diff --git a/configure.ac b/configure.ac index 7ca2145..f38d53e 100644 --- a/configure.ac +++ b/configure.ac @@ -122,7 +122,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-ssl / --with-gnutls / --with-nss)" + curl_ssl_msg="no (--with-ssl / --with-gnutls / --with-polarssl / --with-nss)" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_krb4_msg="no (--with-krb4*)" @@ -1697,6 +1697,89 @@ if test "$OPENSSL_ENABLED" != "1"; then fi dnl OPENSSL != 1 dnl ---------------------------------------------------- +dnl check for PolarSSL +dnl ---------------------------------------------------- + +dnl Default to compiler & linker defaults for PolarSSL files & libraries. +OPT_POLARSSL=no + +_cppflags=$CPPFLAGS +_ldflags=$LDFLAGS +AC_ARG_WITH(polarssl,dnl +AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points to the installation root (default: /usr/local/)]) +AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]), + OPT_POLARSSL=$withval) + +if test "$OPENSSL_ENABLED" != "1"; then + + if test X"$OPT_POLARSSL" != Xno; then + + if test "$OPT_POLARSSL" = "yes"; then + OPT_POLARSSL="" + fi + + if test -z "$OPT_POLARSSL" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(polarssl, havege_init, + dnl libpolarssl found, set the variable + [ + AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) + AC_SUBST(USE_POLARSSL, [1]) + POLARSSL_ENABLED=1 + USE_POLARSSL="yes" + curl_ssl_msg="enabled (PolarSSL)" + ]) + fi + + if test "x$USE_POLARSSL" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_POLARSSL/lib$libsuff + addcflags=-I$OPT_POLARSSL/include + polarssllib=$OPT_POLARSSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(polarssl, ssl_init, + [ + AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) + AC_SUBST(USE_POLARSSL, [1]) + POLARSSL_ENABLED=1 + USE_POLARSSL="yes" + curl_ssl_msg="enabled (PolarSSL)" + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ]) + fi + + if test "x$USE_POLARSSL" = "xyes"; then + AC_MSG_NOTICE([detected PolarSSL]) + + CURL_LIBS="$CURL_LIBS -lpolarssl" + LIBS="$LIBS -lpolarssl" + + if test -n "$polarssllib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH]) + fi + fi + + fi dnl PolarSSL not disabled + +fi dnl OPENSSL != 1 + +dnl ---------------------------------------------------- dnl NSS. Only check if GnuTLS and OpenSSL are not enabled dnl ---------------------------------------------------- @@ -1792,9 +1875,9 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1 -if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED" = "x"; then +if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED" = "x"; then AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-ssl, --with-gnutls or --with-nss to address this.]) + AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl or --with-nss to address this.]) else # SSL is enabled, genericly AC_SUBST(SSL_ENABLED) diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 90d6fec..5abcc42 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -11,7 +11,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ inet_ntop.c parsedate.c select.c gtls.c sslgen.c tftp.c splay.c \ strdup.c socks.c ssh.c nss.c qssl.c rawstr.c curl_addrinfo.c \ socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c \ - curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c + curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c \ + polarssl.c HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ @@ -23,4 +24,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h \ tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h \ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ - curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h + curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ + polarssl.h diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 09f435c..3bfbf18 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -886,6 +886,9 @@ /* if GnuTLS is enabled */ #cmakedefine USE_GNUTLS ${USE_GNUTLS} +/* if PolarSSL is enabled */ +#cmakedefine USE_POLARSSL ${USE_POLARSSL} + /* if libSSH2 is in use */ #cmakedefine USE_LIBSSH2 ${USE_LIBSSH2} diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in index 846fb27..444b3e4 100644 --- a/lib/curl_config.h.in +++ b/lib/curl_config.h.in @@ -924,6 +924,9 @@ /* if OpenSSL is in use */ #undef USE_OPENSSL +/* if PolarSSL is enabled */ +#undef USE_POLARSSL + /* if SSL is enabled */ #undef USE_SSLEAY diff --git a/lib/http.c b/lib/http.c index e47f49a..cbabbb4 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1877,6 +1877,18 @@ static int https_getsock(struct connectdata *conn, (void)numsocks; return GETSOCK_BLANK; } +#else +#ifdef USE_POLARSSL +static int https_getsock(struct connectdata *conn, + curl_socket_t *socks, + int numsocks) +{ + (void)conn; + (void)socks; + (void)numsocks; + return GETSOCK_BLANK; +} +#endif #endif #endif #endif diff --git a/lib/polarssl.c b/lib/polarssl.c new file mode 100644 index 0000000..0907a30 --- /dev/null +++ b/lib/polarssl.c @@ -0,0 +1,380 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, Hoi-Ho Chan, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * Source file for all PolarSSL-specific code for the TLS/SSL layer. No code + * but sslgen.c should ever call or use these functions. + * + */ + +#include "setup.h" +#ifdef USE_POLARSSL + +#include +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#include "urldata.h" +#include "sendf.h" +#include "inet_pton.h" +#include "polarssl.h" +#include "polarssl/net.h" +#include "polarssl/ssl.h" +#include "polarssl/havege.h" +#include "polarssl/certs.h" +#include "polarssl/x509.h" +#include "sslgen.h" +#include "parsedate.h" +#include "connect.h" /* for the connect timeout */ +#include "select.h" +#include "rawstr.h" + +#define _MPRINTF_REPLACE /* use our functions only */ +#include +#include "curl_memory.h" +/* The last #include file should be: */ +#include "memdebug.h" + +/* Uncomment this to enable lots of debugging for PolarSSL */ +//#define POLARSSL_DEBUG + +static void polarssl_debug(void *context, int level, char *line) +{ + struct SessionHandle *data = NULL; + + if(!context) + return; + + data = (struct SessionHandle *)context; + + infof(data, "%s", line); +} + +/* + * This function loads all the client/CA certificates and CRLs. Setup the TLS + * layer and do all necessary magic. + */ +CURLcode +Curl_polarssl_connect(struct connectdata *conn, + int sockindex) +{ + struct SessionHandle *data = conn->data; + bool sni = TRUE; /* default is SNI enabled */ + int ret = -1; + char buffer[1024]; +#ifdef ENABLE_IPV6 + struct in6_addr addr; +#else + struct in_addr addr; +#endif + void *old_session = NULL; + size_t old_session_size = 0; + + memset(buffer, 0, sizeof(buffer)); + + if(conn->ssl[sockindex].state == ssl_connection_complete) + return CURLE_OK; + + /* PolarSSL only supports SSLv3 and TLSv1 */ + if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { + failf(data, "PolarSSL does not support SSLv2"); + return CURLE_SSL_CONNECT_ERROR; + } else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { + sni = FALSE; /* SSLv3 has no SNI */ + } + + havege_init(&conn->ssl[sockindex].hs); + + /* Load the trusted CA */ + memset(&conn->ssl[sockindex].cacert, 