[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 112/173: darwinssl: Avoid parsing certificates when
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 112/173: darwinssl: Avoid parsing certificates when not in verbose mode |
|
Date: |
Fri, 24 Feb 2017 14:02:14 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit 3509aa8023e394710a30b18d367f3fa0a9e57796
Author: Daniel Gustafsson <address@hidden>
AuthorDate: Sun Feb 5 10:26:07 2017 +0100
darwinssl: Avoid parsing certificates when not in verbose mode
The information extracted from the server certificates in step 3 is only
used when in verbose mode, and there is no error handling or validation
performed as that has already been done. Only run the certificate
information extraction when in verbose mode and libcurl was built with
verbose strings.
Closes https://github.com/curl/curl/pull/1246
---
lib/vtls/darwinssl.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 69cf11a2f..050bf960b 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -219,6 +219,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
return ortn;
}
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
{
switch(cipher) {
@@ -776,6 +777,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite
cipher)
}
return "TLS_NULL_WITH_NULL_NULL";
}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#if CURL_BUILD_MAC
CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
@@ -2037,9 +2039,11 @@ darwinssl_connect_step2(struct connectdata *conn, int
sockindex)
}
}
-static CURLcode
-darwinssl_connect_step3(struct connectdata *conn,
- int sockindex)
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+/* This should be called during step3 of the connection at the earliest */
+static void
+show_verbose_server_cert(struct connectdata *conn,
+ int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -2051,9 +2055,9 @@ darwinssl_connect_step3(struct connectdata *conn,
CFIndex i, count;
SecTrustRef trust = NULL;
- /* There is no step 3!
- * Well, okay, if verbose mode is on, let's print the details of the
- * server certificates. */
+ if(!connssl->ssl_ctx)
+ return;
+
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
#if CURL_BUILD_IOS
#pragma unused(server_certs)
@@ -2150,6 +2154,23 @@ darwinssl_connect_step3(struct connectdata *conn,
CFRelease(server_certs);
}
#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
+
+static CURLcode
+darwinssl_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ /* There is no step 3!
+ * Well, okay, if verbose mode is on, let's print the details of the
+ * server certificates. */
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ if(data->set.verbose)
+ show_verbose_server_cert(conn, sockindex);
+#endif
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 50/173: url: Fix NO_PROXY env var to work properly with --proxy option., (continued)
- [GNUnet-SVN] [gnurl] 50/173: url: Fix NO_PROXY env var to work properly with --proxy option., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 68/173: TODO: send only part of --data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 61/173: unix_socket: add support for abstract unix domain socket, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 92/173: telnet: fix windows compiler warnings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 84/173: vtls: fix mbedtls multi non blocking handshake., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 104/173: cmake: Support curl --xattr when built with cmake, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 76/173: parseurl: move back buffer to function scope, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 77/173: usercertinmem.c: improve the short description, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 101/173: docs: we no longer ship HTML versions of man pages, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 96/173: polarssl: fix hangs, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 112/173: darwinssl: Avoid parsing certificates when not in verbose mode,
gnunet <=
- [GNUnet-SVN] [gnurl] 95/173: cookies: do not assume a valid domain has a dot, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 66/173: TODO: Chunked transfer multipart formpost, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 137/173: TODO: consider file name from the redirected URL with -O ?, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 107/173: use *.sourceforge.io and misc URL updates, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 70/173: docs: improved language in README.md HISTORY.md CONTRIBUTE.md, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 113/173: test552: Fix typos, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 131/173: configure: Allow disabling pthreads, fall back on Win32 threads, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 103/173: openssl: Don't use certificate after transferring ownership, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 141/173: proxy: fix hostname resolution and IDN conversion, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 40/173: sws: retry send() on EWOULDBLOCK, gnunet, 2017/02/24