317 static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl);
416 static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)  in ossl_certchain()  argument
424   DEBUGASSERT(ssl);  in ossl_certchain()
426   sk = SSL_get_peer_cert_chain(ssl);  in ossl_certchain()
875 static void ossl_keylog_callback(const SSL *ssl, const char *line)  in ossl_keylog_callback()  argument
877   (void)ssl;  in ossl_keylog_callback()
887 ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)  in ossl_log_tls12_secret()  argument
889   const SSL_SESSION *session = SSL_get_session(ssl);  in ossl_log_tls12_secret()
902   SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);  in ossl_log_tls12_secret()
906   if(ssl->s3 && session->master_key_length > 0) {  in ossl_log_tls12_secret()
909     memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);  in ossl_log_tls12_secret()
1310     SSL *ssl;  in cert_stuff()  local
1629     ssl = SSL_new(ctx);  in cert_stuff()
1630     if(!ssl) {  in cert_stuff()
1635     x509 = SSL_get_certificate(ssl);  in cert_stuff()
1641       EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));  in cert_stuff()
1650       EVP_PKEY *priv_key = SSL_get_privatekey(ssl);  in cert_stuff()
1666     SSL_free(ssl);  in cert_stuff()
1898   if(!octx->ssl || cf->shutdown) {  in ossl_shutdown()
1905   if(!(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) {  in ossl_shutdown()
1910       nread = SSL_read(octx->ssl, buf, (int)sizeof(buf));  in ossl_shutdown()
1915     err = SSL_get_error(octx->ssl, nread);  in ossl_shutdown()
1938   if(send_shutdown && !(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) {  in ossl_shutdown()
1941     if(SSL_shutdown(octx->ssl) == 1) {  in ossl_shutdown()
1946     if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) {  in ossl_shutdown()
1957     nread = SSL_read(octx->ssl, buf, (int)sizeof(buf));  in ossl_shutdown()
1962   err = SSL_get_error(octx->ssl, nread);  in ossl_shutdown()
1965     if(SSL_shutdown(octx->ssl) == 1)  in ossl_shutdown()
2009   if(octx->ssl) {  in ossl_close()
2010     SSL_free(octx->ssl);  in ossl_close()
2011     octx->ssl = NULL;  in ossl_close()
2333   len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status);  in verifystatus()
2363   ch = SSL_get_peer_cert_chain(octx->ssl);  in verifystatus()
2406   cert = SSL_get1_peer_certificate(octx->ssl);  in verifystatus()
2589                        const void *buf, size_t len, SSL *ssl,  in ossl_trace()  argument
2691   (void) ssl;  in ossl_trace()
2931 static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)  in ossl_new_session_cb()  argument
2937   cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);  in ossl_new_session_cb()
3790   if(data->set.ssl.fsslctx) {  in Curl_ossl_ctx_init()
3801     result = (*data->set.ssl.fsslctx)(data, octx->ssl_ctx,  in Curl_ossl_ctx_init()
3802                                       data->set.ssl.fsslctxp);  in Curl_ossl_ctx_init()
3811   if(octx->ssl)  in Curl_ossl_ctx_init()
3812     SSL_free(octx->ssl);  in Curl_ossl_ctx_init()
3813   octx->ssl = SSL_new(octx->ssl_ctx);  in Curl_ossl_ctx_init()
3814   if(!octx->ssl) {  in Curl_ossl_ctx_init()
3819   SSL_set_app_data(octx->ssl, ssl_user_data);  in Curl_ossl_ctx_init()
3824     SSL_set_tlsext_status_type(octx->ssl, TLSEXT_STATUSTYPE_ocsp);  in Curl_ossl_ctx_init()
3829   SSL_set_renegotiate_mode(octx->ssl, ssl_renegotiate_freely);  in Curl_ossl_ctx_init()
3832   SSL_set_connect_state(octx->ssl);  in Curl_ossl_ctx_init()
