diff options
| author | Brad King <brad.king@kitware.com> | 2015-08-12 19:43:52 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2015-08-12 19:43:52 (GMT) |
| commit | 91e8d35ab8ec2d62478a42eff10af88713497fad (patch) | |
| tree | ff8cd1bd1ce3c42ef56c76b5ab471831a80c4665 /Utilities/cmcurl/lib/vtls/gskit.c | |
| parent | 602cdc06a01b7c5c0eb444111382b09040f677ee (diff) | |
| parent | 706542615828488a5ad197d0ef3dd5e42eb739c4 (diff) | |
| download | CMake-91e8d35ab8ec2d62478a42eff10af88713497fad.zip CMake-91e8d35ab8ec2d62478a42eff10af88713497fad.tar.gz CMake-91e8d35ab8ec2d62478a42eff10af88713497fad.tar.bz2 | |
Merge branch 'curl-upstream' into update-curl
Resolve conflicts by taking upstream side when possible and otherwise
integrating the changes from both sides. Be carful in CMakeLists.txt
where the OPENSSL code block that we modified previously has moved, and
preserve our previous modifications in the new location.
Diffstat (limited to 'Utilities/cmcurl/lib/vtls/gskit.c')
| -rw-r--r-- | Utilities/cmcurl/lib/vtls/gskit.c | 326 |
1 files changed, 171 insertions, 155 deletions
diff --git a/Utilities/cmcurl/lib/vtls/gskit.c b/Utilities/cmcurl/lib/vtls/gskit.c index 0f8b08f..d884bd4 100644 --- a/Utilities/cmcurl/lib/vtls/gskit.c +++ b/Utilities/cmcurl/lib/vtls/gskit.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -74,9 +74,7 @@ #include "select.h" #include "strequal.h" #include "x509asn1.h" - -#define _MPRINTF_REPLACE /* use our functions only */ -#include <curl/mprintf.h> +#include "curl_printf.h" #include "curl_memory.h" /* The last #include file should be: */ @@ -134,8 +132,12 @@ static const gskit_cipher ciphertable[] = { CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK }, { "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK }, - { "aes128-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, + { "aes128-sha256", "3C", CURL_GSKPROTO_TLSV12_MASK }, { "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK }, + { "aes128-gcm-sha256", + "9C", CURL_GSKPROTO_TLSV12_MASK }, + { "aes256-gcm-sha384", + "9D", CURL_GSKPROTO_TLSV12_MASK }, { "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK }, { "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK }, { "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK }, @@ -164,8 +166,6 @@ static bool is_separator(char c) static CURLcode gskit_status(struct SessionHandle *data, int rc, const char *procname, CURLcode defcode) { - CURLcode cc; - /* Process GSKit status and map it to a CURLcode. */ switch (rc) { case GSK_OK: @@ -298,7 +298,7 @@ static CURLcode set_ciphers(struct SessionHandle *data, int i; int l; bool unsupported; - CURLcode cc; + CURLcode result; struct { char *buf; char *ptr; @@ -331,7 +331,7 @@ static CURLcode set_ciphers(struct SessionHandle *data, /* Process each cipher in input string. */ unsupported = FALSE; - cc = CURLE_OK; + result = CURLE_OK; for(;;) { for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);) cipherlist++; @@ -344,7 +344,7 @@ static CURLcode set_ciphers(struct SessionHandle *data, break; if(!ctp->name) { failf(data, "Unknown cipher %.*s", l, clp); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } else { unsupported |= !(ctp->versions & (CURL_GSKPROTO_SSLV2_MASK | @@ -372,53 +372,53 @@ static CURLcode set_ciphers(struct SessionHandle *data, /* Try to set-up TLSv1.1 and TLSv2.1 ciphers. */ if(*protoflags & CURL_GSKPROTO_TLSV11_MASK) { - cc = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS, - ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) { - cc = CURLE_OK; + result = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS, + ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) { + result = CURLE_OK; if(unsupported) { failf(data, "TLSv1.1-only ciphers are not yet supported"); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } } } - if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) { - cc = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS, - ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) { - cc = CURLE_OK; + if(!result && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) { + result = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS, + ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) { + result = CURLE_OK; if(unsupported) { failf(data, "TLSv1.2-only ciphers are not yet supported"); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } } } /* Try to set-up TLSv1.0 ciphers. If not successful, concatenate them to the SSLv3 ciphers. OS/400 prior to version 7.1 will understand it. */ - if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) { - cc = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS, - ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) { - cc = CURLE_OK; + if(!result && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) { + result = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS, + ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) { + result = CURLE_OK; strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr, ciphers[CURL_GSKPROTO_TLSV10].ptr); } } /* Set-up other ciphers. */ - if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_SSLV3_MASK)) - cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS, - ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE); - if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_SSLV2_MASK)) - cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS, - ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE); + if(!result && (*protoflags & CURL_GSKPROTO_SSLV3_MASK)) + result = set_buffer(data, h, GSK_V3_CIPHER_SPECS, + ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE); + if(!result && (*protoflags & CURL_GSKPROTO_SSLV2_MASK)) + result = set_buffer(data, h, GSK_V2_CIPHER_SPECS, + ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE); /* Clean-up. */ for(i = 0; i < CURL_GSKPROTO_LAST; i++) free(ciphers[i].buf); - return cc; + return result; } @@ -442,7 +442,7 @@ static CURLcode init_environment(struct SessionHandle *data, const char *password) { int rc; - CURLcode c; + CURLcode result; gsk_handle h; /* Creates the GSKit environment. */ @@ -458,29 +458,29 @@ static CURLcode init_environment(struct SessionHandle *data, return CURLE_SSL_CONNECT_ERROR; } - c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE); - if(c == CURLE_OK && appid) - c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE); - if(c == CURLE_OK && file) - c = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE); - if(c == CURLE_OK && label) - c = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE); - if(c == CURLE_OK && password) - c = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE); - - if(c == CURLE_OK) { + result = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE); + if(!result && appid) + result = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE); + if(!result && file) + result = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE); + if(!result && label) + result = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE); + if(!result && password) + result = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE); + + if(!result) { /* Locate CAs, Client certificate and key according to our settings. Note: this call may be blocking for some tenths of seconds. */ - c = gskit_status(data, gsk_environment_init(h), - "gsk_environment_init()", CURLE_SSL_CERTPROBLEM); - if(c == CURLE_OK) { + result = gskit_status(data, gsk_environment_init(h), + "gsk_environment_init()", CURLE_SSL_CERTPROBLEM); + if(!result) { *envir = h; - return c; + return result; } } /* Error: rollback. */ gsk_environment_close(&h); - return c; + return result; } @@ -558,7 +558,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) struct SessionHandle *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; gsk_handle envir; - CURLcode cc; + CURLcode result; int rc; char *keyringfile; char *keyringpwd; @@ -600,22 +600,22 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) if(!envir) { /* Use keyring mode. */ - cc = init_environment(data, &envir, (const char *) NULL, - keyringfile, keyringlabel, keyringpwd); - if(cc != CURLE_OK) - return cc; + result = init_environment(data, &envir, (const char *) NULL, + keyringfile, keyringlabel, keyringpwd); + if(result) + return result; } /* Create secure session. */ - cc = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle), - "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR); + result = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle), + "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR); gsk_environment_close(&envir); - if(cc != CURLE_OK) - return cc; + if(result) + return result; /* Determine which SSL/TLS version should be enabled. */ - protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK | - CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK; + protoflags = CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK | + CURL_GSKPROTO_TLSV12_MASK; sni = conn->host.name; switch (data->set.ssl.version) { case CURL_SSLVERSION_SSLv2: @@ -623,7 +623,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) sni = (char *) NULL; break; case CURL_SSLVERSION_SSLv3: - protoflags = CURL_GSKPROTO_SSLV2_MASK; + protoflags = CURL_GSKPROTO_SSLV3_MASK; sni = (char *) NULL; break; case CURL_SSLVERSION_TLSv1: @@ -643,81 +643,84 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) /* Process SNI. Ignore if not supported (on OS400 < V7R1). */ if(sni) { - cc = set_buffer(data, connssl->handle, - GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) - cc = CURLE_OK; + result = set_buffer(data, connssl->handle, + GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) + result = CURLE_OK; } /* Set session parameters. */ - if(cc == CURLE_OK) { + if(!result) { /* Compute the handshake timeout. Since GSKit granularity is 1 second, we round up the required value. */ timeout = Curl_timeleft(data, NULL, TRUE); if(timeout < 0) - cc = CURLE_OPERATION_TIMEDOUT; + result = CURLE_OPERATION_TIMEDOUT; else - cc = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT, - (timeout + 999) / 1000); + result = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT, + (timeout + 999) / 1000); } - if(cc == CURLE_OK) - cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]); - if(cc == CURLE_OK) - cc = set_ciphers(data, connssl->handle, &protoflags); + if(!result) + result = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]); + if(!result) + result = set_ciphers(data, connssl->handle, &protoflags); if(!protoflags) { failf(data, "No SSL protocol/cipher combination enabled"); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } - if(cc == CURLE_OK) - cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2, - (protoflags & CURL_GSKPROTO_SSLV2_MASK)? - GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE); - if(cc == CURLE_OK) - cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3, - (protoflags & CURL_GSKPROTO_SSLV3_MASK)? - GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE); - if(cc == CURLE_OK) - cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1, - (protoflags & CURL_GSKPROTO_TLSV10_MASK)? - GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE); - if(cc == CURLE_OK) { - cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11, - (protoflags & CURL_GSKPROTO_TLSV11_MASK)? - GSK_TRUE: GSK_FALSE, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) { - cc = CURLE_OK; + if(!result) + result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2, + (protoflags & CURL_GSKPROTO_SSLV2_MASK)? + GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE); + if(!result) + result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3, + (protoflags & CURL_GSKPROTO_SSLV3_MASK)? + GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE); + if(!result) + result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1, + (protoflags & CURL_GSKPROTO_TLSV10_MASK)? + GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE); + if(!result) { + result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11, + (protoflags & CURL_GSKPROTO_TLSV11_MASK)? + GSK_TRUE: GSK_FALSE, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) { + result = CURLE_OK; if(protoflags == CURL_GSKPROTO_TLSV11_MASK) { failf(data, "TLS 1.1 not yet supported"); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } } } - if(cc == CURLE_OK) { - cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12, - (protoflags & CURL_GSKPROTO_TLSV12_MASK)? - GSK_TRUE: GSK_FALSE, TRUE); - if(cc == CURLE_UNSUPPORTED_PROTOCOL) { - cc = CURLE_OK; + if(!result) { + result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12, + (protoflags & CURL_GSKPROTO_TLSV12_MASK)? + GSK_TRUE: GSK_FALSE, TRUE); + if(result == CURLE_UNSUPPORTED_PROTOCOL) { + result = CURLE_OK; if(protoflags == CURL_GSKPROTO_TLSV12_MASK) { failf(data, "TLS 1.2 not yet supported"); - cc = CURLE_SSL_CIPHER; + result = CURLE_SSL_CIPHER; } } } - if(cc == CURLE_OK) - cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE, - data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL: - GSK_SERVER_AUTH_PASSTHRU, FALSE); + if(!result) + result = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE, + data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL: + GSK_SERVER_AUTH_PASSTHRU, FALSE); - if(cc == CURLE_OK) { + if(!result) { /* Start handshake. Try asynchronous first. */ memset(&commarea, 0, sizeof commarea); connssl->iocport = QsoCreateIOCompletionPort(); if(connssl->iocport != -1) { - cc = gskit_status(data, gsk_secure_soc_startInit(connssl->handle, - connssl->iocport, &commarea), - "gsk_secure_soc_startInit()", CURLE_SSL_CONNECT_ERROR); - if(cc == CURLE_OK) { + result = gskit_status(data, + gsk_secure_soc_startInit(connssl->handle, + connssl->iocport, + &commarea), + "gsk_secure_soc_startInit()", + CURLE_SSL_CONNECT_ERROR); + if(!result) { connssl->connecting_state = ssl_connect_2; return CURLE_OK; } @@ -725,12 +728,13 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) close_async_handshake(connssl); } else if(errno != ENOBUFS) - cc = gskit_status(data, GSK_ERROR_IO, "QsoCreateIOCompletionPort()", 0); + result = gskit_status(data, GSK_ERROR_IO, + "QsoCreateIOCompletionPort()", 0); else { /* No more completion port available. Use synchronous IO. */ - cc = gskit_status(data, gsk_secure_soc_init(connssl->handle), - "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR); - if(cc == CURLE_OK) { + result = gskit_status(data, gsk_secure_soc_init(connssl->handle), + "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR); + if(!result) { connssl->connecting_state = ssl_connect_3; return CURLE_OK; } @@ -739,7 +743,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex) /* Error: rollback. */ close_one(connssl, data); - return cc; + return result; } @@ -751,7 +755,7 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex, Qso_OverlappedIO_t