sectransp.c source code [Curl/lib/vtls/sectransp.c]

1	/***************************************************************************
2	* _ _ ____ _
3	* Project ___\| \| \| \| _ \\| \|
4	* / __\| \| \| \| \|_) \| \|
5	* \| (__\| \|_\| \| _ <\| \|___
6	* \___\|\___/\|_\| \_\_____\|
7	*
8	* Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
9	* Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
10	*
11	* This software is licensed as described in the file COPYING, which
12	* you should have received as part of this distribution. The terms
13	* are also available at https://curl.haxx.se/docs/copyright.html.
14	*
15	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
16	* copies of the Software, and permit persons to whom the Software is
17	* furnished to do so, under the terms of the COPYING file.
18	*
19	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20	* KIND, either express or implied.
21	*
22	***************************************************************************/
23
24	/*
25	* Source file for all iOS and macOS SecureTransport-specific code for the
26	* TLS/SSL layer. No code but vtls.c should ever call or use these functions.
27	*/
28
29	#include "curl_setup.h"
30
31	#include "urldata.h" /* for the Curl_easy definition */
32	#include "curl_base64.h"
33	#include "strtok.h"
34	#include "multiif.h"
35
36	#ifdef USE_SECTRANSP
37
38	#ifdef __clang__
39	#pragma clang diagnostic push
40	#pragma clang diagnostic ignored "-Wtautological-pointer-compare"
41	#endif /* __clang__ */
42
43	#include <limits.h>
44
45	#include <Security/Security.h>
46	/ For some reason, when building for iOS, the omnibus header above does*
47	* not include SecureTransport.h as of iOS SDK 5.1. */
48	#include <Security/SecureTransport.h>
49	#include <CoreFoundation/CoreFoundation.h>
50	#include <CommonCrypto/CommonDigest.h>
51
52	/ The Security framework has changed greatly between iOS and different macOS*
53	versions, and we will try to support as many of them as we can (back to
54	Leopard and iOS 5) by using macros and weak-linking.
55
56	In general, you want to build this using the most recent OS SDK, since some
57	features require curl to be built against the latest SDK. TLS 1.1 and 1.2
58	support, for instance, require the macOS 10.8 SDK or later. TLS 1.3
59	requires the macOS 10.13 or iOS 11 SDK or later. /*
60	#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED \|\| TARGET_OS_IPHONE))
61
62	#if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
63	#error "The Secure Transport back-end requires Leopard or later."
64	#endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
65
66	#define CURL_BUILD_IOS 0
67	#define CURL_BUILD_IOS_7 0
68	#define CURL_BUILD_IOS_9 0
69	#define CURL_BUILD_IOS_11 0
70	#define CURL_BUILD_MAC 1
71	/ This is the maximum API level we are allowed to use when building: /
72	#define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
73	#define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
74	#define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
75	#define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
76	#define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
77	#define CURL_BUILD_MAC_10_11 MAC_OS_X_VERSION_MAX_ALLOWED >= 101100
78	#define CURL_BUILD_MAC_10_13 MAC_OS_X_VERSION_MAX_ALLOWED >= 101300
79	/ These macros mean "the following code is present to allow runtime backward*
80	compatibility with at least this cat or earlier":
81	(You set this at build-time using the compiler command line option
82	"-mmacosx-version-min.") /*
83	#define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
84	#define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
85	#define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
86	#define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
87	#define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
88
89	#elif TARGET_OS_EMBEDDED \|\| TARGET_OS_IPHONE
90	#define CURL_BUILD_IOS 1
91	#define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
92	#define CURL_BUILD_IOS_9 __IPHONE_OS_VERSION_MAX_ALLOWED >= 90000
93	#define CURL_BUILD_IOS_11 __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000
94	#define CURL_BUILD_MAC 0
95	#define CURL_BUILD_MAC_10_5 0
96	#define CURL_BUILD_MAC_10_6 0
97	#define CURL_BUILD_MAC_10_7 0
98	#define CURL_BUILD_MAC_10_8 0
99	#define CURL_BUILD_MAC_10_9 0
100	#define CURL_BUILD_MAC_10_11 0
101	#define CURL_BUILD_MAC_10_13 0
102	#define CURL_SUPPORT_MAC_10_5 0
103	#define CURL_SUPPORT_MAC_10_6 0
104	#define CURL_SUPPORT_MAC_10_7 0
105	#define CURL_SUPPORT_MAC_10_8 0
106	#define CURL_SUPPORT_MAC_10_9 0
107
108	#else
109	#error "The Secure Transport back-end requires iOS or macOS."
110	#endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED \|\| TARGET_OS_IPHONE)) */
111
112	#if CURL_BUILD_MAC
113	#include <sys/sysctl.h>
114	#endif /* CURL_BUILD_MAC */
115
116	#include "urldata.h"
117	#include "sendf.h"
118	#include "inet_pton.h"
119	#include "connect.h"
120	#include "select.h"
121	#include "vtls.h"
122	#include "sectransp.h"
123	#include "curl_printf.h"
124	#include "strdup.h"
125
126	#include "curl_memory.h"
127	/ The last #include file should be: /
128	#include "memdebug.h"
129
130	/ From MacTypes.h (which we can't include because it isn't present in iOS: /
131	#define ioErr -36
132	#define paramErr -50
133
134	struct ssl_backend_data {
135	SSLContextRef ssl_ctx;
136	curl_socket_t ssl_sockfd;
137	bool ssl_direction; / true if writing, false if reading /
138	size_t ssl_write_buffered_length;
139	};
140
141	#define BACKEND connssl->backend
142
143	/ pinned public key support tests /
144
145	/ version 1 supports macOS 10.12+ and iOS 10+ /
146	#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) \|\| \
147	(!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
148	#define SECTRANSP_PINNEDPUBKEY_V1 1
149	#endif
150
151	/ version 2 supports MacOSX 10.7+ /
152	#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
153	#define SECTRANSP_PINNEDPUBKEY_V2 1
154	#endif
155
156	#if defined(SECTRANSP_PINNEDPUBKEY_V1) \|\| defined(SECTRANSP_PINNEDPUBKEY_V2)
157	/ this backend supports CURLOPT_PINNEDPUBLICKEY /
158	#define SECTRANSP_PINNEDPUBKEY 1
159	#endif /* SECTRANSP_PINNEDPUBKEY */
160
161	#ifdef SECTRANSP_PINNEDPUBKEY
162	/ both new and old APIs return rsa keys missing the spki header (not DER) /
163	static const unsigned char rsa4096SpkiHeader[] = {
164	`0x30`, `0x82`, `0x02`, `0x22`, `0x30`, `0x0d`,
165	`0x06`, `0x09`, `0x2a`, `0x86`, `0x48`, `0x86`,
166	`0xf7`, `0x0d`, `0x01`, `0x01`, `0x01`, `0x05`,
167	`0x00`, `0x03`, `0x82`, `0x02`, `0x0f`, `0x00`};
168
169	static const unsigned char rsa2048SpkiHeader[] = {
170	`0x30`, `0x82`, `0x01`, `0x22`, `0x30`, `0x0d`,
171	`0x06`, `0x09`, `0x2a`, `0x86`, `0x48`, `0x86`,
172	`0xf7`, `0x0d`, `0x01`, `0x01`, `0x01`, `0x05`,
173	`0x00`, `0x03`, `0x82`, `0x01`, `0x0f`, `0x00`};
174	#ifdef SECTRANSP_PINNEDPUBKEY_V1
175	/ the new version doesn't return DER encoded ecdsa certs like the old... /
176	static const unsigned char ecDsaSecp256r1SpkiHeader[] = {
177	`0x30`, `0x59`, `0x30`, `0x13`, `0x06`, `0x07`,
178	`0x2a`, `0x86`, `0x48`, `0xce`, `0x3d`, `0x02`,
179	`0x01`, `0x06`, `0x08`, `0x2a`, `0x86`, `0x48`,
180	`0xce`, `0x3d`, `0x03`, `0x01`, `0x07`, `0x03`,
181	`0x42`, `0x00`};
182
183	static const unsigned char ecDsaSecp384r1SpkiHeader[] = {
184	`0x30`, `0x76`, `0x30`, `0x10`, `0x06`, `0x07`,
185	`0x2a`, `0x86`, `0x48`, `0xce`, `0x3d`, `0x02`,
186	`0x01`, `0x06`, `0x05`, `0x2b`, `0x81`, `0x04`,
187	`0x00`, `0x22`, `0x03`, `0x62`, `0x00`};
188	#endif /* SECTRANSP_PINNEDPUBKEY_V1 */
189	#endif /* SECTRANSP_PINNEDPUBKEY */
190
191	/ The following two functions were ripped from Apple sample code,*
192	* with some modifications: */
193	static OSStatus SocketRead(SSLConnectionRef connection,
194	void data, /* owned by*
195	* caller, data
196	* RETURNED */
197	size_t dataLength) /* IN/OUT /
198	{
199	size_t bytesToGo = *dataLength;
200	size_t initLen = bytesToGo;
201	UInt8 currData = (UInt8 )data;
202	/int sock = (int )connection;/
203	struct ssl_connect_data connssl = (struct* ssl_connect_data *)connection;
204	int sock = BACKEND->ssl_sockfd;
205	OSStatus rtn = noErr;
206	size_t bytesRead;
207	ssize_t rrtn;
208	int theErr;
209
210	*dataLength = `0`;
211
212	for(;;) {
213	bytesRead = `0`;
214	rrtn = read(sock, currData, bytesToGo);
215	if(rrtn <= `0`) {
216	/ this is guesswork... /
217	theErr = errno;
218	if(rrtn == `0`) { / EOF = server hung up /
219	/ the framework will turn this into errSSLClosedNoNotify /
220	rtn = errSSLClosedGraceful;
221	}
222	else / do the switch /
223	switch(theErr) {
224	case ENOENT:
225	/ connection closed /
226	rtn = errSSLClosedGraceful;
227	break;
228	case ECONNRESET:
229	rtn = errSSLClosedAbort;
230	break;
231	case EAGAIN:
232	rtn = errSSLWouldBlock;
233	BACKEND->ssl_direction = false;
234	break;
235	default:
236	rtn = ioErr;
237	break;
238	}
239	break;
240	}
241	else {
242	bytesRead = rrtn;
243	}
244	bytesToGo -= bytesRead;
245	currData += bytesRead;
246
247	if(bytesToGo == `0`) {
248	/ filled buffer with incoming data, done /
249	break;
250	}
251	}
252	*dataLength = initLen - bytesToGo;
253
254	return rtn;
255	}
256
257	static OSStatus SocketWrite(SSLConnectionRef connection,
258	const void *data,
259	size_t dataLength) /* IN/OUT /
260	{
261	size_t bytesSent = `0`;
262	/int sock = (int )connection;/
263	struct ssl_connect_data connssl = (struct* ssl_connect_data *)connection;
264	int sock = BACKEND->ssl_sockfd;
265	ssize_t length;
266	size_t dataLen = *dataLength;
267	const UInt8 dataPtr = (UInt8 )data;
268	OSStatus ortn;
269	int theErr;
270
271	*dataLength = `0`;
272
273	do {
274	length = write(sock,
275	(char *)dataPtr + bytesSent,
276	dataLen - bytesSent);
277	} while((length > `0`) &&
278	( (bytesSent += length) < dataLen) );
279
280	if(length <= `0`) {
281	theErr = errno;
282	if(theErr == EAGAIN) {
283	ortn = errSSLWouldBlock;
284	BACKEND->ssl_direction = true;
285	}
286	else {
287	ortn = ioErr;
288	}
289	}
290	else {
291	ortn = noErr;
292	}
293	*dataLength = bytesSent;
294	return ortn;
295	}
296
297	#ifndef CURL_DISABLE_VERBOSE_STRINGS
298	CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
299	{
300	switch(cipher) {
301	/ SSL version 3.0 /
302	case SSL_RSA_WITH_NULL_MD5:
303	return "SSL_RSA_WITH_NULL_MD5";
304	break;
305	case SSL_RSA_WITH_NULL_SHA:
306	return "SSL_RSA_WITH_NULL_SHA";
307	break;
308	case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
309	return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
310	break;
311	case SSL_RSA_WITH_RC4_128_MD5:
312	return "SSL_RSA_WITH_RC4_128_MD5";
313	break;
314	case SSL_RSA_WITH_RC4_128_SHA:
315	return "SSL_RSA_WITH_RC4_128_SHA";
316	break;
317	case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
318	return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
319	break;
320	case SSL_RSA_WITH_IDEA_CBC_SHA:
321	return "SSL_RSA_WITH_IDEA_CBC_SHA";
322	break;
323	case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
324	return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
325	break;
326	case SSL_RSA_WITH_DES_CBC_SHA:
327	return "SSL_RSA_WITH_DES_CBC_SHA";
328	break;
329	case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
330	return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
331	break;
332	case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
333	return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
334	break;
335	case SSL_DH_DSS_WITH_DES_CBC_SHA:
336	return "SSL_DH_DSS_WITH_DES_CBC_SHA";
337	break;
338	case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
339	return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
340	break;
341	case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
342	return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
343	break;
344	case SSL_DH_RSA_WITH_DES_CBC_SHA:
345	return "SSL_DH_RSA_WITH_DES_CBC_SHA";
346	break;
347	case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
348	return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
349	break;
350	case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
351	return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
352	break;
353	case SSL_DHE_DSS_WITH_DES_CBC_SHA:
354	return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
355	break;
356	case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
357	return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
358	break;
359	case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
360	return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
361	break;
362	case SSL_DHE_RSA_WITH_DES_CBC_SHA:
363	return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
364	break;
365	case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
366	return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
367	break;
368	case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
369	return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
370	break;
371	case SSL_DH_anon_WITH_RC4_128_MD5:
372	return "SSL_DH_anon_WITH_RC4_128_MD5";
373	break;
374	case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
375	return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
376	break;
377	case SSL_DH_anon_WITH_DES_CBC_SHA:
378	return "SSL_DH_anon_WITH_DES_CBC_SHA";
379	break;
380	case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
381	return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
382	break;
383	case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
384	return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
385	break;
386	case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
387	return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
388	break;
389	/ TLS 1.0 with AES (RFC 3268)*
390	(Apparently these are used in SSLv3 implementations as well.) /*
391	case TLS_RSA_WITH_AES_128_CBC_SHA:
392	return "TLS_RSA_WITH_AES_128_CBC_SHA";
393	break;
394	case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
395	return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
396	break;
397	case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
398	return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
399	break;
400	case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
401	return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
402	break;
403	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
404	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
405	break;
406	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
407	return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
408	break;
409	case TLS_RSA_WITH_AES_256_CBC_SHA:
410	return "TLS_RSA_WITH_AES_256_CBC_SHA";
411	break;
412	case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
413	return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
414	break;
415	case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
416	return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
417	break;
418	case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
419	return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
420	break;
421	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
422	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
423	break;
424	case TLS_DH_anon_WITH_AES_256_CBC_SHA:
425	return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
426	break;
427	/ SSL version 2.0 /
428	case SSL_RSA_WITH_RC2_CBC_MD5:
429	return "SSL_RSA_WITH_RC2_CBC_MD5";
430	break;
431	case SSL_RSA_WITH_IDEA_CBC_MD5:
432	return "SSL_RSA_WITH_IDEA_CBC_MD5";
433	break;
434	case SSL_RSA_WITH_DES_CBC_MD5:
435	return "SSL_RSA_WITH_DES_CBC_MD5";
436	break;
437	case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
438	return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
439	break;
440	}
441	return "SSL_NULL_WITH_NULL_NULL";
442	}
443
444	CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
445	{
446	switch(cipher) {
447	/ TLS 1.0 with AES (RFC 3268) /
448	case TLS_RSA_WITH_AES_128_CBC_SHA:
449	return "TLS_RSA_WITH_AES_128_CBC_SHA";
450	break;
451	case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
452	return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
453	break;
454	case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
455	return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
456	break;
457	case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
458	return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
459	break;
460	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
461	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
462	break;
463	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
464	return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
465	break;
466	case TLS_RSA_WITH_AES_256_CBC_SHA:
467	return "TLS_RSA_WITH_AES_256_CBC_SHA";
468	break;
469	case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
470	return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
471	break;
472	case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
473	return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
474	break;
475	case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
476	return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
477	break;
478	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
479	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
480	break;
481	case TLS_DH_anon_WITH_AES_256_CBC_SHA:
482	return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
483	break;
484	#if CURL_BUILD_MAC_10_6 \|\| CURL_BUILD_IOS
485	/ TLS 1.0 with ECDSA (RFC 4492) /
486	case TLS_ECDH_ECDSA_WITH_NULL_SHA:
487	return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
488	break;
489	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
490	return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
491	break;
492	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
493	return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
494	break;
495	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
496	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
497	break;
498	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
499	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
500	break;
501	case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
502	return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
503	break;
504	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
505	return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
506	break;
507	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
508	return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
509	break;
510	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
511	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
512	break;
513	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
514	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
515	break;
516	case TLS_ECDH_RSA_WITH_NULL_SHA:
517	return "TLS_ECDH_RSA_WITH_NULL_SHA";
518	break;
519	case TLS_ECDH_RSA_WITH_RC4_128_SHA:
520	return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
521	break;
522	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
523	return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
524	break;
525	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
526	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
527	break;
528	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
529	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
530	break;
531	case TLS_ECDHE_RSA_WITH_NULL_SHA:
532	return "TLS_ECDHE_RSA_WITH_NULL_SHA";
533	break;
534	case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
535	return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
536	break;
537	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
538	return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
539	break;
540	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
541	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
542	break;
543	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
544	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
545	break;
546	case TLS_ECDH_anon_WITH_NULL_SHA:
547	return "TLS_ECDH_anon_WITH_NULL_SHA";
548	break;
549	case TLS_ECDH_anon_WITH_RC4_128_SHA:
550	return "TLS_ECDH_anon_WITH_RC4_128_SHA";
551	break;
552	case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
553	return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
554	break;
555	case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
556	return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
557	break;
558	case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
559	return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
560	break;
561	#endif /* CURL_BUILD_MAC_10_6 \|\| CURL_BUILD_IOS */
562	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
563	/ TLS 1.2 (RFC 5246) /
564	case TLS_RSA_WITH_NULL_MD5:
565	return "TLS_RSA_WITH_NULL_MD5";
566	break;
567	case TLS_RSA_WITH_NULL_SHA:
568	return "TLS_RSA_WITH_NULL_SHA";
569	break;
570	case TLS_RSA_WITH_RC4_128_MD5:
571	return "TLS_RSA_WITH_RC4_128_MD5";
572	break;
573	case TLS_RSA_WITH_RC4_128_SHA:
574	return "TLS_RSA_WITH_RC4_128_SHA";
575	break;
576	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
577	return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
578	break;
579	case TLS_RSA_WITH_NULL_SHA256:
580	return "TLS_RSA_WITH_NULL_SHA256";
581	break;
582	case TLS_RSA_WITH_AES_128_CBC_SHA256:
583	return "TLS_RSA_WITH_AES_128_CBC_SHA256";
584	break;
585	case TLS_RSA_WITH_AES_256_CBC_SHA256:
586	return "TLS_RSA_WITH_AES_256_CBC_SHA256";
587	break;
588	case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
589	return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
590	break;
591	case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
592	return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
593	break;
594	case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
595	return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
596	break;
597	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
598	return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
599	break;
600	case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
601	return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
602	break;
603	case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
604	return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
605	break;
606	case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
607	return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
608	break;
609	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
610	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
611	break;
612	case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
613	return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
614	break;
615	case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
616	return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
617	break;
618	case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
619	return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
620	break;
621	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
622	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
623	break;
624	case TLS_DH_anon_WITH_RC4_128_MD5:
625	return "TLS_DH_anon_WITH_RC4_128_MD5";
626	break;
627	case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
628	return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
629	break;
630	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
631	return "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
632	break;
633	case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
634	return "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
635	break;
636	/ TLS 1.2 with AES GCM (RFC 5288) /
637	case TLS_RSA_WITH_AES_128_GCM_SHA256:
638	return "TLS_RSA_WITH_AES_128_GCM_SHA256";
639	break;
640	case TLS_RSA_WITH_AES_256_GCM_SHA384:
641	return "TLS_RSA_WITH_AES_256_GCM_SHA384";
642	break;
643	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
644	return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
645	break;
646	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
647	return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
648	break;
649	case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
650	return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
651	break;
652	case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
653	return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
654	break;
655	case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
656	return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
657	break;
658	case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
659	return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
660	break;
661	case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
662	return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
663	break;
664	case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
665	return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
666	break;
667	case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
668	return "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
669	break;
670	case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
671	return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
672	break;
673	/ TLS 1.2 with elliptic curve ciphers (RFC 5289) /
674	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
675	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
676	break;
677	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
678	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
679	break;
680	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
681	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
682	break;
683	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
684	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
685	break;
686	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
687	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
688	break;
689	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
690	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
691	break;
692	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
693	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
694	break;
695	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
696	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
697	break;
698	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
699	return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
700	break;
701	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
702	return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
703	break;
704	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
705	return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
706	break;
707	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
708	return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
709	break;
710	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
711	return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
712	break;
713	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
714	return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
715	break;
716	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
717	return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
718	break;
719	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
720	return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
721	break;
722	case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
723	return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
724	break;
725	#else
726	case SSL_RSA_WITH_NULL_MD5:
727	return "TLS_RSA_WITH_NULL_MD5";
728	break;
729	case SSL_RSA_WITH_NULL_SHA:
730	return "TLS_RSA_WITH_NULL_SHA";
731	break;
732	case SSL_RSA_WITH_RC4_128_MD5:
733	return "TLS_RSA_WITH_RC4_128_MD5";
734	break;
735	case SSL_RSA_WITH_RC4_128_SHA:
736	return "TLS_RSA_WITH_RC4_128_SHA";
737	break;
738	case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
739	return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
740	break;
741	case SSL_DH_anon_WITH_RC4_128_MD5:
742	return "TLS_DH_anon_WITH_RC4_128_MD5";
743	break;
744	case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
745	return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
746	break;
747	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
748	#if CURL_BUILD_MAC_10_9 \|\| CURL_BUILD_IOS_7
749	/ TLS PSK (RFC 4279): /
750	case TLS_PSK_WITH_RC4_128_SHA:
751	return "TLS_PSK_WITH_RC4_128_SHA";
752	break;
753	case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
754	return "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
755	break;
756	case TLS_PSK_WITH_AES_128_CBC_SHA:
757	return "TLS_PSK_WITH_AES_128_CBC_SHA";
758	break;
759	case TLS_PSK_WITH_AES_256_CBC_SHA:
760	return "TLS_PSK_WITH_AES_256_CBC_SHA";
761	break;
762	case TLS_DHE_PSK_WITH_RC4_128_SHA:
763	return "TLS_DHE_PSK_WITH_RC4_128_SHA";
764	break;
765	case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
766	return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
767	break;
768	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
769	return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
770	break;
771	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
772	return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
773	break;
774	case TLS_RSA_PSK_WITH_RC4_128_SHA:
775	return "TLS_RSA_PSK_WITH_RC4_128_SHA";
776	break;
777	case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
778	return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
779	break;
780	case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
781	return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
782	break;
783	case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
784	return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
785	break;
786	/ More TLS PSK (RFC 4785): /
787	case TLS_PSK_WITH_NULL_SHA:
788	return "TLS_PSK_WITH_NULL_SHA";
789	break;
790	case TLS_DHE_PSK_WITH_NULL_SHA:
791	return "TLS_DHE_PSK_WITH_NULL_SHA";
792	break;
793	case TLS_RSA_PSK_WITH_NULL_SHA:
794	return "TLS_RSA_PSK_WITH_NULL_SHA";
795	break;
796	/ Even more TLS PSK (RFC 5487): /
797	case TLS_PSK_WITH_AES_128_GCM_SHA256:
798	return "TLS_PSK_WITH_AES_128_GCM_SHA256";
799	break;
800	case TLS_PSK_WITH_AES_256_GCM_SHA384:
801	return "TLS_PSK_WITH_AES_256_GCM_SHA384";
802	break;
803	case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
804	return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
805	break;
806	case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
807	return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
808	break;
809	case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
810	return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
811	break;
812	case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
813	return "TLS_PSK_WITH_AES_256_GCM_SHA384";
814	break;
815	case TLS_PSK_WITH_AES_128_CBC_SHA256:
816	return "TLS_PSK_WITH_AES_128_CBC_SHA256";
817	break;
818	case TLS_PSK_WITH_AES_256_CBC_SHA384:
819	return "TLS_PSK_WITH_AES_256_CBC_SHA384";
820	break;
821	case TLS_PSK_WITH_NULL_SHA256:
822	return "TLS_PSK_WITH_NULL_SHA256";
