb(octx->ssl_ctx, cb_new_session); in Curl_ossl_ctx_init()
3794 if(!octx->x509_store_setup) { in Curl_ossl_ctx_init()
3795 result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx); in Curl_ossl_ctx_init()
3798 octx->x509_store_setup = TRUE; in Curl_ossl_ctx_init()
3801 result = (*data->set.ssl.fsslctx)(data, octx->ssl_ctx, in Curl_ossl_ctx_init()
3811 if(octx->ssl) in Curl_ossl_ctx_init()
3812 SSL_free(octx->ssl); in Curl_ossl_ctx_init()
3813 octx->ssl = SSL_new(octx->ssl_ctx); in Curl_ossl_ctx_init()
3814 if(!octx->ssl) { in Curl_ossl_ctx_init()
3819 SSL_set_app_data(octx->ssl, ssl_user_data); in Curl_ossl_ctx_init()
3824 SSL_set_tlsext_status_type(octx->ssl, TLSEXT_STATUSTYPE_ocsp); in Curl_ossl_ctx_init()
3829 SSL_set_renegotiate_mode(octx->ssl, ssl_renegotiate_freely); in Curl_ossl_ctx_init()
3832 SSL_set_connect_state(octx->ssl); in Curl_ossl_ctx_init()
3834 octx->server_cert = 0x0; in Curl_ossl_ctx_init()
3837 if(!SSL_set_tlsext_host_name(octx->ssl, peer->sni)) { in Curl_ossl_ctx_init()
3853 SSL_set_enable_ech_grease(octx->ssl, 1); in Curl_ossl_ctx_init()
3855 SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE); in Curl_ossl_ctx_init()
3874 if(SSL_set1_ech_config_list(octx->ssl, ech_config, in Curl_ossl_ctx_init()
3891 if(SSL_ech_set1_echconfig(octx->ssl, ech_config, ech_config_len) != 1) { in Curl_ossl_ctx_init()
3921 if(SSL_ech_set1_echconfig(octx->ssl, ecl, elen) != 1) { in Curl_ossl_ctx_init()
3927 if(SSL_set1_ech_config_list(octx->ssl, ecl, elen) != 1) { in Curl_ossl_ctx_init()
3955 result = SSL_ech_set_server_names(octx->ssl, in Curl_ossl_ctx_init()
3965 && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) { in Curl_ossl_ctx_init()
3974 octx->reused_session = FALSE; in Curl_ossl_ctx_init()
3983 if(!SSL_set_session(octx->ssl, ssl_session)) { in Curl_ossl_ctx_init()
3994 octx->reused_session = TRUE; in Curl_ossl_ctx_init()
4011 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; in ossl_connect_step1() local
4017 DEBUGASSERT(octx); in ossl_connect_step1()
4029 result = Curl_ossl_ctx_init(octx, cf, data, &connssl->peer, TRNSPRT_TCP, in ossl_connect_step1()
4035 octx->bio_method = ossl_bio_cf_method_create(); in ossl_connect_step1()
4036 if(!octx->bio_method) in ossl_connect_step1()
4038 bio = BIO_new(octx->bio_method); in ossl_connect_step1()
4050 SSL_set0_rbio(octx->ssl, bio); in ossl_connect_step1()
4051 SSL_set0_wbio(octx->ssl, bio); in ossl_connect_step1()
4053 SSL_set_bio(octx->ssl, bio, bio); in ossl_connect_step1()
4135 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
4138 DEBUGASSERT(octx);
4143 err = SSL_connect(octx->ssl);
4145 if(!octx->x509_store_setup) {
4148 CURLcode result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
4151 octx->x509_store_setup = TRUE;
4158 if(Curl_tls_keylog_enabled() && !octx->keylog_done)
4159 ossl_log_tls12_secret(octx->ssl, &octx->keylog_done);
4166 int detail = SSL_get_error(octx->ssl, err);
4220 lerr = SSL_get_verify_result(octx->ssl);
4253 ossl_trace_ech_retry_configs(data, octx->ssl, reason);
4295 SSL_get_peer_signature_type_nid(octx->ssl, &psigtype_nid);
4297 negotiated_group_name = SSL_get0_group_name(octx->ssl);
4300 OBJ_nid2sn(SSL_get_negotiated_group(octx->ssl) & 0x0000FFFF);
4306 SSL_get_version(octx->ssl),
4307 SSL_get_cipher(octx->ssl),
4318 rv = SSL_ech_get_status(octx->ssl, &inner, &outer);
4359 ossl_trace_ech_retry_configs(data, octx->ssl, 0);
4380 SSL_get0_alpn_selected(octx->ssl, &neg_protocol, &len);
4521 struct ossl_ctx *octx, argument
4537 DEBUGASSERT(octx);
4552 (void)ossl_certchain(data, octx->ssl);
4554 octx->server_cert = SSL_get1_peer_certificate(octx->ssl);
4555 if(!octx->server_cert) {
4567 result = x509_name_oneline(X509_get_subject_name(octx->server_cert),
4574 ASN1_TIME_print(mem, X509_get0_notBefore(octx->server_cert));
4579 ASN1_TIME_print(mem, X509_get0_notAfter(octx->server_cert));
4589 result = ossl_verifyhost(data, conn, peer, octx->server_cert);
4591 X509_free(octx->server_cert);
4592 octx->server_cert = NULL;
4598 result = x509_name_oneline(X509_get_issuer_name(octx->server_cert),
4623 X509_free(octx->server_cert);
4624 octx->server_cert = NULL;
4636 X509_free(octx->server_cert);
4637 octx->server_cert = NULL;
4646 X509_free(octx->server_cert);
4647 octx->server_cert = NULL;
4659 X509_free(octx->server_cert);
4660 octx->server_cert = NULL;
4664 if(X509_check_issued(issuer, octx->server_cert) != X509_V_OK) {
4670 X509_free(octx->server_cert);
4671 octx->server_cert = NULL;
4681 lerr = SSL_get_verify_result(octx->ssl);
4700 infof_certstack(data, octx->ssl);
4704 if(conn_config->verifystatus && !octx->reused_session) {
4706 result = verifystatus(cf, data, octx);
4723 X509_free(octx->server_cert);
4724 octx->server_cert = NULL;
4742 result = ossl_pkp_pin_peer_pubkey(data, octx->server_cert, ptr);
4747 X509_free(octx->server_cert);
4748 octx->server_cert = NULL;
4758 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
4769 result = Curl_oss_check_peer_cert(cf, data, octx, &connssl->peer);
4902 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
4905 DEBUGASSERT(connssl && octx);
4906 if(octx->ssl && SSL_pending(octx->ssl))
4925 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
4928 DEBUGASSERT(octx);
4934 rc = SSL_write(octx->ssl, mem, memlen);
4937 err = SSL_get_error(octx->ssl, rc);
4953 if(octx->io_result == CURLE_AGAIN) {
5010 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
5013 DEBUGASSERT(octx);
5019 nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize);
5023 int err = SSL_get_error(octx->ssl, (int)nread);
5048 if(octx->io_result == CURLE_AGAIN) {
5118 struct ossl_ctx *octx = NULL; local
5125 octx = (struct ossl_ctx *)connssl->backend;
5134 if(!octx) {
5139 cert = SSL_get1_peer_certificate(octx->ssl);
5323 struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; local
5324 DEBUGASSERT(octx);
5326 (void *)octx->ssl_ctx : (void *)octx->ssl;
