| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
with OpenSSL 1.1.1.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@2019 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
locking/thread callbacks at all with OpenSSL >= 1.1.1.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1999 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
OpenSSL 1.1 compatible. Catch non-RSA keys early.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1975 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
OpenSSL 1.1. Patch by Kurt Roeckx.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1973 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
| |
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1972 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (init_md5_ctx, ne_md5_create_ctx,
ne_md5_process_block, ne_md5_process_bytes, ne_md5_finish_ctx,
ne_md5_dup_ctx, ne_md5_reset_ctx), ne_md5_destroy_ctx): Implement
using EVP API.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1971 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
change, invoke verify callback.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1938 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
| |
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1901 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
| |
build on request for SSLv2 server context
(ne_ssl_context_get_flag): Fix build.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1872 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
since it inhibits testing of session caching.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1866 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (ne_ssl_context_get_flag): New function.
(ne_ssl_context_create): Fix compile without SSLv2.
* src/ne_session.c (ne_set_session_flag): Retrieve SSLv2
flag value after setting it.
* src/ne_ssl.h, src/neon.vers: Add ne_ssl_context_get_flag.
* test/ssl.c (simple_sslv2): Retrieve flag setting and skip
test if it was not enabled.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1865 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (parse_client_cert): Factor out from
ne_ssl_clicert_read.
(ne_ssl_clicert_read): Reimplement using above.
(ne_ssl_clicert_import): New function.
* src/ne_gnutls.c (ne_ssl_clicert_import): Factor out from
ne_ssl_clicert_read.
(ne_ssl_clicert_import): Reimplement using above.
* test/utils.c (file_to_buffer): Move to here...
* test/compress.c (file2buf): ... from here.
(do_fetch): Use it.
* test/ssl.c (clicert_import): New test.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1847 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
| |
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT as an untrusted cert.
Submitted by: Tom C <tomc.neon pnl.gov>
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1770 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
| |
getaddrinfo support.
* src/ne_socket.c (ne_sock_accept_ssl): Add debug log output if
session is resumed.
* macros/neon.m4 (NEON_SSL): Check for SSL_SESSION_cmp.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1724 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
names:
* src/ne_private.h (ne__ssl_match_hostname): Take cn len, make cn
const.
* src/ne_session.c (ne__ssl_match_hostname): Drop handling of
unqualified hostnames; check CN length matches.
* src/ne_gnutls.c (check_identity): Adjust accordingly.
* src/ne_openssl.c (append_dirstring): Use a quoted append for ASCII
data. Check for embedded NUL bytes in UTF-8 data.
(dup_ia5string): Use quoted append.
* test/ssl.c (struct ssl_server_args): Add key field.
(ssl_server): Use key field from args.
(fail_ssl_request_with_error2): Rename from
fail_ssl_request_with_error, add host, fakehost
parameters.
(fail_ssl_request_with_error): Reimplement using
fail_ssl_request_with_error2.
(fail_nul_cn, fail_nul_san, nulcn_identity): New tests.
* test/nulca.pem, test/nulcn.pem, test/nulsan.pem, test/nulsrv.key:
Add test cases, thanks to Tomas Hoger <thoger redhat.com>.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1681 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
Tommi's code was long-since replaced.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1669 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
validation chain is outside its validity-period; test cases and thanks
to Ludwig Nussel:
* src/ne_session.h (NE_SSL_BADCHAIN): New constant.
(NE_SSL_FAILMASK): Bumped up.
* src/ne_gnutls.c (check_certificate): Check validity period of all
certs in the chain; flag NE_SSL_BADCHAIN appropriately.
* src/ne_openssl.c (verify_cert): New function.
(check_certificate): Rely on failure bits collected via
verify_cert invocations.
(ne_ssl_context_create): Install verify_cert as OpenSSL
verify callback.
(ne__negotiate_ssl): Clear ctx->failures.
* test/makekeys.sh, test/openssl.conf: Create ca[1-3] with ca1, ca3
being expired and not-yet-valid respectively; create
ca[13]server.cert signed by these CAs.
* test/ssl.c (fail_ca_notyetvalid, fail_ca_expired): New test cases.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1641 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (ne__ssl_clicert_exkey_import): New function.
* src/ne_privssl.h (ne__ssl_clicert_exkey_import): New prototype.
* src/ne_pkcs11.c [HAVE_OPENSSL] (pk11_rsa_sign, pk11_rsa_init,
pk11_rsa_finish, pk11_rsa_method): New functions.
(pk11_find_pkey): Ignore DSA privkeys if using OpenSSL.
(ne_ssl_set_pkcs11_provider): Omit GnuTLS code for OpenSSL.