823	break;
824	case TLS_PSK_WITH_NULL_SHA384:
825	return "TLS_PSK_WITH_NULL_SHA384";
826	break;
827	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
828	return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
829	break;
830	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
831	return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
832	break;
833	case TLS_DHE_PSK_WITH_NULL_SHA256:
834	return "TLS_DHE_PSK_WITH_NULL_SHA256";
835	break;
836	case TLS_DHE_PSK_WITH_NULL_SHA384:
837	return "TLS_RSA_PSK_WITH_NULL_SHA384";
838	break;
839	case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
840	return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
841	break;
842	case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
843	return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
844	break;
845	case TLS_RSA_PSK_WITH_NULL_SHA256:
846	return "TLS_RSA_PSK_WITH_NULL_SHA256";
847	break;
848	case TLS_RSA_PSK_WITH_NULL_SHA384:
849	return "TLS_RSA_PSK_WITH_NULL_SHA384";
850	break;
851	#endif /* CURL_BUILD_MAC_10_9 \|\| CURL_BUILD_IOS_7 */
852	#if CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11
853	/ New ChaCha20+Poly1305 cipher-suites used by TLS 1.3: /
854	case TLS_AES_128_GCM_SHA256:
855	return "TLS_AES_128_GCM_SHA256";
856	break;
857	case TLS_AES_256_GCM_SHA384:
858	return "TLS_AES_256_GCM_SHA384";
859	break;
860	case TLS_CHACHA20_POLY1305_SHA256:
861	return "TLS_CHACHA20_POLY1305_SHA256";
862	break;
863	case TLS_AES_128_CCM_SHA256:
864	return "TLS_AES_128_CCM_SHA256";
865	break;
866	case TLS_AES_128_CCM_8_SHA256:
867	return "TLS_AES_128_CCM_8_SHA256";
868	break;
869	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
870	return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
871	break;
872	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
873	return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
874	break;
875	#endif /* CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11 */
876	}
877	return "TLS_NULL_WITH_NULL_NULL";
878	}
879	#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
880
881	#if CURL_BUILD_MAC
882	CF_INLINE void GetDarwinVersionNumber(int major, int* *minor)
883	{
884	int mib[`2`];
885	char *os_version;
886	size_t os_version_len;
887	char os_version_major, os_version_minor;
888	char *tok_buf;
889
890	/ Get the Darwin kernel version from the kernel using sysctl(): /
891	mib[`0`] = CTL_KERN;
892	mib[`1`] = KERN_OSRELEASE;
893	if(sysctl(mib, `2`, NULL, &os_version_len, NULL, `0`) == -`1`)
894	return;
895	os_version = malloc(os_version_len*sizeof(char));
896	if(!os_version)
897	return;
898	if(sysctl(mib, `2`, os_version, &os_version_len, NULL, `0`) == -`1`) {
899	free(os_version);
900	return;
901	}
902
903	/ Parse the version: /
904	os_version_major = strtok_r(os_version, ".", &tok_buf);
905	os_version_minor = strtok_r(NULL, ".", &tok_buf);
906	*major = atoi(os_version_major);
907	*minor = atoi(os_version_minor);
908	free(os_version);
909	}
910	#endif /* CURL_BUILD_MAC */
911
912	/ Apple provides a myriad of ways of getting information about a certificate*
913	into a string. Some aren't available under iOS or newer cats. So here's
914	a unified function for getting a string describing the certificate that
915	ought to work in all cats starting with Leopard. /*
916	CF_INLINE CFStringRef getsubject(SecCertificateRef cert)
917	{
918	CFStringRef server_cert_summary = CFSTR("(null)");
919
920	#if CURL_BUILD_IOS
921	/ iOS: There's only one way to do this. /
922	server_cert_summary = SecCertificateCopySubjectSummary(cert);
923	#else
924	#if CURL_BUILD_MAC_10_7
925	/ Lion & later: Get the long description if we can. /
926	if(SecCertificateCopyLongDescription != NULL)
927	server_cert_summary =
928	SecCertificateCopyLongDescription(NULL, cert, NULL);
929	else
930	#endif /* CURL_BUILD_MAC_10_7 */
931	#if CURL_BUILD_MAC_10_6
932	/ Snow Leopard: Get the certificate summary. /
933	if(SecCertificateCopySubjectSummary != NULL)
934	server_cert_summary = SecCertificateCopySubjectSummary(cert);
935	else
936	#endif /* CURL_BUILD_MAC_10_6 */
937	/ Leopard is as far back as we go... /
938	(void)SecCertificateCopyCommonName(cert, &server_cert_summary);
939	#endif /* CURL_BUILD_IOS */
940	return server_cert_summary;
941	}
942
943	static CURLcode CopyCertSubject(struct Curl_easy *data,
944	SecCertificateRef cert, char **certp)
945	{
946	CFStringRef c = getsubject(cert);
947	CURLcode result = CURLE_OK;
948	const char *direct;
949	char *cbuf = NULL;
950	*certp = NULL;
951
952	if(!c) {
953	failf(data, "SSL: invalid CA certificate subject");
954	return CURLE_PEER_FAILED_VERIFICATION;
955	}
956
957	/ If the subject is already available as UTF-8 encoded (ie 'direct') then*
958	use that, else convert it. /*
959	direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
960	if(direct) {
961	*certp = strdup(direct);
962	if(!*certp) {
963	failf(data, "SSL: out of memory");
964	result = CURLE_OUT_OF_MEMORY;
965	}
966	}
967	else {
968	size_t cbuf_size = ((size_t)CFStringGetLength(c) * `4`) + `1`;
969	cbuf = calloc(cbuf_size, `1`);
970	if(cbuf) {
971	if(!CFStringGetCString(c, cbuf, cbuf_size,
972	kCFStringEncodingUTF8)) {
973	failf(data, "SSL: invalid CA certificate subject");
974	result = CURLE_PEER_FAILED_VERIFICATION;
975	}
976	else
977	/ pass back the buffer /
978	*certp = cbuf;
979	}
980	else {
981	failf(data, "SSL: couldn't allocate %zu bytes of memory", cbuf_size);
982	result = CURLE_OUT_OF_MEMORY;
983	}
984	}
985	if(result)
986	free(cbuf);
987	CFRelease(c);
988	return result;
989	}
990
991	#if CURL_SUPPORT_MAC_10_6
992	/ The SecKeychainSearch API was deprecated in Lion, and using it will raise*
993	deprecation warnings, so let's not compile this unless it's necessary: /*
994	static OSStatus CopyIdentityWithLabelOldSchool(char *label,
995	SecIdentityRef *out_c_a_k)
996	{
997	OSStatus status = errSecItemNotFound;
998	SecKeychainAttributeList attr_list;
999	SecKeychainAttribute attr;
1000	SecKeychainSearchRef search = NULL;
1001	SecCertificateRef cert = NULL;
1002
1003	/ Set up the attribute list: /
1004	attr_list.count = `1L`;
1005	attr_list.attr = &attr;
1006
1007	/ Set up our lone search criterion: /
1008	attr.tag = kSecLabelItemAttr;
1009	attr.data = label;
1010	attr.length = (UInt32)strlen(label);
1011
1012	/ Start searching: /
1013	status = SecKeychainSearchCreateFromAttributes(NULL,
1014	kSecCertificateItemClass,
1015	&attr_list,
1016	&search);
1017	if(status == noErr) {
1018	status = SecKeychainSearchCopyNext(search,
1019	(SecKeychainItemRef *)&cert);
1020	if(status == noErr && cert) {
1021	/ If we found a certificate, does it have a private key? /
1022	status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
1023	CFRelease(cert);
1024	}
1025	}
1026
1027	if(search)
1028	CFRelease(search);
1029	return status;
1030	}
1031	#endif /* CURL_SUPPORT_MAC_10_6 */
1032
1033	static OSStatus CopyIdentityWithLabel(char *label,
1034	SecIdentityRef *out_cert_and_key)
1035	{
1036	OSStatus status = errSecItemNotFound;
1037
1038	#if CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS
1039	CFArrayRef keys_list;
1040	CFIndex keys_list_count;
1041	CFIndex i;
1042	CFStringRef common_name;
1043
1044	/ SecItemCopyMatching() was introduced in iOS and Snow Leopard.*
1045	kSecClassIdentity was introduced in Lion. If both exist, let's use them
1046	to find the certificate. /*
1047	if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
1048	CFTypeRef keys[`5`];
1049	CFTypeRef values[`5`];
1050	CFDictionaryRef query_dict;
1051	CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
1052	kCFStringEncodingUTF8);
1053
1054	/ Set up our search criteria and expected results: /
1055	values[`0`] = kSecClassIdentity; / we want a certificate and a key /
1056	keys[`0`] = kSecClass;
1057	values[`1`] = kCFBooleanTrue; / we want a reference /
1058	keys[`1`] = kSecReturnRef;
1059	values[`2`] = kSecMatchLimitAll; / kSecMatchLimitOne would be better if the*
1060	* label matching below worked correctly */
1061	keys[`2`] = kSecMatchLimit;
1062	/ identity searches need a SecPolicyRef in order to work /
1063	values[`3`] = SecPolicyCreateSSL(false, NULL);
1064	keys[`3`] = kSecMatchPolicy;
1065	/ match the name of the certificate (doesn't work in macOS 10.12.1) /
1066	values[`4`] = label_cf;
1067	keys[`4`] = kSecAttrLabel;
1068	query_dict = CFDictionaryCreate(NULL, (const void **)keys,
1069	(const void **)values, `5L`,
1070	&kCFCopyStringDictionaryKeyCallBacks,
1071	&kCFTypeDictionaryValueCallBacks);
1072	CFRelease(values[`3`]);
1073
1074	/ Do we have a match? /
1075	status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list);
1076
1077	/ Because kSecAttrLabel matching doesn't work with kSecClassIdentity,*
1078	* we need to find the correct identity ourselves */
1079	if(status == noErr) {
1080	keys_list_count = CFArrayGetCount(keys_list);
1081	*out_cert_and_key = NULL;
1082	status = `1`;
1083	for(i = `0`; i<keys_list_count; i++) {
1084	OSStatus err = noErr;
1085	SecCertificateRef cert = NULL;
1086	SecIdentityRef identity =
1087	(SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
1088	err = SecIdentityCopyCertificate(identity, &cert);
1089	if(err == noErr) {
1090	#if CURL_BUILD_IOS
1091	common_name = SecCertificateCopySubjectSummary(cert);
1092	#elif CURL_BUILD_MAC_10_7
1093	SecCertificateCopyCommonName(cert, &common_name);
1094	#endif
1095	if(CFStringCompare(common_name, label_cf, `0`) == kCFCompareEqualTo) {
1096	CFRelease(cert);
1097	CFRelease(common_name);
1098	CFRetain(identity);
1099	*out_cert_and_key = identity;
1100	status = noErr;
1101	break;
1102	}
1103	CFRelease(common_name);
1104	}
1105	CFRelease(cert);
1106	}
1107	}
1108
1109	if(keys_list)
1110	CFRelease(keys_list);
1111	CFRelease(query_dict);
1112	CFRelease(label_cf);
1113	}
1114	else {
1115	#if CURL_SUPPORT_MAC_10_6
1116	/ On Leopard and Snow Leopard, fall back to SecKeychainSearch. /
1117	status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
1118	#endif /* CURL_SUPPORT_MAC_10_6 */
1119	}
1120	#elif CURL_SUPPORT_MAC_10_6
1121	/ For developers building on older cats, we have no choice but to fall back*
1122	to SecKeychainSearch. /*
1123	status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
1124	#endif /* CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS */
1125	return status;
1126	}
1127
1128	static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
1129	const char *cPassword,
1130	SecIdentityRef *out_cert_and_key)
1131	{
1132	OSStatus status = errSecItemNotFound;
1133	CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL,
1134	(const UInt8 *)cPath, strlen(cPath), false);
1135	CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
1136	cPassword, kCFStringEncodingUTF8) : NULL;
1137	CFDataRef pkcs_data = NULL;
1138
1139	/ We can import P12 files on iOS or OS X 10.7 or later: /
1140	/ These constants are documented as having first appeared in 10.6 but they*
1141	raise linker errors when used on that cat for some reason. /*
1142	#if CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS
1143	if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
1144	NULL, NULL, &status)) {
1145	CFArrayRef items = NULL;
1146
1147	/ On iOS SecPKCS12Import will never add the client certificate to the*
1148	* Keychain.
1149	*
1150	* It gives us back a SecIdentityRef that we can use directly. */
1151	#if CURL_BUILD_IOS
1152	const void *cKeys[] = {kSecImportExportPassphrase};
1153	const void *cValues[] = {password};
1154	CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
1155	password ? `1L` : `0L`, NULL, NULL);
1156
1157	if(options != NULL) {
1158	status = SecPKCS12Import(pkcs_data, options, &items);
1159	CFRelease(options);
1160	}
1161
1162
1163	/ On macOS SecPKCS12Import will always add the client certificate to*
1164	* the Keychain.
1165	*
1166	* As this doesn't match iOS, and apps may not want to see their client
1167	* certificate saved in the the user's keychain, we use SecItemImport
1168	* with a NULL keychain to avoid importing it.
1169	*
1170	* This returns a SecCertificateRef from which we can construct a
1171	* SecIdentityRef.
1172	*/
1173	#elif CURL_BUILD_MAC_10_7
1174	SecItemImportExportKeyParameters keyParams;
1175	SecExternalFormat inputFormat = kSecFormatPKCS12;
1176	SecExternalItemType inputType = kSecItemTypeCertificate;
1177
1178	memset(&keyParams, `0x00`, sizeof(keyParams));
1179	keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
1180	keyParams.passphrase = password;
1181
1182	status = SecItemImport(pkcs_data, NULL, &inputFormat, &inputType,
1183	`0`, &keyParams, NULL, &items);
1184	#endif
1185
1186
1187	/ Extract the SecIdentityRef /
1188	if(status == errSecSuccess && items && CFArrayGetCount(items)) {
1189	CFIndex i, count;
1190	count = CFArrayGetCount(items);
1191
1192	for(i = `0`; i < count; i++) {
1193	CFTypeRef item = (CFTypeRef) CFArrayGetValueAtIndex(items, i);
1194	CFTypeID itemID = CFGetTypeID(item);
1195
1196	if(itemID == CFDictionaryGetTypeID()) {
1197	CFTypeRef identity = (CFTypeRef) CFDictionaryGetValue(
1198	(CFDictionaryRef) item,
1199	kSecImportItemIdentity);
1200	CFRetain(identity);
1201	*out_cert_and_key = (SecIdentityRef) identity;
1202	break;
1203	}
1204	#if CURL_BUILD_MAC_10_7
1205	else if(itemID == SecCertificateGetTypeID()) {
1206	status = SecIdentityCreateWithCertificate(NULL,
1207	(SecCertificateRef) item,
1208	out_cert_and_key);
1209	break;
1210	}
1211	#endif
1212	}
1213	}
1214
1215	if(items)
1216	CFRelease(items);
1217	CFRelease(pkcs_data);
1218	}
1219	#endif /* CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS */
1220	if(password)
1221	CFRelease(password);
1222	CFRelease(pkcs_url);
1223	return status;
1224	}
1225
1226	/ This code was borrowed from nss.c, with some modifications:*
1227	* Determine whether the nickname passed in is a filename that needs to
1228	* be loaded as a PEM or a regular NSS nickname.
1229	*
1230	* returns 1 for a file
1231	* returns 0 for not a file
1232	*/
1233	CF_INLINE bool is_file(const char *filename)
1234	{
1235	struct_stat st;
1236
1237	if(filename == NULL)
1238	return false;
1239
1240	if(stat(filename, &st) == `0`)
1241	return S_ISREG(st.st_mode);
1242	return false;
1243	}
1244
1245	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
1246	static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver,
1247	long ssl_version)
1248	{
1249	switch(ssl_version) {
1250	case CURL_SSLVERSION_TLSv1_0:
1251	*darwinver = kTLSProtocol1;
1252	return CURLE_OK;
1253	case CURL_SSLVERSION_TLSv1_1:
1254	*darwinver = kTLSProtocol11;
1255	return CURLE_OK;
1256	case CURL_SSLVERSION_TLSv1_2:
1257	*darwinver = kTLSProtocol12;
1258	return CURLE_OK;
1259	case CURL_SSLVERSION_TLSv1_3:
1260	/ TLS 1.3 support first appeared in iOS 11 and macOS 10.13 /
1261	#if (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
1262	if(__builtin_available(macOS `10.13`, iOS `11.0`, *)) {
1263	*darwinver = kTLSProtocol13;
1264	return CURLE_OK;
1265	}
1266	#endif /* (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) &&
1267	HAVE_BUILTIN_AVAILABLE == 1 */
1268	break;
1269	}
1270	return CURLE_SSL_CONNECT_ERROR;
1271	}
1272	#endif
1273
1274	static CURLcode
1275	set_ssl_version_min_max(struct connectdata conn, int* sockindex)
1276	{
1277	struct Curl_easy *data = conn->data;
1278	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1279	long ssl_version = SSL_CONN_CONFIG(version);
1280	long ssl_version_max = SSL_CONN_CONFIG(version_max);
1281	long max_supported_version_by_os;
1282
1283	/ macOS 10.5-10.7 supported TLS 1.0 only.*
1284	macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2.
1285	macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. /*
1286	#if (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
1287	if(__builtin_available(macOS `10.13`, iOS `11.0`, *)) {
1288	max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3;
1289	}
1290	else {
1291	max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
1292	}
1293	#else
1294	max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
1295	#endif /* (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) &&
1296	HAVE_BUILTIN_AVAILABLE == 1 */
1297
1298	switch(ssl_version) {
1299	case CURL_SSLVERSION_DEFAULT:
1300	case CURL_SSLVERSION_TLSv1:
1301	ssl_version = CURL_SSLVERSION_TLSv1_0;
1302	break;
1303	}
1304
1305	switch(ssl_version_max) {
1306	case CURL_SSLVERSION_MAX_NONE:
1307	case CURL_SSLVERSION_MAX_DEFAULT:
1308	ssl_version_max = max_supported_version_by_os;
1309	break;
1310	}
1311
1312	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
1313	if(SSLSetProtocolVersionMax != NULL) {
1314	SSLProtocol darwin_ver_min = kTLSProtocol1;
1315	SSLProtocol darwin_ver_max = kTLSProtocol1;
1316	CURLcode result = sectransp_version_from_curl(&darwin_ver_min,
1317	ssl_version);
1318	if(result) {
1319	failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
1320	return result;
1321	}
1322	result = sectransp_version_from_curl(&darwin_ver_max,
1323	ssl_version_max >> `16`);
1324	if(result) {
1325	failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
1326	return result;
1327	}
1328
1329	(void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, darwin_ver_min);
1330	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, darwin_ver_max);
1331	return result;
1332	}
1333	else {
1334	#if CURL_SUPPORT_MAC_10_8
1335	long i = ssl_version;
1336	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1337	kSSLProtocolAll,
1338	false);
1339	for(; i <= (ssl_version_max >> `16`); i++) {
1340	switch(i) {
1341	case CURL_SSLVERSION_TLSv1_0:
1342	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1343	kTLSProtocol1,
1344	true);
1345	break;
1346	case CURL_SSLVERSION_TLSv1_1:
1347	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1348	kTLSProtocol11,
1349	true);
1350	break;
1351	case CURL_SSLVERSION_TLSv1_2:
1352	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1353	kTLSProtocol12,
1354	true);
1355	break;
1356	case CURL_SSLVERSION_TLSv1_3:
1357	failf(data, "Your version of the OS does not support TLSv1.3");
1358	return CURLE_SSL_CONNECT_ERROR;
1359	}
1360	}
1361	return CURLE_OK;
1362	#endif /* CURL_SUPPORT_MAC_10_8 */
1363	}
1364	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
1365	failf(data, "Secure Transport: cannot set SSL protocol");
1366	return CURLE_SSL_CONNECT_ERROR;
1367	}
1368
1369
1370	static CURLcode sectransp_connect_step1(struct connectdata *conn,
1371	int sockindex)
1372	{
1373	struct Curl_easy *data = conn->data;
1374	curl_socket_t sockfd = conn->sock[sockindex];
1375	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1376	const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
1377	const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
1378	char * const ssl_cert = SSL_SET_OPTION(cert);
1379	const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1380	conn->host.name;
1381	const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
1382	#ifdef ENABLE_IPV6
1383	struct in6_addr addr;
1384	#else
1385	struct in_addr addr;
1386	#endif /* ENABLE_IPV6 */
1387	size_t all_ciphers_count = `0UL`, allowed_ciphers_count = `0UL`, i;
1388	SSLCipherSuite all_ciphers = NULL, allowed_ciphers = NULL;
1389	OSStatus err = noErr;
1390	#if CURL_BUILD_MAC
1391	int darwinver_maj = `0`, darwinver_min = `0`;
1392
1393	GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
1394	#endif /* CURL_BUILD_MAC */
1395
1396	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
1397	if(SSLCreateContext != NULL) { / use the newer API if available /
1398	if(BACKEND->ssl_ctx)
1399	CFRelease(BACKEND->ssl_ctx);
1400	BACKEND->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
1401	if(!BACKEND->ssl_ctx) {
1402	failf(data, "SSL: couldn't create a context!");
1403	return CURLE_OUT_OF_MEMORY;
1404	}
1405	}
1406	else {
1407	/ The old ST API does not exist under iOS, so don't compile it: /
1408	#if CURL_SUPPORT_MAC_10_8
1409	if(BACKEND->ssl_ctx)
1410	(void)SSLDisposeContext(BACKEND->ssl_ctx);
1411	err = SSLNewContext(false, &(BACKEND->ssl_ctx));
1412	if(err != noErr) {
1413	failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1414	return CURLE_OUT_OF_MEMORY;
1415	}
1416	#endif /* CURL_SUPPORT_MAC_10_8 */
1417	}
1418	#else
1419	if(BACKEND->ssl_ctx)
1420	(void)SSLDisposeContext(BACKEND->ssl_ctx);
1421	err = SSLNewContext(false, &(BACKEND->ssl_ctx));
1422	if(err != noErr) {
1423	failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1424	return CURLE_OUT_OF_MEMORY;
1425	}
1426	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
1427	BACKEND->ssl_write_buffered_length = `0UL`; / reset buffered write length /
1428
1429	/ check to see if we've been told to use an explicit SSL/TLS version /
1430	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
1431	if(SSLSetProtocolVersionMax != NULL) {
1432	switch(conn->ssl_config.version) {
1433	case CURL_SSLVERSION_TLSv1:
1434	(void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1);
1435	#if (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
1436	if(__builtin_available(macOS `10.13`, iOS `11.0`, *)) {
1437	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol13);
1438	}
1439	else {
1440	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12);
1441	}
1442	#else
1443	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12);
1444	#endif /* (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) &&
1445	HAVE_BUILTIN_AVAILABLE == 1 */
1446	break;
1447	case CURL_SSLVERSION_DEFAULT:
1448	case CURL_SSLVERSION_TLSv1_0:
1449	case CURL_SSLVERSION_TLSv1_1:
1450	case CURL_SSLVERSION_TLSv1_2:
1451	case CURL_SSLVERSION_TLSv1_3:
1452	{
1453	CURLcode result = set_ssl_version_min_max(conn, sockindex);
1454	if(result != CURLE_OK)
1455	return result;
1456	break;
1457	}
1458	case CURL_SSLVERSION_SSLv3:
1459	err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol3);
1460	if(err != noErr) {
1461	failf(data, "Your version of the OS does not support SSLv3");
1462	return CURLE_SSL_CONNECT_ERROR;
1463	}
1464	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol3);
1465	break;
1466	case CURL_SSLVERSION_SSLv2:
1467	err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol2);
1468	if(err != noErr) {
1469	failf(data, "Your version of the OS does not support SSLv2");
1470	return CURLE_SSL_CONNECT_ERROR;
1471	}
1472	(void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol2);
1473	break;
1474	default:
1475	failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1476	return CURLE_SSL_CONNECT_ERROR;
1477	}
1478	}
1479	else {
1480	#if CURL_SUPPORT_MAC_10_8
1481	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1482	kSSLProtocolAll,
1483	false);
1484	switch(conn->ssl_config.version) {
1485	case CURL_SSLVERSION_DEFAULT:
1486	case CURL_SSLVERSION_TLSv1:
1487	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1488	kTLSProtocol1,
1489	true);
1490	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1491	kTLSProtocol11,
1492	true);
1493	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1494	kTLSProtocol12,
1495	true);
1496	break;
1497	case CURL_SSLVERSION_TLSv1_0:
1498	case CURL_SSLVERSION_TLSv1_1:
1499	case CURL_SSLVERSION_TLSv1_2:
1500	case CURL_SSLVERSION_TLSv1_3:
1501	{
1502	CURLcode result = set_ssl_version_min_max(conn, sockindex);
1503	if(result != CURLE_OK)
1504	return result;
1505	break;
1506	}
1507	case CURL_SSLVERSION_SSLv3:
1508	err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1509	kSSLProtocol3,
1510	true);
1511	if(err != noErr) {
1512	failf(data, "Your version of the OS does not support SSLv3");
1513	return CURLE_SSL_CONNECT_ERROR;
1514	}
1515	break;
1516	case CURL_SSLVERSION_SSLv2:
1517	err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1518	kSSLProtocol2,
1519	true);
1520	if(err != noErr) {
1521	failf(data, "Your version of the OS does not support SSLv2");
1522	return CURLE_SSL_CONNECT_ERROR;
1523	}
1524	break;
1525	default:
1526	failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1527	return CURLE_SSL_CONNECT_ERROR;
1528	}
1529	#endif /* CURL_SUPPORT_MAC_10_8 */
1530	}
1531	#else
1532	if(conn->ssl_config.version_max != CURL_SSLVERSION_MAX_NONE) {
1533	failf(data, "Your version of the OS does not support to set maximum"
1534	" SSL/TLS version");
1535	return CURLE_SSL_CONNECT_ERROR;
1536	}
1537	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocolAll, false);
1538	switch(conn->ssl_config.version) {
1539	case CURL_SSLVERSION_DEFAULT:
1540	case CURL_SSLVERSION_TLSv1:
1541	case CURL_SSLVERSION_TLSv1_0:
1542	(void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1543	kTLSProtocol1,
1544	true);
1545	break;
1546	case CURL_SSLVERSION_TLSv1_1:
1547	failf(data, "Your version of the OS does not support TLSv1.1");
1548	return CURLE_SSL_CONNECT_ERROR;
1549	case CURL_SSLVERSION_TLSv1_2:
1550	failf(data, "Your version of the OS does not support TLSv1.2");
1551	return CURLE_SSL_CONNECT_ERROR;
1552	case CURL_SSLVERSION_TLSv1_3:
1553	failf(data, "Your version of the OS does not support TLSv1.3");
1554	return CURLE_SSL_CONNECT_ERROR;
1555	case CURL_SSLVERSION_SSLv2:
1556	err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1557	kSSLProtocol2,
1558	true);
1559	if(err != noErr) {
1560	failf(data, "Your version of the OS does not support SSLv2");
1561	return CURLE_SSL_CONNECT_ERROR;
1562	}
1563	break;
1564	case CURL_SSLVERSION_SSLv3:
1565	err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
1566	kSSLProtocol3,
1567	true);
1568	if(err != noErr) {
1569	failf(data, "Your version of the OS does not support SSLv3");
1570	return CURLE_SSL_CONNECT_ERROR;
1571	}
1572	break;
1573	default:
1574	failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1575	return CURLE_SSL_CONNECT_ERROR;
1576	}
1577	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
1578
1579	#if (CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
1580	if(conn->bits.tls_enable_alpn) {
1581	if(__builtin_available(macOS `10.13.4`, iOS `11`, tvOS `11`, *)) {
1582	CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, `0`,
1583	&kCFTypeArrayCallBacks);
1584
1585	#ifdef USE_NGHTTP2
1586	if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
1587	(!SSL_IS_PROXY() \|\| !conn->bits.tunnel_proxy)) {
1588	CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID));
1589	infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
1590	}
1591	#endif
1592
1593	CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
1594	infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
1595
1596	/ expects length prefixed preference ordered list of protocols in wire*
1597	* format
1598	*/
1599	err = SSLSetALPNProtocols(BACKEND->ssl_ctx, alpnArr);
1600	if(err != noErr)
1601	infof(data, "WARNING: failed to set ALPN protocols; OSStatus %d\n",
1602	err);
1603	CFRelease(alpnArr);
1604	}
1605	}
1606	#endif
1607
1608	if(SSL_SET_OPTION(key)) {
1609	infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
1610	"Transport. The private key must be in the Keychain.\n");
1611	}
1612
1613	if(ssl_cert) {
1614	SecIdentityRef cert_and_key = NULL;
1615	bool is_cert_file = is_file(ssl_cert);
1616
1617	/ User wants to authenticate with a client cert. Look for it:*
1618	If we detect that this is a file on disk, then let's load it.
1619	Otherwise, assume that the user wants to use an identity loaded
1620	from the Keychain. /*
1621	if(is_cert_file) {
1622	if(!SSL_SET_OPTION(cert_type))
1623	infof(data, "WARNING: SSL: Certificate type not set, assuming "
1624	"PKCS#12 format.\n");
1625	else if(strncmp(SSL_SET_OPTION(cert_type), "P12",
1626	strlen(SSL_SET_OPTION(cert_type))) != `0`)
1627	infof(data, "WARNING: SSL: The Security framework only supports "
1628	"loading identities that are in PKCS#12 format.\n");
1629
1630	err = CopyIdentityFromPKCS12File(ssl_cert,
1631	SSL_SET_OPTION(key_passwd), &cert_and_key);
1632	}
1633	else
1634	err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
1635
1636	if(err == noErr && cert_and_key) {
1637	SecCertificateRef cert = NULL;
1638	CFTypeRef certs_c[`1`];
1639	CFArrayRef certs;
1640
1641	/ If we found one, print it out: /
1642	err = SecIdentityCopyCertificate(cert_and_key, &cert);
1643	if(err == noErr) {
1644	char *certp;
1645	CURLcode result = CopyCertSubject(data, cert, &certp);
1646	if(!result) {
1647	infof(data, "Client certificate: %s\n", certp);
1648	free(certp);
1649	}
1650
1651	CFRelease(cert);
1652	if(result == CURLE_PEER_FAILED_VERIFICATION)
1653	return CURLE_SSL_CERTPROBLEM;
1654	if(result)
1655	return result;
1656	}
1657	certs_c[`0`] = cert_and_key;
1658	certs = CFArrayCreate(NULL, (const void **)certs_c, `1L`,
1659	&kCFTypeArrayCallBacks);
1660	err = SSLSetCertificate(BACKEND->ssl_ctx, certs);
1661	if(certs)
1662	CFRelease(certs);
1663	if(err != noErr) {
1664	failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
1665	return CURLE_SSL_CERTPROBLEM;
1666	}
1667	CFRelease(cert_and_key);
1668	}
1669	else {
1670	switch(err) {
1671	case errSecAuthFailed: case -`25264`: / errSecPkcs12VerifyFailure /
1672	failf(data, "SSL: Incorrect password for the certificate \"%s\" "
1673	"and its private key.", ssl_cert);
1674	break;
1675	case -`26275`: / errSecDecode / case -`25257`: / errSecUnknownFormat /
1676	failf(data, "SSL: Couldn't make sense of the data in the "
1677	"certificate \"%s\" and its private key.",
1678	ssl_cert);
1679	break;
1680	case -`25260`: / errSecPassphraseRequired /
1681	failf(data, "SSL The certificate \"%s\" requires a password.",
1682	ssl_cert);
1683	break;
1684	case errSecItemNotFound:
1685	failf(data, "SSL: Can't find the certificate \"%s\" and its private "
1686	"key in the Keychain.", ssl_cert);
1687	break;
1688	default:
1689	failf(data, "SSL: Can't load the certificate \"%s\" and its private "
1690	"key: OSStatus %d", ssl_cert, err);
1691	break;
1692	}
1693	return CURLE_SSL_CERTPROBLEM;
1694	}
1695	}
1696
1697	/ SSL always tries to verify the peer, this only says whether it should*
1698	* fail to connect if the verification fails, or if it should continue
1699	* anyway. In the latter case the result of the verification is checked with
1700	* SSL_get_verify_result() below. */
1701	#if CURL_BUILD_MAC_10_6 \|\| CURL_BUILD_IOS
1702	/ Snow Leopard introduced the SSLSetSessionOption() function, but due to*
1703	a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
1704	works, it doesn't work as expected under Snow Leopard, Lion or
1705	Mountain Lion.
1706	So we need to call SSLSetEnableCertVerify() on those older cats in order
1707	to disable certificate validation if the user turned that off.
1708	(SecureTransport will always validate the certificate chain by
1709	default.)
1710	Note:
1711	Darwin 11.x.x is Lion (10.7)
1712	Darwin 12.x.x is Mountain Lion (10.8)
1713	Darwin 13.x.x is Mavericks (10.9)
1714	Darwin 14.x.x is Yosemite (10.10)
1715	Darwin 15.x.x is El Capitan (10.11)
1716	*/
1717	#if CURL_BUILD_MAC
1718	if(SSLSetSessionOption != NULL && darwinver_maj >= `13`) {
1719	#else
1720	if(SSLSetSessionOption != NULL) {
1721	#endif /* CURL_BUILD_MAC */
1722	bool break_on_auth = !conn->ssl_config.verifypeer \|\| ssl_cafile;
1723	err = SSLSetSessionOption(BACKEND->ssl_ctx,
1724	kSSLSessionOptionBreakOnServerAuth,
1725	break_on_auth);
1726	if(err != noErr) {
1727	failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
1728	return CURLE_SSL_CONNECT_ERROR;
1729	}
1730	}
1731	else {
1732	#if CURL_SUPPORT_MAC_10_8
1733	err = SSLSetEnableCertVerify(BACKEND->ssl_ctx,
1734	conn->ssl_config.verifypeer?true:false);
1735	if(err != noErr) {
1736	failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1737	return CURLE_SSL_CONNECT_ERROR;
1738	}
1739	#endif /* CURL_SUPPORT_MAC_10_8 */
1740	}
1741	#else
1742	err = SSLSetEnableCertVerify(BACKEND->ssl_ctx,
1743	conn->ssl_config.verifypeer?true:false);
1744	if(err != noErr) {
1745	failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1746	return CURLE_SSL_CONNECT_ERROR;
1747	}
1748	#endif /* CURL_BUILD_MAC_10_6 \|\| CURL_BUILD_IOS */
1749
1750	if(ssl_cafile && verifypeer) {
1751	bool is_cert_file = is_file(ssl_cafile);
1752
1753	if(!is_cert_file) {
1754	failf(data, "SSL: can't load CA certificate file %s", ssl_cafile);
1755	return CURLE_SSL_CACERT_BADFILE;
1756	}
1757	}
1758
1759	/ Configure hostname check. SNI is used if available.*
1760	* Both hostname check and SNI require SSLSetPeerDomainName().
1761	* Also: the verifyhost setting influences SNI usage */
1762	if(conn->ssl_config.verifyhost) {
1763	err = SSLSetPeerDomainName(BACKEND->ssl_ctx, hostname,
1764	strlen(hostname));
1765
1766	if(err != noErr) {
1767	infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
1768	err);
1769	}
1770
1771	if((Curl_inet_pton(AF_INET, hostname, &addr))
1772	#ifdef ENABLE_IPV6
1773	\|\| (Curl_inet_pton(AF_INET6, hostname, &addr))
1774	#endif
1775	) {
1776	infof(data, "WARNING: using IP address, SNI is being disabled by "
1777	"the OS.\n");
1778	}
1779	}
1780	else {
1781	infof(data, "WARNING: disabling hostname validation also disables SNI.\n");
1782	}
1783
1784	/ Disable cipher suites that ST supports but are not safe. These ciphers*
1785	are unlikely to be used in any case since ST gives other ciphers a much
1786	higher priority, but it's probably better that we not connect at all than
1787	to give the user a false sense of security if the server only supports
1788	insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) /*
1789	err = SSLGetNumberSupportedCiphers(BACKEND->ssl_ctx, &all_ciphers_count);
1790	if(err != noErr) {
1791	failf(data, "SSL: SSLGetNumberSupportedCiphers() failed: OSStatus %d",
1792	err);
1793	return CURLE_SSL_CIPHER;
1794	}
1795	all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1796	if(!all_ciphers) {
1797	failf(data, "SSL: Failed to allocate memory for all ciphers");
1798	return CURLE_OUT_OF_MEMORY;
1799	}
1800	allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1801	if(!allowed_ciphers) {
1802	Curl_safefree(all_ciphers);
1803	failf(data, "SSL: Failed to allocate memory for allowed ciphers");
1804	return CURLE_OUT_OF_MEMORY;
1805	}
1806	err = SSLGetSupportedCiphers(BACKEND->ssl_ctx, all_ciphers,
1807	&all_ciphers_count);
1808	if(err != noErr) {
1809	Curl_safefree(all_ciphers);
1810	Curl_safefree(allowed_ciphers);
1811	return CURLE_SSL_CIPHER;
1812	}
1813	for(i = `0UL` ; i < all_ciphers_count ; i++) {
1814	#if CURL_BUILD_MAC
1815	/ There's a known bug in early versions of Mountain Lion where ST's ECC*
1816	ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
1817	Work around the problem here by disabling those ciphers if we are
1818	running in an affected version of OS X. /*
1819	if(darwinver_maj == `12` && darwinver_min <= `3` &&
1820	all_ciphers[i] >= `0xC001` && all_ciphers[i] <= `0xC032`) {
1821	continue;
1822	}
1823	#endif /* CURL_BUILD_MAC */
1824	switch(all_ciphers[i]) {
1825	/ Disable NULL ciphersuites: /
1826	case SSL_NULL_WITH_NULL_NULL:
1827	case SSL_RSA_WITH_NULL_MD5:
1828	case SSL_RSA_WITH_NULL_SHA:
1829	case `0x003B`: / TLS_RSA_WITH_NULL_SHA256 /
1830	case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1831	case `0xC001`: / TLS_ECDH_ECDSA_WITH_NULL_SHA /
1832	case `0xC006`: / TLS_ECDHE_ECDSA_WITH_NULL_SHA /
1833	case `0xC00B`: / TLS_ECDH_RSA_WITH_NULL_SHA /
1834	case `0xC010`: / TLS_ECDHE_RSA_WITH_NULL_SHA /
1835	case `0x002C`: / TLS_PSK_WITH_NULL_SHA /
1836	case `0x002D`: / TLS_DHE_PSK_WITH_NULL_SHA /
1837	case `0x002E`: / TLS_RSA_PSK_WITH_NULL_SHA /
1838	case `0x00B0`: / TLS_PSK_WITH_NULL_SHA256 /
1839	case `0x00B1`: / TLS_PSK_WITH_NULL_SHA384 /
1840	case `0x00B4`: / TLS_DHE_PSK_WITH_NULL_SHA256 /
1841	case `0x00B5`: / TLS_DHE_PSK_WITH_NULL_SHA384 /
1842	case `0x00B8`: / TLS_RSA_PSK_WITH_NULL_SHA256 /
1843	case `0x00B9`: / TLS_RSA_PSK_WITH_NULL_SHA384 /
1844	/ Disable anonymous ciphersuites: /
1845	case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
1846	case SSL_DH_anon_WITH_RC4_128_MD5:
1847	case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
1848	case SSL_DH_anon_WITH_DES_CBC_SHA:
1849	case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
1850	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
1851	case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1852	case `0xC015`: / TLS_ECDH_anon_WITH_NULL_SHA /
1853	case `0xC016`: / TLS_ECDH_anon_WITH_RC4_128_SHA /
1854	case `0xC017`: / TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA /
1855	case `0xC018`: / TLS_ECDH_anon_WITH_AES_128_CBC_SHA /
1856	case `0xC019`: / TLS_ECDH_anon_WITH_AES_256_CBC_SHA /
1857	case `0x006C`: / TLS_DH_anon_WITH_AES_128_CBC_SHA256 /
1858	case `0x006D`: / TLS_DH_anon_WITH_AES_256_CBC_SHA256 /
1859	case `0x00A6`: / TLS_DH_anon_WITH_AES_128_GCM_SHA256 /
1860	case `0x00A7`: / TLS_DH_anon_WITH_AES_256_GCM_SHA384 /
1861	/ Disable weak key ciphersuites: /
1862	case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
1863	case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
1864	case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
1865	case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
1866	case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
1867	case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
1868	case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
1869	case SSL_RSA_WITH_DES_CBC_SHA:
1870	case SSL_DH_DSS_WITH_DES_CBC_SHA:
1871	case SSL_DH_RSA_WITH_DES_CBC_SHA:
1872	case SSL_DHE_DSS_WITH_DES_CBC_SHA:
1873	case SSL_DHE_RSA_WITH_DES_CBC_SHA:
1874	/ Disable IDEA: /
1875	case SSL_RSA_WITH_IDEA_CBC_SHA:
1876	case SSL_RSA_WITH_IDEA_CBC_MD5:
1877	/ Disable RC4: /
1878	case SSL_RSA_WITH_RC4_128_MD5:
1879	case SSL_RSA_WITH_RC4_128_SHA:
1880	case `0xC002`: / TLS_ECDH_ECDSA_WITH_RC4_128_SHA /
1881	case `0xC007`: / TLS_ECDHE_ECDSA_WITH_RC4_128_SHA/
1882	case `0xC00C`: / TLS_ECDH_RSA_WITH_RC4_128_SHA /
1883	case `0xC011`: / TLS_ECDHE_RSA_WITH_RC4_128_SHA /
1884	case `0x008A`: / TLS_PSK_WITH_RC4_128_SHA /
1885	case `0x008E`: / TLS_DHE_PSK_WITH_RC4_128_SHA /
1886	case `0x0092`: / TLS_RSA_PSK_WITH_RC4_128_SHA /
1887	break;
1888	default: / enable everything else /
1889	allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
1890	break;
1891	}
1892	}
1893	err = SSLSetEnabledCiphers(BACKEND->ssl_ctx, allowed_ciphers,
1894	allowed_ciphers_count);
1895	Curl_safefree(all_ciphers);
1896	Curl_safefree(allowed_ciphers);
1897	if(err != noErr) {
1898	failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
1899	return CURLE_SSL_CIPHER;
1900	}
1901
1902	#if CURL_BUILD_MAC_10_9 \|\| CURL_BUILD_IOS_7
1903	/ We want to enable 1/n-1 when using a CBC cipher unless the user*
1904	specifically doesn't want us doing that: /*
1905	if(SSLSetSessionOption != NULL) {
1906	SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
1907	!data->set.ssl.enable_beast);
1908	SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionFalseStart,
1909	data->set.ssl.falsestart); / false start support /
1910	}
1911	#endif /* CURL_BUILD_MAC_10_9 \|\| CURL_BUILD_IOS_7 */
1912
1913	/ Check if there's a cached ID we can/should use here! /
1914	if(SSL_SET_OPTION(primary.sessionid)) {
1915	char *ssl_sessionid;
1916	size_t ssl_sessionid_len;
1917
1918	Curl_ssl_sessionid_lock(conn);
1919	if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
1920	&ssl_sessionid_len, sockindex)) {
1921	/ we got a session id, use it! /
1922	err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1923	Curl_ssl_sessionid_unlock(conn);
1924	if(err != noErr) {
1925	failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1926	return CURLE_SSL_CONNECT_ERROR;
1927	}
1928	/ Informational message /
1929	infof(data, "SSL re-using session ID\n");
1930	}
1931	/ If there isn't one, then let's make one up! This has to be done prior*
1932	to starting the handshake. /*
1933	else {
1934	CURLcode result;
1935	ssl_sessionid =
1936	aprintf("%s:%d:%d:%s:%hu", ssl_cafile,
1937	verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port);
1938	ssl_sessionid_len = strlen(ssl_sessionid);
1939
1940	err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1941	if(err != noErr) {
1942	Curl_ssl_sessionid_unlock(conn);
1943	failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1944	return CURLE_SSL_CONNECT_ERROR;
1945	}
1946
1947	result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
1948	sockindex);
1949	Curl_ssl_sessionid_unlock(conn);
1950	if(result) {
1951	failf(data, "failed to store ssl session");
1952	return result;
1953	}
1954	}
1955	}
1956
1957	err = SSLSetIOFuncs(BACKEND->ssl_ctx, SocketRead, SocketWrite);
1958	if(err != noErr) {
1959	failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
1960	return CURLE_SSL_CONNECT_ERROR;
1961	}
1962
1963	/ pass the raw socket into the SSL layers /
1964	/ We need to store the FD in a constant memory address, because*
1965	* SSLSetConnection() will not copy that address. I've found that
1966	* conn->sock[sockindex] may change on its own. */
1967	BACKEND->ssl_sockfd = sockfd;
1968	err = SSLSetConnection(BACKEND->ssl_ctx, connssl);
1969	if(err != noErr) {
1970	failf(data, "SSL: SSLSetConnection() failed: %d", err);
1971	return CURLE_SSL_CONNECT_ERROR;
1972	}
1973
1974	connssl->connecting_state = ssl_connect_2;
1975	return CURLE_OK;
1976	}
1977
1978	static long pem_to_der(const char in, unsigned* char *out, size_t outlen)
1979	{
1980	char sep_start, sep_end, cert_start, cert_end;
1981	size_t i, j, err;
1982	size_t len;
1983	unsigned char *b64;
1984
1985	/ Jump through the separators at the beginning of the certificate. /
1986	sep_start = strstr(in, "-----");
1987	if(sep_start == NULL)
1988	return `0`;
1989	cert_start = strstr(sep_start + `1`, "-----");
1990	if(cert_start == NULL)
1991	return -`1`;
1992
1993	cert_start += `5`;
1994
1995	/ Find separator after the end of the certificate. /
1996	cert_end = strstr(cert_start, "-----");
1997	if(cert_end == NULL)
1998	return -`1`;
1999
2000	sep_end = strstr(cert_end + `1`, "-----");
2001	if(sep_end == NULL)
2002	return -`1`;
2003	sep_end += `5`;
2004
2005	len = cert_end - cert_start;
2006	b64 = malloc(len + `1`);
2007	if(!b64)
2008	return -`1`;
2009
2010	/ Create base64 string without linefeeds. /
2011	for(i = `0`, j = `0`; i < len; i++) {
2012	if(cert_start[i] != `'\r'` && cert_start[i] != `'\n'`)
2013	b64[j++] = cert_start[i];
2014	}
2015	b64[j] = `'\0'`;
2016
2017	err = Curl_base64_decode((const char *)b64, out, outlen);
2018	free(b64);
2019	if(err) {
2020	free(*out);
2021	return -`1`;
2022	}
2023
2024	return sep_end - in;
2025	}
2026
2027	static int read_cert(const char file, unsigned* char *out, size_t outlen)
2028	{
2029	int fd;
2030	ssize_t n, len = `0`, cap = `512`;
2031	unsigned char buf[`512`], *data;
2032
2033	fd = open(file, `0`);
2034	if(fd < `0`)
2035	return -`1`;
2036
2037	data = malloc(cap);
2038	if(!data) {
2039	close(fd);
2040	return -`1`;
2041	}
2042
2043	for(;;) {
2044	n = read(fd, buf, sizeof(buf));
2045	if(n < `0`) {
2046	close(fd);
2047	free(data);
2048	return -`1`;
2049	}
2050	else if(n == `0`) {
2051	close(fd);
2052	break;
2053	}
2054
2055	if(len + n >= cap) {
2056	cap *= `2`;
2057	data = Curl_saferealloc(data, cap);
2058	if(!data) {
2059	close(fd);
2060	return -`1`;
2061	}
2062	}
2063
2064	memcpy(data + len, buf, n);
2065	len += n;
2066	}
2067	data[len] = `'\0'`;
2068
2069	*out = data;
2070	*outlen = len;
2071
2072	return `0`;
2073	}
2074
2075	static int append_cert_to_array(struct Curl_easy *data,
2076	unsigned char *buf, size_t buflen,
2077	CFMutableArrayRef array)
2078	{
2079	CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
2080	char *certp;
2081	CURLcode result;
2082	if(!certdata) {
2083	failf(data, "SSL: failed to allocate array for CA certificate");
2084	return CURLE_OUT_OF_MEMORY;
2085	}
2086
2087	SecCertificateRef cacert =
2088	SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
2089	CFRelease(certdata);
2090	if(!cacert) {
2091	failf(data, "SSL: failed to create SecCertificate from CA certificate");
2092	return CURLE_SSL_CACERT_BADFILE;
2093	}
2094
2095	/ Check if cacert is valid. /
2096	result = CopyCertSubject(data, cacert, &certp);
2097	switch(result) {
2098	case CURLE_OK:
2099	break;
2100	case CURLE_PEER_FAILED_VERIFICATION:
2101	return CURLE_SSL_CACERT_BADFILE;
2102	case CURLE_OUT_OF_MEMORY:
2103	default:
2104	return result;
2105	}
2106	free(certp);
2107
2108	CFArrayAppendValue(array, cacert);
2109	CFRelease(cacert);
2110
2111	return CURLE_OK;
2112	}
2113
2114	static CURLcode verify_cert(const char cafile, struct* Curl_easy *data,
2115	SSLContextRef ctx)
2116	{
2117	int n = `0`, rc;
2118	long res;
2119	unsigned char certbuf, der;
2120	size_t buflen, derlen, offset = `0`;
2121
2122	if(read_cert(cafile, &certbuf, &buflen) < `0`) {
2123	failf(data, "SSL: failed to read or invalid CA certificate");
2124	return CURLE_SSL_CACERT_BADFILE;
2125	}
2126
2127	/*
2128	* Certbuf now contains the contents of the certificate file, which can be
2129	* - a single DER certificate,
2130	* - a single PEM certificate or
2131	* - a bunch of PEM certificates (certificate bundle).
