vquic-tls.c - OpenGrok cross reference for /external/curl/lib/vquic/vquic-tls.c

Lines Matching +full:- +full:- +full:with +full:- +full:wolfssl
21  * SPDX-License-Identifier: curl
41 #include <wolfssl/options.h>
42 #include <wolfssl/ssl.h>
43 #include <wolfssl/quic.h>
44 #include "vtls/wolfssl.h"
53 #include "vquic-tls.h"
69 #define QUIC_GROUPS "P-256:P-384:P-521"
72 static void keylog_callback(const WOLFSSL *ssl, const char *line)  in keylog_callback()
94   ctx->ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());  in curl_wssl_init_ctx()
95   if(!ctx->ssl_ctx) {  in curl_wssl_init_ctx()
106   wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx);  in curl_wssl_init_ctx()
108   if(wolfSSL_CTX_set_cipher_list(ctx->ssl_ctx, conn_config->cipher_list13 ?  in curl_wssl_init_ctx()
109                                  conn_config->cipher_list13 :  in curl_wssl_init_ctx()
113     failf(data, "wolfSSL failed to set ciphers: %s", error_buffer);  in curl_wssl_init_ctx()
118   if(wolfSSL_CTX_set1_groups_list(ctx->ssl_ctx, conn_config->curves ?  in curl_wssl_init_ctx()
119                                   conn_config->curves :  in curl_wssl_init_ctx()
121     failf(data, "wolfSSL failed to set curves");  in curl_wssl_init_ctx()
130     wolfSSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback);  in curl_wssl_init_ctx()
132     failf(data, "wolfSSL was built without keylog callback");  in curl_wssl_init_ctx()
138   if(conn_config->verifypeer) {  in curl_wssl_init_ctx()
139     const char * const ssl_cafile = conn_config->CAfile;  in curl_wssl_init_ctx()
140     const char * const ssl_capath = conn_config->CApath;  in curl_wssl_init_ctx()
142     wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL);  in curl_wssl_init_ctx()
144       /* tell wolfSSL where to find CA certificates that are used to verify  in curl_wssl_init_ctx()
147         wolfSSL_CTX_load_verify_locations_ex(ctx->ssl_ctx, ssl_cafile,  in curl_wssl_init_ctx()
165          use wolfssl's built-in default as fallback */  in curl_wssl_init_ctx()
166       wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx);  in curl_wssl_init_ctx()
171     wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_NONE, NULL);  in curl_wssl_init_ctx()
174   /* give application a chance to interfere with SSL set up. */  in curl_wssl_init_ctx()
175   if(data->set.ssl.fsslctx) {  in curl_wssl_init_ctx()
177     result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx,  in curl_wssl_init_ctx()
178                                       data->set.ssl.fsslctxp);  in curl_wssl_init_ctx()
188   if(result && ctx->ssl_ctx) {  in curl_wssl_init_ctx()
189     SSL_CTX_free(ctx->ssl_ctx);  in curl_wssl_init_ctx()
190     ctx->ssl_ctx = NULL;  in curl_wssl_init_ctx()
204   DEBUGASSERT(!ctx->ssl);  in curl_wssl_init_ssl()
205   DEBUGASSERT(ctx->ssl_ctx);  in curl_wssl_init_ssl()
206   ctx->ssl = wolfSSL_new(ctx->ssl_ctx);  in curl_wssl_init_ssl()
208   wolfSSL_set_app_data(ctx->ssl, user_data);  in curl_wssl_init_ssl()
209   wolfSSL_set_connect_state(ctx->ssl);  in curl_wssl_init_ssl()
210   wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0);  in curl_wssl_init_ssl()
213     wolfSSL_set_alpn_protos(ctx->ssl, (const unsigned char *)alpn,  in curl_wssl_init_ssl()
216   if(peer->sni) {  in curl_wssl_init_ssl()
217     wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME,  in curl_wssl_init_ssl()
218                    peer->sni, (unsigned short)strlen(peer->sni));  in curl_wssl_init_ssl()
237   return Curl_ossl_ctx_init(&ctx->ossl, cf, data, peer, TRNSPRT_QUIC,  in Curl_vquic_tls_init()
242   return Curl_gtls_ctx_init(&ctx->gtls, cf, data, peer,  in Curl_vquic_tls_init()
260   if(ctx->ossl.ssl)  in Curl_vquic_tls_cleanup()
261     SSL_free(ctx->ossl.ssl);  in Curl_vquic_tls_cleanup()
262   if(ctx->ossl.ssl_ctx)  in Curl_vquic_tls_cleanup()
263     SSL_CTX_free(ctx->ossl.ssl_ctx);  in Curl_vquic_tls_cleanup()
265   if(ctx->gtls.cred)  in Curl_vquic_tls_cleanup()
266     gnutls_certificate_free_credentials(ctx->gtls.cred);  in Curl_vquic_tls_cleanup()
267   if(ctx->gtls.session)  in Curl_vquic_tls_cleanup()
268     gnutls_deinit(ctx->gtls.session);  in Curl_vquic_tls_cleanup()
270   if(ctx->ssl)  in Curl_vquic_tls_cleanup()
271     wolfSSL_free(ctx->ssl);  in Curl_vquic_tls_cleanup()
272   if(ctx->ssl_ctx)  in Curl_vquic_tls_cleanup()
273     wolfSSL_CTX_free(ctx->ssl_ctx);  in Curl_vquic_tls_cleanup()
283   if(!ctx->ossl.x509_store_setup) {  in Curl_vquic_tls_before_recv()
284     CURLcode result = Curl_ssl_setup_x509_store(cf, data, ctx->ossl.ssl_ctx);  in Curl_vquic_tls_before_recv()
287     ctx->ossl.x509_store_setup = TRUE;  in Curl_vquic_tls_before_recv()
290   if(!ctx->gtls.trust_setup) {  in Curl_vquic_tls_before_recv()
291     CURLcode result = Curl_gtls_client_trust_setup(cf, data, &ctx->gtls);  in Curl_vquic_tls_before_recv()
315   result = Curl_oss_check_peer_cert(cf, data, &ctx->ossl, peer);  in Curl_vquic_tls_verify_peer()
317   if(conn_config->verifyhost) {  in Curl_vquic_tls_verify_peer()
318     result = Curl_gtls_verifyserver(data, ctx->gtls.session,  in Curl_vquic_tls_verify_peer()
319                                     conn_config, &data->set.ssl, peer,  in Curl_vquic_tls_verify_peer()
320                                     data->set.str[STRING_SSL_PINNEDPUBLICKEY]);  in Curl_vquic_tls_verify_peer()
326   if(conn_config->verifyhost) {  in Curl_vquic_tls_verify_peer()
327     if(peer->sni) {  in Curl_vquic_tls_verify_peer()
328       WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->ssl);  in Curl_vquic_tls_verify_peer()
329       if(wolfSSL_X509_check_host(cert, peer->sni, strlen(peer->sni), 0, NULL)  in Curl_vquic_tls_verify_peer()