Lines Matching +full:- +full:- +full:with +full:- +full:wolfssl
21 * SPDX-License-Identifier: curl
41 #include <wolfssl/options.h>
42 #include <wolfssl/ssl.h>
43 #include <wolfssl/quic.h>
44 #include "vtls/wolfssl.h"
54 #include "vquic-tls.h"
70 #define QUIC_GROUPS "P-256:P-384:P-521"
73 static void keylog_callback(const WOLFSSL *ssl, const char *line) in keylog_callback()
95 ctx->wssl.ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); in wssl_init_ctx()
96 if(!ctx->wssl.ctx) { in wssl_init_ctx()
107 wolfSSL_CTX_set_default_verify_paths(ctx->wssl.ctx); in wssl_init_ctx()
109 if(wolfSSL_CTX_set_cipher_list(ctx->wssl.ctx, conn_config->cipher_list13 ? in wssl_init_ctx()
110 conn_config->cipher_list13 : in wssl_init_ctx()
114 failf(data, "wolfSSL failed to set ciphers: %s", error_buffer); in wssl_init_ctx()
119 if(wolfSSL_CTX_set1_groups_list(ctx->wssl.ctx, conn_config->curves ? in wssl_init_ctx()
120 conn_config->curves : in wssl_init_ctx()
122 failf(data, "wolfSSL failed to set curves"); in wssl_init_ctx()
131 wolfSSL_CTX_set_keylog_callback(ctx->wssl.ctx, keylog_callback); in wssl_init_ctx()
133 failf(data, "wolfSSL was built without keylog callback"); in wssl_init_ctx()
139 if(conn_config->verifypeer) { in wssl_init_ctx()
140 const char * const ssl_cafile = conn_config->CAfile; in wssl_init_ctx()
141 const char * const ssl_capath = conn_config->CApath; in wssl_init_ctx()
143 wolfSSL_CTX_set_verify(ctx->wssl.ctx, SSL_VERIFY_PEER, NULL); in wssl_init_ctx()
145 /* tell wolfSSL where to find CA certificates that are used to verify in wssl_init_ctx()
148 wolfSSL_CTX_load_verify_locations_ex(ctx->wssl.ctx, ssl_cafile, in wssl_init_ctx()
166 use wolfSSL's built-in default as fallback */ in wssl_init_ctx()
167 wolfSSL_CTX_set_default_verify_paths(ctx->wssl.ctx); in wssl_init_ctx()
172 wolfSSL_CTX_set_verify(ctx->wssl.ctx, SSL_VERIFY_NONE, NULL); in wssl_init_ctx()
175 /* give application a chance to interfere with SSL set up. */ in wssl_init_ctx()
176 if(data->set.ssl.fsslctx) { in wssl_init_ctx()
178 result = (*data->set.ssl.fsslctx)(data, ctx->wssl.ctx, in wssl_init_ctx()
179 data->set.ssl.fsslctxp); in wssl_init_ctx()
189 if(result && ctx->wssl.ctx) { in wssl_init_ctx()
190 SSL_CTX_free(ctx->wssl.ctx); in wssl_init_ctx()
191 ctx->wssl.ctx = NULL; in wssl_init_ctx()
207 DEBUGASSERT(!ctx->wssl.handle); in wssl_init_ssl()
208 DEBUGASSERT(ctx->wssl.ctx); in wssl_init_ssl()
209 ctx->wssl.handle = wolfSSL_new(ctx->wssl.ctx); in wssl_init_ssl()
211 wolfSSL_set_app_data(ctx->wssl.handle, user_data); in wssl_init_ssl()
212 wolfSSL_set_connect_state(ctx->wssl.handle); in wssl_init_ssl()
213 wolfSSL_set_quic_use_legacy_codepoint(ctx->wssl.handle, 0); in wssl_init_ssl()