0, sizeof(x509_cert)); + + if(data->set.str[STRING_SSL_CAFILE]) { + ret = x509parse_crtfile(&conn->ssl[sockindex].cacert, + data->set.str[STRING_SSL_CAFILE]); + + if(ret) { + failf(data, "Error reading ca cert file %s: -0x%04X", + data->set.str[STRING_SSL_CAFILE], -ret); + + if(data->set.ssl.verifypeer) + return CURLE_SSL_CACERT_BADFILE; + } + } + + if(data->set.str[STRING_SSL_CRLFILE]) { + ret = x509parse_crlfile(&conn->ssl[sockindex].crl, + data->set.str[STRING_SSL_CRLFILE]); + + if(ret) { + failf(data, "Error reading CRL file %s: -0x%04X", + data->set.str[STRING_SSL_CRLFILE], -ret); + return CURLE_SSL_CRL_BADFILE; + } + } + + /* Load the client certificate */ + memset(&conn->ssl[sockindex].clicert, 0, sizeof(x509_cert)); + + if(data->set.str[STRING_CERT]) { + /* FIXME: PolarSSL has a bug where we need to import it twice */ + ret = x509parse_crtfile(&conn->ssl[sockindex].clicert, + data->set.str[STRING_CERT]); + ret = x509parse_crtfile(&conn->ssl[sockindex].clicert, + data->set.str[STRING_CERT]); + + if(ret) { + failf(data, "Error reading client cert file %s: -0x%04X", + data->set.str[STRING_CERT], -ret); + return CURLE_SSL_CERTPROBLEM; + } + } + + /* Load the client private key */ + if(data->set.str[STRING_KEY]) { + ret = x509parse_keyfile(&conn->ssl[sockindex].rsa, + data->set.str[STRING_KEY], + data->set.str[STRING_KEY_PASSWD]); + + if(ret) { + failf(data, "Error reading private key %s: -0x%04X", + data->set.str[STRING_KEY], -ret); + return CURLE_SSL_CERTPROBLEM; + } + } + + infof(data, "PolarSSL: Connecting to %s:%d\n", + conn->host.name, conn->remote_port); + + if((ret = net_connect(&conn->sock[sockindex], + conn->host.name, conn->remote_port)) != 0) { + failf(data, "PolarSSL: net_connect returned %d", ret); + return CURLE_SSL_CONNECT_ERROR; + } + + havege_init(&conn->ssl[sockindex].hs); + + if(ssl_init(&conn->ssl[sockindex].ssl)) { + failf(data, "PolarSSL: ssl_init failed"); + return CURLE_SSL_CONNECT_ERROR; + } + + ssl_set_endpoint(&conn->ssl[sockindex].ssl, SSL_IS_CLIENT); + ssl_set_authmode(&conn->ssl[sockindex].ssl, SSL_VERIFY_OPTIONAL); + + ssl_set_rng(&conn->ssl[sockindex].ssl, havege_rand, + &conn->ssl[sockindex].hs); + ssl_set_bio(&conn->ssl[sockindex].ssl, + net_recv, &conn->sock[sockindex], + net_send, &conn->sock[sockindex]); + + ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers); + + if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { + memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size); + infof(data, "PolarSSL re-using session\n"); + } + + ssl_set_session(&conn->ssl[sockindex].ssl, 1, 600, + &conn->ssl[sockindex].ssn); + + ssl_set_ca_chain(&conn->ssl[sockindex].ssl, + &conn->ssl[sockindex].cacert, NULL, conn->host.name); + + ssl_set_own_cert(&conn->ssl[sockindex].ssl, + &conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa); + + if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) && +#ifdef ENABLE_IPV6 + !Curl_inet_pton(AF_INET6, conn->host.name, &addr) && +#endif + sni && ssl_set_hostname(&conn->ssl[sockindex].ssl, conn->host.name)) { + infof(data, "WARNING: failed to configure " + "server name indication (SNI) TLS extension\n"); + } + + infof(data, "PolarSSL: performing SSL/TLS handshake...