2132	*
2133	* Go through certbuf, and convert any PEM certificate in it into DER
2134	* format.
2135	*/
2136	CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, `0`,
2137	&kCFTypeArrayCallBacks);
2138	if(array == NULL) {
2139	free(certbuf);
2140	failf(data, "SSL: out of memory creating CA certificate array");
2141	return CURLE_OUT_OF_MEMORY;
2142	}
2143
2144	while(offset < buflen) {
2145	n++;
2146
2147	/*
2148	* Check if the certificate is in PEM format, and convert it to DER. If
2149	* this fails, we assume the certificate is in DER format.
2150	*/
2151	res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
2152	if(res < `0`) {
2153	free(certbuf);
2154	CFRelease(array);
2155	failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
2156	n, offset);
2157	return CURLE_SSL_CACERT_BADFILE;
2158	}
2159	offset += res;
2160
2161	if(res == `0` && offset == `0`) {
2162	/ This is not a PEM file, probably a certificate in DER format. /
2163	rc = append_cert_to_array(data, certbuf, buflen, array);
2164	free(certbuf);
2165	if(rc != CURLE_OK) {
2166	CFRelease(array);
2167	return rc;
2168	}
2169	break;
2170	}
2171	else if(res == `0`) {
2172	/ No more certificates in the bundle. /
2173	free(certbuf);
2174	break;
2175	}
2176
2177	rc = append_cert_to_array(data, der, derlen, array);
2178	free(der);
2179	if(rc != CURLE_OK) {
2180	free(certbuf);
2181	CFRelease(array);
2182	return rc;
2183	}
2184	}
2185
2186	SecTrustRef trust;
2187	OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
2188	if(trust == NULL) {
2189	failf(data, "SSL: error getting certificate chain");
2190	CFRelease(array);
2191	return CURLE_PEER_FAILED_VERIFICATION;
2192	}
2193	else if(ret != noErr) {
2194	CFRelease(array);
2195	failf(data, "SSLCopyPeerTrust() returned error %d", ret);
2196	return CURLE_PEER_FAILED_VERIFICATION;
2197	}
2198
2199	ret = SecTrustSetAnchorCertificates(trust, array);
2200	if(ret != noErr) {
2201	CFRelease(array);
2202	CFRelease(trust);
2203	failf(data, "SecTrustSetAnchorCertificates() returned error %d", ret);
2204	return CURLE_PEER_FAILED_VERIFICATION;
2205	}
2206	ret = SecTrustSetAnchorCertificatesOnly(trust, true);
2207	if(ret != noErr) {
2208	CFRelease(array);
2209	CFRelease(trust);
2210	failf(data, "SecTrustSetAnchorCertificatesOnly() returned error %d", ret);
2211	return CURLE_PEER_FAILED_VERIFICATION;
2212	}
2213
2214	SecTrustResultType trust_eval = `0`;
2215	ret = SecTrustEvaluate(trust, &trust_eval);
2216	CFRelease(array);
2217	CFRelease(trust);
2218	if(ret != noErr) {
2219	failf(data, "SecTrustEvaluate() returned error %d", ret);
2220	return CURLE_PEER_FAILED_VERIFICATION;
2221	}
2222
2223	switch(trust_eval) {
2224	case kSecTrustResultUnspecified:
2225	case kSecTrustResultProceed:
2226	return CURLE_OK;
2227
2228	case kSecTrustResultRecoverableTrustFailure:
2229	case kSecTrustResultDeny:
2230	default:
2231	failf(data, "SSL: certificate verification failed (result: %d)",
2232	trust_eval);
2233	return CURLE_PEER_FAILED_VERIFICATION;
2234	}
2235	}
2236
2237	#ifdef SECTRANSP_PINNEDPUBKEY
2238	static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
2239	SSLContextRef ctx,
2240	const char *pinnedpubkey)
2241	{ / Scratch /
2242	size_t pubkeylen, realpubkeylen, spkiHeaderLength = `24`;
2243	unsigned char pubkey = NULL, realpubkey = NULL;
2244	const unsigned char *spkiHeader = NULL;
2245	CFDataRef publicKeyBits = NULL;
2246
2247	/ Result is returned to caller /
2248	CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
2249
2250	/ if a path wasn't specified, don't pin /
2251	if(!pinnedpubkey)
2252	return CURLE_OK;
2253
2254
2255	if(!ctx)
2256	return result;
2257
2258	do {
2259	SecTrustRef trust;
2260	OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
2261	if(ret != noErr \|\| trust == NULL)
2262	break;
2263
2264	SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
2265	CFRelease(trust);
2266	if(keyRef == NULL)
2267	break;
2268
2269	#ifdef SECTRANSP_PINNEDPUBKEY_V1
2270
2271	publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL);
2272	CFRelease(keyRef);
2273	if(publicKeyBits == NULL)
2274	break;
2275
2276	#elif SECTRANSP_PINNEDPUBKEY_V2
2277
2278	OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, `0`, NULL,
2279	&publicKeyBits);
2280	CFRelease(keyRef);
2281	if(success != errSecSuccess \|\| publicKeyBits == NULL)
2282	break;
2283
2284	#endif /* SECTRANSP_PINNEDPUBKEY_V2 */
2285
2286	pubkeylen = CFDataGetLength(publicKeyBits);
2287	pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits);
2288
2289	switch(pubkeylen) {
2290	case `526`:
2291	/ 4096 bit RSA pubkeylen == 526 /
2292	spkiHeader = rsa4096SpkiHeader;
2293	break;
2294	case `270`:
2295	/ 2048 bit RSA pubkeylen == 270 /
2296	spkiHeader = rsa2048SpkiHeader;
2297	break;
2298	#ifdef SECTRANSP_PINNEDPUBKEY_V1
2299	case `65`:
2300	/ ecDSA secp256r1 pubkeylen == 65 /
2301	spkiHeader = ecDsaSecp256r1SpkiHeader;
2302	spkiHeaderLength = `26`;
2303	break;
2304	case `97`:
2305	/ ecDSA secp384r1 pubkeylen == 97 /
2306	spkiHeader = ecDsaSecp384r1SpkiHeader;
2307	spkiHeaderLength = `23`;
2308	break;
2309	default:
2310	infof(data, "SSL: unhandled public key length: %d\n", pubkeylen);
2311	#elif SECTRANSP_PINNEDPUBKEY_V2
2312	default:
2313	/ ecDSA secp256r1 pubkeylen == 91 header already included?*
2314	* ecDSA secp384r1 header already included too
2315	* we assume rest of algorithms do same, so do nothing
2316	*/
2317	result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey,
2318	pubkeylen);
2319	#endif /* SECTRANSP_PINNEDPUBKEY_V2 */
2320	continue; / break from loop /
2321	}
2322
2323	realpubkeylen = pubkeylen + spkiHeaderLength;
2324	realpubkey = malloc(realpubkeylen);
2325	if(!realpubkey)
2326	break;
2327
2328	memcpy(realpubkey, spkiHeader, spkiHeaderLength);
2329	memcpy(realpubkey + spkiHeaderLength, pubkey, pubkeylen);
2330
2331	result = Curl_pin_peer_pubkey(data, pinnedpubkey, realpubkey,
2332	realpubkeylen);
2333
2334	} while(`0`);
2335
2336	Curl_safefree(realpubkey);
2337	if(publicKeyBits != NULL)
2338	CFRelease(publicKeyBits);
2339
2340	return result;
2341	}
2342	#endif /* SECTRANSP_PINNEDPUBKEY */
2343
2344	static CURLcode
2345	sectransp_connect_step2(struct connectdata conn, int* sockindex)
2346	{
2347	struct Curl_easy *data = conn->data;
2348	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2349	OSStatus err;
2350	SSLCipherSuite cipher;
2351	SSLProtocol protocol = `0`;
2352	const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
2353	conn->host.name;
2354
2355	DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
2356	\|\| ssl_connect_2_reading == connssl->connecting_state
2357	\|\| ssl_connect_2_writing == connssl->connecting_state);
2358
2359	/ Here goes nothing: /
2360	err = SSLHandshake(BACKEND->ssl_ctx);
2361
2362	if(err != noErr) {
2363	switch(err) {
2364	case errSSLWouldBlock: / they're not done with us yet /
2365	connssl->connecting_state = BACKEND->ssl_direction ?
