cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] cyassl: remove undefined reference to CyaSSL_no_filesystem_verify & add support for CURLOPT_SSL_CTX_FUNCTION

From: Kyle L. Huff <kyle.huff_at_curetheitch.com>
Date: Sun, 22 Feb 2015 15:05:12 -0500

The attached patches remove the reference to
"CyaSSL_no_filesystem_verify", and enables CURLOPT_SSL_CTX_FUNCTION
when using CyaSSL.

1.) Remove the reference to "CyaSSL_no_filesystem_verify"

This method is not (or no longer) defined by cURL or CyaSSL. Looking
through the commit history of both cURL and CyaSSL, I was not able to
find any reference or definition to that method in any past versions.

The defined methods[1] for loading/verifying certificates in a buffer
are CyaSSL_CTX_load_verify_buffer, CyaSSL_CTX_use_certificate_buffer,
and so on. These methods are similar to those in OpenSSL that deal
with loading/verifying certificate files, but obviously for buffers
(due to NO_FILESYSTEM).

I don't think it would be very prudent to implement loading
certificates via buffers here, as should normally be handled by the
application via a context callback (thus, the next patch).

2.) Add support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL and
better handle CyaSSL instances using NO_FILESYSTEM.

This patch adds a check for a context callback and registers the
callback in the same manner as openssl (`lib/vtls/openssl.c`). This
enables applications using CyaSSL to perform context operations with
the context instance.

If a callback is not defined, and CyaSSL is in NO_FILESYSTEM mode, it
will return an error only if CURLOPT_SSL_VERIFYPEER is true/1L (we
cannot verify a peer without any certificates loaded).

If a callback is defined, the application can load certificates into
the ssl context from buffers by using the CyaSSL context operations
(CyaSSL_CTX_load_verify_buffer, CyaSSL_CTX_use_certificate_buffer,
etc.) within their application.

I look forward to hearing about any suggestions or improvements.

References -
[1] http://www.yassl.com/yaSSL/Docs-cyassl-manual-17-2-cyassl-api-certificates-keys.html

Kyle L. Huff
http://curetheitch.com
http://webpg.org

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/x-patch attachment: 0001-cyassl-remove-undefined-reference-to-CyaSSL_no_files.patch

text/x-patch attachment: 0002-cyassl-add-SSL-context-callback-support-for-CyaSSL.patch

Received on 2015-02-22

This message: [ Message body ]
Next message: Ray Satiro via curl-library: "Re: Bug in libcurl for rev 7.40.0"
Previous message: Tom Martin: "Re: Bug in libcurl for rev 7.40.0 (Ray Satiro)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]