\n"); + +#ifdef POLARSSL_DEBUG + ssl_set_dbg(&conn->ssl[sockindex].ssl, polarssl_debug, data); +#endif + + while((ret = ssl_handshake(&conn->ssl[sockindex].ssl)) != 0) + if(ret != POLARSSL_ERR_NET_TRY_AGAIN) { + failf(data, "ssl_handshake returned -0x%04X", -ret); + return CURLE_SSL_CONNECT_ERROR; + } + + infof(data, "PolarSSL: Handshake complete, cipher is %s\n", + ssl_get_cipher(&conn->ssl[sockindex].ssl)); + + ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); + + if(ret && data->set.ssl.verifypeer) { + if(ret & BADCERT_EXPIRED) + failf(data, "Cert verify failed: BADCERT_EXPIRED\n"); + + if(ret & BADCERT_REVOKED) + failf(data, "Cert verify failed: BADCERT_REVOKED"); + + if(ret & BADCERT_CN_MISMATCH) + failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); + + if(ret & BADCERT_NOT_TRUSTED) + failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); + + return CURLE_SSL_CONNECT_ERROR; + } + + if(conn->ssl[sockindex].ssl.peer_cert) { + /* If the session was resumed, there will be no peer certs */ + ret = x509parse_cert_info(buffer, sizeof(buffer), "* ", + conn->ssl[sockindex].ssl.peer_cert); + + infof(data, "Dumping cert info:\n%s\n", buffer); + } + + long timeout_ms = Curl_timeleft(conn, NULL, TRUE); + + ret = Curl_socket_ready(conn->sock[sockindex], + conn->sock[sockindex], (int)timeout_ms); + + conn->ssl[sockindex].state = ssl_connection_complete; + + /* Save the current session data for possible re-use */ + { + void *new_session = malloc(sizeof(conn->ssl[sockindex].ssn)); + + if(new_session) { + memcpy(new_session, &conn->ssl[sockindex].ssn, + sizeof(conn->ssl[sockindex].ssn)); + + if(old_session) + Curl_ssl_delsessionid(conn, old_session); + + return Curl_ssl_addsessionid(conn, new_session, + sizeof(conn->ssl[sockindex].ssn)); + } + } + + return CURLE_OK; +} + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_polarssl_send(struct connectdata *conn, + int sockindex, + const void *mem, + size_t len) +{ + struct SessionHandle *data = conn->data; + int ret = -1; + + while((ret = ssl_write(&conn->ssl[sockindex].ssl, + (unsigned char *)mem, len)) <= 0) { + if(ret != POLARSSL_ERR_NET_TRY_AGAIN) { + failf(data, "ssl_write returned %d", ret); + return -1; + } else { + return 0; + } + } + + return ret; +} + +void Curl_polarssl_close_all(struct SessionHandle *data) +{ + (void)data; +} + +void Curl_polarssl_close(struct connectdata *conn, int sockindex) +{ + net_close(conn->sock[sockindex]); + + rsa_free(&conn->ssl[sockindex].rsa); + x509_free(&conn->ssl[sockindex].clicert); + x509_free(&conn->ssl[sockindex].cacert); + x509_crl_free(&conn->ssl[sockindex].crl); + ssl_free(&conn->ssl[sockindex].ssl); +} + +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex) +{ + return 0; +} + +/* + * If the read would block we return -1 and set 'wouldblock' to TRUE. + * Otherwise we return the amount of data read. Other errors should return -1 + * and set 'wouldblock' to FALSE. + */ +ssize_t Curl_polarssl_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock) +{ + struct SessionHandle *data = conn->data; + int ret = -1; + ssize_t len = -1; + + do { + memset(buf, 0, buffersize); + ret = ssl_read(&conn->ssl[num].ssl, buf, buffersize); + + if(ret == POLARSSL_ERR_NET_TRY_AGAIN) { + *wouldblock = TRUE; + break; + } + + if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) + break; + + if(ret <= 0) { + failf(data, "ssl_read returned %d", ret); + break; + } + + len = ret; + + } while (0); + + return len; +} + +void Curl_polarssl_session_free(void *ptr) +{ + free(ptr); +} + +size_t Curl_polarssl_version(char *buffer, size_t size) +{ + return snprintf(buffer, size, "PolarSSL"); +} + +#endif diff --git a/lib/polarssl.h b/lib/polarssl.h new file mode 100644 index 0000000..d48f2a6 --- /dev/null +++ b/lib/polarssl.h @@ -0,0 +1,67 @@ +#ifndef __POLARSSL_H +#define __POLARSSL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, Hoi-Ho Chan, + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * $Id: polarssl.h,v 1.10 