1 #ifndef HEADER_CURL_SCHANNEL_H 2 #define HEADER_CURL_SCHANNEL_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. 11 * Copyright (C) 2012 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. 12 * 13 * This software is licensed as described in the file COPYING, which 14 * you should have received as part of this distribution. The terms 15 * are also available at https://curl.haxx.se/docs/copyright.html. 16 * 17 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 18 * copies of the Software, and permit persons to whom the Software is 19 * furnished to do so, under the terms of the COPYING file. 20 * 21 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 22 * KIND, either express or implied. 23 * 24 ***************************************************************************/ 25 #include "curl_setup.h" 26 27 #ifdef USE_SCHANNEL 28 29 #include <schnlsp.h> 30 #include <schannel.h> 31 #include "curl_sspi.h" 32 33 #include "urldata.h" 34 35 /* <wincrypt.h> has been included via the above <schnlsp.h>. 36 * Or in case of ldap.c, it was included via <winldap.h>. 37 * And since <wincrypt.h> has this: 38 * #define X509_NAME ((LPCSTR) 7) 39 * 40 * And in BoringSSL's <openssl/base.h> there is: 41 * typedef struct X509_name_st X509_NAME; 42 * etc. 43 * 44 * this will cause all kinds of C-preprocessing paste errors in 45 * BoringSSL's <openssl/x509.h>: So just undefine those defines here 46 * (and only here). 47 */ 48 #if defined(HAVE_BORINGSSL) || defined(OPENSSL_IS_BORINGSSL) 49 # undef X509_NAME 50 # undef X509_CERT_PAIR 51 # undef X509_EXTENSIONS 52 #endif 53 54 extern const struct Curl_ssl Curl_ssl_schannel; 55 56 CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex); 57 58 /* structs to expose only in schannel.c and schannel_verify.c */ 59 #ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS 60 61 #ifdef __MINGW32__ 62 #include <_mingw.h> 63 #ifdef __MINGW64_VERSION_MAJOR 64 #define HAS_MANUAL_VERIFY_API 65 #endif 66 #else 67 #include <wincrypt.h> 68 #ifdef CERT_CHAIN_REVOCATION_CHECK_CHAIN 69 #define HAS_MANUAL_VERIFY_API 70 #endif 71 #endif 72 73 struct Curl_schannel_cred { 74 CredHandle cred_handle; 75 TimeStamp time_stamp; 76 int refcount; 77 }; 78 79 struct Curl_schannel_ctxt { 80 CtxtHandle ctxt_handle; 81 TimeStamp time_stamp; 82 }; 83 84 struct ssl_backend_data { 85 struct Curl_schannel_cred *cred; 86 struct Curl_schannel_ctxt *ctxt; 87 SecPkgContext_StreamSizes stream_sizes; 88 size_t encdata_length, decdata_length; 89 size_t encdata_offset, decdata_offset; 90 unsigned char *encdata_buffer, *decdata_buffer; 91 /* encdata_is_incomplete: if encdata contains only a partial record that 92 can't be decrypted without another Curl_read_plain (that is, status is 93 SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes 94 more bytes into encdata then set this back to false. */ 95 bool encdata_is_incomplete; 96 unsigned long req_flags, ret_flags; 97 CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ 98 bool recv_sspi_close_notify; /* true if connection closed by close_notify */ 99 bool recv_connection_closed; /* true if connection closed, regardless how */ 100 bool use_alpn; /* true if ALPN is used for this connection */ 101 #ifdef HAS_MANUAL_VERIFY_API 102 bool use_manual_cred_validation; /* true if manual cred validation is used */ 103 #endif 104 }; 105 #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ 106 107 #endif /* USE_SCHANNEL */ 108 #endif /* HEADER_CURL_SCHANNEL_H */ 109