3837     if(!SSL_set_tlsext_host_name(octx->ssl, peer->sni)) {  in Curl_ossl_ctx_init()
3853       SSL_set_enable_ech_grease(octx->ssl, 1);  in Curl_ossl_ctx_init()
3855       SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE);  in Curl_ossl_ctx_init()
3874       if(SSL_set1_ech_config_list(octx->ssl, ech_config,  in Curl_ossl_ctx_init()
3891       if(SSL_ech_set1_echconfig(octx->ssl, ech_config, ech_config_len) != 1) {  in Curl_ossl_ctx_init()
3921           if(SSL_ech_set1_echconfig(octx->ssl, ecl, elen) != 1) {  in Curl_ossl_ctx_init()
3927           if(SSL_set1_ech_config_list(octx->ssl, ecl, elen) != 1) {  in Curl_ossl_ctx_init()
3955       result = SSL_ech_set_server_names(octx->ssl,  in Curl_ossl_ctx_init()
3965        && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {  in Curl_ossl_ctx_init()
3983         if(!SSL_set_session(octx->ssl, ssl_session)) {  in Curl_ossl_ctx_init()
4050   SSL_set0_rbio(octx->ssl, bio);  in ossl_connect_step1()
4051   SSL_set0_wbio(octx->ssl, bio);  in ossl_connect_step1()
4053   SSL_set_bio(octx->ssl, bio, bio);  in ossl_connect_step1()
4068 static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl,  in ossl_trace_ech_retry_configs()  argument
4090   rv = SSL_ech_get_retry_config(ssl, &rcs, &rcl);  in ossl_trace_ech_retry_configs()
4092   SSL_get0_ech_retry_configs(ssl, &rcs, &rcl);  in ossl_trace_ech_retry_configs()
4107     rv = SSL_ech_get_status(ssl, &inner, &outer);  in ossl_trace_ech_retry_configs()
4111     rv = SSL_ech_accepted(ssl);  in ossl_trace_ech_retry_configs()
4112     servername_type = SSL_get_servername_type(ssl);  in ossl_trace_ech_retry_configs()
4113     inner = SSL_get_servername(ssl, servername_type);  in ossl_trace_ech_retry_configs()
4114     SSL_get0_ech_name_override(ssl, &outer, &out_name_len);  in ossl_trace_ech_retry_configs()
4143   err = SSL_connect(octx->ssl);
4159     ossl_log_tls12_secret(octx->ssl, &octx->keylog_done);
4166     int detail = SSL_get_error(octx->ssl, err);
4220         lerr = SSL_get_verify_result(octx->ssl);
4253         ossl_trace_ech_retry_configs(data, octx->ssl, reason);
4295     SSL_get_peer_signature_type_nid(octx->ssl, &psigtype_nid);
4297     negotiated_group_name = SSL_get0_group_name(octx->ssl);
4300       OBJ_nid2sn(SSL_get_negotiated_group(octx->ssl) & 0x0000FFFF);
4306           SSL_get_version(octx->ssl),
4307           SSL_get_cipher(octx->ssl),
4318       rv = SSL_ech_get_status(octx->ssl, &inner, &outer);
4359         ossl_trace_ech_retry_configs(data, octx->ssl, 0);
4380       SSL_get0_alpn_selected(octx->ssl, &neg_protocol, &len);
4454 static void infof_certstack(struct Curl_easy *data, const SSL *ssl)  argument
4461   verify_result = SSL_get_verify_result(ssl);
4463     certstack = SSL_get_peer_cert_chain(ssl);
4465     certstack = SSL_get0_verified_chain(ssl);
4514 #define infof_certstack(data, ssl)  argument
4550   if(data->set.ssl.certinfo)
4552     (void)ossl_certchain(data, octx->ssl);
4554   octx->server_cert = SSL_get1_peer_certificate(octx->ssl);
4681     lerr = SSL_get_verify_result(octx->ssl);
4700   infof_certstack(data, octx->ssl);
4906   if(octx->ssl && SSL_pending(octx->ssl))
4934   rc = SSL_write(octx->ssl, mem, memlen);
4937     err = SSL_get_error(octx->ssl, rc);
5019   nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize);
5023     int err = SSL_get_error(octx->ssl, (int)nread);
5139   cert = SSL_get1_peer_certificate(octx->ssl);
5326     (void *)octx->ssl_ctx : (void *)octx->ssl;

Last Index update Sun Nov 24 20:08:14 UTC 2024

Dedicated to & Maintained by Room-11