cstat; long timeout_ms; struct timeval stmv; - CURLcode cc; + CURLcode result; /* Poll or wait for end of SSL asynchronous handshake. */ @@ -786,12 +790,12 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex, } break; } - cc = gskit_status(data, cstat.returnValue, "SSL handshake", - CURLE_SSL_CONNECT_ERROR); - if(cc == CURLE_OK) + result = gskit_status(data, cstat.returnValue, "SSL handshake", + CURLE_SSL_CONNECT_ERROR); + if(!result) connssl->connecting_state = ssl_connect_3; close_async_handshake(connssl); - return cc; + return result; } @@ -804,8 +808,9 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) const gsk_cert_data_elem *p; const char *cert = (const char *) NULL; const char *certend; + const char *ptr; int i; - CURLcode cc; + CURLcode result; /* SSL handshake done: gather certificate info and verify host. */ @@ -838,9 +843,9 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) } /* Verify host. */ - cc = Curl_verifyhost(conn, cert, certend); - if(cc != CURLE_OK) - return cc; + result = Curl_verifyhost(conn, cert, certend); + if(result) + return result; /* The only place GSKit can get the whole CA chain is a validation callback where no user data pointer is available. Therefore it's not @@ -848,12 +853,31 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex) However the server certificate may be available, thus we can return info about it. */ if(data->set.ssl.certinfo) { - if(Curl_ssl_init_certinfo(data, 1)) - return CURLE_OUT_OF_MEMORY; + result = Curl_ssl_init_certinfo(data, 1); + if(result) + return result; + if(cert) { - cc = Curl_extract_certinfo(conn, 0, cert, certend); - if(cc != CURLE_OK) - return cc; + result = Curl_extract_certinfo(conn, 0, cert, certend); + if(result) + return result; + } + } + + /* Check pinned public key. */ + ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; + if(!result && ptr) { + curl_X509certificate x509; + curl_asn1Element *p; + + if(!cert) + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + Curl_parseX509(&x509, cert, certend); + p = &x509.subjectPublicKeyInfo; + result = Curl_pin_peer_pubkey(ptr, p->header, p->end - p->header); + if(result) { + failf(data, "SSL: public key does not match pinned public key!"); + return result; } } @@ -869,7 +893,7 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; long timeout_ms; Qso_OverlappedIO_t cstat; - CURLcode cc = CURLE_OK; + CURLcode result = CURLE_OK; *done = connssl->state == ssl_connection_complete; if(*done) @@ -883,31 +907,31 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex, if(timeout_ms < 0) { /* no need to continue if time already is up */ failf(data, "SSL connection timeout"); - cc = CURLE_OPERATION_TIMEDOUT; + result = CURLE_OPERATION_TIMEDOUT; } else - cc = gskit_connect_step1(conn, sockindex); + result = gskit_connect_step1(conn, sockindex); } /* Step 2: check if handshake is over. */ - if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_2) { + if(!result && connssl->connecting_state == ssl_connect_2) { /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { /* no need to continue if time already is up */ failf(data, "SSL connection timeout"); - cc = CURLE_OPERATION_TIMEDOUT; + result = CURLE_OPERATION_TIMEDOUT; } else - cc = gskit_connect_step2(conn, sockindex, nonblocking); + result = gskit_connect_step2(conn, sockindex, nonblocking); } /* Step 3: gather certificate info, verify host. */ - if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_3) - cc = gskit_connect_step3(conn, sockindex); + if(!result && connssl->connecting_state == ssl_connect_3) + result = gskit_connect_step3(conn, sockindex); - if(cc != CURLE_OK) + if(result) close_one(connssl, data); else if(connssl->connecting_state == ssl_connect_done) { connssl->state = ssl_connection_complete; @@ -917,7 +941,7 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex, *done = TRUE; } - return cc; + return result; } @@ -925,24 +949,24 @@ CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done) { - CURLcode cc; + CURLcode result; - cc = gskit_connect_common(conn, sockindex, TRUE, done); - if(*done || cc != CURLE_OK) + result = gskit_connect_common(conn, sockindex, TRUE, done); + if(*done || result) conn->ssl[sockindex].connecting_state = ssl_connect_1; - return cc; + return result; } CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) { - CURLcode retcode; + CURLcode result; bool done; conn->ssl[sockindex].connecting_state = ssl_connect_1; - retcode = gskit_connect_common(conn, sockindex, FALSE, &done); - if(retcode) - return retcode; + result = gskit_connect_common(conn, sockindex, FALSE, &done); + if(result) + return result; DEBUGASSERT(done); @@ -960,14 +984,6 @@ void Curl_gskit_close(struct connectdata *conn, int sockindex) } -int Curl_gskit_close_all(struct SessionHandle *data) -{ - /* Unimplemented. */ - (void) data; - return 0; -} - - int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |