openssl.c source code [Aseprite/third_party/curl/lib/vtls/openssl.c]

1	/***************************************************************************
2	* _ _ ____ _
3	* Project ___\| \| \| \| _ \\| \|
4	* / __\| \| \| \| \|_) \| \|
5	* \| (__\| \|_\| \| _ <\| \|___
6	* \___\|\___/\|_\| \_\_____\|
7	*
8	* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9	*
10	* This software is licensed as described in the file COPYING, which
11	* you should have received as part of this distribution. The terms
12	* are also available at https://curl.se/docs/copyright.html.
13	*
14	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15	* copies of the Software, and permit persons to whom the Software is
16	* furnished to do so, under the terms of the COPYING file.
17	*
18	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19	* KIND, either express or implied.
20	*
21	***************************************************************************/
22
23	/*
24	* Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
25	* but vtls.c should ever call or use these functions.
26	*/
27
28	#include "curl_setup.h"
29
30	#ifdef USE_OPENSSL
31
32	#include <limits.h>
33
34	/ Wincrypt must be included before anything that could include OpenSSL. /
35	#if defined(USE_WIN32_CRYPTO)
36	#include <wincrypt.h>
37	/ Undefine wincrypt conflicting symbols for BoringSSL. /
38	#undef X509_NAME
39	#undef X509_EXTENSIONS
40	#undef PKCS7_ISSUER_AND_SERIAL
41	#undef PKCS7_SIGNER_INFO
42	#undef OCSP_REQUEST
43	#undef OCSP_RESPONSE
44	#endif
45
46	#include "urldata.h"
47	#include "sendf.h"
48	#include "formdata.h" /* for the boundary function */
49	#include "url.h" /* for the ssl config check function */
50	#include "inet_pton.h"
51	#include "openssl.h"
52	#include "connect.h"
53	#include "slist.h"
54	#include "select.h"
55	#include "vtls.h"
56	#include "keylog.h"
57	#include "strcase.h"
58	#include "hostcheck.h"
59	#include "multiif.h"
60	#include "strerror.h"
61	#include "curl_printf.h"
62
63	#include <openssl/ssl.h>
64	#include <openssl/rand.h>
65	#include <openssl/x509v3.h>
66	#ifndef OPENSSL_NO_DSA
67	#include <openssl/dsa.h>
68	#endif
69	#include <openssl/dh.h>
70	#include <openssl/err.h>
71	#include <openssl/md5.h>
72	#include <openssl/conf.h>
73	#include <openssl/bn.h>
74	#include <openssl/rsa.h>
75	#include <openssl/bio.h>
76	#include <openssl/buffer.h>
77	#include <openssl/pkcs12.h>
78
79	#ifdef USE_AMISSL
80	#include "amigaos.h"
81	#endif
82
83	#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
84	#include <openssl/ocsp.h>
85	#endif
86
87	#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */ \
88	!defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)
89	#define USE_OPENSSL_ENGINE
90	#include <openssl/engine.h>
91	#endif
92
93	#include "warnless.h"
94	#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
95
96	/ The last #include files should be: /
97	#include "curl_memory.h"
98	#include "memdebug.h"
99
100	/ Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS*
101	renegotiations when built with BoringSSL. Renegotiating is non-compliant
102	with HTTP/2 and "an extremely dangerous protocol feature". Beware.
103
104	#define ALLOW_RENEG 1
105	*/
106
107	#ifndef OPENSSL_VERSION_NUMBER
108	#error "OPENSSL_VERSION_NUMBER not defined"
109	#endif
110
111	#ifdef USE_OPENSSL_ENGINE
112	#include <openssl/ui.h>
113	#endif
114
115	#if OPENSSL_VERSION_NUMBER >= 0x00909000L
116	#define SSL_METHOD_QUAL const
117	#else
118	#define SSL_METHOD_QUAL
119	#endif
120
121	#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
122	#define HAVE_ERR_REMOVE_THREAD_STATE 1
123	#endif
124
125	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
126	!(defined(LIBRESSL_VERSION_NUMBER) && \
127	LIBRESSL_VERSION_NUMBER < 0x20700000L)
128	#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
129	#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
130	#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
131	#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
132	#define CONST_EXTS const
133	#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
134
135	/ funny typecast define due to difference in API /
136	#ifdef LIBRESSL_VERSION_NUMBER
137	#define ARG2_X509_signature_print (X509_ALGOR *)
138	#else
139	#define ARG2_X509_signature_print
140	#endif
141
142	#else
143	/ For OpenSSL before 1.1.0 /
144	#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
145	#define X509_get0_notBefore(x) X509_get_notBefore(x)
146	#define X509_get0_notAfter(x) X509_get_notAfter(x)
147	#define CONST_EXTS /* nope */
148	#ifndef LIBRESSL_VERSION_NUMBER
149	#define OpenSSL_version_num() SSLeay()
150	#endif
151	#endif
152
153	#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
154	!(defined(LIBRESSL_VERSION_NUMBER) && \
155	LIBRESSL_VERSION_NUMBER < 0x20700000L)
156	#define HAVE_X509_GET0_SIGNATURE 1
157	#endif
158
159	#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) /* 1.0.2 or later */
160	#define HAVE_SSL_GET_SHUTDOWN 1
161	#endif
162
163	#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
164	OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
165	!defined(OPENSSL_NO_COMP)
166	#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
167	#endif
168
169	#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
170	/ not present in older OpenSSL /
171	#define OPENSSL_load_builtin_modules(x)
172	#endif
173
174	/*
175	* Whether SSL_CTX_set_keylog_callback is available.
176	* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
177	* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
178	* LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
179	* lies and pretends to be OpenSSL 2.0.0).
180	*/
181	#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
182	!defined(LIBRESSL_VERSION_NUMBER)) \|\| \
183	defined(OPENSSL_IS_BORINGSSL)
184	#define HAVE_KEYLOG_CALLBACK
185	#endif
186
187	/ Whether SSL_CTX_set_ciphersuites is available.*
188	* OpenSSL: supported since 1.1.1 (commit a53b5be6a05)
189	* BoringSSL: no
190	* LibreSSL: no
191	*/
192	#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
193	!defined(LIBRESSL_VERSION_NUMBER) && \
194	!defined(OPENSSL_IS_BORINGSSL))
195	#define HAVE_SSL_CTX_SET_CIPHERSUITES
196	#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
197	/ SET_EC_CURVES is available under the same preconditions: see*
198	* https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
199	*/
200	#define HAVE_SSL_CTX_SET_EC_CURVES
201	#endif
202
203	#if defined(LIBRESSL_VERSION_NUMBER)
204	#define OSSL_PACKAGE "LibreSSL"
205	#elif defined(OPENSSL_IS_BORINGSSL)
206	#define OSSL_PACKAGE "BoringSSL"
207	#else
208	#define OSSL_PACKAGE "OpenSSL"
209	#endif
210
211	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
212	/ up2date versions of OpenSSL maintain reasonably secure defaults without*
213	* breaking compatibility, so it is better not to override the defaults in curl
214	*/
215	#define DEFAULT_CIPHER_SELECTION NULL
216	#else
217	/ ... but it is not the case with old versions of OpenSSL /
218	#define DEFAULT_CIPHER_SELECTION \
219	"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
220	#endif
221
222	#ifdef HAVE_OPENSSL_SRP
223	/ the function exists /
224	#ifdef USE_TLS_SRP
225	/ the functionality is not disabled /
226	#define USE_OPENSSL_SRP
227	#endif
228	#endif
229
230	struct ssl_backend_data {
231	struct Curl_easy logger; /* transfer handle to pass trace logs to, only*
232	using sockindex 0 /*
233	/ these ones requires specific SSL-types /
234	SSL_CTX* ctx;
235	SSL* handle;
236	X509* server_cert;
237	#ifndef HAVE_KEYLOG_CALLBACK
238	/ Set to true once a valid keylog entry has been created to avoid dupes. /
239	bool keylog_done;
240	#endif
241	};
242
243	static void ossl_associate_connection(struct Curl_easy *data,
244	struct connectdata *conn,
245	int sockindex);
246
247	/*
248	* Number of bytes to read from the random number seed file. This must be
249	* a finite value (because some entropy "files" like /dev/urandom have
250	* an infinite length), but must be large enough to provide enough
251	* entropy to properly seed OpenSSL's PRNG.
252	*/
253	#define RAND_LOAD_LENGTH 1024
254
255	#ifdef HAVE_KEYLOG_CALLBACK
256	static void ossl_keylog_callback(const SSL ssl, const* char *line)
257	{
258	(void)ssl;
259
260	Curl_tls_keylog_write_line(line);
261	}
262	#else
263	/*
264	* ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
265	* OpenSSL being used doesn't have native support for doing that.
266	*/
267	static void
268	ossl_log_tls12_secret(const SSL ssl, bool keylog_done)
269	{
270	const SSL_SESSION *session = SSL_get_session(ssl);
271	unsigned char client_random[SSL3_RANDOM_SIZE];
272	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
273	int master_key_length = `0`;
274
275	if(!session \|\| *keylog_done)
276	return;
277
278	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
279	!(defined(LIBRESSL_VERSION_NUMBER) && \
280	LIBRESSL_VERSION_NUMBER < 0x20700000L)
281	/ ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that*
282	* we have a valid SSL context if we have a non-NULL session. */
283	SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
284	master_key_length = (int)
285	SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
286	#else
287	if(ssl->s3 && session->master_key_length > `0`) {
288	master_key_length = session->master_key_length;
289	memcpy(master_key, session->master_key, session->master_key_length);
290	memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
291	}
292	#endif
293
294	/ The handshake has not progressed sufficiently yet, or this is a TLS 1.3*
295	* session (when curl was built with older OpenSSL headers and running with
296	* newer OpenSSL runtime libraries). */
297	if(master_key_length <= `0`)
298	return;
299
300	*keylog_done = true;
301	Curl_tls_keylog_write("CLIENT_RANDOM", client_random,
302	master_key, master_key_length);
303	}
304	#endif /* !HAVE_KEYLOG_CALLBACK */
305
306	static const char SSL_ERROR_to_str(int* err)
307	{
308	switch(err) {
309	case SSL_ERROR_NONE:
310	return "SSL_ERROR_NONE";
311	case SSL_ERROR_SSL:
312	return "SSL_ERROR_SSL";
313	case SSL_ERROR_WANT_READ:
314	return "SSL_ERROR_WANT_READ";
315	case SSL_ERROR_WANT_WRITE:
316	return "SSL_ERROR_WANT_WRITE";
317	case SSL_ERROR_WANT_X509_LOOKUP:
318	return "SSL_ERROR_WANT_X509_LOOKUP";
319	case SSL_ERROR_SYSCALL:
320	return "SSL_ERROR_SYSCALL";
321	case SSL_ERROR_ZERO_RETURN:
322	return "SSL_ERROR_ZERO_RETURN";
323	case SSL_ERROR_WANT_CONNECT:
324	return "SSL_ERROR_WANT_CONNECT";
325	case SSL_ERROR_WANT_ACCEPT:
326	return "SSL_ERROR_WANT_ACCEPT";
327	#if defined(SSL_ERROR_WANT_ASYNC)
328	case SSL_ERROR_WANT_ASYNC:
329	return "SSL_ERROR_WANT_ASYNC";
330	#endif
331	#if defined(SSL_ERROR_WANT_ASYNC_JOB)
332	case SSL_ERROR_WANT_ASYNC_JOB:
333	return "SSL_ERROR_WANT_ASYNC_JOB";
334	#endif
335	#if defined(SSL_ERROR_WANT_EARLY)
336	case SSL_ERROR_WANT_EARLY:
337	return "SSL_ERROR_WANT_EARLY";
338	#endif
339	default:
340	return "SSL_ERROR unknown";
341	}
342	}
343
344	/ Return error string for last OpenSSL error*
345	*/
346	static char ossl_strerror(unsigned* long error, char *buf, size_t size)
347	{
348	if(size)
349	*buf = `'\0'`;
350
351	#ifdef OPENSSL_IS_BORINGSSL
352	ERR_error_string_n((uint32_t)error, buf, size);
353	#else
354	ERR_error_string_n(error, buf, size);
355	#endif
356
357	if(size > `1` && !*buf) {
358	strncpy(buf, (error ? "Unknown error" : "No error"), size);
359	buf[size - `1`] = `'\0'`;
360	}
361
362	return buf;
363	}
364
365	/ Return an extra data index for the transfer data.*
366	* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
367	*/
368	static int ossl_get_ssl_data_index(void)
369	{
370	static int ssl_ex_data_data_index = -`1`;
371	if(ssl_ex_data_data_index < `0`) {
372	ssl_ex_data_data_index = SSL_get_ex_new_index(`0`, NULL, NULL, NULL, NULL);
373	}
374	return ssl_ex_data_data_index;
375	}
376
377	/ Return an extra data index for the connection data.*
378	* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
379	*/
380	static int ossl_get_ssl_conn_index(void)
381	{
382	static int ssl_ex_data_conn_index = -`1`;
383	if(ssl_ex_data_conn_index < `0`) {
384	ssl_ex_data_conn_index = SSL_get_ex_new_index(`0`, NULL, NULL, NULL, NULL);
385	}
386	return ssl_ex_data_conn_index;
387	}
388
389	/ Return an extra data index for the sockindex.*
390	* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
391	*/
392	static int ossl_get_ssl_sockindex_index(void)
393	{
394	static int sockindex_index = -`1`;
395	if(sockindex_index < `0`) {
396	sockindex_index = SSL_get_ex_new_index(`0`, NULL, NULL, NULL, NULL);
397	}
398	return sockindex_index;
399	}
400
401	/ Return an extra data index for proxy boolean.*
402	* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
403	*/
404	static int ossl_get_proxy_index(void)
405	{
406	static int proxy_index = -`1`;
407	if(proxy_index < `0`) {
408	proxy_index = SSL_get_ex_new_index(`0`, NULL, NULL, NULL, NULL);
409	}
410	return proxy_index;
411	}
412
413	static int passwd_callback(char buf, int* num, int encrypting,
414	void *global_passwd)
415	{
416	DEBUGASSERT(`0` == encrypting);
417
418	if(!encrypting) {
419	int klen = curlx_uztosi(strlen((char *)global_passwd));
420	if(num > klen) {
421	memcpy(buf, global_passwd, klen + `1`);
422	return klen;
423	}
424	}
425	return `0`;
426	}
427
428	/*
429	* rand_enough() returns TRUE if we have seeded the random engine properly.
430	*/
431	static bool rand_enough(void)
432	{
433	return (`0` != RAND_status()) ? TRUE : FALSE;
434	}
435
436	static CURLcode ossl_seed(struct Curl_easy *data)
437	{
438	char fname[`256`];
439
440	/ This might get called before it has been added to a multi handle /
441	if(data->multi && data->multi->ssl_seeded)
442	return CURLE_OK;
443
444	if(rand_enough()) {
445	/ OpenSSL 1.1.0+ will return here /
446	if(data->multi)
447	data->multi->ssl_seeded = TRUE;
448	return CURLE_OK;
449	}
450
451	#ifndef RANDOM_FILE
452	/ if RANDOM_FILE isn't defined, we only perform this if an option tells*
453	us to! /*
454	if(data->set.str[STRING_SSL_RANDOM_FILE])
455	#define RANDOM_FILE "" /* doesn't matter won't be used */
456	#endif
457	{
458	/ let the option override the define /
459	RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
460	data->set.str[STRING_SSL_RANDOM_FILE]:
461	RANDOM_FILE),
462	RAND_LOAD_LENGTH);
463	if(rand_enough())
464	return CURLE_OK;
465	}
466
467	#if defined(HAVE_RAND_EGD)
468	/ only available in OpenSSL 0.9.5 and later /
469	/ EGD_SOCKET is set at configure time or not at all /
470	#ifndef EGD_SOCKET
471	/ If we don't have the define set, we only do this if the egd-option*
472	is set /*
473	if(data->set.str[STRING_SSL_EGDSOCKET])
474	#define EGD_SOCKET "" /* doesn't matter won't be used */
475	#endif
476	{
477	/ If there's an option and a define, the option overrides the*
478	define /*
479	int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
480	data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
481	if(-`1` != ret) {
482	if(rand_enough())
483	return CURLE_OK;
484	}
485	}
486	#endif
487
488	/ fallback to a custom seeding of the PRNG using a hash based on a current*
489	time /*
490	do {
491	unsigned char randb[`64`];
492	size_t len = sizeof(randb);
493	size_t i, i_max;
494	for(i = `0`, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
495	struct curltime tv = Curl_now();
496	Curl_wait_ms(`1`);
497	tv.tv_sec *= i + `1`;
498	tv.tv_usec = (unsigned* int)i + `2`;
499	tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
500	(i + `3`)) << `8`;
501	tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
502	Curl_now().tv_usec) *
503	(i + `4`)) << `16`;
504	memcpy(&randb[i * sizeof(struct curltime)], &tv,
505	sizeof(struct curltime));
506	}
507	RAND_add(randb, (int)len, (double)len/`2`);
508	} while(!rand_enough());
509
510	/ generates a default path for the random seed file /
511	fname[`0`] = `0`; / blank it first /
512	RAND_file_name(fname, sizeof(fname));
513	if(fname[`0`]) {
514	/ we got a file name to try /
515	RAND_load_file(fname, RAND_LOAD_LENGTH);
516	if(rand_enough())
517	return CURLE_OK;
518	}
519
520	infof(data, "libcurl is now using a weak random seed!");
521	return (rand_enough() ? CURLE_OK :
522	CURLE_SSL_CONNECT_ERROR / confusing error code /);
523	}
524
525	#ifndef SSL_FILETYPE_ENGINE
526	#define SSL_FILETYPE_ENGINE 42
527	#endif
528	#ifndef SSL_FILETYPE_PKCS12
529	#define SSL_FILETYPE_PKCS12 43
530	#endif
531	static int do_file_type(const char *type)
532	{
533	if(!type \|\| !type[`0`])
534	return SSL_FILETYPE_PEM;
535	if(strcasecompare(type, "PEM"))
536	return SSL_FILETYPE_PEM;
537	if(strcasecompare(type, "DER"))
538	return SSL_FILETYPE_ASN1;
539	if(strcasecompare(type, "ENG"))
540	return SSL_FILETYPE_ENGINE;
541	if(strcasecompare(type, "P12"))
542	return SSL_FILETYPE_PKCS12;
543	return -`1`;
544	}
545
546	#ifdef USE_OPENSSL_ENGINE
547	/*
548	* Supply default password to the engine user interface conversation.
549	* The password is passed by OpenSSL engine from ENGINE_load_private_key()
550	* last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
551	*/
552	static int ssl_ui_reader(UI ui, UI_STRING uis)
553	{
554	const char *password;
555	switch(UI_get_string_type(uis)) {
556	case UIT_PROMPT:
557	case UIT_VERIFY:
558	password = (const char *)UI_get0_user_data(ui);
559	if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
560	UI_set_result(ui, uis, password);
561	return `1`;
562	}
563	default:
564	break;
565	}
566	return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
567	}
568
569	/*
570	* Suppress interactive request for a default password if available.
571	*/
572	static int ssl_ui_writer(UI ui, UI_STRING uis)
573	{
574	switch(UI_get_string_type(uis)) {
575	case UIT_PROMPT:
576	case UIT_VERIFY:
577	if(UI_get0_user_data(ui) &&
578	(UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
579	return `1`;
580	}
581	default:
582	break;
583	}
584	return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
585	}
586
587	/*
588	* Check if a given string is a PKCS#11 URI
589	*/
590	static bool is_pkcs11_uri(const char *string)
591	{
592	return (string && strncasecompare(string, "pkcs11:", `7`));
593	}
594
595	#endif
596
597	static CURLcode ossl_set_engine(struct Curl_easy data, const* char *engine);
598
599	static int
600	SSL_CTX_use_certificate_blob(SSL_CTX ctx, const* struct curl_blob *blob,
601	int type, const char *key_passwd)
602	{
603	int ret = `0`;
604	X509 *x = NULL;
605	/ the typecast of blob->len is fine since it is guaranteed to never be*
606	larger than CURL_MAX_INPUT_LENGTH /*
607	BIO in = BIO_new_mem_buf(blob->data, (int*)(blob->len));
608	if(!in)
609	return CURLE_OUT_OF_MEMORY;
610
611	if(type == SSL_FILETYPE_ASN1) {
612	/ j = ERR_R_ASN1_LIB; /
613	x = d2i_X509_bio(in, NULL);
614	}
615	else if(type == SSL_FILETYPE_PEM) {
616	/ ERR_R_PEM_LIB; /
617	x = PEM_read_bio_X509(in, NULL,
618	passwd_callback, (void *)key_passwd);
619	}
620	else {
621	ret = `0`;
622	goto end;
623	}
624
625	if(!x) {
626	ret = `0`;
627	goto end;
628	}
629
630	ret = SSL_CTX_use_certificate(ctx, x);
631	end:
632	X509_free(x);
633	BIO_free(in);
634	return ret;
635	}
636
637	static int
638	SSL_CTX_use_PrivateKey_blob(SSL_CTX ctx, const* struct curl_blob *blob,
639	int type, const char *key_passwd)
640	{
641	int ret = `0`;
642	EVP_PKEY *pkey = NULL;
643	BIO in = BIO_new_mem_buf(blob->data, (int*)(blob->len));
644	if(!in)
645	return CURLE_OUT_OF_MEMORY;
646
647	if(type == SSL_FILETYPE_PEM)
648	pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
649	(void *)key_passwd);
650	else if(type == SSL_FILETYPE_ASN1)
651	pkey = d2i_PrivateKey_bio(in, NULL);
652	else {
653	ret = `0`;
654	goto end;
655	}
656	if(!pkey) {
657	ret = `0`;
658	goto end;
659	}
660	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
661	EVP_PKEY_free(pkey);
662	end:
663	BIO_free(in);
664	return ret;
665	}
666
667	static int
668	SSL_CTX_use_certificate_chain_blob(SSL_CTX ctx, const* struct curl_blob *blob,
669	const char *key_passwd)
670	{
671	/ SSL_CTX_add1_chain_cert introduced in OpenSSL 1.0.2 /
672	#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* OpenSSL 1.0.2 or later */ \
673	!(defined(LIBRESSL_VERSION_NUMBER) && \
674	(LIBRESSL_VERSION_NUMBER < 0x2090100fL)) /* LibreSSL 2.9.1 or later */
675	int ret = `0`;
676	X509 *x = NULL;
677	void passwd_callback_userdata = (void* *)key_passwd;
678	BIO in = BIO_new_mem_buf(blob->data, (int*)(blob->len));
679	if(!in)
680	return CURLE_OUT_OF_MEMORY;
681
682	ERR_clear_error();
683
684	x = PEM_read_bio_X509_AUX(in, NULL,
685	passwd_callback, (void *)key_passwd);
686
687	if(!x) {
688	ret = `0`;
689	goto end;
690	}
691
692	ret = SSL_CTX_use_certificate(ctx, x);
693
694	if(ERR_peek_error() != `0`)
695	ret = `0`;
696
697	if(ret) {
698	X509 *ca;
699	unsigned long err;
700
701	if(!SSL_CTX_clear_chain_certs(ctx)) {
702	ret = `0`;
703	goto end;
704	}
705
706	while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
707	passwd_callback_userdata))
708	!= NULL) {
709
710	if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
711	X509_free(ca);
712	ret = `0`;
713	goto end;
714	}
715	}
716
717	err = ERR_peek_last_error();
718	if((ERR_GET_LIB(err) == ERR_LIB_PEM) &&
719	(ERR_GET_REASON(err) == PEM_R_NO_START_LINE))
720	ERR_clear_error();
721	else
722	ret = `0`;
723	}
724
725	end:
726	X509_free(x);
727	BIO_free(in);
728	return ret;
729	#else
730	(void)ctx; / unused /
731	(void)blob; / unused /
732	(void)key_passwd; / unused /
733	return `0`;
734	#endif
735	}
736
737	static
738	int cert_stuff(struct Curl_easy *data,
739	SSL_CTX* ctx,
740	char *cert_file,
741	const struct curl_blob *cert_blob,
742	const char *cert_type,
743	char *key_file,
744	const struct curl_blob *key_blob,
745	const char *key_type,
746	char *key_passwd)
747	{
748	char error_buffer[`256`];
749	bool check_privkey = TRUE;
750
751	int file_type = do_file_type(cert_type);
752
753	if(cert_file \|\| cert_blob \|\| (file_type == SSL_FILETYPE_ENGINE)) {
754	SSL *ssl;
755	X509 *x509;
756	int cert_done = `0`;
757	int cert_use_result;
758
759	if(key_passwd) {
760	/ set the password in the callback userdata /
761	SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
762	/ Set passwd callback: /
763	SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
764	}
765
766
767	switch(file_type) {
768	case SSL_FILETYPE_PEM:
769	/ SSL_CTX_use_certificate_chain_file() only works on PEM files /
770	cert_use_result = cert_blob ?
771	SSL_CTX_use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
772	SSL_CTX_use_certificate_chain_file(ctx, cert_file);
773	if(cert_use_result != `1`) {
774	failf(data,
775	"could not load PEM client certificate, " OSSL_PACKAGE
776	" error %s, "
777	"(no key found, wrong pass phrase, or wrong file format?)",
778	ossl_strerror(ERR_get_error(), error_buffer,
779	sizeof(error_buffer)) );
780	return `0`;
781	}
782	break;
783
784	case SSL_FILETYPE_ASN1:
785	/ SSL_CTX_use_certificate_file() works with either PEM or ASN1, but*
786	we use the case above for PEM so this can only be performed with
787	ASN1 files. /*
788
789	cert_use_result = cert_blob ?
790	SSL_CTX_use_certificate_blob(ctx, cert_blob,
791	file_type, key_passwd) :
792	SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
793	if(cert_use_result != `1`) {
794	failf(data,
795	"could not load ASN1 client certificate, " OSSL_PACKAGE
796	" error %s, "
797	"(no key found, wrong pass phrase, or wrong file format?)",
798	ossl_strerror(ERR_get_error(), error_buffer,
799	sizeof(error_buffer)) );
800	return `0`;
801	}
802	break;
803	case SSL_FILETYPE_ENGINE:
804	#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
805	{
806	/ Implicitly use pkcs11 engine if none was provided and the*
807	* cert_file is a PKCS#11 URI */
808	if(!data->state.engine) {
809	if(is_pkcs11_uri(cert_file)) {
810	if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
811	return `0`;
812	}
813	}
814	}
815
816	if(data->state.engine) {
817	const char *cmd_name = "LOAD_CERT_CTRL";
818	struct {
819	const char *cert_id;
820	X509 *cert;
821	} params;
822
823	params.cert_id = cert_file;
824	params.cert = NULL;
825
826	/ Does the engine supports LOAD_CERT_CTRL ? /
827	if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
828	`0`, (void *)cmd_name, NULL)) {
829	failf(data, "ssl engine does not support loading certificates");
830	return `0`;
831	}
832
833	/ Load the certificate from the engine /
834	if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
835	`0`, &params, NULL, `1`)) {
836	failf(data, "ssl engine cannot load client cert with id"
837	" '%s' [%s]", cert_file,
838	ossl_strerror(ERR_get_error(), error_buffer,
839	sizeof(error_buffer)));
840	return `0`;
841	}
842
843	if(!params.cert) {
844	failf(data, "ssl engine didn't initialized the certificate "
845	"properly.");
846	return `0`;
847	}
848
849	if(SSL_CTX_use_certificate(ctx, params.cert) != `1`) {
850	failf(data, "unable to set client certificate");
851	X509_free(params.cert);
852	return `0`;
853	}
854	X509_free(params.cert); / we don't need the handle any more... /
855	}
856	else {
857	failf(data, "crypto engine not set, can't load certificate");
858	return `0`;
859	}
860	}
861	break;
862	#else
863	failf(data, "file type ENG for certificate not implemented");
864	return `0`;
865	#endif
866
867	case SSL_FILETYPE_PKCS12:
868	{
869	BIO *cert_bio = NULL;
870	PKCS12 *p12 = NULL;
871	EVP_PKEY *pri;
872	STACK_OF(X509) *ca = NULL;
873	if(cert_blob) {
874	cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
875	if(!cert_bio) {
876	failf(data,
877	"BIO_new_mem_buf NULL, " OSSL_PACKAGE
878	" error %s",
879	ossl_strerror(ERR_get_error(), error_buffer,
880	sizeof(error_buffer)) );
881	return `0`;
882	}
883	}
884	else {
885	cert_bio = BIO_new(BIO_s_file());
886	if(!cert_bio) {
887	failf(data,
888	"BIO_new return NULL, " OSSL_PACKAGE
889	" error %s",
890	ossl_strerror(ERR_get_error(), error_buffer,
891	sizeof(error_buffer)) );
892	return `0`;
893	}
894
895	if(BIO_read_filename(cert_bio, cert_file) <= `0`) {
896	failf(data, "could not open PKCS12 file '%s'", cert_file);
897	BIO_free(cert_bio);
898	return `0`;
899	}
900	}
901
902	p12 = d2i_PKCS12_bio(cert_bio, NULL);
903	BIO_free(cert_bio);
904
905	if(!p12) {
906	failf(data, "error reading PKCS12 file '%s'",
907	cert_blob ? "(memory blob)" : cert_file);
908	return `0`;
909	}
910
911	PKCS12_PBE_add();
912
913	if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
914	&ca)) {
915	failf(data,
916	"could not parse PKCS12 file, check password, " OSSL_PACKAGE
917	" error %s",
918	ossl_strerror(ERR_get_error(), error_buffer,
919	sizeof(error_buffer)) );
920	PKCS12_free(p12);
921	return `0`;
922	}
923
924	PKCS12_free(p12);
925
926	if(SSL_CTX_use_certificate(ctx, x509) != `1`) {
927	failf(data,
928	"could not load PKCS12 client certificate, " OSSL_PACKAGE
929	" error %s",
930	ossl_strerror(ERR_get_error(), error_buffer,
931	sizeof(error_buffer)) );
932	goto fail;
933	}
934
935	if(SSL_CTX_use_PrivateKey(ctx, pri) != `1`) {
936	failf(data, "unable to use private key from PKCS12 file '%s'",
937	cert_file);
938	goto fail;
939	}
940
941	if(!SSL_CTX_check_private_key (ctx)) {
942	failf(data, "private key from PKCS12 file '%s' "
943	"does not match certificate in same file", cert_file);
944	goto fail;
945	}
946	/ Set Certificate Verification chain /
947	if(ca) {
948	while(sk_X509_num(ca)) {
949	/*
950	* Note that sk_X509_pop() is used below to make sure the cert is
951	* removed from the stack properly before getting passed to
952	* SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
953	* we used sk_X509_value() instead, but then we'd clean it in the
954	* subsequent sk_X509_pop_free() call.
955	*/
956	X509 *x = sk_X509_pop(ca);
957	if(!SSL_CTX_add_client_CA(ctx, x)) {
958	X509_free(x);
959	failf(data, "cannot add certificate to client CA list");
960	goto fail;
961	}
962	if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
963	X509_free(x);
964	failf(data, "cannot add certificate to certificate chain");
965	goto fail;
966	}
967	}
968	}
969
970	cert_done = `1`;
971	fail:
972	EVP_PKEY_free(pri);
973	X509_free(x509);
974	#ifdef USE_AMISSL
975	sk_X509_pop_free(ca, Curl_amiga_X509_free);
976	#else
977	sk_X509_pop_free(ca, X509_free);
978	#endif
979	if(!cert_done)
980	return `0`; / failure! /
981	break;
982	}
983	default:
984	failf(data, "not supported file type '%s' for certificate", cert_type);
985	return `0`;
986	}
987
988	if((!key_file) && (!key_blob)) {
989	key_file = cert_file;
990	key_blob = cert_blob;
991	}
992	else
993	file_type = do_file_type(key_type);
994
995	switch(file_type) {
996	case SSL_FILETYPE_PEM:
997	if(cert_done)
998	break;
999	/ FALLTHROUGH /
1000	case SSL_FILETYPE_ASN1:
1001	cert_use_result = key_blob ?
1002	SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) :
1003	SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
1004	if(cert_use_result != `1`) {
1005	failf(data, "unable to set private key file: '%s' type %s",
1006	key_file?key_file:"(memory blob)", key_type?key_type:"PEM");
1007	return `0`;
1008	}
1009	break;
1010	case SSL_FILETYPE_ENGINE:
1011	#ifdef USE_OPENSSL_ENGINE
1012	{ / XXXX still needs some work /
1013	EVP_PKEY *priv_key = NULL;
1014
1015	/ Implicitly use pkcs11 engine if none was provided and the*
1016	* key_file is a PKCS#11 URI */
1017	if(!data->state.engine) {
1018	if(is_pkcs11_uri(key_file)) {
1019	if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
1020	return `0`;
1021	}
1022	}
1023	}
1024
1025	if(data->state.engine) {
1026	UI_METHOD *ui_method =
1027	UI_create_method((char *)"curl user interface");
1028	if(!ui_method) {
1029	failf(data, "unable do create " OSSL_PACKAGE
1030	" user-interface method");
1031	return `0`;
1032	}
1033	UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
1034	UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
1035	UI_method_set_reader(ui_method, ssl_ui_reader);
1036	UI_method_set_writer(ui_method, ssl_ui_writer);
1037	/ the typecast below was added to please mingw32 /
1038	priv_key = (EVP_PKEY *)
1039	ENGINE_load_private_key(data->state.engine, key_file,
1040	ui_method,
1041	key_passwd);
1042	UI_destroy_method(ui_method);
1043	if(!priv_key) {
1044	failf(data, "failed to load private key from crypto engine");
1045	return `0`;
1046	}
1047	if(SSL_CTX_use_PrivateKey(ctx, priv_key) != `1`) {
1048	failf(data, "unable to set private key");
1049	EVP_PKEY_free(priv_key);
1050	return `0`;
1051	}
1052	EVP_PKEY_free(priv_key); / we don't need the handle any more... /
1053	}
1054	else {
1055	failf(data, "crypto engine not set, can't load private key");
1056	return `0`;
1057	}
1058	}
1059	break;
1060	#else
1061	failf(data, "file type ENG for private key not supported");
1062	return `0`;
1063	#endif
1064	case SSL_FILETYPE_PKCS12:
1065	if(!cert_done) {
1066	failf(data, "file type P12 for private key not supported");
1067	return `0`;
1068	}
1069	break;
1070	default:
1071	failf(data, "not supported file type for private key");
1072	return `0`;
1073	}
1074
1075	ssl = SSL_new(ctx);
1076	if(!ssl) {
1077	failf(data, "unable to create an SSL structure");
1078	return `0`;
1079	}
1080
1081	x509 = SSL_get_certificate(ssl);
1082
1083	/ This version was provided by Evan Jordan and is supposed to not*
1084	leak memory as the previous version: /*
1085	if(x509) {
1086	EVP_PKEY *pktmp = X509_get_pubkey(x509);
1087	EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
1088	EVP_PKEY_free(pktmp);
1089	}
1090
1091	#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
1092	{
1093	/ If RSA is used, don't check the private key if its flags indicate*
1094	* it doesn't support it. */
1095	EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
1096	int pktype;
1097	#ifdef HAVE_OPAQUE_EVP_PKEY
1098	pktype = EVP_PKEY_id(priv_key);
1099	#else
1100	pktype = priv_key->type;
1101	#endif
1102	if(pktype == EVP_PKEY_RSA) {
1103	RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
1104	if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
1105	check_privkey = FALSE;
1106	RSA_free(rsa); / Decrement reference count /
1107	}
1108	}
1109	#endif
1110
1111	SSL_free(ssl);
1112
1113	/ If we are using DSA, we can copy the parameters from*
1114	* the private key */
1115
1116	if(check_privkey == TRUE) {
1117	/ Now we know that a key and cert have been set against*
1118	* the SSL context */
1119	if(!SSL_CTX_check_private_key(ctx)) {
1120	failf(data, "Private key does not match the certificate public key");
1121	return `0`;
1122	}
1123	}
1124	}
1125	return `1`;
1126	}
1127
1128	/ returns non-zero on failure /
1129	static int x509_name_oneline(X509_NAME a, char* *buf, size_t size)
1130	{
1131	BIO *bio_out = BIO_new(BIO_s_mem());
1132	BUF_MEM *biomem;
1133	int rc;
1134
1135	if(!bio_out)
1136	return `1`; / alloc failed! /
1137
1138	rc = X509_NAME_print_ex(bio_out, a, `0`, XN_FLAG_SEP_SPLUS_SPC);
1139	BIO_get_mem_ptr(bio_out, &biomem);
1140
1141	if((size_t)biomem->length < size)
1142	size = biomem->length;
1143	else
1144	size--; / don't overwrite the buffer end /
1145
1146	memcpy(buf, biomem->data, size);
1147	buf[size] = `0`;
1148
1149	BIO_free(bio_out);
1150
1151	return !rc;
1152	}
1153
1154	/**
1155	* Global SSL init
1156	*
1157	* @retval 0 error initializing SSL
1158	* @retval 1 SSL initialized successfully
1159	*/
1160	static int ossl_init(void)
1161	{
1162	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1163	!defined(LIBRESSL_VERSION_NUMBER)
1164	const uint64_t flags =
1165	#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
1166	/ not present in BoringSSL /
1167	OPENSSL_INIT_ENGINE_ALL_BUILTIN \|
1168	#endif
1169	#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1170	OPENSSL_INIT_NO_LOAD_CONFIG \|
1171	#else
1172	OPENSSL_INIT_LOAD_CONFIG \|
1173	#endif
1174	`0`;
1175	OPENSSL_init_ssl(flags, NULL);
1176	#else
1177	OPENSSL_load_builtin_modules();
1178
1179	#ifdef USE_OPENSSL_ENGINE
1180	ENGINE_load_builtin_engines();
1181	#endif
1182
1183	/ CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and*
1184	0.9.8e /*
1185	#ifndef CONF_MFLAGS_DEFAULT_SECTION
1186	#define CONF_MFLAGS_DEFAULT_SECTION 0x0
1187	#endif
1188
1189	#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1190	CONF_modules_load_file(NULL, NULL,
1191	CONF_MFLAGS_DEFAULT_SECTION\|
1192	CONF_MFLAGS_IGNORE_MISSING_FILE);
1193	#endif
1194
1195	/ Let's get nice error messages /
1196	SSL_load_error_strings();
1197
1198	/ Init the global ciphers and digests /
1199	if(!SSLeay_add_ssl_algorithms())
1200	return `0`;
1201
1202	OpenSSL_add_all_algorithms();
1203	#endif
1204
1205	Curl_tls_keylog_open();
1206
1207	/ Initialize the extra data indexes /
1208	if(ossl_get_ssl_data_index() < `0` \|\| ossl_get_ssl_conn_index() < `0` \|\|
1209	ossl_get_ssl_sockindex_index() < `0` \|\| ossl_get_proxy_index() < `0`)
1210	return `0`;
1211
1212	return `1`;
1213	}
1214
1215	/ Global cleanup /
1216	static void ossl_cleanup(void)
1217	{
1218	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1219	!defined(LIBRESSL_VERSION_NUMBER)
1220	/ OpenSSL 1.1 deprecates all these cleanup functions and*
1221	turns them into no-ops in OpenSSL 1.0 compatibility mode /*
1222	#else
1223	/ Free ciphers and digests lists /
1224	EVP_cleanup();
1225
1226	#ifdef USE_OPENSSL_ENGINE
1227	/ Free engine list /
1228	ENGINE_cleanup();
1229	#endif
1230
1231	/ Free OpenSSL error strings /
1232	ERR_free_strings();
1233
1234	/ Free thread local error state, destroying hash upon zero refcount /
1235	#ifdef HAVE_ERR_REMOVE_THREAD_STATE
1236	ERR_remove_thread_state(NULL);
1237	#else
1238	ERR_remove_state(`0`);
1239	#endif
1240
1241	/ Free all memory allocated by all configuration modules /
1242	CONF_modules_free();
1243
1244	#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
1245	SSL_COMP_free_compression_methods();
1246	#endif
1247	#endif
1248
1249	Curl_tls_keylog_close();
1250	}
1251
1252	/*
1253	* This function is used to determine connection status.
1254	*
1255	* Return codes:
1256	* 1 means the connection is still in place
1257	* 0 means the connection has been closed
1258	* -1 means the connection status is unknown
1259	*/
1260	static int ossl_check_cxn(struct connectdata *conn)
1261	{
1262	/ SSL_peek takes data out of the raw recv buffer without peeking so we use*
1263	recv MSG_PEEK instead. Bug #795 /*
1264	#ifdef MSG_PEEK
1265	char buf;
1266	ssize_t nread;
1267	nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
1268	(RECV_TYPE_ARG3)`1`, (RECV_TYPE_ARG4)MSG_PEEK);
1269	if(nread == `0`)
1270	return `0`; / connection has been closed /
1271	if(nread == `1`)
1272	return `1`; / connection still in place /
1273	else if(nread == -`1`) {
1274	int err = SOCKERRNO;
1275	if(err == EINPROGRESS \|\|
1276	#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
1277	err == EAGAIN \|\|
1278	#endif
1279	err == EWOULDBLOCK)
1280	return `1`; / connection still in place /
1281	if(err == ECONNRESET \|\|
1282	#ifdef ECONNABORTED
1283	err == ECONNABORTED \|\|
1284	#endif
1285	#ifdef ENETDOWN
1286	err == ENETDOWN \|\|
1287	#endif
1288	#ifdef ENETRESET
1289	err == ENETRESET \|\|
1290	#endif
1291	#ifdef ESHUTDOWN
1292	err == ESHUTDOWN \|\|
1293	#endif
1294	#ifdef ETIMEDOUT
1295	err == ETIMEDOUT \|\|
1296	#endif
1297	err == ENOTCONN)
1298	return `0`; / connection has been closed /
1299	}
1300	#endif
1301	return -`1`; / connection status unknown /
1302	}
1303
1304	/ Selects an OpenSSL crypto engine*
1305	*/
1306	static CURLcode ossl_set_engine(struct Curl_easy data, const* char *engine)
1307	{
1308	#ifdef USE_OPENSSL_ENGINE
1309	ENGINE *e;
1310
1311	#if OPENSSL_VERSION_NUMBER >= 0x00909000L
1312	e = ENGINE_by_id(engine);
1313	#else
1314	/ avoid memory leak /
1315	for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
1316	const char *e_id = ENGINE_get_id(e);
1317	if(!strcmp(engine, e_id))
1318	break;
1319	}
1320	#endif
1321
1322	if(!e) {
1323	failf(data, "SSL Engine '%s' not found", engine);
1324	return CURLE_SSL_ENGINE_NOTFOUND;
1325	}
1326
1327	if(data->state.engine) {
1328	ENGINE_finish(data->state.engine);
1329	ENGINE_free(data->state.engine);
1330	data->state.engine = NULL;
1331	}
1332	if(!ENGINE_init(e)) {
1333	char buf[`256`];
1334
1335	ENGINE_free(e);
1336	failf(data, "Failed to initialise SSL Engine '%s': %s",
1337	engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
1338	return CURLE_SSL_ENGINE_INITFAILED;
1339	}
1340	data->state.engine = e;
1341	return CURLE_OK;
1342	#else
1343	(void)engine;
1344	failf(data, "SSL Engine not supported");
1345	return CURLE_SSL_ENGINE_NOTFOUND;
1346	#endif
1347	}
1348
1349	/ Sets engine as default for all SSL operations*
1350	*/
1351	static CURLcode ossl_set_engine_default(struct Curl_easy *data)
1352	{
1353	#ifdef USE_OPENSSL_ENGINE
1354	if(data->state.engine) {
1355	if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > `0`) {
1356	infof(data, "set default crypto engine '%s'",
1357	ENGINE_get_id(data->state.engine));
1358	}
1359	else {
1360	failf(data, "set default crypto engine '%s' failed",
1361	ENGINE_get_id(data->state.engine));
1362	return CURLE_SSL_ENGINE_SETFAILED;
1363	}
1364	}
1365	#else
1366	(void) data;
1367	#endif
1368	return CURLE_OK;
1369	}
1370
1371	/ Return list of OpenSSL crypto engine names.*
1372	*/
1373	static struct curl_slist ossl_engines_list(struct* Curl_easy *data)
1374	{
1375	struct curl_slist *list = NULL;
1376	#ifdef USE_OPENSSL_ENGINE
1377	struct curl_slist *beg;
1378	ENGINE *e;
1379
1380	for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
1381	beg = curl_slist_append(list, ENGINE_get_id(e));
1382	if(!beg) {
1383	curl_slist_free_all(list);
1384	return NULL;
1385	}
1386	list = beg;
1387	}
1388	#endif
1389	(void) data;
1390	return list;
1391	}
1392
1393	#define set_logger(conn, data) \
1394	conn->ssl[0].backend->logger = data
1395
1396	static void ossl_closeone(struct Curl_easy *data,
1397	struct connectdata *conn,
1398	struct ssl_connect_data *connssl)
1399	{
1400	struct ssl_backend_data *backend = connssl->backend;
1401	if(backend->handle) {
1402	char buf[`32`];
1403	set_logger(conn, data);
1404
1405	/ Maybe the server has already sent a close notify alert.*
1406	Read it to avoid an RST on the TCP connection. /*
1407	(void)SSL_read(backend->handle, buf, (int)sizeof(buf));
1408
1409	(void)SSL_shutdown(backend->handle);
1410	SSL_set_connect_state(backend->handle);
1411
1412	SSL_free(backend->handle);
1413	backend->handle = NULL;
1414	}
1415	if(backend->ctx) {
1416	SSL_CTX_free(backend->ctx);
1417	backend->ctx = NULL;
1418	}
1419	}
1420
1421	/*
1422	* This function is called when an SSL connection is closed.
1423	*/
1424	static void ossl_close(struct Curl_easy data, struct* connectdata *conn,
1425	int sockindex)
1426	{
1427	ossl_closeone(data, conn, &conn->ssl[sockindex]);
1428	#ifndef CURL_DISABLE_PROXY
1429	ossl_closeone(data, conn, &conn->proxy_ssl[sockindex]);
1430	#endif
1431	}
1432
1433	/*
1434	* This function is called to shut down the SSL layer but keep the
1435	* socket open (CCC - Clear Command Channel)
1436	*/
1437	static int ossl_shutdown(struct Curl_easy *data,
1438	struct connectdata conn, int* sockindex)
1439	{
1440	int retval = `0`;
1441	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1442	char buf[`256`]; / We will use this for the OpenSSL error buffer, so it has*
1443	to be at least 256 bytes long. /*
1444	unsigned long sslerror;
1445	ssize_t nread;
1446	int buffsize;
1447	int err;
1448	bool done = FALSE;
1449	struct ssl_backend_data *backend = connssl->backend;
1450	int loop = `10`;
1451
1452	#ifndef CURL_DISABLE_FTP
1453	/ This has only been tested on the proftpd server, and the mod_tls code*
1454	sends a close notify alert without waiting for a close notify alert in
1455	response. Thus we wait for a close notify alert from the server, but
1456	we do not send one. Let's hope other servers do the same... /*
1457
1458	if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
1459	(void)SSL_shutdown(backend->handle);
1460	#endif
1461
1462	if(backend->handle) {
1463	buffsize = (int)sizeof(buf);
1464	while(!done && loop--) {
1465	int what = SOCKET_READABLE(conn->sock[sockindex],
1466	SSL_SHUTDOWN_TIMEOUT);
1467	if(what > `0`) {
1468	ERR_clear_error();
1469
1470	/ Something to read, let's do it and hope that it is the close*
1471	notify alert from the server /*
1472	nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
1473	err = SSL_get_error(backend->handle, (int)nread);
1474
1475	switch(err) {
1476	case SSL_ERROR_NONE: / this is not an error /
1477	case SSL_ERROR_ZERO_RETURN: / no more data /
1478	/ This is the expected response. There was no data but only*
1479	the close notify alert /*
1480	done = TRUE;
1481	break;
1482	case SSL_ERROR_WANT_READ:
1483	/ there's data pending, re-invoke SSL_read() /
1484	infof(data, "SSL_ERROR_WANT_READ");
1485	break;
1486	case SSL_ERROR_WANT_WRITE:
1487	/ SSL wants a write. Really odd. Let's bail out. /
1488	infof(data, "SSL_ERROR_WANT_WRITE");
1489	done = TRUE;
1490	break;
1491	default:
1492	/ openssl/ssl.h says "look at error stack/return value/errno" /
1493	sslerror = ERR_get_error();
1494	failf(data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
1495	(sslerror ?
1496	ossl_strerror(sslerror, buf, sizeof(buf)) :
1497	SSL_ERROR_to_str(err)),
1498	SOCKERRNO);
1499	done = TRUE;
1500	break;
1501	}
1502	}
1503	else if(`0` == what) {
1504	/ timeout /
1505	failf(data, "SSL shutdown timeout");
1506	done = TRUE;
1507	}
1508	else {
1509	/ anything that gets here is fatally bad /
1510	failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
1511	retval = -`1`;
1512	done = TRUE;
1513	}
1514	} / while()-loop for the select() /
1515
1516	if(data->set.verbose) {
1517	#ifdef HAVE_SSL_GET_SHUTDOWN
1518	switch(SSL_get_shutdown(backend->handle)) {
1519	case SSL_SENT_SHUTDOWN:
1520	infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN");
1521	break;
1522	case SSL_RECEIVED_SHUTDOWN:
1523	infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN");
1524	break;
1525	case SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN:
1526	infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\|"
1527	"SSL_RECEIVED__SHUTDOWN");
1528	break;
1529	}
1530	#endif
1531	}
1532
1533	SSL_free(backend->handle);
1534	backend->handle = NULL;
1535	}
1536	return retval;
1537	}
1538
1539	static void ossl_session_free(void *ptr)
1540	{
1541	/ free the ID /
1542	SSL_SESSION_free(ptr);
1543	}
1544
1545	/*
1546	* This function is called when the 'data' struct is going away. Close
1547	* down everything and free all resources!
1548	*/
1549	static void ossl_close_all(struct Curl_easy *data)
1550	{
1551	#ifdef USE_OPENSSL_ENGINE
1552	if(data->state.engine) {
1553	ENGINE_finish(data->state.engine);
1554	ENGINE_free(data->state.engine);
1555	data->state.engine = NULL;
1556	}
1557	#else
1558	(void)data;
1559	#endif
1560	#if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
1561	defined(HAVE_ERR_REMOVE_THREAD_STATE)
1562	/ OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread*
1563	so we need to clean it here in case the thread will be killed. All OpenSSL
1564	code should extract the error in association with the error so clearing
1565	this queue here should be harmless at worst. /*
1566	ERR_remove_thread_state(NULL);
1567	#endif
1568	}
1569
1570	/ ====================================================== /
1571
1572	/*
1573	* Match subjectAltName against the host name. This requires a conversion
1574	* in CURL_DOES_CONVERSIONS builds.
1575	*/
1576	static bool subj_alt_hostcheck(struct Curl_easy *data,
1577	const char match_pattern, const* char *hostname,
1578	const char *dispname)
1579	#ifdef CURL_DOES_CONVERSIONS
1580	{
1581	bool res = FALSE;
1582
1583	/ Curl_cert_hostcheck uses host encoding, but we get ASCII from*
1584	OpenSSl.
1585	*/
1586	char *match_pattern2 = strdup(match_pattern);
1587
1588	if(match_pattern2) {
1589	if(Curl_convert_from_network(data, match_pattern2,
1590	strlen(match_pattern2)) == CURLE_OK) {
1591	if(Curl_cert_hostcheck(match_pattern2, hostname)) {
1592	res = TRUE;
1593	infof(data,
1594	" subjectAltName: host \"%s\" matched cert's \"%s\"",
1595	dispname, match_pattern2);
1596	}
1597	}
1598	free(match_pattern2);
1599	}
1600	else {
1601	failf(data,
1602	"SSL: out of memory when allocating temporary for subjectAltName");
1603	}
1604	return res;
1605	}
1606	#else
1607	{
1608	#ifdef CURL_DISABLE_VERBOSE_STRINGS
1609	(void)dispname;
1610	(void)data;
1611	#endif
1612	if(Curl_cert_hostcheck(match_pattern, hostname)) {
1613	infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"",
1614	dispname, match_pattern);
1615	return TRUE;
1616	}
1617	return FALSE;
1618	}
1619	#endif
1620
1621
1622	/ Quote from RFC2818 section 3.1 "Server Identity"*
1623
1624	If a subjectAltName extension of type dNSName is present, that MUST
1625	be used as the identity. Otherwise, the (most specific) Common Name
1626	field in the Subject field of the certificate MUST be used. Although
1627	the use of the Common Name is existing practice, it is deprecated and
1628	Certification Authorities are encouraged to use the dNSName instead.
1629
1630	Matching is performed using the matching rules specified by
1631	[RFC2459]. If more than one identity of a given type is present in
1632	the certificate (e.g., more than one dNSName name, a match in any one
1633	of the set is considered acceptable.) Names may contain the wildcard
1634	character which is considered to match any single domain name*
1635	component or component fragment. E.g., .a.com matches foo.a.com but*
1636	not bar.foo.a.com. f.com matches foo.com but not bar.com.*
1637
1638	In some cases, the URI is specified as an IP address rather than a
1639	hostname. In this case, the iPAddress subjectAltName must be present
1640	in the certificate and must exactly match the IP in the URI.
1641
1642	*/
1643	static CURLcode verifyhost(struct Curl_easy data, struct* connectdata *conn,
1644	X509 *server_cert)
1645	{
1646	bool matched = FALSE;
1647	int target = GEN_DNS; / target type, GEN_DNS or GEN_IPADD /
1648	size_t addrlen = `0`;
1649	STACK_OF(GENERAL_NAME) *altnames;
1650	#ifdef ENABLE_IPV6
1651	struct in6_addr addr;
1652	#else
1653	struct in_addr addr;
1654	#endif
1655	CURLcode result = CURLE_OK;
1656	bool dNSName = FALSE; / if a dNSName field exists in the cert /
1657	bool iPAddress = FALSE; / if a iPAddress field exists in the cert /
1658	const char * const hostname = SSL_HOST_NAME();
1659	const char * const dispname = SSL_HOST_DISPNAME();
1660
1661	#ifdef ENABLE_IPV6
1662	if(conn->bits.ipv6_ip &&
1663	Curl_inet_pton(AF_INET6, hostname, &addr)) {
1664	target = GEN_IPADD;
1665	addrlen = sizeof(struct in6_addr);
1666	}
1667	else
1668	#endif
1669	if(Curl_inet_pton(AF_INET, hostname, &addr)) {
1670	target = GEN_IPADD;
1671	addrlen = sizeof(struct in_addr);
1672	}
1673
1674	/ get a "list" of alternative names /
1675	altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
1676
1677	if(altnames) {
1678	#ifdef OPENSSL_IS_BORINGSSL
1679	size_t numalts;
1680	size_t i;
1681	#else
1682	int numalts;
1683	int i;
1684	#endif
1685	bool dnsmatched = FALSE;
1686	bool ipmatched = FALSE;
1687
1688	/ get amount of alternatives, RFC2459 claims there MUST be at least*
1689	one, but we don't depend on it... /*
1690	numalts = sk_GENERAL_NAME_num(altnames);
1691
1692	/ loop through all alternatives - until a dnsmatch /
1693	for(i = `0`; (i < numalts) && !dnsmatched; i++) {
1694	/ get a handle to alternative name number i /
1695	const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
1696
1697	if(check->type == GEN_DNS)
1698	dNSName = TRUE;
1699	else if(check->type == GEN_IPADD)
1700	iPAddress = TRUE;
1701
1702	/ only check alternatives of the same type the target is /
1703	if(check->type == target) {
1704	/ get data and length /
1705	const char altptr = (char* *)ASN1_STRING_get0_data(check->d.ia5);
1706	size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1707
1708	switch(target) {
1709	case GEN_DNS: / name/pattern comparison /
1710	/ The OpenSSL man page explicitly says: "In general it cannot be*
1711	assumed that the data returned by ASN1_STRING_data() is null
1712	terminated or does not contain embedded nulls." But also that
1713	"The actual format of the data will depend on the actual string
1714	type itself: for example for an IA5String the data will be ASCII"
1715
1716	It has been however verified that in 0.9.6 and 0.9.7, IA5String
1717	is always null-terminated.
