Lines Matching +full:rustls +full:- +full:version
8 * Copyright (C) Jacob Hoffman-Andrews,
9 * <github@hoffman-andrews.com>
23 * SPDX-License-Identifier: curl
33 #include <rustls.h>
53 /* For a given rustls_result error code, return the best-matching CURLcode. */
72 struct ssl_connect_data *ctx = cf->ctx; in cr_data_pending()
76 DEBUGASSERT(ctx && ctx->backend); in cr_data_pending()
77 backend = (struct rustls_ssl_backend_data *)ctx->backend; in cr_data_pending()
78 return backend->data_in_pending; in cr_data_pending()
90 struct ssl_connect_data *const connssl = io_ctx->cf->ctx; in read_cb()
93 ssize_t nread = Curl_conn_cf_recv(io_ctx->cf->next, io_ctx->data, in read_cb()
103 connssl->peer_closed = TRUE; in read_cb()
105 CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next recv(len=%zu) -> %zd, %d", in read_cb()
116 ssize_t nwritten = Curl_conn_cf_send(io_ctx->cf->next, io_ctx->data, in write_cb()
126 CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next send(len=%zu) -> %zd, %d", in write_cb()
134 struct ssl_connect_data *const connssl = cf->ctx; in tls_recv_more()
136 (struct rustls_ssl_backend_data *)connssl->backend; in tls_recv_more()
144 io_error = rustls_connection_read_tls(backend->conn, read_cb, &io_ctx, in tls_recv_more()
148 return -1; in tls_recv_more()
155 return -1; in tls_recv_more()
158 rresult = rustls_connection_process_new_packets(backend->conn); in tls_recv_more()
166 return -1; in tls_recv_more()
169 backend->data_in_pending = TRUE; in tls_recv_more()
176 * - Read a chunk of bytes from the socket into rustls' TLS input buffer.
177 * - Tell rustls to process any new packets.
178 * - Read out as many plaintext bytes from rustls as possible, until hitting
182 * In that case, it will copy bytes from the socket into rustls' TLS input
183 * buffer, and process packets, but won't consume bytes from rustls' plaintext
190 struct ssl_connect_data *const connssl = cf->ctx; in cr_recv()
192 (struct rustls_ssl_backend_data *)connssl->backend; in cr_recv()
201 rconn = backend->conn; in cr_recv()
204 if(!backend->data_in_pending) { in cr_recv()
207 nread = -1; in cr_recv()
216 plainlen - plain_bytes_copied, in cr_recv()
219 backend->data_in_pending = FALSE; in cr_recv()
222 failf(data, "rustls: peer closed TCP connection " in cr_recv()
225 nread = -1; in cr_recv()
235 nread = -1; in cr_recv()
260 nread = -1; in cr_recv()
264 CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", in cr_recv()
307 * - Copy `plainlen` bytes into rustls' plaintext input buffer (if > 0).
308 * - Fully drain rustls' plaintext output buffer into the socket until
312 * In that case, it won't read anything into rustls' plaintext input buffer.
313 * It will only drain rustls' plaintext output buffer into the socket.
