[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted fr
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted from SSLRead() |
Date: |
Fri, 07 Jun 2019 18:36:48 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 5c9b2e68a4e30f533a9da84d674f545c3dd27423
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu May 23 17:16:02 2019 +0200
sectransp: handle errSSLPeerAuthCompleted from SSLRead()
Reported-by: smuellerDD on github
Fixes #3932
Closes #3933
---
lib/vtls/sectransp.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 2fdf662a1..3fb125ab5 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -2111,8 +2111,8 @@ static int append_cert_to_array(struct Curl_easy *data,
return CURLE_OK;
}
-static int verify_cert(const char *cafile, struct Curl_easy *data,
- SSLContextRef ctx)
+static CURLcode verify_cert(const char *cafile, struct Curl_easy *data,
+ SSLContextRef ctx)
{
int n = 0, rc;
long res;
@@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int
sockindex)
Leopard's headers */
case -9841:
if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
- int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
- BACKEND->ssl_ctx);
- if(res != CURLE_OK)
- return res;
+ CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data,
+ BACKEND->ssl_ctx);
+ if(result)
+ return result;
}
/* the documentation says we need to call SSLHandshake() again */
return sectransp_connect_step2(conn, sockindex);
@@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn,
/*struct Curl_easy *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[num];
size_t processed = 0UL;
- OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
+ OSStatus err;
+
+ again:
+ err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
if(err != noErr) {
switch(err) {
@@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn,
return -1L;
break;
+ /* The below is errSSLPeerAuthCompleted; it's not defined in
+ Leopard's headers */
+ case -9841:
+ if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
+ CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data,
+ BACKEND->ssl_ctx);
+ if(result)
+ return result;
+ }
+ goto again;
default:
failf(conn->data, "SSLRead() return error %d", err);
*curlcode = CURLE_RECV_ERROR;
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 53/63: NTLM: reset proxy "multipass" state when CONNECT request is done, (continued)
- [GNUnet-SVN] [gnurl] 53/63: NTLM: reset proxy "multipass" state when CONNECT request is done, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 58/63: curl_share_setopt.3: improve wording [ci ship], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 56/63: TODO: "at least N milliseconds between requests" [ci skip], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 46/63: http2: Stop drain from being permanently set on, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 19/63: os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()., gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 24/63: tool_setopt: for builds with disabled-proxy, skip all proxy setopts(), gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 18/63: .github/FUNDING: mention our opencollective "home" [ci skip], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 20/63: md4: build correctly with openssl without MD4, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 16/63: tests: Fix the line endings for the SASL alt-auth tests, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 06/63: examples: remove dead variable stores, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted from SSLRead(),
gnunet <=
- [GNUnet-SVN] [gnurl] 38/63: url: default conn->port to the same as conn->remote_port, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 31/63: nss: allow to specify TLS 1.3 ciphers if supported by NSS, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 36/63: multi: track users of a socket better, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 28/63: FAQ: more minor updates and spelling fixes, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 34/63: cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 41/63: url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 40/63: http: fix "error: equality comparison with extraneous parentheses", gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 48/63: singlesocket: use separate variable for inner loop, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 52/63: test334: verify HTTP 204 response with chunked coding header, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 47/63: RELEASE-NOTES: synced, gnunet, 2019/06/07