2366	ssl_connect_2_writing : ssl_connect_2_reading;
2367	return CURLE_OK;
2368
2369	/ The below is errSSLServerAuthCompleted; it's not defined in*
2370	Leopard's headers /*
2371	case -`9841`:
2372	if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
2373	CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data,
2374	BACKEND->ssl_ctx);
2375	if(result)
2376	return result;
2377	}
2378	/ the documentation says we need to call SSLHandshake() again /
2379	return sectransp_connect_step2(conn, sockindex);
2380
2381	/ Problem with encrypt / decrypt /
2382	case errSSLPeerDecodeError:
2383	failf(data, "Decode failed");
2384	break;
2385	case errSSLDecryptionFail:
2386	case errSSLPeerDecryptionFail:
2387	failf(data, "Decryption failed");
2388	break;
2389	case errSSLPeerDecryptError:
2390	failf(data, "A decryption error occurred");
2391	break;
2392	case errSSLBadCipherSuite:
2393	failf(data, "A bad SSL cipher suite was encountered");
2394	break;
2395	case errSSLCrypto:
2396	failf(data, "An underlying cryptographic error was encountered");
2397	break;
2398	#if CURL_BUILD_MAC_10_11 \|\| CURL_BUILD_IOS_9
2399	case errSSLWeakPeerEphemeralDHKey:
2400	failf(data, "Indicates a weak ephemeral Diffie-Hellman key");
2401	break;
2402	#endif
2403
2404	/ Problem with the message record validation /
2405	case errSSLBadRecordMac:
2406	case errSSLPeerBadRecordMac:
2407	failf(data, "A record with a bad message authentication code (MAC) "
2408	"was encountered");
2409	break;
2410	case errSSLRecordOverflow:
2411	case errSSLPeerRecordOverflow:
2412	failf(data, "A record overflow occurred");
2413	break;
2414
2415	/ Problem with zlib decompression /
2416	case errSSLPeerDecompressFail:
2417	failf(data, "Decompression failed");
2418	break;
2419
2420	/ Problem with access /
2421	case errSSLPeerAccessDenied:
2422	failf(data, "Access was denied");
2423	break;
2424	case errSSLPeerInsufficientSecurity:
2425	failf(data, "There is insufficient security for this operation");
2426	break;
2427
2428	/ These are all certificate problems with the server: /
2429	case errSSLXCertChainInvalid:
2430	failf(data, "SSL certificate problem: Invalid certificate chain");
2431	return CURLE_PEER_FAILED_VERIFICATION;
2432	case errSSLUnknownRootCert:
2433	failf(data, "SSL certificate problem: Untrusted root certificate");
2434	return CURLE_PEER_FAILED_VERIFICATION;
2435	case errSSLNoRootCert:
2436	failf(data, "SSL certificate problem: No root certificate");
2437	return CURLE_PEER_FAILED_VERIFICATION;
2438	case errSSLCertNotYetValid:
2439	failf(data, "SSL certificate problem: The certificate chain had a "
2440	"certificate that is not yet valid");
2441	return CURLE_PEER_FAILED_VERIFICATION;
2442	case errSSLCertExpired:
2443	case errSSLPeerCertExpired:
2444	failf(data, "SSL certificate problem: Certificate chain had an "
2445	"expired certificate");
2446	return CURLE_PEER_FAILED_VERIFICATION;
2447	case errSSLBadCert:
2448	case errSSLPeerBadCert:
2449	failf(data, "SSL certificate problem: Couldn't understand the server "
2450	"certificate format");
2451	return CURLE_PEER_FAILED_VERIFICATION;
2452	case errSSLPeerUnsupportedCert:
2453	failf(data, "SSL certificate problem: An unsupported certificate "
2454	"format was encountered");
2455	return CURLE_PEER_FAILED_VERIFICATION;
2456	case errSSLPeerCertRevoked:
2457	failf(data, "SSL certificate problem: The certificate was revoked");
2458	return CURLE_PEER_FAILED_VERIFICATION;
2459	case errSSLPeerCertUnknown:
2460	failf(data, "SSL certificate problem: The certificate is unknown");
2461	return CURLE_PEER_FAILED_VERIFICATION;
2462
2463	/ These are all certificate problems with the client: /
2464	case errSecAuthFailed:
2465	failf(data, "SSL authentication failed");
2466	break;
2467	case errSSLPeerHandshakeFail:
2468	failf(data, "SSL peer handshake failed, the server most likely "
2469	"requires a client certificate to connect");
2470	break;
2471	case errSSLPeerUnknownCA:
2472	failf(data, "SSL server rejected the client certificate due to "
2473	"the certificate being signed by an unknown certificate "
2474	"authority");
2475	break;
2476
2477	/ This error is raised if the server's cert didn't match the server's*
2478	host name: /*
2479	case errSSLHostNameMismatch:
2480	failf(data, "SSL certificate peer verification failed, the "
2481	"certificate did not match \"%s\"\n", conn->host.dispname);
2482	return CURLE_PEER_FAILED_VERIFICATION;
2483
2484	/ Problem with SSL / TLS negotiation /
2485	case errSSLNegotiation:
2486	failf(data, "Could not negotiate an SSL cipher suite with the server");
2487	break;
2488	case errSSLBadConfiguration:
2489	failf(data, "A configuration error occurred");
2490	break;
2491	case errSSLProtocol:
2492	failf(data, "SSL protocol error");
2493	break;
2494	case errSSLPeerProtocolVersion:
2495	failf(data, "A bad protocol version was encountered");
2496	break;
2497	case errSSLPeerNoRenegotiation:
2498	failf(data, "No renegotiation is allowed");
2499	break;
2500
2501	/ Generic handshake errors: /
2502	case errSSLConnectionRefused:
2503	failf(data, "Server dropped the connection during the SSL handshake");
2504	break;
2505	case errSSLClosedAbort:
2506	failf(data, "Server aborted the SSL handshake");
2507	break;
2508	case errSSLClosedGraceful:
2509	failf(data, "The connection closed gracefully");
2510	break;
2511	case errSSLClosedNoNotify:
2512	failf(data, "The server closed the session with no notification");
2513	break;
2514	/ Sometimes paramErr happens with buggy ciphers: /
2515	case paramErr:
2516	case errSSLInternal:
2517	case errSSLPeerInternalError:
2518	failf(data, "Internal SSL engine error encountered during the "
2519	"SSL handshake");
2520	break;
2521	case errSSLFatalAlert:
2522	failf(data, "Fatal SSL engine error encountered during the SSL "
2523	"handshake");
2524	break;
2525	/ Unclassified error /
2526	case errSSLBufferOverflow:
2527	failf(data, "An insufficient buffer was provided");
2528	break;
2529	case errSSLIllegalParam:
2530	failf(data, "An illegal parameter was encountered");
2531	break;
2532	case errSSLModuleAttach:
2533	failf(data, "Module attach failure");
2534	break;
2535	case errSSLSessionNotFound:
2536	failf(data, "An attempt to restore an unknown session failed");
2537	break;
2538	case errSSLPeerExportRestriction:
2539	failf(data, "An export restriction occurred");
2540	break;
2541	case errSSLPeerUserCancelled:
2542	failf(data, "The user canceled the operation");
2543	break;
2544	case errSSLPeerUnexpectedMsg:
2545	failf(data, "Peer rejected unexpected message");
2546	break;
2547	#if CURL_BUILD_MAC_10_11 \|\| CURL_BUILD_IOS_9
2548	/ Treaing non-fatal error as fatal like before /
2549	case errSSLClientHelloReceived:
2550	failf(data, "A non-fatal result for providing a server name "
2551	"indication");
2552	break;
2553	#endif
2554
2555	/ Error codes defined in the enum but should never be returned.*
2556	We list them here just in case. /*
2557	#if CURL_BUILD_MAC_10_6
2558	/ Only returned when kSSLSessionOptionBreakOnCertRequested is set /
2559	case errSSLClientCertRequested:
2560	failf(data, "The server has requested a client certificate");
2561	break;
2562	#endif
2563	#if CURL_BUILD_MAC_10_9
2564	/ Alias for errSSLLast, end of error range /
2565	case errSSLUnexpectedRecord:
2566	failf(data, "Unexpected (skipped) record in DTLS");
2567	break;
2568	#endif
2569	default:
2570	/ May also return codes listed in Security Framework Result Codes /
2571	failf(data, "Unknown SSL protocol error in connection to %s:%d",
2572	hostname, err);
2573	break;
2574	}
2575	return CURLE_SSL_CONNECT_ERROR;
2576	}
2577	else {
2578	/ we have been connected fine, we're not waiting for anything else. /
2579	connssl->connecting_state = ssl_connect_3;
2580
2581	#ifdef SECTRANSP_PINNEDPUBKEY
2582	if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) {
2583	CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx,
2584	data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]);
2585	if(result) {
2586	failf(data, "SSL: public key does not match pinned public key!");
2587	return result;
2588	}
2589	}
2590	#endif /* SECTRANSP_PINNEDPUBKEY */
2591
2592	/ Informational message /
2593	(void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher);
2594	(void)SSLGetNegotiatedProtocolVersion(BACKEND->ssl_ctx, &protocol);
2595	switch(protocol) {
2596	case kSSLProtocol2:
2597	infof(data, "SSL 2.0 connection using %s\n",
2598	SSLCipherNameForNumber(cipher));
2599	break;
2600	case kSSLProtocol3:
2601	infof(data, "SSL 3.0 connection using %s\n",
2602	SSLCipherNameForNumber(cipher));
2603	break;
2604	case kTLSProtocol1:
2605	infof(data, "TLS 1.0 connection using %s\n",
2606	TLSCipherNameForNumber(cipher));
2607	break;
2608	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
2609	case kTLSProtocol11:
2610	infof(data, "TLS 1.1 connection using %s\n",
2611	TLSCipherNameForNumber(cipher));
2612	break;
2613	case kTLSProtocol12:
2614	infof(data, "TLS 1.2 connection using %s\n",
2615	TLSCipherNameForNumber(cipher));
2616	break;
2617	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
2618	#if CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11
2619	case kTLSProtocol13:
2620	infof(data, "TLS 1.3 connection using %s\n",
2621	TLSCipherNameForNumber(cipher));
2622	break;
2623	#endif /* CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11 */
2624	default:
2625	infof(data, "Unknown protocol connection\n");
2626	break;
2627	}
2628
2629	#if(CURL_BUILD_MAC_10_13 \|\| CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
2630	if(conn->bits.tls_enable_alpn) {
2631	if(__builtin_available(macOS `10.13.4`, iOS `11`, tvOS `11`, *)) {
2632	CFArrayRef alpnArr = NULL;
2633	CFStringRef chosenProtocol = NULL;
2634	err = SSLCopyALPNProtocols(BACKEND->ssl_ctx, &alpnArr);
2635
2636	if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= `1`)
2637	chosenProtocol = CFArrayGetValueAtIndex(alpnArr, `0`);
2638
2639	#ifdef USE_NGHTTP2
2640	if(chosenProtocol &&
2641	!CFStringCompare(chosenProtocol, CFSTR(NGHTTP2_PROTO_VERSION_ID),
2642	`0`)) {
2643	conn->negnpn = CURL_HTTP_VERSION_2;
2644	}
2645	else
2646	#endif
2647	if(chosenProtocol &&
2648	!CFStringCompare(chosenProtocol, CFSTR(ALPN_HTTP_1_1), `0`)) {
2649	conn->negnpn = CURL_HTTP_VERSION_1_1;
2650	}
2651	else
2652	infof(data, "ALPN, server did not agree to a protocol\n");
2653
2654	Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
2655	BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
2656
2657	/ chosenProtocol is a reference to the string within alpnArr*
2658	and doesn't need to be freed separately /*
2659	if(alpnArr)
2660	CFRelease(alpnArr);
2661	}
2662	}
2663	#endif
2664
2665	return CURLE_OK;
2666	}
2667	}
2668
2669	#ifndef CURL_DISABLE_VERBOSE_STRINGS
2670	/ This should be called during step3 of the connection at the earliest /
2671	static void
2672	show_verbose_server_cert(struct connectdata *conn,
2673	int sockindex)
2674	{
2675	struct Curl_easy *data = conn->data;
2676	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2677	CFArrayRef server_certs = NULL;
2678	SecCertificateRef server_cert;
2679	OSStatus err;
2680	CFIndex i, count;
2681	SecTrustRef trust = NULL;
2682
2683	if(!BACKEND->ssl_ctx)
2684	return;
2685
2686	#if CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS
2687	#if CURL_BUILD_IOS
2688	#pragma unused(server_certs)
2689	err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust);
2690	/ For some reason, SSLCopyPeerTrust() can return noErr and yet return*
2691	a null trust, so be on guard for that: /*
2692	if(err == noErr && trust) {
2693	count = SecTrustGetCertificateCount(trust);
2694	for(i = `0L` ; i < count ; i++) {
2695	CURLcode result;
2696	char *certp;
2697	server_cert = SecTrustGetCertificateAtIndex(trust, i);
2698	result = CopyCertSubject(data, server_cert, &certp);
2699	if(!result) {
2700	infof(data, "Server certificate: %s\n", certp);
2701	free(certp);
2702	}
2703	}
2704	CFRelease(trust);
2705	}
2706	#else
2707	/ SSLCopyPeerCertificates() is deprecated as of Mountain Lion.*
2708	The function SecTrustGetCertificateAtIndex() is officially present
2709	in Lion, but it is unfortunately also present in Snow Leopard as
2710	private API and doesn't work as expected. So we have to look for
2711	a different symbol to make sure this code is only executed under
2712	Lion or later. /*
2713	if(SecTrustEvaluateAsync != NULL) {
2714	#pragma unused(server_certs)
2715	err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust);
2716	/ For some reason, SSLCopyPeerTrust() can return noErr and yet return*
2717	a null trust, so be on guard for that: /*
2718	if(err == noErr && trust) {
2719	count = SecTrustGetCertificateCount(trust);
2720	for(i = `0L` ; i < count ; i++) {
2721	char *certp;
2722	CURLcode result;
2723	server_cert = SecTrustGetCertificateAtIndex(trust, i);
2724	result = CopyCertSubject(data, server_cert, &certp);
2725	if(!result) {
2726	infof(data, "Server certificate: %s\n", certp);
2727	free(certp);
2728	}
2729	}
2730	CFRelease(trust);
2731	}
2732	}
2733	else {
2734	#if CURL_SUPPORT_MAC_10_8
2735	err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs);
2736	/ Just in case SSLCopyPeerCertificates() returns null too... /
2737	if(err == noErr && server_certs) {
2738	count = CFArrayGetCount(server_certs);
2739	for(i = `0L` ; i < count ; i++) {
2740	char *certp;
2741	CURLcode result;
2742	server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
2743	i);
2744	result = CopyCertSubject(data, server_cert, &certp);
2745	if(!result) {
2746	infof(data, "Server certificate: %s\n", certp);
2747	free(certp);
2748	}
2749	}
2750	CFRelease(server_certs);
2751	}
2752	#endif /* CURL_SUPPORT_MAC_10_8 */
2753	}
2754	#endif /* CURL_BUILD_IOS */
2755	#else
2756	#pragma unused(trust)
2757	err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs);
2758	if(err == noErr) {
2759	count = CFArrayGetCount(server_certs);
2760	for(i = `0L` ; i < count ; i++) {
2761	CURLcode result;
2762	char *certp;
2763	server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
2764	result = CopyCertSubject(data, server_cert, &certp);
2765	if(!result) {
2766	infof(data, "Server certificate: %s\n", certp);
2767	free(certp);
2768	}
2769	}
2770	CFRelease(server_certs);
2771	}
2772	#endif /* CURL_BUILD_MAC_10_7 \|\| CURL_BUILD_IOS */
2773	}
2774	#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
2775
2776	static CURLcode
2777	sectransp_connect_step3(struct connectdata *conn,
2778	int sockindex)
2779	{
2780	struct Curl_easy *data = conn->data;
2781	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2782
2783	/ There is no step 3!*
2784	* Well, okay, if verbose mode is on, let's print the details of the
2785	* server certificates. */
2786	#ifndef CURL_DISABLE_VERBOSE_STRINGS
2787	if(data->set.verbose)
2788	show_verbose_server_cert(conn, sockindex);
2789	#endif
2790
2791	connssl->connecting_state = ssl_connect_done;
2792	return CURLE_OK;
2793	}
2794
2795	static Curl_recv sectransp_recv;
2796	static Curl_send sectransp_send;
2797
2798	static CURLcode
2799	sectransp_connect_common(struct connectdata *conn,
2800	int sockindex,
2801	bool nonblocking,
2802	bool *done)
2803	{
2804	CURLcode result;
2805	struct Curl_easy *data = conn->data;
2806	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2807	curl_socket_t sockfd = conn->sock[sockindex];
2808	timediff_t timeout_ms;
2809	int what;
2810
2811	/ check if the connection has already been established /
2812	if(ssl_connection_complete == connssl->state) {
2813	*done = TRUE;
2814	return CURLE_OK;
2815	}
2816
2817	if(ssl_connect_1 == connssl->connecting_state) {
2818	/ Find out how much more time we're allowed /
2819	timeout_ms = Curl_timeleft(data, NULL, TRUE);
2820
2821	if(timeout_ms < `0`) {
2822	/ no need to continue if time already is up /
2823	failf(data, "SSL connection timeout");
2824	return CURLE_OPERATION_TIMEDOUT;
2825	}
2826
2827	result = sectransp_connect_step1(conn, sockindex);
2828	if(result)
2829	return result;
2830	}
2831
2832	while(ssl_connect_2 == connssl->connecting_state \|\|
2833	ssl_connect_2_reading == connssl->connecting_state \|\|
2834	ssl_connect_2_writing == connssl->connecting_state) {
2835
2836	/ check allowed time left /
2837	timeout_ms = Curl_timeleft(data, NULL, TRUE);
2838
2839	if(timeout_ms < `0`) {
2840	/ no need to continue if time already is up /
2841	failf(data, "SSL connection timeout");
2842	return CURLE_OPERATION_TIMEDOUT;
2843	}
2844
2845	/ if ssl is expecting something, check if it's available. /
2846	if(connssl->connecting_state == ssl_connect_2_reading \|\|
2847	connssl->connecting_state == ssl_connect_2_writing) {
2848
2849	curl_socket_t writefd = ssl_connect_2_writing ==
2850	connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2851	curl_socket_t readfd = ssl_connect_2_reading ==
2852	connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2853
2854	what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
2855	nonblocking?`0`:(time_t)timeout_ms);
2856	if(what < `0`) {
2857	/ fatal error /
2858	failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2859	return CURLE_SSL_CONNECT_ERROR;
2860	}
2861	else if(`0` == what) {
2862	if(nonblocking) {
2863	*done = FALSE;
2864	return CURLE_OK;
2865	}
2866	else {
2867	/ timeout /
2868	failf(data, "SSL connection timeout");
2869	return CURLE_OPERATION_TIMEDOUT;
2870	}
2871	}
2872	/ socket is readable or writable /
2873	}
2874
2875	/ Run transaction, and return to the caller if it failed or if this*
2876	* connection is done nonblocking and this loop would execute again. This
2877	* permits the owner of a multi handle to abort a connection attempt
2878	* before step2 has completed while ensuring that a client using select()
2879	* or epoll() will always have a valid fdset to wait on.