1718	*/
1719	if((altlen == strlen(altptr)) &&
1720	/ if this isn't true, there was an embedded zero in the name*
1721	string and we cannot match it. /*
1722	subj_alt_hostcheck(data, altptr, hostname, dispname)) {
1723	dnsmatched = TRUE;
1724	}
1725	break;
1726
1727	case GEN_IPADD: / IP address comparison /
1728	/ compare alternative IP address if the data chunk is the same size*
1729	our server IP address is /*
1730	if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
1731	ipmatched = TRUE;
1732	infof(data,
1733	" subjectAltName: host \"%s\" matched cert's IP address!",
1734	dispname);
1735	}
1736	break;
1737	}
1738	}
1739	}
1740	GENERAL_NAMES_free(altnames);
1741
1742	if(dnsmatched \|\| ipmatched)
1743	matched = TRUE;
1744	}
1745
1746	if(matched)
1747	/ an alternative name matched /
1748	;
1749	else if(dNSName \|\| iPAddress) {
1750	infof(data, " subjectAltName does not match %s", dispname);
1751	failf(data, "SSL: no alternative certificate subject name matches "
1752	"target host name '%s'", dispname);
1753	result = CURLE_PEER_FAILED_VERIFICATION;
1754	}
1755	else {
1756	/ we have to look to the last occurrence of a commonName in the*
1757	distinguished one to get the most significant one. /*
1758	int j, i = -`1`;
1759
1760	/ The following is done because of a bug in 0.9.6b /
1761
1762	unsigned char nulstr = (unsigned* char *)"";
1763	unsigned char *peer_CN = nulstr;
1764
1765	X509_NAME *name = X509_get_subject_name(server_cert);
1766	if(name)
1767	while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= `0`)
1768	i = j;
1769
1770	/ we have the name entry and we will now convert this to a string*
1771	that we can use for comparison. Doing this we support BMPstring,
1772	UTF8, etc. /*
1773
1774	if(i >= `0`) {
1775	ASN1_STRING *tmp =
1776	X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
1777
1778	/ In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input*
1779	is already UTF-8 encoded. We check for this case and copy the raw
1780	string manually to avoid the problem. This code can be made
1781	conditional in the future when OpenSSL has been fixed. /*
1782	if(tmp) {
1783	if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1784	j = ASN1_STRING_length(tmp);
1785	if(j >= `0`) {
1786	peer_CN = OPENSSL_malloc(j + `1`);
1787	if(peer_CN) {
1788	memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
1789	peer_CN[j] = `'\0'`;
1790	}
1791	}
1792	}
1793	else / not a UTF8 name /
1794	j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1795
1796	if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1797	/ there was a terminating zero before the end of string, this*
1798	cannot match and we return failure! /*
1799	failf(data, "SSL: illegal cert name field");
1800	result = CURLE_PEER_FAILED_VERIFICATION;
1801	}
1802	}
1803	}
1804
1805	if(peer_CN == nulstr)
1806	peer_CN = NULL;
1807	else {
1808	/ convert peer_CN from UTF8 /
1809	CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
1810	strlen((char *)peer_CN));
1811	/ Curl_convert_from_utf8 calls failf if unsuccessful /
1812	if(rc) {
1813	OPENSSL_free(peer_CN);
1814	return rc;
1815	}
1816	}
1817
1818	if(result)
1819	/ error already detected, pass through /
1820	;
1821	else if(!peer_CN) {
1822	failf(data,
1823	"SSL: unable to obtain common name from peer certificate");
1824	result = CURLE_PEER_FAILED_VERIFICATION;
1825	}
1826	else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
1827	failf(data, "SSL: certificate subject name '%s' does not match "
1828	"target host name '%s'", peer_CN, dispname);
1829	result = CURLE_PEER_FAILED_VERIFICATION;
1830	}
1831	else {
1832	infof(data, " common name: %s (matched)", peer_CN);
1833	}
1834	if(peer_CN)
1835	OPENSSL_free(peer_CN);
1836	}
1837
1838	return result;
1839	}
1840
1841	#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
1842	!defined(OPENSSL_NO_OCSP)
1843	static CURLcode verifystatus(struct Curl_easy *data,
1844	struct ssl_connect_data *connssl)
1845	{
1846	int i, ocsp_status;
1847	unsigned char *status;
1848	const unsigned char *p;
1849	CURLcode result = CURLE_OK;
1850	OCSP_RESPONSE *rsp = NULL;
1851	OCSP_BASICRESP *br = NULL;
1852	X509_STORE *st = NULL;
1853	STACK_OF(X509) *ch = NULL;
1854	struct ssl_backend_data *backend = connssl->backend;
1855	X509 *cert;
1856	OCSP_CERTID *id = NULL;
1857	int cert_status, crl_reason;
1858	ASN1_GENERALIZEDTIME rev, thisupd, *nextupd;
1859	int ret;
1860
1861	long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
1862
1863	if(!status) {
1864	failf(data, "No OCSP response received");
1865	result = CURLE_SSL_INVALIDCERTSTATUS;
1866	goto end;
1867	}
1868	p = status;
1869	rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
1870	if(!rsp) {
1871	failf(data, "Invalid OCSP response");
1872	result = CURLE_SSL_INVALIDCERTSTATUS;
1873	goto end;
1874	}
1875
1876	ocsp_status = OCSP_response_status(rsp);
1877	if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
1878	failf(data, "Invalid OCSP response status: %s (%d)",
1879	OCSP_response_status_str(ocsp_status), ocsp_status);
1880	result = CURLE_SSL_INVALIDCERTSTATUS;
1881	goto end;
1882	}
1883
1884	br = OCSP_response_get1_basic(rsp);
1885	if(!br) {
1886	failf(data, "Invalid OCSP response");
1887	result = CURLE_SSL_INVALIDCERTSTATUS;
1888	goto end;
1889	}
1890
1891	ch = SSL_get_peer_cert_chain(backend->handle);
1892	st = SSL_CTX_get_cert_store(backend->ctx);
1893
1894	#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ \|\| \
1895	(defined(LIBRESSL_VERSION_NUMBER) && \
1896	LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
1897	/ The authorized responder cert in the OCSP response MUST be signed by the*
1898	peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
1899	no problem, but if it's an intermediate cert OpenSSL has a bug where it
1900	expects this issuer to be present in the chain embedded in the OCSP
1901	response. So we add it if necessary. /*
1902
1903	/ First make sure the peer cert chain includes both a peer and an issuer,*
1904	and the OCSP response contains a responder cert. /*
1905	if(sk_X509_num(ch) >= `2` && sk_X509_num(br->certs) >= `1`) {
1906	X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - `1`);
1907
1908	/ Find issuer of responder cert and add it to the OCSP response chain /
1909	for(i = `0`; i < sk_X509_num(ch); i++) {
1910	X509 *issuer = sk_X509_value(ch, i);
1911	if(X509_check_issued(issuer, responder) == X509_V_OK) {
1912	if(!OCSP_basic_add1_cert(br, issuer)) {
1913	failf(data, "Could not add issuer cert to OCSP response");
1914	result = CURLE_SSL_INVALIDCERTSTATUS;
1915	goto end;
1916	}
1917	}
1918	}
1919	}
1920	#endif
1921
1922	if(OCSP_basic_verify(br, ch, st, `0`) <= `0`) {
1923	failf(data, "OCSP response verification failed");
1924	result = CURLE_SSL_INVALIDCERTSTATUS;
1925	goto end;
1926	}
1927
1928	/ Compute the certificate's ID /
1929	cert = SSL_get_peer_certificate(backend->handle);
1930	if(!cert) {
1931	failf(data, "Error getting peer certificate");
1932	result = CURLE_SSL_INVALIDCERTSTATUS;
1933	goto end;
1934	}
1935
1936	for(i = `0`; i < sk_X509_num(ch); i++) {
1937	X509 *issuer = sk_X509_value(ch, i);
1938	if(X509_check_issued(issuer, cert) == X509_V_OK) {
1939	id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
1940	break;
1941	}
1942	}
1943	X509_free(cert);
1944
1945	if(!id) {
1946	failf(data, "Error computing OCSP ID");
1947	result = CURLE_SSL_INVALIDCERTSTATUS;
1948	goto end;
1949	}
1950
1951	/ Find the single OCSP response corresponding to the certificate ID /
1952	ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev,
1953	&thisupd, &nextupd);
1954	OCSP_CERTID_free(id);
1955	if(ret != `1`) {
1956	failf(data, "Could not find certificate ID in OCSP response");
1957	result = CURLE_SSL_INVALIDCERTSTATUS;
1958	goto end;
1959	}
1960
1961	/ Validate the corresponding single OCSP response /
1962	if(!OCSP_check_validity(thisupd, nextupd, `300L`, -`1L`)) {
1963	failf(data, "OCSP response has expired");
1964	result = CURLE_SSL_INVALIDCERTSTATUS;
1965	goto end;
1966	}
1967
1968	infof(data, "SSL certificate status: %s (%d)",
1969	OCSP_cert_status_str(cert_status), cert_status);
1970
1971	switch(cert_status) {
1972	case V_OCSP_CERTSTATUS_GOOD:
1973	break;
1974
1975	case V_OCSP_CERTSTATUS_REVOKED:
1976	result = CURLE_SSL_INVALIDCERTSTATUS;
1977	failf(data, "SSL certificate revocation reason: %s (%d)",
1978	OCSP_crl_reason_str(crl_reason), crl_reason);
1979	goto end;
1980
1981	case V_OCSP_CERTSTATUS_UNKNOWN:
1982	default:
1983	result = CURLE_SSL_INVALIDCERTSTATUS;
1984	goto end;
1985	}
1986
1987	end:
1988	if(br)
1989	OCSP_BASICRESP_free(br);
1990	OCSP_RESPONSE_free(rsp);
1991
1992	return result;
1993	}
1994	#endif
1995
1996	#endif /* USE_OPENSSL */
1997
1998	/ The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions*
1999	and thus this cannot be done there. /*
2000	#ifdef SSL_CTRL_SET_MSG_CALLBACK
2001
2002	static const char ssl_msg_type(int* ssl_ver, int msg)
2003	{
2004	#ifdef SSL2_VERSION_MAJOR
2005	if(ssl_ver == SSL2_VERSION_MAJOR) {
2006	switch(msg) {
2007	case SSL2_MT_ERROR:
2008	return "Error";
2009	case SSL2_MT_CLIENT_HELLO:
2010	return "Client hello";
2011	case SSL2_MT_CLIENT_MASTER_KEY:
2012	return "Client key";
2013	case SSL2_MT_CLIENT_FINISHED:
2014	return "Client finished";
2015	case SSL2_MT_SERVER_HELLO:
2016	return "Server hello";
2017	case SSL2_MT_SERVER_VERIFY:
2018	return "Server verify";
2019	case SSL2_MT_SERVER_FINISHED:
2020	return "Server finished";
2021	case SSL2_MT_REQUEST_CERTIFICATE:
2022	return "Request CERT";
2023	case SSL2_MT_CLIENT_CERTIFICATE:
2024	return "Client CERT";
2025	}
2026	}
2027	else
2028	#endif
2029	if(ssl_ver == SSL3_VERSION_MAJOR) {
2030	switch(msg) {
2031	case SSL3_MT_HELLO_REQUEST:
2032	return "Hello request";
2033	case SSL3_MT_CLIENT_HELLO:
2034	return "Client hello";
2035	case SSL3_MT_SERVER_HELLO:
2036	return "Server hello";
2037	#ifdef SSL3_MT_NEWSESSION_TICKET
2038	case SSL3_MT_NEWSESSION_TICKET:
2039	return "Newsession Ticket";
2040	#endif
2041	case SSL3_MT_CERTIFICATE:
2042	return "Certificate";
2043	case SSL3_MT_SERVER_KEY_EXCHANGE:
2044	return "Server key exchange";
2045	case SSL3_MT_CLIENT_KEY_EXCHANGE:
2046	return "Client key exchange";
2047	case SSL3_MT_CERTIFICATE_REQUEST:
2048	return "Request CERT";
2049	case SSL3_MT_SERVER_DONE:
2050	return "Server finished";
2051	case SSL3_MT_CERTIFICATE_VERIFY:
2052	return "CERT verify";
2053	case SSL3_MT_FINISHED:
2054	return "Finished";
2055	#ifdef SSL3_MT_CERTIFICATE_STATUS
2056	case SSL3_MT_CERTIFICATE_STATUS:
2057	return "Certificate Status";
2058	#endif
2059	#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
2060	case SSL3_MT_ENCRYPTED_EXTENSIONS:
2061	return "Encrypted Extensions";
2062	#endif
2063	#ifdef SSL3_MT_SUPPLEMENTAL_DATA
2064	case SSL3_MT_SUPPLEMENTAL_DATA:
2065	return "Supplemental data";
2066	#endif
2067	#ifdef SSL3_MT_END_OF_EARLY_DATA
2068	case SSL3_MT_END_OF_EARLY_DATA:
2069	return "End of early data";
2070	#endif
2071	#ifdef SSL3_MT_KEY_UPDATE
2072	case SSL3_MT_KEY_UPDATE:
2073	return "Key update";
2074	#endif
2075	#ifdef SSL3_MT_NEXT_PROTO
2076	case SSL3_MT_NEXT_PROTO:
2077	return "Next protocol";
2078	#endif
2079	#ifdef SSL3_MT_MESSAGE_HASH
2080	case SSL3_MT_MESSAGE_HASH:
2081	return "Message hash";
2082	#endif
2083	}
2084	}
2085	return "Unknown";
2086	}
2087
2088	static const char tls_rt_type(int* type)
2089	{
2090	switch(type) {
2091	#ifdef SSL3_RT_HEADER
2092	case SSL3_RT_HEADER:
2093	return "TLS header";
2094	#endif
2095	case SSL3_RT_CHANGE_CIPHER_SPEC:
2096	return "TLS change cipher";
2097	case SSL3_RT_ALERT:
2098	return "TLS alert";
2099	case SSL3_RT_HANDSHAKE:
2100	return "TLS handshake";
2101	case SSL3_RT_APPLICATION_DATA:
2102	return "TLS app data";
2103	default:
2104	return "TLS Unknown";
2105	}
2106	}
2107
2108	/*
2109	* Our callback from the SSL/TLS layers.
2110	*/
2111	static void ossl_trace(int direction, int ssl_ver, int content_type,
2112	const void buf, size_t len, SSL ssl,
2113	void *userp)
2114	{
2115	char unknown[`32`];
2116	const char *verstr = NULL;
2117	struct connectdata *conn = userp;
2118	struct ssl_connect_data *connssl = &conn->ssl[`0`];
2119	struct ssl_backend_data *backend = connssl->backend;
2120	struct Curl_easy *data = backend->logger;
2121
2122	if(!conn \|\| !data \|\| !data->set.fdebug \|\|
2123	(direction != `0` && direction != `1`))
2124	return;
2125
2126	switch(ssl_ver) {
2127	#ifdef SSL2_VERSION /* removed in recent versions */
2128	case SSL2_VERSION:
2129	verstr = "SSLv2";
2130	break;
2131	#endif
2132	#ifdef SSL3_VERSION
2133	case SSL3_VERSION:
2134	verstr = "SSLv3";
2135	break;
2136	#endif
2137	case TLS1_VERSION:
2138	verstr = "TLSv1.0";
2139	break;
2140	#ifdef TLS1_1_VERSION
2141	case TLS1_1_VERSION:
2142	verstr = "TLSv1.1";
2143	break;
2144	#endif
2145	#ifdef TLS1_2_VERSION
2146	case TLS1_2_VERSION:
2147	verstr = "TLSv1.2";
2148	break;
2149	#endif
2150	#ifdef TLS1_3_VERSION
2151	case TLS1_3_VERSION:
2152	verstr = "TLSv1.3";
2153	break;
2154	#endif
2155	case `0`:
2156	break;
2157	default:
2158	msnprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
2159	verstr = unknown;
2160	break;
2161	}
2162
2163	/ Log progress for interesting records only (like Handshake or Alert), skip*
2164	* all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0).
2165	* For TLS 1.3, skip notification of the decrypted inner Content-Type.
2166	*/
2167	if(ssl_ver
2168	#ifdef SSL3_RT_INNER_CONTENT_TYPE
2169	&& content_type != SSL3_RT_INNER_CONTENT_TYPE
2170	#endif
2171	) {
2172	const char msg_name, tls_rt_name;
2173	char ssl_buf[`1024`];
2174	int msg_type, txt_len;
2175
2176	/ the info given when the version is zero is not that useful for us /
2177
2178	ssl_ver >>= `8`; / check the upper 8 bits only below /
2179
2180	/ SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL*
2181	* always pass-up content-type as 0. But the interesting message-type
2182	* is at 'buf[0]'.
2183	*/
2184	if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
2185	tls_rt_name = tls_rt_type(content_type);
2186	else
2187	tls_rt_name = "";
2188
2189	if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
2190	msg_type = (char* *)buf;
2191	msg_name = "Change cipher spec";
2192	}
2193	else if(content_type == SSL3_RT_ALERT) {
2194	msg_type = (((char )buf)[`0`] << `8`) + ((char* *)buf)[`1`];
2195	msg_name = SSL_alert_desc_string_long(msg_type);
2196	}
2197	else {
2198	msg_type = (char* *)buf;
2199	msg_name = ssl_msg_type(ssl_ver, msg_type);
2200	}
2201
2202	txt_len = msnprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
2203	verstr, direction?"OUT":"IN",
2204	tls_rt_name, msg_name, msg_type);
2205	if(`0` <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
2206	Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len);
2207	}
2208	}
2209
2210	Curl_debug(data, (direction == `1`) ? CURLINFO_SSL_DATA_OUT :
2211	CURLINFO_SSL_DATA_IN, (char *)buf, len);
2212	(void) ssl;
2213	}
2214	#endif
2215
2216	#ifdef USE_OPENSSL
2217	/ ====================================================== /
2218
2219	#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2220	# define use_sni(x) sni = (x)
2221	#else
2222	# define use_sni(x) Curl_nop_stmt
2223	#endif
2224
2225	/ Check for OpenSSL 1.0.2 which has ALPN support. /
2226	#undef HAS_ALPN
2227	#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
2228	&& !defined(OPENSSL_NO_TLSEXT)
2229	# define HAS_ALPN 1
2230	#endif
2231
2232	/ Check for OpenSSL 1.0.1 which has NPN support. /
2233	#undef HAS_NPN
2234	#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
2235	&& !defined(OPENSSL_NO_TLSEXT) \
2236	&& !defined(OPENSSL_NO_NEXTPROTONEG)
2237	# define HAS_NPN 1
2238	#endif
2239
2240	#ifdef HAS_NPN
2241
2242	/*
2243	* in is a list of length prefixed strings. this function has to select
2244	* the protocol we want to use from the list and write its string into out.
2245	*/
2246
2247	static int
2248	select_next_protocol(unsigned char *out, unsigned* char *outlen,
2249	const unsigned char in, unsigned* int inlen,
2250	const char key, unsigned* int keylen)
2251	{
2252	unsigned int i;
2253	for(i = `0`; i + keylen <= inlen; i += in[i] + `1`) {
2254	if(memcmp(&in[i + `1`], key, keylen) == `0`) {
2255	out = (unsigned* char *) &in[i + `1`];
2256	*outlen = in[i];
2257	return `0`;
2258	}
2259	}
2260	return -`1`;
2261	}
2262
2263	static int
2264	select_next_proto_cb(SSL *ssl,
2265	unsigned char *out, unsigned* char *outlen,
2266	const unsigned char in, unsigned* int inlen,
2267	void *arg)
2268	{
2269	struct Curl_easy data = (struct* Curl_easy *)arg;
2270	struct connectdata *conn = data->conn;
2271	(void)ssl;
2272
2273	#ifdef USE_HTTP2
2274	if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
2275	!select_next_protocol(out, outlen, in, inlen, ALPN_H2, ALPN_H2_LENGTH)) {
2276	infof(data, "NPN, negotiated HTTP2 (%s)", ALPN_H2);
2277	conn->negnpn = CURL_HTTP_VERSION_2;
2278	return SSL_TLSEXT_ERR_OK;
2279	}
2280	#endif
2281
2282	if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
2283	ALPN_HTTP_1_1_LENGTH)) {
2284	infof(data, "NPN, negotiated HTTP1.1");
2285	conn->negnpn = CURL_HTTP_VERSION_1_1;
2286	return SSL_TLSEXT_ERR_OK;
2287	}
2288
2289	infof(data, "NPN, no overlap, use HTTP1.1");
2290	out = (unsigned* char *)ALPN_HTTP_1_1;
2291	*outlen = ALPN_HTTP_1_1_LENGTH;
2292	conn->negnpn = CURL_HTTP_VERSION_1_1;
2293
2294	return SSL_TLSEXT_ERR_OK;
2295	}
2296	#endif /* HAS_NPN */
2297
2298	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
2299	static CURLcode
2300	set_ssl_version_min_max(SSL_CTX ctx, struct* connectdata *conn)
2301	{
2302	/ first, TLS min version... /
2303	long curl_ssl_version_min = SSL_CONN_CONFIG(version);
2304	long curl_ssl_version_max;
2305
2306	/ convert curl min SSL version option to OpenSSL constant /
2307	#if defined(OPENSSL_IS_BORINGSSL) \|\| defined(LIBRESSL_VERSION_NUMBER)
2308	uint16_t ossl_ssl_version_min = `0`;
2309	uint16_t ossl_ssl_version_max = `0`;
2310	#else
2311	long ossl_ssl_version_min = `0`;
2312	long ossl_ssl_version_max = `0`;
2313	#endif
2314	switch(curl_ssl_version_min) {
2315	case CURL_SSLVERSION_TLSv1: / TLS 1.x /
2316	case CURL_SSLVERSION_TLSv1_0:
2317	ossl_ssl_version_min = TLS1_VERSION;
2318	break;
2319	case CURL_SSLVERSION_TLSv1_1:
2320	ossl_ssl_version_min = TLS1_1_VERSION;
2321	break;
2322	case CURL_SSLVERSION_TLSv1_2:
2323	ossl_ssl_version_min = TLS1_2_VERSION;
2324	break;
2325	#ifdef TLS1_3_VERSION
2326	case CURL_SSLVERSION_TLSv1_3:
2327	ossl_ssl_version_min = TLS1_3_VERSION;
2328	break;
2329	#endif
2330	}
2331
2332	/ CURL_SSLVERSION_DEFAULT means that no option was selected.*
2333	We don't want to pass 0 to SSL_CTX_set_min_proto_version as
2334	it would enable all versions down to the lowest supported by
2335	the library.