216 wolfSSL_set_alpn_protos(ctx->wssl.handle, (const unsigned char *)alpn, in wssl_init_ssl()
219 if(peer->sni) { in wssl_init_ssl()
220 wolfSSL_UseSNI(ctx->wssl.handle, WOLFSSL_SNI_HOST_NAME, in wssl_init_ssl()
221 peer->sni, (unsigned short)strlen(peer->sni)); in wssl_init_ssl()
224 if(ssl_config->primary.cache_session) { in wssl_init_ssl()
225 (void)Curl_wssl_setup_session(cf, data, &ctx->wssl, peer->scache_key); in wssl_init_ssl()
261 return Curl_ossl_ctx_init(&ctx->ossl, cf, data, peer, in Curl_vquic_tls_init()
265 return Curl_gtls_ctx_init(&ctx->gtls, cf, data, peer, in Curl_vquic_tls_init()
285 if(ctx->ossl.ssl) in Curl_vquic_tls_cleanup()
286 SSL_free(ctx->ossl.ssl); in Curl_vquic_tls_cleanup()
287 if(ctx->ossl.ssl_ctx) in Curl_vquic_tls_cleanup()
288 SSL_CTX_free(ctx->ossl.ssl_ctx); in Curl_vquic_tls_cleanup()
290 if(ctx->gtls.session) in Curl_vquic_tls_cleanup()
291 gnutls_deinit(ctx->gtls.session); in Curl_vquic_tls_cleanup()
292 Curl_gtls_shared_creds_free(&ctx->gtls.shared_creds); in Curl_vquic_tls_cleanup()
294 if(ctx->wssl.handle) in Curl_vquic_tls_cleanup()
295 wolfSSL_free(ctx->wssl.handle); in Curl_vquic_tls_cleanup()
296 if(ctx->wssl.ctx) in Curl_vquic_tls_cleanup()
297 wolfSSL_CTX_free(ctx->wssl.ctx); in Curl_vquic_tls_cleanup()
307 if(!ctx->ossl.x509_store_setup) { in Curl_vquic_tls_before_recv()
308 CURLcode result = Curl_ssl_setup_x509_store(cf, data, ctx->ossl.ssl_ctx); in Curl_vquic_tls_before_recv()
311 ctx->ossl.x509_store_setup = TRUE; in Curl_vquic_tls_before_recv()
314 if(!ctx->wssl.x509_store_setup) { in Curl_vquic_tls_before_recv()
315 CURLcode result = Curl_wssl_setup_x509_store(cf, data, &ctx->wssl); in Curl_vquic_tls_before_recv()
320 if(!ctx->gtls.shared_creds->trust_setup) { in Curl_vquic_tls_before_recv()
321 CURLcode result = Curl_gtls_client_trust_setup(cf, data, &ctx->gtls); in Curl_vquic_tls_before_recv()
345 result = Curl_oss_check_peer_cert(cf, data, &ctx->ossl, peer); in Curl_vquic_tls_verify_peer()
347 if(conn_config->verifyhost) { in Curl_vquic_tls_verify_peer()
348 result = Curl_gtls_verifyserver(data, ctx->gtls.session, in Curl_vquic_tls_verify_peer()
349 conn_config, &data->set.ssl, peer, in Curl_vquic_tls_verify_peer()
350 data->set.str[STRING_SSL_PINNEDPUBLICKEY]); in Curl_vquic_tls_verify_peer()
356 if(conn_config->verifyhost) { in Curl_vquic_tls_verify_peer()
357 if(peer->sni) { in Curl_vquic_tls_verify_peer()
358 WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->wssl.handle); in Curl_vquic_tls_verify_peer()
359 if(wolfSSL_X509_check_host(cert, peer->sni, strlen(peer->sni), 0, NULL) in Curl_vquic_tls_verify_peer()
370 Curl_ssl_scache_remove_all(cf, data, peer->scache_key); in Curl_vquic_tls_verify_peer()