2880	*/
2881	result = sectransp_connect_step2(conn, sockindex);
2882	if(result \|\| (nonblocking &&
2883	(ssl_connect_2 == connssl->connecting_state \|\|
2884	ssl_connect_2_reading == connssl->connecting_state \|\|
2885	ssl_connect_2_writing == connssl->connecting_state)))
2886	return result;
2887
2888	} / repeat step2 until all transactions are done. /
2889
2890
2891	if(ssl_connect_3 == connssl->connecting_state) {
2892	result = sectransp_connect_step3(conn, sockindex);
2893	if(result)
2894	return result;
2895	}
2896
2897	if(ssl_connect_done == connssl->connecting_state) {
2898	connssl->state = ssl_connection_complete;
2899	conn->recv[sockindex] = sectransp_recv;
2900	conn->send[sockindex] = sectransp_send;
2901	*done = TRUE;
2902	}
2903	else
2904	*done = FALSE;
2905
2906	/ Reset our connect state machine /
2907	connssl->connecting_state = ssl_connect_1;
2908
2909	return CURLE_OK;
2910	}
2911
2912	static CURLcode Curl_sectransp_connect_nonblocking(struct connectdata *conn,
2913	int sockindex, bool *done)
2914	{
2915	return sectransp_connect_common(conn, sockindex, TRUE, done);
2916	}
2917
2918	static CURLcode Curl_sectransp_connect(struct connectdata conn, int* sockindex)
2919	{
2920	CURLcode result;
2921	bool done = FALSE;
2922
2923	result = sectransp_connect_common(conn, sockindex, FALSE, &done);
2924
2925	if(result)
2926	return result;
2927
2928	DEBUGASSERT(done);
2929
2930	return CURLE_OK;
2931	}
2932
2933	static void Curl_sectransp_close(struct connectdata conn, int* sockindex)
2934	{
2935	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2936
2937	if(BACKEND->ssl_ctx) {
2938	(void)SSLClose(BACKEND->ssl_ctx);
2939	#if CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS
2940	if(SSLCreateContext != NULL)
2941	CFRelease(BACKEND->ssl_ctx);
2942	#if CURL_SUPPORT_MAC_10_8
2943	else
2944	(void)SSLDisposeContext(BACKEND->ssl_ctx);
2945	#endif /* CURL_SUPPORT_MAC_10_8 */
2946	#else
2947	(void)SSLDisposeContext(BACKEND->ssl_ctx);
2948	#endif /* CURL_BUILD_MAC_10_8 \|\| CURL_BUILD_IOS */
2949	BACKEND->ssl_ctx = NULL;
2950	}
2951	BACKEND->ssl_sockfd = `0`;
2952	}
2953
2954	static int Curl_sectransp_shutdown(struct connectdata conn, int* sockindex)
2955	{
2956	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2957	struct Curl_easy *data = conn->data;
2958	ssize_t nread;
2959	int what;
2960	int rc;
2961	char buf[`120`];
2962
2963	if(!BACKEND->ssl_ctx)
2964	return `0`;
2965
2966	#ifndef CURL_DISABLE_FTP
2967	if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
2968	return `0`;
2969	#endif
2970
2971	Curl_sectransp_close(conn, sockindex);
2972
2973	rc = `0`;
2974
2975	what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
2976
2977	for(;;) {
2978	if(what < `0`) {
2979	/ anything that gets here is fatally bad /
2980	failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2981	rc = -`1`;
2982	break;
2983	}
2984
2985	if(!what) { / timeout /
2986	failf(data, "SSL shutdown timeout");
2987	break;
2988	}
2989
2990	/ Something to read, let's do it and hope that it is the close*
2991	notify alert from the server. No way to SSL_Read now, so use read(). /*
2992
2993	nread = read(conn->sock[sockindex], buf, sizeof(buf));
2994
2995	if(nread < `0`) {
2996	failf(data, "read: %s", strerror(errno));
2997	rc = -`1`;
2998	}
2999
3000	if(nread <= `0`)
3001	break;
3002
3003	what = SOCKET_READABLE(conn->sock[sockindex], `0`);
3004	}
3005
3006	return rc;
3007	}
3008
3009	static void Curl_sectransp_session_free(void *ptr)
3010	{
3011	/ ST, as of iOS 5 and Mountain Lion, has no public method of deleting a*
3012	cached session ID inside the Security framework. There is a private
3013	function that does this, but I don't want to have to explain to you why I
3014	got your application rejected from the App Store due to the use of a
3015	private API, so the best we can do is free up our own char array that we
3016	created way back in sectransp_connect_step1... /*
3017	Curl_safefree(ptr);
3018	}
3019
3020	static size_t Curl_sectransp_version(char *buffer, size_t size)
3021	{
3022	return msnprintf(buffer, size, "SecureTransport");
3023	}
3024
3025	/*
3026	* This function uses SSLGetSessionState to determine connection status.
3027	*
3028	* Return codes:
3029	* 1 means the connection is still in place
3030	* 0 means the connection has been closed
3031	* -1 means the connection status is unknown
3032	*/
3033	static int Curl_sectransp_check_cxn(struct connectdata *conn)
3034	{
3035	struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
3036	OSStatus err;
3037	SSLSessionState state;
3038
3039	if(BACKEND->ssl_ctx) {
3040	err = SSLGetSessionState(BACKEND->ssl_ctx, &state);
3041	if(err == noErr)
3042	return state == kSSLConnected \|\| state == kSSLHandshake;
3043	return -`1`;
3044	}
3045	return `0`;
3046	}
3047
3048	static bool Curl_sectransp_data_pending(const struct connectdata *conn,
3049	int connindex)
3050	{
3051	const struct ssl_connect_data *connssl = &conn->ssl[connindex];
3052	OSStatus err;
3053	size_t buffer;
3054
3055	if(BACKEND->ssl_ctx) { / SSL is in use /
3056	err = SSLGetBufferedReadSize(BACKEND->ssl_ctx, &buffer);
3057	if(err == noErr)
3058	return buffer > `0UL`;
3059	return false;
3060	}
3061	else
3062	return false;
3063	}
3064
3065	static CURLcode Curl_sectransp_random(struct Curl_easy *data UNUSED_PARAM,
3066	unsigned char *entropy, size_t length)
3067	{
3068	/ arc4random_buf() isn't available on cats older than Lion, so let's*
3069	do this manually for the benefit of the older cats. /*
3070	size_t i;
3071	u_int32_t random_number = `0`;
3072
3073	(void)data;
3074
3075	for(i = `0` ; i < length ; i++) {
3076	if(i % sizeof(u_int32_t) == `0`)
3077	random_number = arc4random();
3078	entropy[i] = random_number & `0xFF`;
3079	random_number >>= `8`;
3080	}
3081	i = random_number = `0`;
3082	return CURLE_OK;
3083	}
3084
3085	static CURLcode Curl_sectransp_md5sum(unsigned char tmp, /* input /
3086	size_t tmplen,
3087	unsigned char md5sum, /* output /
3088	size_t md5len)
3089	{
3090	(void)md5len;
3091	(void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
3092	return CURLE_OK;
3093	}
3094
3095	static CURLcode Curl_sectransp_sha256sum(const unsigned char tmp, /* input /
3096	size_t tmplen,
3097	unsigned char sha256sum, /* output /
3098	size_t sha256len)
3099	{
3100	assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
3101	(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
3102	return CURLE_OK;
3103	}
3104
3105	static bool Curl_sectransp_false_start(void)
3106	{
3107	#if CURL_BUILD_MAC_10_9 \|\| CURL_BUILD_IOS_7
3108	if(SSLSetSessionOption != NULL)
3109	return TRUE;
3110	#endif
3111	return FALSE;
3112	}
3113
3114	static ssize_t sectransp_send(struct connectdata *conn,
3115	int sockindex,
3116	const void *mem,
3117	size_t len,
3118	CURLcode *curlcode)
3119	{
3120	/struct Curl_easy data = conn->data;/*
3121	struct ssl_connect_data *connssl = &conn->ssl[sockindex];
3122	size_t processed = `0UL`;
3123	OSStatus err;
3124
3125	/ The SSLWrite() function works a little differently than expected. The*
3126	fourth argument (processed) is currently documented in Apple's
3127	documentation as: "On return, the length, in bytes, of the data actually
3128	written."
3129
3130	Now, one could interpret that as "written to the socket," but actually,
3131	it returns the amount of data that was written to a buffer internal to
3132	the SSLContextRef instead. So it's possible for SSLWrite() to return
3133	errSSLWouldBlock and a number of bytes "written" because those bytes were
3134	encrypted and written to a buffer, not to the socket.
3135
3136	So if this happens, then we need to keep calling SSLWrite() over and
3137	over again with no new data until it quits returning errSSLWouldBlock. /*
3138
3139	/ Do we have buffered data to write from the last time we were called? /
3140	if(BACKEND->ssl_write_buffered_length) {
3141	/ Write the buffered data: /
3142	err = SSLWrite(BACKEND->ssl_ctx, NULL, `0UL`, &processed);
3143	switch(err) {
3144	case noErr:
3145	/ processed is always going to be 0 because we didn't write to*
3146	the buffer, so return how much was written to the socket /*
3147	processed = BACKEND->ssl_write_buffered_length;
3148	BACKEND->ssl_write_buffered_length = `0UL`;
3149	break;
3150	case errSSLWouldBlock: / argh, try again /
3151	*curlcode = CURLE_AGAIN;
3152	return -`1L`;
3153	default:
3154	failf(conn->data, "SSLWrite() returned error %d", err);
3155	*curlcode = CURLE_SEND_ERROR;
3156	return -`1L`;
3157	}
3158	}
3159	else {
3160	/ We've got new data to write: /
3161	err = SSLWrite(BACKEND->ssl_ctx, mem, len, &processed);
3162	if(err != noErr) {
3163	switch(err) {
3164	case errSSLWouldBlock:
3165	/ Data was buffered but not sent, we have to tell the caller*
3166	to try sending again, and remember how much was buffered /*
3167	BACKEND->ssl_write_buffered_length = len;
3168	*curlcode = CURLE_AGAIN;
3169	return -`1L`;
3170	default:
3171	failf(conn->data, "SSLWrite() returned error %d", err);
3172	*curlcode = CURLE_SEND_ERROR;
3173	return -`1L`;
3174	}
3175	}
3176	}
3177	return (ssize_t)processed;
3178	}
3179
3180	static ssize_t sectransp_recv(struct connectdata *conn,
3181	int num,
3182	char *buf,
3183	size_t buffersize,
3184	CURLcode *curlcode)
3185	{
3186	/struct Curl_easy data = conn->data;/*
3187	struct ssl_connect_data *connssl = &conn->ssl[num];
3188	size_t processed = `0UL`;
3189	OSStatus err;
3190
3191	again:
3192	err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
3193
3194	if(err != noErr) {
3195	switch(err) {
3196	case errSSLWouldBlock: / return how much we read (if anything) /
3197	if(processed)
3198	return (ssize_t)processed;
3199	*curlcode = CURLE_AGAIN;
3200	return -`1L`;
3201	break;
3202
3203	/ errSSLClosedGraceful - server gracefully shut down the SSL session*
3204	errSSLClosedNoNotify - server hung up on us instead of sending a
3205	closure alert notice, read() is returning 0
3206	Either way, inform the caller that the server disconnected. /*
3207	case errSSLClosedGraceful:
3208	case errSSLClosedNoNotify:
3209	*curlcode = CURLE_OK;
3210	return -`1L`;
3211	break;
3212
3213	/ The below is errSSLPeerAuthCompleted; it's not defined in*
3214	Leopard's headers /*
3215	case -`9841`:
3216	if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
3217	CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data,
3218	BACKEND->ssl_ctx);
3219	if(result)
3220	return result;
3221	}
3222	goto again;
3223	default:
3224	failf(conn->data, "SSLRead() return error %d", err);
3225	*curlcode = CURLE_RECV_ERROR;
3226	return -`1L`;
3227	break;
3228	}
3229	}
3230	return (ssize_t)processed;
3231	}
3232
3233	static void Curl_sectransp_get_internals(struct* ssl_connect_data *connssl,
3234	CURLINFO info UNUSED_PARAM)
3235	{
3236	(void)info;
3237	return BACKEND->ssl_ctx;
3238	}
3239
3240	const struct Curl_ssl Curl_ssl_sectransp = {
3241	{ CURLSSLBACKEND_SECURETRANSPORT, "secure-transport" }, / info /
3242
3243	#ifdef SECTRANSP_PINNEDPUBKEY
3244	SSLSUPP_PINNEDPUBKEY,
3245	#else
3246	`0`,
3247	#endif /* SECTRANSP_PINNEDPUBKEY */
3248
3249	sizeof(struct ssl_backend_data),
3250
3251	Curl_none_init, / init /
3252	Curl_none_cleanup, / cleanup /
3253	Curl_sectransp_version, / version /
3254	Curl_sectransp_check_cxn, / check_cxn /
3255	Curl_sectransp_shutdown, / shutdown /
3256	Curl_sectransp_data_pending, / data_pending /
3257	Curl_sectransp_random, / random /
3258	Curl_none_cert_status_request, / cert_status_request /
3259	Curl_sectransp_connect, / connect /
3260	Curl_sectransp_connect_nonblocking, / connect_nonblocking /
3261	Curl_sectransp_get_internals, / get_internals /
3262	Curl_sectransp_close, / close_one /
3263	Curl_none_close_all, / close_all /
3264	Curl_sectransp_session_free, / session_free /
3265	Curl_none_set_engine, / set_engine /
3266	Curl_none_set_engine_default, / set_engine_default /
3267	Curl_none_engines_list, / engines_list /
3268	Curl_sectransp_false_start, / false_start /
3269	Curl_sectransp_md5sum, / md5sum /
3270	Curl_sectransp_sha256sum / sha256sum /
3271	};
3272
3273	#ifdef __clang__
3274	#pragma clang diagnostic pop
3275	#endif
3276
3277	#endif /* USE_SECTRANSP */
3278

Browse the source code of Curl/lib/vtls/sectransp.c