2336	So we skip this, and stay with the library default
2337	*/
2338	if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) {
2339	if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) {
2340	return CURLE_SSL_CONNECT_ERROR;
2341	}
2342	}
2343
2344	/ ... then, TLS max version /
2345	curl_ssl_version_max = SSL_CONN_CONFIG(version_max);
2346
2347	/ convert curl max SSL version option to OpenSSL constant /
2348	switch(curl_ssl_version_max) {
2349	case CURL_SSLVERSION_MAX_TLSv1_0:
2350	ossl_ssl_version_max = TLS1_VERSION;
2351	break;
2352	case CURL_SSLVERSION_MAX_TLSv1_1:
2353	ossl_ssl_version_max = TLS1_1_VERSION;
2354	break;
2355	case CURL_SSLVERSION_MAX_TLSv1_2:
2356	ossl_ssl_version_max = TLS1_2_VERSION;
2357	break;
2358	#ifdef TLS1_3_VERSION
2359	case CURL_SSLVERSION_MAX_TLSv1_3:
2360	ossl_ssl_version_max = TLS1_3_VERSION;
2361	break;
2362	#endif
2363	case CURL_SSLVERSION_MAX_NONE: / none selected /
2364	case CURL_SSLVERSION_MAX_DEFAULT: / max selected /
2365	default:
2366	/ SSL_CTX_set_max_proto_version states that:*
2367	setting the maximum to 0 will enable
2368	protocol versions up to the highest version
2369	supported by the library /*
2370	ossl_ssl_version_max = `0`;
2371	break;
2372	}
2373
2374	if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
2375	return CURLE_SSL_CONNECT_ERROR;
2376	}
2377
2378	return CURLE_OK;
2379	}
2380	#endif
2381
2382	#ifdef OPENSSL_IS_BORINGSSL
2383	typedef uint32_t ctx_option_t;
2384	#else
2385	typedef long ctx_option_t;
2386	#endif
2387
2388	#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
2389	static CURLcode
2390	set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
2391	struct Curl_easy *data,
2392	struct connectdata conn, int* sockindex)
2393	{
2394	long ssl_version = SSL_CONN_CONFIG(version);
2395	long ssl_version_max = SSL_CONN_CONFIG(version_max);
2396
2397	(void) data; / In case it's unused. /
2398
2399	switch(ssl_version) {
2400	case CURL_SSLVERSION_TLSv1_3:
2401	#ifdef TLS1_3_VERSION
2402	{
2403	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2404	SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION);
2405	*ctx_options \|= SSL_OP_NO_TLSv1_2;
2406	}
2407	#else
2408	(void)sockindex;
2409	(void)ctx_options;
2410	failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2411	return CURLE_NOT_BUILT_IN;
2412	#endif
2413	/ FALLTHROUGH /
2414	case CURL_SSLVERSION_TLSv1_2:
2415	#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2416	*ctx_options \|= SSL_OP_NO_TLSv1_1;
2417	#else
2418	failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
2419	return CURLE_NOT_BUILT_IN;
2420	#endif
2421	/ FALLTHROUGH /
2422	case CURL_SSLVERSION_TLSv1_1:
2423	#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2424	*ctx_options \|= SSL_OP_NO_TLSv1;
2425	#else
2426	failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
2427	return CURLE_NOT_BUILT_IN;
2428	#endif
2429	/ FALLTHROUGH /
2430	case CURL_SSLVERSION_TLSv1_0:
2431	case CURL_SSLVERSION_TLSv1:
2432	break;
2433	}
2434
2435	switch(ssl_version_max) {
2436	case CURL_SSLVERSION_MAX_TLSv1_0:
2437	#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2438	*ctx_options \|= SSL_OP_NO_TLSv1_1;
2439	#endif
2440	/ FALLTHROUGH /
2441	case CURL_SSLVERSION_MAX_TLSv1_1:
2442	#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2443	*ctx_options \|= SSL_OP_NO_TLSv1_2;
2444	#endif
2445	/ FALLTHROUGH /
2446	case CURL_SSLVERSION_MAX_TLSv1_2:
2447	#ifdef TLS1_3_VERSION
2448	*ctx_options \|= SSL_OP_NO_TLSv1_3;
2449	#endif
2450	break;
2451	case CURL_SSLVERSION_MAX_TLSv1_3:
2452	#ifdef TLS1_3_VERSION
2453	break;
2454	#else
2455	failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2456	return CURLE_NOT_BUILT_IN;
2457	#endif
2458	}
2459	return CURLE_OK;
2460	}
2461	#endif
2462
2463	/ The "new session" callback must return zero if the session can be removed*
2464	* or non-zero if the session has been put into the session cache.
2465	*/
2466	static int ossl_new_session_cb(SSL ssl, SSL_SESSION ssl_sessionid)
2467	{
2468	int res = `0`;
2469	struct connectdata *conn;
2470	struct Curl_easy *data;
2471	int sockindex;
2472	curl_socket_t *sockindex_ptr;
2473	int data_idx = ossl_get_ssl_data_index();
2474	int connectdata_idx = ossl_get_ssl_conn_index();
2475	int sockindex_idx = ossl_get_ssl_sockindex_index();
2476	int proxy_idx = ossl_get_proxy_index();
2477	bool isproxy;
2478
2479	if(data_idx < `0` \|\| connectdata_idx < `0` \|\| sockindex_idx < `0` \|\| proxy_idx < `0`)
2480	return `0`;
2481
2482	conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx);
2483	if(!conn)
2484	return `0`;
2485
2486	data = (struct Curl_easy *) SSL_get_ex_data(ssl, data_idx);
2487
2488	/ The sockindex has been stored as a pointer to an array element /
2489	sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx);
2490	sockindex = (int)(sockindex_ptr - conn->sock);
2491
2492	isproxy = SSL_get_ex_data(ssl, proxy_idx) ? TRUE : FALSE;
2493
2494	if(SSL_SET_OPTION(primary.sessionid)) {
2495	bool incache;
2496	void *old_ssl_sessionid = NULL;
2497
2498	Curl_ssl_sessionid_lock(data);
2499	if(isproxy)
2500	incache = FALSE;
2501	else
2502	incache = !(Curl_ssl_getsessionid(data, conn, isproxy,
2503	&old_ssl_sessionid, NULL, sockindex));
2504	if(incache) {
2505	if(old_ssl_sessionid != ssl_sessionid) {
2506	infof(data, "old SSL session ID is stale, removing");
2507	Curl_ssl_delsessionid(data, old_ssl_sessionid);
2508	incache = FALSE;
2509	}
2510	}
2511
2512	if(!incache) {
2513	if(!Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid,
2514	`0` / unknown size /, sockindex)) {
2515	/ the session has been put into the session cache /
2516	res = `1`;
2517	}
2518	else
2519	failf(data, "failed to store ssl session");
2520	}
2521	Curl_ssl_sessionid_unlock(data);
2522	}
2523
2524	return res;
2525	}
2526
2527	static CURLcode load_cacert_from_memory(SSL_CTX *ctx,
2528	const struct curl_blob *ca_info_blob)
2529	{
2530	/ these need to be freed at the end /
2531	BIO *cbio = NULL;
2532	STACK_OF(X509_INFO) *inf = NULL;
2533
2534	/ everything else is just a reference /
2535	int i, count = `0`;
2536	X509_STORE *cts = NULL;
2537	X509_INFO *itmp = NULL;
2538
2539	if(ca_info_blob->len > (size_t)INT_MAX)
2540	return CURLE_SSL_CACERT_BADFILE;
2541
2542	cts = SSL_CTX_get_cert_store(ctx);
2543	if(!cts)
2544	return CURLE_OUT_OF_MEMORY;
2545
2546	cbio = BIO_new_mem_buf(ca_info_blob->data, (int)ca_info_blob->len);
2547	if(!cbio)
2548	return CURLE_OUT_OF_MEMORY;
2549
2550	inf = PEM_X509_INFO_read_bio(cbio, NULL, NULL, NULL);
2551	if(!inf) {
2552	BIO_free(cbio);
2553	return CURLE_SSL_CACERT_BADFILE;
2554	}
2555
2556	/ add each entry from PEM file to x509_store /
2557	for(i = `0`; i < (int)sk_X509_INFO_num(inf); ++i) {
2558	itmp = sk_X509_INFO_value(inf, i);
2559	if(itmp->x509) {
2560	if(X509_STORE_add_cert(cts, itmp->x509)) {
2561	++count;
2562	}
2563	else {
2564	/ set count to 0 to return an error /
2565	count = `0`;
2566	break;
2567	}
2568	}
2569	if(itmp->crl) {
2570	if(X509_STORE_add_crl(cts, itmp->crl)) {
2571	++count;
2572	}
2573	else {
2574	/ set count to 0 to return an error /
2575	count = `0`;
2576	break;
2577	}
2578	}
2579	}
2580
2581	sk_X509_INFO_pop_free(inf, X509_INFO_free);
2582	BIO_free(cbio);
2583
2584	/ if we didn't end up importing anything, treat that as an error /
2585	return (count > `0` ? CURLE_OK : CURLE_SSL_CACERT_BADFILE);
2586	}
2587
2588	static CURLcode ossl_connect_step1(struct Curl_easy *data,
2589	struct connectdata conn, int* sockindex)
2590	{
2591	CURLcode result = CURLE_OK;
2592	char *ciphers;
2593	SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
2594	X509_LOOKUP *lookup = NULL;
2595	curl_socket_t sockfd = conn->sock[sockindex];
2596	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2597	ctx_option_t ctx_options = `0`;
2598	void *ssl_sessionid = NULL;
2599
2600	#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2601	bool sni;
2602	const char * const hostname = SSL_HOST_NAME();
2603
2604	#ifdef ENABLE_IPV6
2605	struct in6_addr addr;
2606	#else
2607	struct in_addr addr;
2608	#endif
2609	#endif
2610	const long int ssl_version = SSL_CONN_CONFIG(version);
2611	#ifdef USE_OPENSSL_SRP
2612	const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
2613	#endif
2614	char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
2615	const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
2616	const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
2617	const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
2618	const char * const ssl_cafile =
2619	/ CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO /
2620	(ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
2621	const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
2622	const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
2623	const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
2624	char error_buffer[`256`];
2625	struct ssl_backend_data *backend = connssl->backend;
2626	bool imported_native_ca = false;
2627
2628	DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
2629
2630	/ Make funny stuff to get random input /
2631	result = ossl_seed(data);
2632	if(result)
2633	return result;
2634
2635	SSL_SET_OPTION_LVALUE(certverifyresult) = !X509_V_OK;
2636
2637	/ check to see if we've been told to use an explicit SSL/TLS version /
2638
2639	switch(ssl_version) {
2640	case CURL_SSLVERSION_DEFAULT:
2641	case CURL_SSLVERSION_TLSv1:
2642	case CURL_SSLVERSION_TLSv1_0:
2643	case CURL_SSLVERSION_TLSv1_1:
2644	case CURL_SSLVERSION_TLSv1_2:
2645	case CURL_SSLVERSION_TLSv1_3:
2646	/ it will be handled later with the context options /
2647	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
2648	req_method = TLS_client_method();
2649	#else
2650	req_method = SSLv23_client_method();
2651	#endif
2652	use_sni(TRUE);
2653	break;
2654	case CURL_SSLVERSION_SSLv2:
2655	failf(data, "No SSLv2 support");
2656	return CURLE_NOT_BUILT_IN;
2657	case CURL_SSLVERSION_SSLv3:
2658	failf(data, "No SSLv3 support");
2659	return CURLE_NOT_BUILT_IN;
2660	default:
2661	failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
2662	return CURLE_SSL_CONNECT_ERROR;
2663	}
2664
2665	DEBUGASSERT(!backend->ctx);
2666	backend->ctx = SSL_CTX_new(req_method);
2667
2668	if(!backend->ctx) {
2669	failf(data, "SSL: couldn't create a context: %s",
2670	ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
2671	return CURLE_OUT_OF_MEMORY;
2672	}
2673
2674	#ifdef SSL_MODE_RELEASE_BUFFERS
2675	SSL_CTX_set_mode(backend->ctx, SSL_MODE_RELEASE_BUFFERS);
2676	#endif
2677
2678	#ifdef SSL_CTRL_SET_MSG_CALLBACK
2679	if(data->set.fdebug && data->set.verbose) {
2680	/ the SSL trace callback is only used for verbose logging /
2681	SSL_CTX_set_msg_callback(backend->ctx, ossl_trace);
2682	SSL_CTX_set_msg_callback_arg(backend->ctx, conn);
2683	set_logger(conn, data);
2684	}
2685	#endif
2686
2687	/ OpenSSL contains code to work around lots of bugs and flaws in various*
2688	SSL-implementations. SSL_CTX_set_options() is used to enabled those
2689	work-arounds. The man page for this option states that SSL_OP_ALL enables
2690	all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
2691	enable the bug workaround options if compatibility with somewhat broken
2692	implementations is desired."
2693
2694	The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to
2695	disable "rfc4507bis session ticket support". rfc4507bis was later turned
2696	into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
2697
2698	The enabled extension concerns the session management. I wonder how often
2699	libcurl stops a connection and then resumes a TLS session. Also, sending
2700	the session data is some overhead. I suggest that you just use your
2701	proposed patch (which explicitly disables TICKET).
2702
2703	If someone writes an application with libcurl and OpenSSL who wants to
2704	enable the feature, one can do this in the SSL callback.
2705
2706	SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
2707	interoperability with web server Netscape Enterprise Server 2.0.1 which
2708	was released back in 1996.
2709
2710	Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
2711	become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
2712	CVE-2010-4180 when using previous OpenSSL versions we no longer enable
2713	this option regardless of OpenSSL version and SSL_OP_ALL definition.
2714
2715	OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
2716	(https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
2717	SSL_OP_ALL that _disables_ that work-around despite the fact that
2718	SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
2719	keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
2720	must not be set.
2721	*/
2722
2723	ctx_options = SSL_OP_ALL;
2724
2725	#ifdef SSL_OP_NO_TICKET
2726	ctx_options \|= SSL_OP_NO_TICKET;
2727	#endif
2728
2729	#ifdef SSL_OP_NO_COMPRESSION
2730	ctx_options \|= SSL_OP_NO_COMPRESSION;
2731	#endif
2732
2733	#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
2734	/ mitigate CVE-2010-4180 /
2735	ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
2736	#endif
2737
2738	#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
2739	/ unless the user explicitly asks to allow the protocol vulnerability we*
2740	use the work-around /*
2741	if(!SSL_SET_OPTION(enable_beast))
2742	ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
2743	#endif
2744
2745	switch(ssl_version) {
2746	case CURL_SSLVERSION_SSLv2:
2747	case CURL_SSLVERSION_SSLv3:
2748	return CURLE_NOT_BUILT_IN;
2749
2750	/ "--tlsv<x.y>" options mean TLS >= version <x.y> /
2751	case CURL_SSLVERSION_DEFAULT:
2752	case CURL_SSLVERSION_TLSv1: / TLS >= version 1.0 /
2753	case CURL_SSLVERSION_TLSv1_0: / TLS >= version 1.0 /
2754	case CURL_SSLVERSION_TLSv1_1: / TLS >= version 1.1 /
2755	case CURL_SSLVERSION_TLSv1_2: / TLS >= version 1.2 /
2756	case CURL_SSLVERSION_TLSv1_3: / TLS >= version 1.3 /
2757	/ asking for any TLS version as the minimum, means no SSL versions*
2758	allowed /*
2759	ctx_options \|= SSL_OP_NO_SSLv2;
2760	ctx_options \|= SSL_OP_NO_SSLv3;
2761
2762	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
2763	result = set_ssl_version_min_max(backend->ctx, conn);
2764	#else
2765	result = set_ssl_version_min_max_legacy(&ctx_options, data, conn,
2766	sockindex);
2767	#endif
2768	if(result != CURLE_OK)
2769	return result;
2770	break;
2771
2772	default:
2773	failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
2774	return CURLE_SSL_CONNECT_ERROR;
2775	}
2776
2777	SSL_CTX_set_options(backend->ctx, ctx_options);
2778
2779	#ifdef HAS_NPN
2780	if(conn->bits.tls_enable_npn)
2781	SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, data);
2782	#endif
2783
2784	#ifdef HAS_ALPN
2785	if(conn->bits.tls_enable_alpn) {
2786	int cur = `0`;
2787	unsigned char protocols[`128`];
2788
2789	#ifdef USE_HTTP2
2790	if(data->state.httpwant >= CURL_HTTP_VERSION_2
2791	#ifndef CURL_DISABLE_PROXY
2792	&& (!SSL_IS_PROXY() \|\| !conn->bits.tunnel_proxy)
2793	#endif
2794	) {
2795	protocols[cur++] = ALPN_H2_LENGTH;
2796
2797	memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
2798	cur += ALPN_H2_LENGTH;
2799	infof(data, "ALPN, offering %s", ALPN_H2);
2800	}
2801	#endif
2802
2803	protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
2804	memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
2805	cur += ALPN_HTTP_1_1_LENGTH;
2806	infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
2807
2808	/ expects length prefixed preference ordered list of protocols in wire*
2809	* format
2810	*/
2811	if(SSL_CTX_set_alpn_protos(backend->ctx, protocols, cur)) {
2812	failf(data, "Error setting ALPN");
2813	return CURLE_SSL_CONNECT_ERROR;
2814	}
2815	}
2816	#endif
2817
2818	if(ssl_cert \|\| ssl_cert_blob \|\| ssl_cert_type) {
2819	if(!result &&
2820	!cert_stuff(data, backend->ctx,
2821	ssl_cert, ssl_cert_blob, ssl_cert_type,
2822	SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob),
2823	SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)))
2824	result = CURLE_SSL_CERTPROBLEM;
2825	if(result)
2826	/ failf() is already done in cert_stuff() /
2827	return result;
2828	}
2829
2830	ciphers = SSL_CONN_CONFIG(cipher_list);
2831	if(!ciphers)
2832	ciphers = (char *)DEFAULT_CIPHER_SELECTION;
2833	if(ciphers) {
2834	if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
2835	failf(data, "failed setting cipher list: %s", ciphers);
2836	return CURLE_SSL_CIPHER;
2837	}
2838	infof(data, "Cipher selection: %s", ciphers);
2839	}
2840
2841	#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
2842	{
2843	char *ciphers13 = SSL_CONN_CONFIG(cipher_list13);
2844	if(ciphers13) {
2845	if(!SSL_CTX_set_ciphersuites(backend->ctx, ciphers13)) {
2846	failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers13);
2847	return CURLE_SSL_CIPHER;
2848	}
2849	infof(data, "TLS 1.3 cipher selection: %s", ciphers13);
2850	}
2851	}
2852	#endif
2853
2854	#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
2855	/ OpenSSL 1.1.1 requires clients to opt-in for PHA /
2856	SSL_CTX_set_post_handshake_auth(backend->ctx, `1`);
2857	#endif
2858
2859	#ifdef HAVE_SSL_CTX_SET_EC_CURVES
2860	{
2861	char *curves = SSL_CONN_CONFIG(curves);
2862	if(curves) {
2863	if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) {
2864	failf(data, "failed setting curves list: '%s'", curves);
2865	return CURLE_SSL_CIPHER;
2866	}
2867	}
2868	}
2869	#endif
2870
2871	#ifdef USE_OPENSSL_SRP
2872	if(ssl_authtype == CURL_TLSAUTH_SRP) {
2873	char * const ssl_username = SSL_SET_OPTION(username);
2874
2875	infof(data, "Using TLS-SRP username: %s", ssl_username);
2876
2877	if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
2878	failf(data, "Unable to set SRP user name");
2879	return CURLE_BAD_FUNCTION_ARGUMENT;
2880	}
2881	if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
2882	failf(data, "failed setting SRP password");
2883	return CURLE_BAD_FUNCTION_ARGUMENT;
2884	}
2885	if(!SSL_CONN_CONFIG(cipher_list)) {
2886	infof(data, "Setting cipher list SRP");
2887
2888	if(!SSL_CTX_set_cipher_list(backend->ctx, "SRP")) {
2889	failf(data, "failed setting SRP cipher list");
2890	return CURLE_SSL_CIPHER;
2891	}
2892	}
2893	}
2894	#endif
2895
2896
2897	#if defined(USE_WIN32_CRYPTO)
2898	/ Import certificates from the Windows root certificate store if requested.*
2899	https://stackoverflow.com/questions/9507184/
2900	https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
2901	https://tools.ietf.org/html/rfc5280 /*
2902	if((SSL_CONN_CONFIG(verifypeer) \|\| SSL_CONN_CONFIG(verifyhost)) &&
2903	(SSL_SET_OPTION(native_ca_store))) {
2904	X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx);
2905	HCERTSTORE hStore = CertOpenSystemStore(`0`, TEXT("ROOT"));
2906
2907	if(hStore) {
2908	PCCERT_CONTEXT pContext = NULL;
2909	/ The array of enhanced key usage OIDs will vary per certificate and is*
2910	declared outside of the loop so that rather than malloc/free each
2911	iteration we can grow it with realloc, when necessary. /*
2912	CERT_ENHKEY_USAGE *enhkey_usage = NULL;
2913	DWORD enhkey_usage_size = `0`;
2914
2915	/ This loop makes a best effort to import all valid certificates from*
2916	the MS root store. If a certificate cannot be imported it is skipped.