* macros/neon.m4 (NEON_SSL): Support pakchois with OpenSSL too.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1541 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
| |
function, merged from duplicate copies in ne_openssl.c/ne_gnutls.c.
* src/ne_private.h (ne__ssl_match_hostname): New prototype.
* src/ne_openssl.c, src/ne_gnutls.c (match_hostname): Remove function.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1514 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
| |
src/ne_gnutls.c (ne__negotiate_ssl): Use phrase "handshake" rather
than "negotiation" in error message.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1506 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requested during handshake, none can be provided, and the handshake
fails:
* src/ne_private.h (struct ne_session_s): Add ssl_cc_requested field.
* src/ne_openssl.c (provide_client_cert): Set ssl_cc_requested if
no cert is provided.
(ne__negotiate_ssl): Clear ssl_cc_requested before handshake.
Use different, more useful error message if handshake fails and flag
is now set.
* test/ssl.c (struct ssl_server_args): Add fail_silently flag.
(ssl_server): Exit with success if handshake fails and above flag set.
(no_client_cert): New test case.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1505 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
cert file specified.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1466 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
use an array of dname structures.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1370 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_gnutls.c (ne_ssl_clicert_read): Fail if cert or key is missing.
* src/ne_openssl.c (ne_ssl_clicert_read): Fail if private key lacks
cert or pkey.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1325 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
| |
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1323 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
cert or pkey.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1317 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
key:
* src/ne_gnutls.c (struct ne_ssl_client_cert_s): Add keyless flag.
(dup_client_cert): Support keyless clicerts.
(pkcs12_parse): Make pkey handling optional.
(read_client_cert): Factor out from ne_ssl_clicert_read; take additional
key_required flag; fail if cert or key is required and not supplied;
initialize keyless flag.
(ne_ssl_clicert_read): Reimplement using read_client_cert.
(ne_ssl_clicert_exkey_read): New function.
(ne_ssl_clicert_decrypt): Handle keyless failure case.
* src/ne_openssl.c (ne_ssl_clicert_exkey_read): Add stub.
* src/ne_stubssl.c (ne_ssl_clicert_exkey_read): Add stub.
* test/ssl.c (load_client_cert): Test ne_ssl_clicert_exkey_read.
* test/makekeys.sh: Generate keyless ccert.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1316 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_session.h (ne_session_flag_e): Add NE_SESSFLAG_TLS_SNI.
* src/ne_session.c (ne_session_create): Enable the SNI flag by
default.
* src/ne_privssl.h (struct ne_ssl_context_s): Add hostname field.
* src/ne_socket.c (ne_sock_connect_ssl) [HAVE_OPENSSL]: Enable SNI
extension if hostname passed-through.
* src/ne_openssl.c (ne__negotiate_ssl): Set hostname field in context,
if SNI flag enbled.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1281 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
cache if creating server context.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1279 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
debugging.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1250 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handle URI subjectAltNames.
(check_certificate, populate_cert): Adjust accordingly.
* test/ssl.c (uri_altname, fail_bad_urialtname): Add tests.
(cert_identities): Test the URI-altname cert.
* test/openssl.conf, test/makekeys.sh: Create new test certs.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1176 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_session.h (ne_notify_status): Redefine callback type,
passing pointer to ne_session_status_info structure.
* src/ne_request.c (notify_status): Invoke notify callback, and
progress callback as appropriate.
(send_request_body, ne_read_response_block, lookup_host,
ne_begin_request, do_connect): Adjust to set up and invoke
the notify callback.
* src/ne_openssl.c (ne__negotiate_ssl): Drop notify callback
invocation.
* src/ne_private.h (struct ne_session_s): Store status union.
* macros/neon.m4: Define NE_FMT_NE_OFF_T.
* test/request.c (status_cb, status): Add new test.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1094 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* macros/neon.m4 (NEON_SSL): Check for CRYPTO_set_idptr_callback.
* src/ne_openssl.c (thread_id_neon): Update comments.
(ID_CALLBACK_IS_OTHER, ID_CALLBACK_IS_NEON): New macros.
(ne__ssl_init, ne__ssl_exit): Update to use avoid touching the
"id" callback if the idptr interfaces exist, since the default
will be sane.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1068 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
dev@apr discussion.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1055 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ne_ssl_cert_validity_time, which is better for i18n:
* src/ne_ssl.h (ne_ssl_cert_validity): Adopt a fixed format for
returned date.
(ne_ssl_cert_validity_time): New prototype.
* src/ne_openssl.c (asn1time_to_timet, ne_ssl_cert_validity_time): New
functions.