2009-02-12 20:48:43 danf Exp $ + ***************************************************************************/ + +#ifdef USE_POLARSSL + +CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); + +/* tell PolarSSL to close down all open information regarding connections (and + thus session ID caching etc) */ +void Curl_polarssl_close_all(struct SessionHandle *data); + + /* close a SSL connection */ +void Curl_polarssl_close(struct connectdata *conn, int sockindex); + +/* return number of sent (non-SSL) bytes */ +ssize_t Curl_polarssl_send(struct connectdata *conn, int sockindex, + const void *mem, size_t len); +ssize_t Curl_polarssl_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ + bool *wouldblock); +void Curl_polarssl_session_free(void *ptr); +size_t Curl_polarssl_version(char *buffer, size_t size); +int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); + +/* API setup for PolarSSL */ +#define curlssl_init() (1) +#define curlssl_cleanup() (1) +#define curlssl_connect Curl_polarssl_connect +#define curlssl_session_free(x) Curl_polarssl_session_free(x) +#define curlssl_close_all Curl_polarssl_close_all +#define curlssl_close Curl_polarssl_close +#define curlssl_shutdown(x,y) Curl_polarssl_shutdown(x,y) +#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT) +#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT) +#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL) +#define curlssl_send Curl_polarssl_send +#define curlssl_recv Curl_polarssl_recv +#define curlssl_version Curl_polarssl_version +#define curlssl_check_cxn(x) (x=x, -1) +#define curlssl_data_pending(x,y) (x=x, y=y, 0) + +#endif /* USE_POLARSSL */ +#endif diff --git a/lib/setup.h b/lib/setup.h index f27c02d..6697daa 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -526,7 +526,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" -#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) +#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) #define USE_SSL /* SSL support has been enabled */ #endif diff --git a/lib/sslgen.c b/lib/sslgen.c index 9167bf7..96284eb 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -32,6 +32,7 @@ Curl_ossl_ - prefix for OpenSSL ones Curl_gtls_ - prefix for GnuTLS ones Curl_nss_ - prefix for NSS ones + Curl_polarssl_ - prefix for PolarSSL ones Note that this source code uses curlssl_* functions, and they are all defines/macros #defined by the lib-specific header files. @@ -56,6 +57,7 @@ #include "gtls.h" /* GnuTLS versions */ #include "nssg.h" /* NSS versions */ #include "qssl.h" /* QSOSSL versions */ +#include "polarssl.h" /* PolarSSL versions */ #include "sendf.h" #include "rawstr.h" #include "url.h" diff --git a/lib/urldata.h b/lib/urldata.h index d03146a..42f7ac8 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -103,6 +103,11 @@ #include #endif +#ifdef USE_POLARSSL +#include +#include +#endif + #ifdef USE_NSS #include #include @@ -233,6 +238,16 @@ struct ssl_connect_data { gnutls_session session; gnutls_certificate_credentials cred; #endif /* USE_GNUTLS */ +#ifdef USE_POLARSSL + havege_state hs; + ssl_context ssl; + ssl_session ssn; + int server_fd; + x509_cert cacert; + x509_cert clicert; + x509_crl crl; + rsa_context rsa; +#endif /* USE_POLARSSL */ #ifdef USE_NSS PRFileDesc *handle; char *client_nickname; diff --git a/src/curl_config.h.in b/src/curl_config.h.in index 846fb27..8642cb7 100644 --- a/src/curl_config.h.in +++ b/src/curl_config.h.in @@ -912,6 +912,9 @@ /* if GnuTLS is enabled */ #undef USE_GNUTLS +/* if PolarSSL is enabled */ +#undef USE_POLARSSL + /* if libSSH2 is in use */ #undef USE_LIBSSH2