2917	'result' is used to store only hard-fail conditions (such as out of
2918	memory) that cause an early break. /*
2919	result = CURLE_OK;
2920	for(;;) {
2921	X509 *x509;
2922	FILETIME now;
2923	BYTE key_usage[`2`];
2924	DWORD req_size;
2925	const unsigned char *encoded_cert;
2926	#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
2927	char cert_name[`256`];
2928	#endif
2929
2930	pContext = CertEnumCertificatesInStore(hStore, pContext);
2931	if(!pContext)
2932	break;
2933
2934	#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
2935	if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, `0`,
2936	NULL, cert_name, sizeof(cert_name))) {
2937	strcpy(cert_name, "Unknown");
2938	}
2939	infof(data, "SSL: Checking cert %s\"\n", cert_name);
2940	#endif
2941
2942	encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
2943	if(!encoded_cert)
2944	continue;
2945
2946	GetSystemTimeAsFileTime(&now);
2947	if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > `0` \|\|
2948	CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > `0`)
2949	continue;
2950
2951	/ If key usage exists check for signing attribute /
2952	if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
2953	pContext->pCertInfo,
2954	key_usage, sizeof(key_usage))) {
2955	if(!(key_usage[`0`] & CERT_KEY_CERT_SIGN_KEY_USAGE))
2956	continue;
2957	}
2958	else if(GetLastError())
2959	continue;
2960
2961	/ If enhanced key usage exists check for server auth attribute.*
2962	*
2963	* Note "In a Microsoft environment, a certificate might also have EKU
2964	* extended properties that specify valid uses for the certificate."
2965	* The call below checks both, and behavior varies depending on what is
2966	* found. For more details see CertGetEnhancedKeyUsage doc.
2967	*/
2968	if(CertGetEnhancedKeyUsage(pContext, `0`, NULL, &req_size)) {
2969	if(req_size && req_size > enhkey_usage_size) {
2970	void *tmp = realloc(enhkey_usage, req_size);
2971
2972	if(!tmp) {
2973	failf(data, "SSL: Out of memory allocating for OID list");
2974	result = CURLE_OUT_OF_MEMORY;
2975	break;
2976	}
2977
2978	enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
2979	enhkey_usage_size = req_size;
2980	}
2981
2982	if(CertGetEnhancedKeyUsage(pContext, `0`, enhkey_usage, &req_size)) {
2983	if(!enhkey_usage->cUsageIdentifier) {
2984	/ "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate is*
2985	good for all uses. If it returns zero, the certificate has no
2986	valid uses." /*
2987	if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND)
2988	continue;
2989	}
2990	else {
2991	DWORD i;
2992	bool found = false;
2993
2994	for(i = `0`; i < enhkey_usage->cUsageIdentifier; ++i) {
2995	if(!strcmp("1.3.6.1.5.5.7.3.1" / OID server auth /,
2996	enhkey_usage->rgpszUsageIdentifier[i])) {
2997	found = true;
2998	break;
2999	}
3000	}
3001
3002	if(!found)
3003	continue;
3004	}
3005	}
3006	else
3007	continue;
3008	}
3009	else
3010	continue;
3011
3012	x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
3013	if(!x509)
3014	continue;
3015
3016	/ Try to import the certificate. This may fail for legitimate reasons*
3017	such as duplicate certificate, which is allowed by MS but not
3018	OpenSSL. /*
3019	if(X509_STORE_add_cert(store, x509) == `1`) {
3020	#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3021	infof(data, "SSL: Imported cert \"%s\"", cert_name);
3022	#endif
3023	imported_native_ca = true;
3024	}
3025	X509_free(x509);
3026	}
3027
3028	free(enhkey_usage);
3029	CertFreeCertificateContext(pContext);
3030	CertCloseStore(hStore, `0`);
3031
3032	if(result)
3033	return result;
3034	}
3035	if(imported_native_ca)
3036	infof(data, "successfully imported Windows CA store");
3037	else
3038	infof(data, "error importing Windows CA store, continuing anyway");
3039	}
3040	#endif
3041
3042	if(ca_info_blob) {
3043	result = load_cacert_from_memory(backend->ctx, ca_info_blob);
3044	if(result) {
3045	if(result == CURLE_OUT_OF_MEMORY \|\|
3046	(verifypeer && !imported_native_ca)) {
3047	failf(data, "error importing CA certificate blob");
3048	return result;
3049	}
3050	/ Only warn if no certificate verification is required. /
3051	infof(data, "error importing CA certificate blob, continuing anyway");
3052	}
3053	}
3054
3055	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
3056	/ OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations /
3057	{
3058	if(ssl_cafile) {
3059	if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
3060	if(verifypeer && !imported_native_ca) {
3061	/ Fail if we insist on successfully verifying the server. /
3062	failf(data, "error setting certificate file: %s", ssl_cafile);
3063	return CURLE_SSL_CACERT_BADFILE;
3064	}
3065	/ Continue with warning if certificate verification isn't required. /
3066	infof(data, "error setting certificate file, continuing anyway");
3067	}
3068	infof(data, " CAfile: %s", ssl_cafile);
3069	}
3070	if(ssl_capath) {
3071	if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
3072	if(verifypeer && !imported_native_ca) {
3073	/ Fail if we insist on successfully verifying the server. /
3074	failf(data, "error setting certificate path: %s", ssl_capath);
3075	return CURLE_SSL_CACERT_BADFILE;
3076	}
3077	/ Continue with warning if certificate verification isn't required. /
3078	infof(data, "error setting certificate path, continuing anyway");
3079	}
3080	infof(data, " CApath: %s", ssl_capath);
3081	}
3082	}
3083	#else
3084	if(ssl_cafile \|\| ssl_capath) {
3085	/ tell SSL where to find CA certificates that are used to verify*
3086	the server's certificate. /*
3087	if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) {
3088	if(verifypeer && !imported_native_ca) {
3089	/ Fail if we insist on successfully verifying the server. /
3090	failf(data, "error setting certificate verify locations:"
3091	" CAfile: %s CApath: %s",
3092	ssl_cafile ? ssl_cafile : "none",
3093	ssl_capath ? ssl_capath : "none");
3094	return CURLE_SSL_CACERT_BADFILE;
3095	}
3096	/ Just continue with a warning if no strict certificate verification*
3097	is required. /*
3098	infof(data, "error setting certificate verify locations,"
3099	" continuing anyway:");
3100	}
3101	else {
3102	/ Everything is fine. /
3103	infof(data, "successfully set certificate verify locations:");
3104	}
3105	infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
3106	infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
3107	}
3108	#endif
3109
3110	#ifdef CURL_CA_FALLBACK
3111	if(verifypeer &&
3112	!ca_info_blob && !ssl_cafile && !ssl_capath && !imported_native_ca) {
3113	/ verifying the peer without any CA certificates won't*
3114	work so use openssl's built-in default as fallback /*
3115	SSL_CTX_set_default_verify_paths(backend->ctx);
3116	}
3117	#endif
3118
3119	if(ssl_crlfile) {
3120	/ tell OpenSSL where to find CRL file that is used to check certificate*
3121	* revocation */
3122	lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(backend->ctx),
3123	X509_LOOKUP_file());
3124	if(!lookup \|\|
3125	(!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
3126	failf(data, "error loading CRL file: %s", ssl_crlfile);
3127	return CURLE_SSL_CRL_BADFILE;
3128	}
3129	/ Everything is fine. /
3130	infof(data, "successfully loaded CRL file:");
3131	X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
3132	X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);
3133
3134	infof(data, " CRLfile: %s", ssl_crlfile);
3135	}
3136
3137	if(verifypeer) {
3138	/ Try building a chain using issuers in the trusted store first to avoid*
3139	problems with server-sent legacy intermediates. Newer versions of
3140	OpenSSL do alternate chain checking by default but we do not know how to
3141	determine that in a reliable manner.
3142	https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
3143	*/
3144	#if defined(X509_V_FLAG_TRUSTED_FIRST)
3145	X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
3146	X509_V_FLAG_TRUSTED_FIRST);
3147	#endif
3148	#ifdef X509_V_FLAG_PARTIAL_CHAIN
3149	if(!SSL_SET_OPTION(no_partialchain) && !ssl_crlfile) {
3150	/ Have intermediate certificates in the trust store be treated as*
3151	trust-anchors, in the same way as self-signed root CA certificates
3152	are. This allows users to verify servers using the intermediate cert
3153	only, instead of needing the whole chain.
3154
3155	Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we
3156	cannot do partial chains with a CRL check.
3157	*/
3158	X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
3159	X509_V_FLAG_PARTIAL_CHAIN);
3160	}
3161	#endif
3162	}
3163
3164	/ OpenSSL always tries to verify the peer, this only says whether it should*
3165	* fail to connect if the verification fails, or if it should continue
3166	* anyway. In the latter case the result of the verification is checked with
3167	* SSL_get_verify_result() below. */
3168	SSL_CTX_set_verify(backend->ctx,
3169	verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
3170
3171	/ Enable logging of secrets to the file specified in env SSLKEYLOGFILE. /
3172	#ifdef HAVE_KEYLOG_CALLBACK
3173	if(Curl_tls_keylog_enabled()) {
3174	SSL_CTX_set_keylog_callback(backend->ctx, ossl_keylog_callback);
3175	}
3176	#endif
3177
3178	/ Enable the session cache because it's a prerequisite for the "new session"*
3179	* callback. Use the "external storage" mode to prevent OpenSSL from creating
3180	* an internal session cache.
3181	*/
3182	SSL_CTX_set_session_cache_mode(backend->ctx,
3183	SSL_SESS_CACHE_CLIENT \| SSL_SESS_CACHE_NO_INTERNAL);
3184	SSL_CTX_sess_set_new_cb(backend->ctx, ossl_new_session_cb);
3185
3186	/ give application a chance to interfere with SSL set up. /
3187	if(data->set.ssl.fsslctx) {
3188	Curl_set_in_callback(data, true);
3189	result = (*data->set.ssl.fsslctx)(data, backend->ctx,
3190	data->set.ssl.fsslctxp);
3191	Curl_set_in_callback(data, false);
3192	if(result) {
3193	failf(data, "error signaled by ssl ctx callback");
3194	return result;
3195	}
3196	}
3197
3198	/ Let's make an SSL structure /
3199	if(backend->handle)
3200	SSL_free(backend->handle);
3201	backend->handle = SSL_new(backend->ctx);
3202	if(!backend->handle) {
3203	failf(data, "SSL: couldn't create a context (handle)!");
3204	return CURLE_OUT_OF_MEMORY;
3205	}
3206
3207	#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
3208	!defined(OPENSSL_NO_OCSP)
3209	if(SSL_CONN_CONFIG(verifystatus))
3210	SSL_set_tlsext_status_type(backend->handle, TLSEXT_STATUSTYPE_ocsp);
3211	#endif
3212
3213	#if defined(OPENSSL_IS_BORINGSSL) && defined(ALLOW_RENEG)
3214	SSL_set_renegotiate_mode(backend->handle, ssl_renegotiate_freely);
3215	#endif
3216
3217	SSL_set_connect_state(backend->handle);
3218
3219	backend->server_cert = `0x0`;
3220	#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3221	if((`0` == Curl_inet_pton(AF_INET, hostname, &addr)) &&
3222	#ifdef ENABLE_IPV6
3223	(`0` == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
3224	#endif
3225	sni) {
3226	size_t nlen = strlen(hostname);
3227	if((long)nlen >= data->set.buffer_size)
3228	/ this is seriously messed up /
3229	return CURLE_SSL_CONNECT_ERROR;
3230
3231	/ RFC 6066 section 3 says the SNI field is case insensitive, but browsers*
3232	send the data lowercase and subsequently there are now numerous servers
3233	out there that don't work unless the name is lowercased /*
3234	Curl_strntolower(data->state.buffer, hostname, nlen);
3235	data->state.buffer[nlen] = `0`;
3236	if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer))
3237	infof(data, "WARNING: failed to configure server name indication (SNI) "
3238	"TLS extension");
3239	}
3240	#endif
3241
3242	ossl_associate_connection(data, conn, sockindex);
3243
3244	Curl_ssl_sessionid_lock(data);
3245	if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
3246	&ssl_sessionid, NULL, sockindex)) {
3247	/ we got a session id, use it! /
3248	if(!SSL_set_session(backend->handle, ssl_sessionid)) {
3249	Curl_ssl_sessionid_unlock(data);
3250	failf(data, "SSL: SSL_set_session failed: %s",
3251	ossl_strerror(ERR_get_error(), error_buffer,
3252	sizeof(error_buffer)));
3253	return CURLE_SSL_CONNECT_ERROR;
3254	}
3255	/ Informational message /
3256	infof(data, "SSL re-using session ID");
3257	}
3258	Curl_ssl_sessionid_unlock(data);
3259
3260	#ifndef CURL_DISABLE_PROXY
3261	if(conn->proxy_ssl[sockindex].use) {
3262	BIO *const bio = BIO_new(BIO_f_ssl());
3263	SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
3264	DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
3265	DEBUGASSERT(handle != NULL);
3266	DEBUGASSERT(bio != NULL);
3267	BIO_set_ssl(bio, handle, FALSE);
3268	SSL_set_bio(backend->handle, bio, bio);
3269	}
3270	else
3271	#endif
3272	if(!SSL_set_fd(backend->handle, (int)sockfd)) {
3273	/ pass the raw socket into the SSL layers /
3274	failf(data, "SSL: SSL_set_fd failed: %s",
3275	ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
3276	return CURLE_SSL_CONNECT_ERROR;
3277	}
3278
3279	connssl->connecting_state = ssl_connect_2;
3280
3281	return CURLE_OK;
3282	}
3283
3284	static CURLcode ossl_connect_step2(struct Curl_easy *data,
3285	struct connectdata conn, int* sockindex)
3286	{
3287	int err;
3288	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
3289	struct ssl_backend_data *backend = connssl->backend;
3290	DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
3291	\|\| ssl_connect_2_reading == connssl->connecting_state
3292	\|\| ssl_connect_2_writing == connssl->connecting_state);
3293
3294	ERR_clear_error();
3295
3296	err = SSL_connect(backend->handle);
3297	#ifndef HAVE_KEYLOG_CALLBACK
3298	if(Curl_tls_keylog_enabled()) {
3299	/ If key logging is enabled, wait for the handshake to complete and then*
3300	* proceed with logging secrets (for TLS 1.2 or older).
3301	*/
3302	ossl_log_tls12_secret(backend->handle, &backend->keylog_done);
3303	}
3304	#endif
3305
3306	/ 1 is fine*
3307	0 is "not successful but was shut down controlled"
3308	<0 is "handshake was not successful, because a fatal error occurred" /*
3309	if(`1` != err) {
3310	int detail = SSL_get_error(backend->handle, err);
3311
3312	if(SSL_ERROR_WANT_READ == detail) {
3313	connssl->connecting_state = ssl_connect_2_reading;
3314	return CURLE_OK;
3315	}
3316	if(SSL_ERROR_WANT_WRITE == detail) {
3317	connssl->connecting_state = ssl_connect_2_writing;
3318	return CURLE_OK;
3319	}
3320	#ifdef SSL_ERROR_WANT_ASYNC
3321	if(SSL_ERROR_WANT_ASYNC == detail) {
3322	connssl->connecting_state = ssl_connect_2;
3323	return CURLE_OK;
3324	}
3325	#endif
3326	else {
3327	/ untreated error /
3328	unsigned long errdetail;
3329	char error_buffer[`256`]="";
3330	CURLcode result;
3331	long lerr;
3332	int lib;
3333	int reason;
3334
3335	/ the connection failed, we're not waiting for anything else. /
3336	connssl->connecting_state = ssl_connect_2;
3337
3338	/ Get the earliest error code from the thread's error queue and remove*
3339	the entry. /*
3340	errdetail = ERR_get_error();
3341
3342	/ Extract which lib and reason /
3343	lib = ERR_GET_LIB(errdetail);
3344	reason = ERR_GET_REASON(errdetail);
3345
3346	if((lib == ERR_LIB_SSL) &&
3347	((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) \|\|
3348	(reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
3349	result = CURLE_PEER_FAILED_VERIFICATION;
3350
3351	lerr = SSL_get_verify_result(backend->handle);
3352	if(lerr != X509_V_OK) {
3353	SSL_SET_OPTION_LVALUE(certverifyresult) = lerr;
3354	msnprintf(error_buffer, sizeof(error_buffer),
3355	"SSL certificate problem: %s",
3356	X509_verify_cert_error_string(lerr));
3357	}
3358	else
3359	/ strcpy() is fine here as long as the string fits within*
3360	error_buffer /*
3361	strcpy(error_buffer, "SSL certificate verification failed");
3362	}
3363	#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
3364	!defined(LIBRESSL_VERSION_NUMBER) && \
3365	!defined(OPENSSL_IS_BORINGSSL))
3366	/ SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on*
3367	OpenSSL version above v1.1.1, not LibreSSL nor BoringSSL /*
3368	else if((lib == ERR_LIB_SSL) &&
3369	(reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
3370	/ If client certificate is required, communicate the*
3371	error to client /*
3372	result = CURLE_SSL_CLIENTCERT;
3373	ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
3374	}
3375	#endif
3376	else {
3377	result = CURLE_SSL_CONNECT_ERROR;
3378	ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
3379	}
3380
3381	/ detail is already set to the SSL error above /
3382
3383	/ If we e.g. use SSLv2 request-method and the server doesn't like us*
3384	* (RST connection, etc.), OpenSSL gives no explanation whatsoever and
3385	* the SO_ERROR is also lost.
3386	*/
3387	if(CURLE_SSL_CONNECT_ERROR == result && errdetail == `0`) {
3388	const char * const hostname = SSL_HOST_NAME();
3389	const long int port = SSL_HOST_PORT();
3390	char extramsg[`80`]="";
3391	int sockerr = SOCKERRNO;
3392	if(sockerr && detail == SSL_ERROR_SYSCALL)
3393	Curl_strerror(sockerr, extramsg, sizeof(extramsg));
3394	failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
3395	extramsg[`0`] ? extramsg : SSL_ERROR_to_str(detail),
3396	hostname, port);
3397	return result;
3398	}
3399
3400	/ Could be a CERT problem /
3401	failf(data, "%s", error_buffer);
3402
3403	return result;
3404	}
3405	}
3406	else {
3407	/ we connected fine, we're not waiting for anything else. /
3408	connssl->connecting_state = ssl_connect_3;
3409
3410	/ Informational message /
3411	infof(data, "SSL connection using %s / %s",
3412	SSL_get_version(backend->handle),
3413	SSL_get_cipher(backend->handle));
3414
3415	#ifdef HAS_ALPN
3416	/ Sets data and len to negotiated protocol, len is 0 if no protocol was*
3417	* negotiated
3418	*/
3419	if(conn->bits.tls_enable_alpn) {
3420	const unsigned char *neg_protocol;
3421	unsigned int len;
3422	SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len);
3423	if(len) {
3424	infof(data, "ALPN, server accepted to use %.*s", len, neg_protocol);
3425
3426	#ifdef USE_HTTP2
3427	if(len == ALPN_H2_LENGTH &&
3428	!memcmp(ALPN_H2, neg_protocol, len)) {
3429	conn->negnpn = CURL_HTTP_VERSION_2;
3430	}
3431	else
3432	#endif
3433	if(len == ALPN_HTTP_1_1_LENGTH &&
3434	!memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
3435	conn->negnpn = CURL_HTTP_VERSION_1_1;
3436	}
3437	}
3438	else
3439	infof(data, "ALPN, server did not agree to a protocol");
3440
3441	Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
3442	BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
3443	}
3444	#endif
3445
3446	return CURLE_OK;
3447	}
3448	}
3449
3450	static int asn1_object_dump(ASN1_OBJECT a, char* *buf, size_t len)
3451	{
3452	int i, ilen;
3453
3454	ilen = (int)len;
3455	if(ilen < `0`)
3456	return `1`; / buffer too big /
3457
3458	i = i2t_ASN1_OBJECT(buf, ilen, a);
3459
3460	if(i >= ilen)
3461	return `1`; / buffer too small /
3462
3463	return `0`;
3464	}
3465
3466	#define push_certinfo(_label, _num) \
3467	do { \
3468	long info_len = BIO_get_mem_data(mem, &ptr); \
3469	Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
3470	if(1 != BIO_reset(mem)) \
3471	break; \
3472	} while(0)
3473
3474	static void pubkey_show(struct Curl_easy *data,
3475	BIO *mem,
3476	int num,
3477	const char *type,
3478	const char *name,
3479	#ifdef HAVE_OPAQUE_RSA_DSA_DH
3480	const
3481	#endif
3482	BIGNUM *bn)
3483	{
3484	char *ptr;
3485	char namebuf[`32`];
3486
3487	msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
3488
3489	if(bn)
3490	BN_print(mem, bn);
3491	push_certinfo(namebuf, num);
3492	}
3493
3494	#ifdef HAVE_OPAQUE_RSA_DSA_DH
3495	#define print_pubkey_BN(_type, _name, _num) \
3496	pubkey_show(data, mem, _num, #_type, #_name, _name)
3497
3498	#else
3499	#define print_pubkey_BN(_type, _name, _num) \
3500	do { \
3501	if(_type->_name) { \
3502	pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
3503	} \
3504	} while(0)
3505	#endif
3506
3507	static void X509V3_ext(struct Curl_easy *data,
3508	int certnum,
3509	CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
3510	{
3511	int i;
3512
3513	if((int)sk_X509_EXTENSION_num(exts) <= `0`)
3514	/ no extensions, bail out /
3515	return;
3516
3517	for(i = `0`; i < (int)sk_X509_EXTENSION_num(exts); i++) {
3518	ASN1_OBJECT *obj;
3519	X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
3520	BUF_MEM *biomem;
3521	char namebuf[`128`];
3522	BIO *bio_out = BIO_new(BIO_s_mem());
3523
3524	if(!bio_out)
3525	return;
3526
3527	obj = X509_EXTENSION_get_object(ext);
3528
3529	asn1_object_dump(obj, namebuf, sizeof(namebuf));
3530
3531	if(!X509V3_EXT_print(bio_out, ext, `0`, `0`))
3532	ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
3533
3534	BIO_get_mem_ptr(bio_out, &biomem);
3535	Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,
3536	biomem->length);
3537	BIO_free(bio_out);
3538	}
3539	}
3540
3541	#ifdef OPENSSL_IS_BORINGSSL
3542	typedef size_t numcert_t;
3543	#else
3544	typedef int numcert_t;
3545	#endif
3546
3547	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
3548	#define OSSL3_CONST const
3549	#else
3550	#define OSSL3_CONST
3551	#endif
3552
3553	static CURLcode get_cert_chain(struct Curl_easy *data,
3554	struct ssl_connect_data *connssl)
3555	{
3556	CURLcode result;
3557	STACK_OF(X509) *sk;
3558	int i;
3559	numcert_t numcerts;
3560	BIO *mem;
3561	struct ssl_backend_data *backend = connssl->backend;
3562
3563	sk = SSL_get_peer_cert_chain(backend->handle);
3564	if(!sk) {
3565	return CURLE_OUT_OF_MEMORY;
3566	}
3567
3568	numcerts = sk_X509_num(sk);
3569
3570	result = Curl_ssl_init_certinfo(data, (int)numcerts);
3571	if(result) {
3572	return result;
3573	}
3574
3575	mem = BIO_new(BIO_s_mem());
3576
3577	for(i = `0`; i < (int)numcerts; i++) {
3578	ASN1_INTEGER *num;
3579	X509 *x = sk_X509_value(sk, i);
3580	EVP_PKEY *pubkey = NULL;
3581	int j;
3582	char *ptr;
3583	const ASN1_BIT_STRING *psig = NULL;
3584
3585	X509_NAME_print_ex(mem, X509_get_subject_name(x), `0`, XN_FLAG_ONELINE);
3586	push_certinfo("Subject", i);
3587
3588	X509_NAME_print_ex(mem, X509_get_issuer_name(x), `0`, XN_FLAG_ONELINE);
3589	push_certinfo("Issuer", i);
3590
3591	BIO_printf(mem, "%lx", X509_get_version(x));
3592	push_certinfo("Version", i);
3593
3594	num = X509_get_serialNumber(x);
3595	if(num->type == V_ASN1_NEG_INTEGER)
3596	BIO_puts(mem, "-");
3597	for(j = `0`; j < num->length; j++)
3598	BIO_printf(mem, "%02x", num->data[j]);
3599	push_certinfo("Serial Number", i);
3600
3601	#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
3602	{
3603	const X509_ALGOR *sigalg = NULL;
3604	X509_PUBKEY *xpubkey = NULL;
3605	ASN1_OBJECT *pubkeyoid = NULL;
3606
3607	X509_get0_signature(&psig, &sigalg, x);
3608	if(sigalg) {
3609	i2a_ASN1_OBJECT(mem, sigalg->algorithm);
3610	push_certinfo("Signature Algorithm", i);
3611	}
3612
3613	xpubkey = X509_get_X509_PUBKEY(x);
3614	if(xpubkey) {
3615	X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey);
3616	if(pubkeyoid) {
3617	i2a_ASN1_OBJECT(mem, pubkeyoid);
3618	push_certinfo("Public Key Algorithm", i);
3619	}
3620	}
3621
3622	X509V3_ext(data, i, X509_get0_extensions(x));
3623	}
3624	#else
3625	{
3626	/ before OpenSSL 1.0.2 /
3627	X509_CINF *cinf = x->cert_info;
3628
3629	i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
3630	push_certinfo("Signature Algorithm", i);
3631
3632	i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
3633	push_certinfo("Public Key Algorithm", i);
3634
3635	X509V3_ext(data, i, cinf->extensions);
3636
3637	psig = x->signature;
3638	}
3639	#endif
3640
3641	ASN1_TIME_print(mem, X509_get0_notBefore(x));
3642	push_certinfo("Start date", i);
3643
3644	ASN1_TIME_print(mem, X509_get0_notAfter(x));
3645	push_certinfo("Expire date", i);
3646
3647	pubkey = X509_get_pubkey(x);
3648	if(!pubkey)
3649	infof(data, " Unable to load public key");
3650	else {
3651	int pktype;
3652	#ifdef HAVE_OPAQUE_EVP_PKEY
3653	pktype = EVP_PKEY_id(pubkey);
3654	#else
3655	pktype = pubkey->type;
3656	#endif
3657	switch(pktype) {
3658	case EVP_PKEY_RSA:
3659	{
3660	OSSL3_CONST RSA *rsa;
3661	#ifdef HAVE_OPAQUE_EVP_PKEY
3662	rsa = EVP_PKEY_get0_RSA(pubkey);
3663	#else
3664	rsa = pubkey->pkey.rsa;
3665	#endif
3666
3667	#ifdef HAVE_OPAQUE_RSA_DSA_DH
3668	{
3669	const BIGNUM *n;
3670	const BIGNUM *e;
3671
3672	RSA_get0_key(rsa, &n, &e, NULL);
3673	BIO_printf(mem, "%d", BN_num_bits(n));
3674	push_certinfo("RSA Public Key", i);
3675	print_pubkey_BN(rsa, n, i);
3676	print_pubkey_BN(rsa, e, i);
3677	}
3678	#else
3679	BIO_printf(mem, "%d", BN_num_bits(rsa->n));
3680	push_certinfo("RSA Public Key", i);
3681	print_pubkey_BN(rsa, n, i);
3682	print_pubkey_BN(rsa, e, i);
3683	#endif
3684
3685	break;
3686	}
3687	case EVP_PKEY_DSA:
3688	{
3689	#ifndef OPENSSL_NO_DSA
3690	OSSL3_CONST DSA *dsa;
3691	#ifdef HAVE_OPAQUE_EVP_PKEY
3692	dsa = EVP_PKEY_get0_DSA(pubkey);
3693	#else
3694	dsa = pubkey->pkey.dsa;
3695	#endif
3696	#ifdef HAVE_OPAQUE_RSA_DSA_DH
3697	{
3698	const BIGNUM *p;
3699	const BIGNUM *q;
3700	const BIGNUM *g;
3701	const BIGNUM *pub_key;
3702
3703	DSA_get0_pqg(dsa, &p, &q, &g);
3704	DSA_get0_key(dsa, &pub_key, NULL);
3705
3706	print_pubkey_BN(dsa, p, i);
3707	print_pubkey_BN(dsa, q, i);
3708	print_pubkey_BN(dsa, g, i);
3709	print_pubkey_BN(dsa, pub_key, i);
3710	}
3711	#else
3712	print_pubkey_BN(dsa, p, i);
3713	print_pubkey_BN(dsa, q, i);
3714	print_pubkey_BN(dsa, g, i);
3715	print_pubkey_BN(dsa, pub_key, i);
3716	#endif
3717	#endif /* !OPENSSL_NO_DSA */
3718	break;
3719	}
3720	case EVP_PKEY_DH:
3721	{
3722	OSSL3_CONST DH *dh;
3723	#ifdef HAVE_OPAQUE_EVP_PKEY
3724	dh = EVP_PKEY_get0_DH(pubkey);
3725	#else
3726	dh = pubkey->pkey.dh;
3727	#endif
3728	#ifdef HAVE_OPAQUE_RSA_DSA_DH
3729	{
3730	const BIGNUM *p;
3731	const BIGNUM *q;
3732	const BIGNUM *g;
3733	const BIGNUM *pub_key;
3734	DH_get0_pqg(dh, &p, &q, &g);
3735	DH_get0_key(dh, &pub_key, NULL);
3736	print_pubkey_BN(dh, p, i);
3737	print_pubkey_BN(dh, q, i);
3738	print_pubkey_BN(dh, g, i);
3739	print_pubkey_BN(dh, pub_key, i);
3740	}
3741	#else
3742	print_pubkey_BN(dh, p, i);
3743	print_pubkey_BN(dh, g, i);
3744	print_pubkey_BN(dh, pub_key, i);
3745	#endif
3746	break;
3747	}
3748	}
3749	EVP_PKEY_free(pubkey);
3750	}
3751
3752	if(psig) {
3753	for(j = `0`; j < psig->length; j++)
3754	BIO_printf(mem, "%02x:", psig->data[j]);
3755	push_certinfo("Signature", i);
3756	}
3757
3758	PEM_write_bio_X509(mem, x);
3759	push_certinfo("Cert", i);
3760	}
3761
3762	BIO_free(mem);
3763
3764	return CURLE_OK;
3765	}
3766
3767	/*
3768	* Heavily modified from:
3769	* https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
3770	*/
3771	static CURLcode pkp_pin_peer_pubkey(struct Curl_easy data, X509 cert,
3772	const char *pinnedpubkey)
3773	{
3774	/ Scratch /
3775	int len1 = `0`, len2 = `0`;
3776	unsigned char buff1 = NULL, temp = NULL;
3777
3778	/ Result is returned to caller /
3779	CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
3780
3781	/ if a path wasn't specified, don't pin /
3782	if(!pinnedpubkey)
3783	return CURLE_OK;
3784
3785	if(!cert)
3786	return result;
3787
3788	do {
3789	/ Begin Gyrations to get the subjectPublicKeyInfo /
3790	/ Thanks to Viktor Dukhovni on the OpenSSL mailing list /
3791
3792	/ https://groups.google.com/group/mailing.openssl.users/browse_thread*
3793	/thread/d61858dae102c6c7 /*
3794	len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
3795	if(len1 < `1`)
3796	break; / failed /
3797
3798	buff1 = temp = malloc(len1);
3799	if(!buff1)
3800	break; / failed /
3801
3802	/ https://www.openssl.org/docs/crypto/d2i_X509.html /
3803	len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
3804
3805	/*
3806	* These checks are verifying we got back the same values as when we
3807	* sized the buffer. It's pretty weak since they should always be the
3808	* same. But it gives us something to test.
3809	*/
3810	if((len1 != len2) \|\| !temp \|\| ((temp - buff1) != len1))
3811	break; / failed /
3812
3813	/ End Gyrations /
3814
3815	/ The one good exit point /
3816	result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
3817	} while(`0`);
3818
3819	if(buff1)
3820	free(buff1);
3821
3822	return result;
3823	}
3824
3825	/*
3826	* Get the server cert, verify it and show it, etc., only call failf() if the
3827	* 'strict' argument is TRUE as otherwise all this is for informational
3828	* purposes only!
3829	*
3830	* We check certificates to authenticate the server; otherwise we risk
3831	* man-in-the-middle attack.
3832	*/
3833	static CURLcode servercert(struct Curl_easy *data,
3834	struct connectdata *conn,
3835	struct ssl_connect_data *connssl,
3836	bool strict)
3837	{
3838	CURLcode result = CURLE_OK;
3839	int rc;
3840	long lerr;
3841	X509 *issuer;
3842	BIO *fp = NULL;
3843	char error_buffer[`256`]="";
3844	char buffer[`2048`];
3845	const char *ptr;
3846	BIO *mem = BIO_new(BIO_s_mem());
3847	struct ssl_backend_data *backend = connssl->backend;
3848
3849	if(data->set.ssl.certinfo)
3850	/ we've been asked to gather certificate info! /
3851	(void)get_cert_chain(data, connssl);
3852
3853	backend->server_cert = SSL_get_peer_certificate(backend->handle);
3854	if(!backend->server_cert) {
3855	BIO_free(mem);
3856	if(!strict)
3857	return CURLE_OK;
3858
3859	failf(data, "SSL: couldn't get peer certificate!");
3860	return CURLE_PEER_FAILED_VERIFICATION;
3861	}
3862
3863	infof(data, "%s certificate:", SSL_IS_PROXY() ? "Proxy" : "Server");
3864
3865	rc = x509_name_oneline(X509_get_subject_name(backend->server_cert),
3866	buffer, sizeof(buffer));
3867	infof(data, " subject: %s", rc?"[NONE]":buffer);
3868
3869	#ifndef CURL_DISABLE_VERBOSE_STRINGS
3870	{
3871	long len;
3872	ASN1_TIME_print(mem, X509_get0_notBefore(backend->server_cert));
3873	len = BIO_get_mem_data(mem, (char **) &ptr);
3874	infof(data, " start date: %.s", (int*)len, ptr);
3875	(void)BIO_reset(mem);
3876
3877	ASN1_TIME_print(mem, X509_get0_notAfter(backend->server_cert));
3878	len = BIO_get_mem_data(mem, (char **) &ptr);
3879	infof(data, " expire date: %.s", (int*)len, ptr);
3880	(void)BIO_reset(mem);
3881	}
3882	#endif
3883
3884	BIO_free(mem);
3885
3886	if(SSL_CONN_CONFIG(verifyhost)) {
3887	result = verifyhost(data, conn, backend->server_cert);
3888	if(result) {
3889	X509_free(backend->server_cert);
3890	backend->server_cert = NULL;
3891	return result;
3892	}
3893	}
3894
3895	rc = x509_name_oneline(X509_get_issuer_name(backend->server_cert),
3896	buffer, sizeof(buffer));
3897	if(rc) {
3898	if(strict)
3899	failf(data, "SSL: couldn't get X509-issuer name!");
3900	result = CURLE_PEER_FAILED_VERIFICATION;
3901	}
3902	else {
3903	infof(data, " issuer: %s", buffer);
3904
3905	/ We could do all sorts of certificate verification stuff here before*
3906	deallocating the certificate. /*
3907
3908	/ e.g. match issuer name with provided issuer certificate /
3909	if(SSL_CONN_CONFIG(issuercert) \|\| SSL_CONN_CONFIG(issuercert_blob)) {
3910	if(SSL_CONN_CONFIG(issuercert_blob))
3911	fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data,
3912	(int)SSL_CONN_CONFIG(issuercert_blob)->len);
3913	else {
3914	fp = BIO_new(BIO_s_file());
3915	if(!fp) {
3916	failf(data,
3917	"BIO_new return NULL, " OSSL_PACKAGE
3918	" error %s",
3919	ossl_strerror(ERR_get_error(), error_buffer,
3920	sizeof(error_buffer)) );
3921	X509_free(backend->server_cert);
3922	backend->server_cert = NULL;
3923	return CURLE_OUT_OF_MEMORY;
3924	}
3925
3926	if(BIO_read_filename(fp, SSL_CONN_CONFIG(issuercert)) <= `0`) {
3927	if(strict)
3928	failf(data, "SSL: Unable to open issuer cert (%s)",
3929	SSL_CONN_CONFIG(issuercert));
3930	BIO_free(fp);
3931	X509_free(backend->server_cert);
3932	backend->server_cert = NULL;
3933	return CURLE_SSL_ISSUER_ERROR;
3934	}
3935	}
3936
3937	issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL);
3938	if(!issuer) {
3939	if(strict)
3940	failf(data, "SSL: Unable to read issuer cert (%s)",
3941	SSL_CONN_CONFIG(issuercert));
3942	BIO_free(fp);
3943	X509_free(issuer);
3944	X509_free(backend->server_cert);
3945	backend->server_cert = NULL;
3946	return CURLE_SSL_ISSUER_ERROR;
3947	}
3948
3949	if(X509_check_issued(issuer, backend->server_cert) != X509_V_OK) {
3950	if(strict)
3951	failf(data, "SSL: Certificate issuer check failed (%s)",
3952	SSL_CONN_CONFIG(issuercert));
3953	BIO_free(fp);
3954	X509_free(issuer);
3955	X509_free(backend->server_cert);
3956	backend->server_cert = NULL;
3957	return CURLE_SSL_ISSUER_ERROR;
3958	}
3959
3960	infof(data, " SSL certificate issuer check ok (%s)",
3961	SSL_CONN_CONFIG(issuercert));
3962	BIO_free(fp);
3963	X509_free(issuer);
3964	}
3965
3966	lerr = SSL_get_verify_result(backend->handle);
3967	SSL_SET_OPTION_LVALUE(certverifyresult) = lerr;
3968	if(lerr != X509_V_OK) {
3969	if(SSL_CONN_CONFIG(verifypeer)) {
3970	/ We probably never reach this, because SSL_connect() will fail*
3971	and we return earlier if verifypeer is set? /*
3972	if(strict)
3973	failf(data, "SSL certificate verify result: %s (%ld)",
3974	X509_verify_cert_error_string(lerr), lerr);
3975	result = CURLE_PEER_FAILED_VERIFICATION;
3976	}
3977	else
3978	infof(data, " SSL certificate verify result: %s (%ld),"
3979	" continuing anyway.",
3980	X509_verify_cert_error_string(lerr), lerr);
3981	}
3982	else
3983	infof(data, " SSL certificate verify ok.");
3984	}
3985
3986	#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
3987	!defined(OPENSSL_NO_OCSP)
3988	if(SSL_CONN_CONFIG(verifystatus)) {
3989	result = verifystatus(data, connssl);
3990	if(result) {
3991	X509_free(backend->server_cert);
3992	backend->server_cert = NULL;
3993	return result;
3994	}
3995	}
3996	#endif
3997
3998	if(!strict)
3999	/ when not strict, we don't bother about the verify cert problems /
4000	result = CURLE_OK;
4001
4002	ptr = SSL_PINNED_PUB_KEY();
4003	if(!result && ptr) {
4004	result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
4005	if(result)
4006	failf(data, "SSL: public key does not match pinned public key!");
4007	}
4008
4009	X509_free(backend->server_cert);
4010	backend->server_cert = NULL;
4011	connssl->connecting_state = ssl_connect_done;
4012
4013	return result;
4014	}
4015
4016	static CURLcode ossl_connect_step3(struct Curl_easy *data,
4017	struct connectdata conn, int* sockindex)
4018	{
4019	CURLcode result = CURLE_OK;
4020	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
4021
4022	DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
4023
4024	/*
4025	* We check certificates to authenticate the server; otherwise we risk
4026	* man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
4027	* verify the peer, ignore faults and failures from the server cert
4028	* operations.