319 struct ssl_connect_data *const connssl = cf->ctx; in cr_send()
321 (struct rustls_ssl_backend_data *)connssl->backend; in cr_send()
332 rconn = backend->conn; in cr_send()
341 if(backend->plain_out_buffered) { in cr_send()
343 CURL_TRC_CF(data, cf, "cf_send: flushing %zu previously added bytes -> %d", in cr_send()
344 backend->plain_out_buffered, *err); in cr_send()
346 return -1; in cr_send()
347 if(blen > backend->plain_out_buffered) { in cr_send()
348 blen -= backend->plain_out_buffered; in cr_send()
349 buf += backend->plain_out_buffered; in cr_send()
353 nwritten += (ssize_t)backend->plain_out_buffered; in cr_send()
354 backend->plain_out_buffered = 0; in cr_send()
358 CURL_TRC_CF(data, cf, "cf_send: adding %zu plain bytes to rustls", blen); in cr_send()
364 return -1; in cr_send()
369 return -1; in cr_send()
377 * complete send() and remember how much we already added to rustls. */ in cr_send()
379 " bytes already to rustls", blen); in cr_send()
380 backend->plain_out_buffered = plainwritten; in cr_send()
386 return -1; in cr_send()
391 CURL_TRC_CF(data, cf, "cf_send(len=%zu) -> %d, %zd", in cr_send()
396 /* A server certificate verify callback for rustls that always returns
425 struct ssl_connect_data *connssl = cf->ctx; in cr_init_backend()
433 const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; in cr_init_backend()
436 (ca_info_blob ? NULL : conn_config->CAfile); in cr_init_backend()
437 const bool verifypeer = conn_config->verifypeer; in cr_init_backend()
438 const char *hostname = connssl->peer.hostname; in cr_init_backend()
444 rconn = backend->conn; in cr_init_backend()
447 if(connssl->alpn) { in cr_init_backend()
452 for(i = 0; i < connssl->alpn->count; ++i) { in cr_init_backend()
453 alpn[i].data = (const uint8_t *)connssl->alpn->entries[i]; in cr_init_backend()
454 alpn[i].len = strlen(connssl->alpn->entries[i]); in cr_init_backend()
457 connssl->alpn->count); in cr_init_backend()
458 Curl_alpn_to_proto_str(&proto, connssl->alpn); in cr_init_backend()
464 /* rustls doesn't support IP addresses (as of 0.19.0), and will reject in cr_init_backend()
479 ca_info_blob->data, in cr_init_backend()
480 ca_info_blob->len, in cr_init_backend()
483 failf(data, "rustls: failed to parse trusted certificates from blob"); in cr_init_backend()
495 failf(data, "rustls: failed to load trusted certificates"); in cr_init_backend()
506 failf(data, "rustls: failed to load trusted certificates"); in cr_init_backend()
518 failf(data, "rustls: failed to load trusted certificates"); in cr_init_backend()
529 backend->config = rustls_client_config_builder_build(config_builder); in cr_init_backend()
531 result = rustls_client_connection_new(backend->config, in cr_init_backend()
532 connssl->peer.hostname, &rconn); in cr_init_backend()
540 backend->conn = rconn; in cr_init_backend()
560 * For the non-blocking I/O case, this function will set `*done` to true
570 struct ssl_connect_data *const connssl = cf->ctx; in cr_connect_common()
573 (struct rustls_ssl_backend_data *)connssl->backend; in cr_connect_common()
587 CURL_TRC_CF(data, cf, "cr_connect_common, state=%d", connssl->state); in cr_connect_common()
589 if(!backend->conn) { in cr_connect_common()
591 (struct rustls_ssl_backend_data *)connssl->backend); in cr_connect_common()
592 CURL_TRC_CF(data, cf, "cr_connect_common, init backend -> %d", result); in cr_connect_common()
596 connssl->state = ssl_connection_negotiating; in cr_connect_common()
599 rconn = backend->conn; in cr_connect_common()
604 * Connection has been established according to rustls. Set send/recv in cr_connect_common()
609 /* rustls claims it is no longer handshaking *before* it has in cr_connect_common()
616 connssl->connecting_state = ssl_connect_2_writing; in cr_connect_common()
623 connssl->state = ssl_connection_complete; in cr_connect_common()
630 backend->plain_out_buffered; in cr_connect_common()
635 connssl->connecting_state = wants_write? in cr_connect_common()
642 failf(data, "rustls: operation timed out before socket check"); in cr_connect_common()
656 failf(data, "rustls connection timeout after %" in cr_connect_common()
721 (struct rustls_ssl_backend_data *)connssl->backend; in cr_get_internals()
723 return &backend->conn; in cr_get_internals()
729 struct ssl_connect_data *connssl = cf->ctx; in cr_close()
731 (struct rustls_ssl_backend_data *)connssl->backend; in cr_close()
736 if(backend->conn && !connssl->peer_closed) { in cr_close()
738 rustls_connection_send_close_notify(backend->conn); in cr_close()
741 failf(data, "rustls: error sending close_notify: %d", tmperr); in cr_close()
744 rustls_connection_free(backend->conn); in cr_close()
745 backend->conn = NULL; in cr_close()
747 if(backend->config) { in cr_close()
748 rustls_client_config_free(backend->config); in cr_close()
749 backend->config = NULL; in cr_close()
760 { CURLSSLBACKEND_RUSTLS, "rustls" },
767 cr_version, /* version */