* src/ne_gnutls.c (ne_ssl_cert_validity_time): New function.
* src/ne_session.c (ne_ssl_cert_validity): New function.
* src/ne_stubssl.c (ne_ssl_cert_validity_time): New stub.
* test/ssl.c (cert_validity): Adjust for new date formatting.
* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Check for timezone global.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@968 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
| |
* src/ne_gnutls.c, src/ne_openssl.c: Use NE_HAVE_TS_SSL feature macro
in place of HAVE_PTHREADS.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@959 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
| |
more portable, but less safe), and replace with a rant on why OpenSSL
is completely broken.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@958 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
pthread_t is a structure.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@957 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (verify_err): ... from here.
(check_certificate): Use it.
* src/ne_gnutls.c (check_certificate): Use it on verification failure.
* src/ne_private.h (ne__ssl_set_verify_err): Add prototype.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@955 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
the flag setting.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@946 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(ne_ssl_context_set_flag): New prototype.
* src/ne_stubssl.c (ne_ssl_context_set_flag): New stub.
* src/ne_openssl.c (ne_ssl_context_set_flag): New function.
* src/ne_gnutls.c (ne_ssl_context_set_flag): New stub.
* src/ne_session.h: Add NE_SESSFLAG_SSLv2 flag (defaults to on).
* src/ne_session.c (ne_session_create) [NE_HAVE_SSL]: Set the
NE_SESSFLAG_SSLv2 flag.
(ne_set_session_flag) [NE_HAVE_SSL]: Call ne_ssl_context_set_flag.
* test/ssl.c (simple_sslv2): Enable SSLv2 support.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@944 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
ne_sock_exit; debug stream may have been closed.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@924 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requests thread-safety for the SSL library using POSIX mutexes.
* src/ne_openssl.c [HAVE_PTHREADS] (thread_id_neon, thread_lock_neon):
New functions.
(ne__ssl_init, ne__ssl_exit) [HAVE_PTHREADS]: Register/unregister
thread-safety callbacks, if safe to do so.
* src/ne_gnutls.c (ne__ssl_init, ne__ssl_exit): Register libgcrypt
POSIX thread support.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@921 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ne_socket.c (init_ssl): Removed.
(ne_sock_init, ne_sock_init): Call ne__ssl_init, ne__ssl_exit
to handle process-global init/exit of the SSL library.
* src/ne_openssl.c (ne__ssl_init, ne__ssl_exit): New functions.
* src/ne_gnutls.c (ne__ssl_init, ne__ssl_exit): New functions.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@919 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
| |
src/ne_compress.c, src/ne_uri.c, src/ne_auth.c, src/ne_locks.c: Use
ne_strcasecmp in favour of locale-dependent strcasecmp throughout.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@831 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(alternative) SSL CA bundle to be configured/used.
* src/ne_openssl.c (ne_ssl_trust_default_ca): Honour NE_SSL_CA_BUNDLE
if defined, in preference to use of OpenSSL-default CA bundle.
* src/ne_gnutls.c (ne_ssl_trust_default_ca): Implement using
NE_SSL_CA_BUNDLE.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@772 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
| |
key/cert match.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@759 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as argument not request.
* src/ne_openssl.c (ne__negotiate_ssl): Take session pointer as
argument not request.
* src/ne_gnutls.c (ne__negotiate_ssl): Likewise.
* src/ne_private.h (ne__negotiate_ssl): Update prototype.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@755 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
| |
* src/ne_openssl.c (ne_d2i_uchar): Add typedef.
(ne_ssl_cert_import): Use ne_d2i_uchar as type of second
argument to d2i_x509.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@746 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/Makefile.in (NEON_BASEOBJS): Build ne_i18n.o.
* src/ne_i18n.c: Include config.h, ne_i18n.h. (ne_i18n_init): Renamed
from neon_i18n_init.
* src/ne_i18n.h: Remove library-private definition of '_' and 'N_'
macros.
* src/ne_internal.h: New header; add definitions of _ and N_.
* src/*.c: Update all sources to include ne_internal.h instead of
ne_i18n.h.
* po/: New directory. Add message catalog template and translated
message catalogs extracted from sitecopy.
* macros/neon-test.m4: Check for setlocale and locale.h.
* test/common/tests.c: Include locale.h, ne_i18n.h. (main): Call
setlocale and ne_i18n_init.
* test/run.sh: By default disable i18n to allow checks for English
error messages to succeed.
* .release.sh: Compile the gmo files here.
* macros/neon.m4 (NEON_I18N): Add macro.
* configure.in: Use NEON_I18N. Define ALL_LINGUAS.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@680 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
|