4029	*/
4030
4031	result = servercert(data, conn, connssl, (SSL_CONN_CONFIG(verifypeer) \|\|
4032	SSL_CONN_CONFIG(verifyhost)));
4033
4034	if(!result)
4035	connssl->connecting_state = ssl_connect_done;
4036
4037	return result;
4038	}
4039
4040	static Curl_recv ossl_recv;
4041	static Curl_send ossl_send;
4042
4043	static CURLcode ossl_connect_common(struct Curl_easy *data,
4044	struct connectdata *conn,
4045	int sockindex,
4046	bool nonblocking,
4047	bool *done)
4048	{
4049	CURLcode result;
4050	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
4051	curl_socket_t sockfd = conn->sock[sockindex];
4052	int what;
4053
4054	/ check if the connection has already been established /
4055	if(ssl_connection_complete == connssl->state) {
4056	*done = TRUE;
4057	return CURLE_OK;
4058	}
4059
4060	if(ssl_connect_1 == connssl->connecting_state) {
4061	/ Find out how much more time we're allowed /
4062	const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
4063
4064	if(timeout_ms < `0`) {
4065	/ no need to continue if time is already up /
4066	failf(data, "SSL connection timeout");
4067	return CURLE_OPERATION_TIMEDOUT;
4068	}
4069
4070	result = ossl_connect_step1(data, conn, sockindex);
4071	if(result)
4072	return result;
4073	}
4074
4075	while(ssl_connect_2 == connssl->connecting_state \|\|
4076	ssl_connect_2_reading == connssl->connecting_state \|\|
4077	ssl_connect_2_writing == connssl->connecting_state) {
4078
4079	/ check allowed time left /
4080	const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
4081
4082	if(timeout_ms < `0`) {
4083	/ no need to continue if time already is up /
4084	failf(data, "SSL connection timeout");
4085	return CURLE_OPERATION_TIMEDOUT;
4086	}
4087
4088	/ if ssl is expecting something, check if it's available. /
4089	if(connssl->connecting_state == ssl_connect_2_reading \|\|
4090	connssl->connecting_state == ssl_connect_2_writing) {
4091
4092	curl_socket_t writefd = ssl_connect_2_writing ==
4093	connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
4094	curl_socket_t readfd = ssl_connect_2_reading ==
4095	connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
4096
4097	what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
4098	nonblocking?`0`:timeout_ms);
4099	if(what < `0`) {
4100	/ fatal error /
4101	failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
4102	return CURLE_SSL_CONNECT_ERROR;
4103	}
4104	if(`0` == what) {
4105	if(nonblocking) {
4106	*done = FALSE;
4107	return CURLE_OK;
4108	}
4109	/ timeout /
4110	failf(data, "SSL connection timeout");
4111	return CURLE_OPERATION_TIMEDOUT;
4112	}
4113	/ socket is readable or writable /
4114	}
4115
4116	/ Run transaction, and return to the caller if it failed or if this*
4117	* connection is done nonblocking and this loop would execute again. This
4118	* permits the owner of a multi handle to abort a connection attempt
4119	* before step2 has completed while ensuring that a client using select()
4120	* or epoll() will always have a valid fdset to wait on.
4121	*/
4122	result = ossl_connect_step2(data, conn, sockindex);
4123	if(result \|\| (nonblocking &&
4124	(ssl_connect_2 == connssl->connecting_state \|\|
4125	ssl_connect_2_reading == connssl->connecting_state \|\|
4126	ssl_connect_2_writing == connssl->connecting_state)))
4127	return result;
4128
4129	} / repeat step2 until all transactions are done. /
4130
4131	if(ssl_connect_3 == connssl->connecting_state) {
4132	result = ossl_connect_step3(data, conn, sockindex);
4133	if(result)
4134	return result;
4135	}
4136
4137	if(ssl_connect_done == connssl->connecting_state) {
4138	connssl->state = ssl_connection_complete;
4139	conn->recv[sockindex] = ossl_recv;
4140	conn->send[sockindex] = ossl_send;
4141	*done = TRUE;
4142	}
4143	else
4144	*done = FALSE;
4145
4146	/ Reset our connect state machine /
4147	connssl->connecting_state = ssl_connect_1;
4148
4149	return CURLE_OK;
4150	}
4151
4152	static CURLcode ossl_connect_nonblocking(struct Curl_easy *data,
4153	struct connectdata *conn,
4154	int sockindex,
4155	bool *done)
4156	{
4157	return ossl_connect_common(data, conn, sockindex, TRUE, done);
4158	}
4159
4160	static CURLcode ossl_connect(struct Curl_easy data, struct* connectdata *conn,
4161	int sockindex)
4162	{
4163	CURLcode result;
4164	bool done = FALSE;
4165
4166	result = ossl_connect_common(data, conn, sockindex, FALSE, &done);
4167	if(result)
4168	return result;
4169
4170	DEBUGASSERT(done);
4171
4172	return CURLE_OK;
4173	}
4174
4175	static bool ossl_data_pending(const struct connectdata *conn,
4176	int connindex)
4177	{
4178	const struct ssl_connect_data *connssl = &conn->ssl[connindex];
4179	if(connssl->backend->handle && SSL_pending(connssl->backend->handle))
4180	return TRUE;
4181	#ifndef CURL_DISABLE_PROXY
4182	{
4183	const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
4184	if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle))
4185	return TRUE;
4186	}
4187	#endif
4188	return FALSE;
4189	}
4190
4191	static size_t ossl_version(char *buffer, size_t size);
4192
4193	static ssize_t ossl_send(struct Curl_easy *data,
4194	int sockindex,
4195	const void *mem,
4196	size_t len,
4197	CURLcode *curlcode)
4198	{
4199	/ SSL_write() is said to return 'int' while write() and send() returns*
4200	'size_t' /*
4201	int err;
4202	char error_buffer[`256`];
4203	unsigned long sslerror;
4204	int memlen;
4205	int rc;
4206	struct connectdata *conn = data->conn;
4207	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
4208	struct ssl_backend_data *backend = connssl->backend;
4209
4210	ERR_clear_error();
4211
4212	memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
4213	set_logger(conn, data);
4214	rc = SSL_write(backend->handle, mem, memlen);
4215
4216	if(rc <= `0`) {
4217	err = SSL_get_error(backend->handle, rc);
4218
4219	switch(err) {
4220	case SSL_ERROR_WANT_READ:
4221	case SSL_ERROR_WANT_WRITE:
4222	/ The operation did not complete; the same TLS/SSL I/O function*
4223	should be called again later. This is basically an EWOULDBLOCK
4224	equivalent. /*
4225	*curlcode = CURLE_AGAIN;
4226	return -`1`;
4227	case SSL_ERROR_SYSCALL:
4228	{
4229	int sockerr = SOCKERRNO;
4230	sslerror = ERR_get_error();
4231	if(sslerror)
4232	ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
4233	else if(sockerr)
4234	Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4235	else {
4236	strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
4237	error_buffer[sizeof(error_buffer) - `1`] = `'\0'`;
4238	}
4239	failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
4240	error_buffer, sockerr);
4241	*curlcode = CURLE_SEND_ERROR;
4242	return -`1`;
4243	}
4244	case SSL_ERROR_SSL:
4245	/ A failure in the SSL library occurred, usually a protocol error.*
4246	The OpenSSL error queue contains more information on the error. /*
4247	sslerror = ERR_get_error();
4248	if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
4249	ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
4250	conn->ssl[sockindex].state == ssl_connection_complete
4251	#ifndef CURL_DISABLE_PROXY
4252	&& conn->proxy_ssl[sockindex].state == ssl_connection_complete
4253	#endif
4254	) {
4255	char ver[`120`];
4256	(void)ossl_version(ver, sizeof(ver));
4257	failf(data, "Error: %s does not support double SSL tunneling.", ver);
4258	}
4259	else
4260	failf(data, "SSL_write() error: %s",
4261	ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
4262	*curlcode = CURLE_SEND_ERROR;
4263	return -`1`;
4264	}
4265	/ a true error /
4266	failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
4267	SSL_ERROR_to_str(err), SOCKERRNO);
4268	*curlcode = CURLE_SEND_ERROR;
4269	return -`1`;
4270	}
4271	*curlcode = CURLE_OK;
4272	return (ssize_t)rc; / number of bytes /
4273	}
4274
4275	static ssize_t ossl_recv(struct Curl_easy data, /* transfer /
4276	int num, / socketindex /
4277	char buf, /* store read data here /
4278	size_t buffersize, / max amount to read /
4279	CURLcode *curlcode)
4280	{
4281	char error_buffer[`256`];
4282	unsigned long sslerror;
4283	ssize_t nread;
4284	int buffsize;
4285	struct connectdata *conn = data->conn;
4286	struct ssl_connect_data *connssl = &conn->ssl[num];
4287	struct ssl_backend_data *backend = connssl->backend;
4288
4289	ERR_clear_error();
4290
4291	buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
4292	set_logger(conn, data);
4293	nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
4294	if(nread <= `0`) {
4295	/ failed SSL_read /
4296	int err = SSL_get_error(backend->handle, (int)nread);
4297
4298	switch(err) {
4299	case SSL_ERROR_NONE: / this is not an error /
4300	break;
4301	case SSL_ERROR_ZERO_RETURN: / no more data /
4302	/ close_notify alert /
4303	if(num == FIRSTSOCKET)
4304	/ mark the connection for close if it is indeed the control*
4305	connection /*
4306	connclose(conn, "TLS close_notify");
4307	break;
4308	case SSL_ERROR_WANT_READ:
4309	case SSL_ERROR_WANT_WRITE:
4310	/ there's data pending, re-invoke SSL_read() /
4311	*curlcode = CURLE_AGAIN;
4312	return -`1`;
4313	default:
4314	/ openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return*
4315	value/errno" /*
4316	/ https://www.openssl.org/docs/crypto/ERR_get_error.html /
4317	sslerror = ERR_get_error();
4318	if((nread < `0`) \|\| sslerror) {
4319	/ If the return code was negative or there actually is an error in the*
4320	queue /*
4321	int sockerr = SOCKERRNO;
4322	if(sslerror)
4323	ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
4324	else if(sockerr && err == SSL_ERROR_SYSCALL)
4325	Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4326	else {
4327	strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
4328	error_buffer[sizeof(error_buffer) - `1`] = `'\0'`;
4329	}
4330	failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d",
4331	error_buffer, sockerr);
4332	*curlcode = CURLE_RECV_ERROR;
4333	return -`1`;
4334	}
4335	/ For debug builds be a little stricter and error on any*
4336	SSL_ERROR_SYSCALL. For example a server may have closed the connection
4337	abruptly without a close_notify alert. For compatibility with older
4338	peers we don't do this by default. #4624
4339
4340	We can use this to gauge how many users may be affected, and
4341	if it goes ok eventually transition to allow in dev and release with
4342	the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) /*
4343	#ifdef DEBUGBUILD
4344	if(err == SSL_ERROR_SYSCALL) {
4345	int sockerr = SOCKERRNO;
4346	if(sockerr)
4347	Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4348	else {
4349	msnprintf(error_buffer, sizeof(error_buffer),
4350	"Connection closed abruptly");
4351	}
4352	failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d"
4353	" (Fatal because this is a curl debug build)",
4354	error_buffer, sockerr);
4355	*curlcode = CURLE_RECV_ERROR;
4356	return -`1`;
4357	}
4358	#endif
4359	}
4360	}
4361	return nread;
4362	}
4363
4364	static size_t ossl_version(char *buffer, size_t size)
4365	{
4366	#ifdef LIBRESSL_VERSION_NUMBER
4367	#if LIBRESSL_VERSION_NUMBER < 0x2070100fL
4368	return msnprintf(buffer, size, "%s/%lx.%lx.%lx",
4369	OSSL_PACKAGE,
4370	(LIBRESSL_VERSION_NUMBER>>`28`)&`0xf`,
4371	(LIBRESSL_VERSION_NUMBER>>`20`)&`0xff`,
4372	(LIBRESSL_VERSION_NUMBER>>`12`)&`0xff`);
4373	#else /* OpenSSL_version() first appeared in LibreSSL 2.7.1 */
4374	char *p;
4375	int count;
4376	const char *ver = OpenSSL_version(OPENSSL_VERSION);
4377	const char expected[] = OSSL_PACKAGE " "; / ie "LibreSSL " /
4378	if(Curl_strncasecompare(ver, expected, sizeof(expected) - `1`)) {
4379	ver += sizeof(expected) - `1`;
4380	}
4381	count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
4382	for(p = buffer; *p; ++p) {
4383	if(ISSPACE(*p))
4384	*p = `'_'`;
4385	}
4386	return count;
4387	#endif
4388	#elif defined(OPENSSL_IS_BORINGSSL)
4389	return msnprintf(buffer, size, OSSL_PACKAGE);
4390	#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
4391	return msnprintf(buffer, size, "%s/%s",
4392	OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
4393	#else
4394	/ not LibreSSL, BoringSSL and not using OpenSSL_version /
4395
4396	char sub[`3`];
4397	unsigned long ssleay_value;
4398	sub[`2`]=`'\0'`;
4399	sub[`1`]=`'\0'`;
4400	ssleay_value = OpenSSL_version_num();
4401	if(ssleay_value < `0x906000`) {
4402	ssleay_value = SSLEAY_VERSION_NUMBER;
4403	sub[`0`]=`'\0'`;
4404	}
4405	else {
4406	if(ssleay_value&`0xff0`) {
4407	int minor_ver = (ssleay_value >> `4`) & `0xff`;
4408	if(minor_ver > `26`) {
4409	/ handle extended version introduced for 0.9.8za /
4410	sub[`1`] = (char) ((minor_ver - `1`) % `26` + `'a'` + `1`);
4411	sub[`0`] = `'z'`;
4412	}
4413	else {
4414	sub[`0`] = (char) (minor_ver + `'a'` - `1`);
4415	}
4416	}
4417	else
4418	sub[`0`]=`'\0'`;
4419	}
4420
4421	return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
4422	#ifdef OPENSSL_FIPS
4423	"-fips"
4424	#endif
4425	,
4426	OSSL_PACKAGE,
4427	(ssleay_value>>`28`)&`0xf`,
4428	(ssleay_value>>`20`)&`0xff`,
4429	(ssleay_value>>`12`)&`0xff`,
4430	sub);
4431	#endif /* OPENSSL_IS_BORINGSSL */
4432	}
4433
4434	/ can be called with data == NULL /
4435	static CURLcode ossl_random(struct Curl_easy *data,
4436	unsigned char *entropy, size_t length)
4437	{
4438	int rc;
4439	if(data) {
4440	if(ossl_seed(data)) / Initiate the seed if not already done /
4441	return CURLE_FAILED_INIT; / couldn't seed for some reason /
4442	}
4443	else {
4444	if(!rand_enough())
4445	return CURLE_FAILED_INIT;
4446	}
4447	/ RAND_bytes() returns 1 on success, 0 otherwise. /
4448	rc = RAND_bytes(entropy, curlx_uztosi(length));
4449	return (rc == `1` ? CURLE_OK : CURLE_FAILED_INIT);
4450	}
4451
4452	#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
4453	static CURLcode ossl_sha256sum(const unsigned char tmp, /* input /
4454	size_t tmplen,
4455	unsigned char sha256sum /* output /,
4456	size_t unused)
4457	{
4458	EVP_MD_CTX *mdctx;
4459	unsigned int len = `0`;
4460	(void) unused;
4461
4462	mdctx = EVP_MD_CTX_create();
4463	if(!mdctx)
4464	return CURLE_OUT_OF_MEMORY;
4465	EVP_DigestInit(mdctx, EVP_sha256());
4466	EVP_DigestUpdate(mdctx, tmp, tmplen);
4467	EVP_DigestFinal_ex(mdctx, sha256sum, &len);
4468	EVP_MD_CTX_destroy(mdctx);
4469	return CURLE_OK;
4470	}
4471	#endif
4472
4473	static bool ossl_cert_status_request(void)
4474	{
4475	#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
4476	!defined(OPENSSL_NO_OCSP)
4477	return TRUE;
4478	#else
4479	return FALSE;
4480	#endif
4481	}
4482
4483	static void ossl_get_internals(struct* ssl_connect_data *connssl,
4484	CURLINFO info)
4485	{
4486	/ Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. /
4487	struct ssl_backend_data *backend = connssl->backend;
4488	return info == CURLINFO_TLS_SESSION ?
4489	(void )backend->ctx : (void* *)backend->handle;
4490	}
4491
4492	static void ossl_associate_connection(struct Curl_easy *data,
4493	struct connectdata *conn,
4494	int sockindex)
4495	{
4496	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
4497	struct ssl_backend_data *backend = connssl->backend;
4498
4499	/ If we don't have SSL context, do nothing. /
4500	if(!backend->handle)
4501	return;
4502
4503	if(SSL_SET_OPTION(primary.sessionid)) {
4504	int data_idx = ossl_get_ssl_data_index();
4505	int connectdata_idx = ossl_get_ssl_conn_index();
4506	int sockindex_idx = ossl_get_ssl_sockindex_index();
4507	int proxy_idx = ossl_get_proxy_index();
4508
4509	if(data_idx >= `0` && connectdata_idx >= `0` && sockindex_idx >= `0` &&
4510	proxy_idx >= `0`) {
4511	/ Store the data needed for the "new session" callback.*
4512	* The sockindex is stored as a pointer to an array element. */
4513	SSL_set_ex_data(backend->handle, data_idx, data);
4514	SSL_set_ex_data(backend->handle, connectdata_idx, conn);
4515	SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex);
4516	#ifndef CURL_DISABLE_PROXY
4517	SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) `1`:
4518	NULL);
4519	#else
4520	SSL_set_ex_data(backend->handle, proxy_idx, NULL);
4521	#endif
4522	}
4523	}
4524	}
4525
4526	/*
4527	* Starting with TLS 1.3, the ossl_new_session_cb callback gets called after
4528	* the handshake. If the transfer that sets up the callback gets killed before
4529	* this callback arrives, we must make sure to properly clear the data to
4530	* avoid UAF problems. A future optimization could be to instead store another
4531	* transfer that might still be using the same connection.
4532	*/
4533
4534	static void ossl_disassociate_connection(struct Curl_easy *data,
4535	int sockindex)
4536	{
4537	struct connectdata *conn = data->conn;
4538	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
4539	struct ssl_backend_data *backend = connssl->backend;
4540
4541	/ If we don't have SSL context, do nothing. /
4542	if(!backend->handle)
4543	return;
4544
4545	if(SSL_SET_OPTION(primary.sessionid)) {
4546	int data_idx = ossl_get_ssl_data_index();
4547	int connectdata_idx = ossl_get_ssl_conn_index();
4548	int sockindex_idx = ossl_get_ssl_sockindex_index();
4549	int proxy_idx = ossl_get_proxy_index();
4550
4551	if(data_idx >= `0` && connectdata_idx >= `0` && sockindex_idx >= `0` &&
4552	proxy_idx >= `0`) {
4553	/ Disable references to data in "new session" callback to avoid*
4554	* accessing a stale pointer. */
4555	SSL_set_ex_data(backend->handle, data_idx, NULL);
4556	SSL_set_ex_data(backend->handle, connectdata_idx, NULL);
4557	SSL_set_ex_data(backend->handle, sockindex_idx, NULL);
4558	SSL_set_ex_data(backend->handle, proxy_idx, NULL);
4559	}
4560	}
4561	}
4562
4563	const struct Curl_ssl Curl_ssl_openssl = {
4564	{ CURLSSLBACKEND_OPENSSL, "openssl" }, / info /
4565
4566	SSLSUPP_CA_PATH \|
4567	SSLSUPP_CAINFO_BLOB \|
4568	SSLSUPP_CERTINFO \|
4569	SSLSUPP_PINNEDPUBKEY \|
4570	SSLSUPP_SSL_CTX \|
4571	#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
4572	SSLSUPP_TLS13_CIPHERSUITES \|
4573	#endif
4574	SSLSUPP_HTTPS_PROXY,
4575
4576	sizeof(struct ssl_backend_data),
4577
4578	ossl_init, / init /
4579	ossl_cleanup, / cleanup /
4580	ossl_version, / version /
4581	ossl_check_cxn, / check_cxn /
4582	ossl_shutdown, / shutdown /
4583	ossl_data_pending, / data_pending /
4584	ossl_random, / random /
4585	ossl_cert_status_request, / cert_status_request /
4586	ossl_connect, / connect /
4587	ossl_connect_nonblocking, / connect_nonblocking /
4588	Curl_ssl_getsock, / getsock /
4589	ossl_get_internals, / get_internals /
4590	ossl_close, / close_one /
4591	ossl_close_all, / close_all /
4592	ossl_session_free, / session_free /
4593	ossl_set_engine, / set_engine /
4594	ossl_set_engine_default, / set_engine_default /
4595	ossl_engines_list, / engines_list /
4596	Curl_none_false_start, / false_start /
4597	#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
4598	ossl_sha256sum, / sha256sum /
4599	#else
4600	NULL, / sha256sum /
4601	#endif
4602	ossl_associate_connection, / associate_connection /
4603	ossl_disassociate_connection / disassociate_connection /
4604	};
4605
4606	#endif /* USE_OPENSSL */
4607

Browse the source code of Aseprite/third_party/curl/lib/vtls/openssl.c