• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
9  * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
10  *
11  * This software is licensed as described in the file COPYING, which
12  * you should have received as part of this distribution. The terms
13  * are also available at https://curl.haxx.se/docs/copyright.html.
14  *
15  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16  * copies of the Software, and permit persons to whom the Software is
17  * furnished to do so, under the terms of the COPYING file.
18  *
19  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20  * KIND, either express or implied.
21  *
22  ***************************************************************************/
23 
24 /*
25  * Source file for all iOS and Mac OS X SecureTransport-specific code for the
26  * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
27  */
28 
29 #include "curl_setup.h"
30 
31 #include "urldata.h" /* for the Curl_easy definition */
32 #include "curl_base64.h"
33 #include "strtok.h"
34 
35 #ifdef USE_DARWINSSL
36 
37 #ifdef HAVE_LIMITS_H
38 #include <limits.h>
39 #endif
40 
41 #include <Security/Security.h>
42 #include <Security/SecureTransport.h>
43 #include <CoreFoundation/CoreFoundation.h>
44 #include <CommonCrypto/CommonDigest.h>
45 
46 /* The Security framework has changed greatly between iOS and different OS X
47    versions, and we will try to support as many of them as we can (back to
48    Leopard and iOS 5) by using macros and weak-linking.
49 
50    IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then
51    you must build this project against the 10.8 SDK or later. */
52 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
53 
54 #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
55 #error "The darwinssl back-end requires Leopard or later."
56 #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
57 
58 #define CURL_BUILD_IOS 0
59 #define CURL_BUILD_IOS_7 0
60 #define CURL_BUILD_MAC 1
61 /* This is the maximum API level we are allowed to use when building: */
62 #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
63 #define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
64 #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
65 #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
66 #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
67 /* These macros mean "the following code is present to allow runtime backward
68    compatibility with at least this cat or earlier":
69    (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET
70    environmental variable.) */
71 #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
72 #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
73 #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
74 #define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
75 #define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
76 
77 #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
78 #define CURL_BUILD_IOS 1
79 #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
80 #define CURL_BUILD_MAC 0
81 #define CURL_BUILD_MAC_10_5 0
82 #define CURL_BUILD_MAC_10_6 0
83 #define CURL_BUILD_MAC_10_7 0
84 #define CURL_BUILD_MAC_10_8 0
85 #define CURL_SUPPORT_MAC_10_5 0
86 #define CURL_SUPPORT_MAC_10_6 0
87 #define CURL_SUPPORT_MAC_10_7 0
88 #define CURL_SUPPORT_MAC_10_8 0
89 #define CURL_SUPPORT_MAC_10_9 0
90 
91 #else
92 #error "The darwinssl back-end requires iOS or OS X."
93 #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
94 
95 #if CURL_BUILD_MAC
96 #include <sys/sysctl.h>
97 #endif /* CURL_BUILD_MAC */
98 
99 #include "urldata.h"
100 #include "sendf.h"
101 #include "inet_pton.h"
102 #include "connect.h"
103 #include "select.h"
104 #include "vtls.h"
105 #include "darwinssl.h"
106 #include "curl_printf.h"
107 
108 #include "curl_memory.h"
109 /* The last #include file should be: */
110 #include "memdebug.h"
111 
112 /* From MacTypes.h (which we can't include because it isn't present in iOS: */
113 #define ioErr -36
114 #define paramErr -50
115 
116 /* The following two functions were ripped from Apple sample code,
117  * with some modifications: */
SocketRead(SSLConnectionRef connection,void * data,size_t * dataLength)118 static OSStatus SocketRead(SSLConnectionRef connection,
119                            void *data,          /* owned by
120                                                  * caller, data
121                                                  * RETURNED */
122                            size_t *dataLength)  /* IN/OUT */
123 {
124   size_t bytesToGo = *dataLength;
125   size_t initLen = bytesToGo;
126   UInt8 *currData = (UInt8 *)data;
127   /*int sock = *(int *)connection;*/
128   struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
129   int sock = connssl->ssl_sockfd;
130   OSStatus rtn = noErr;
131   size_t bytesRead;
132   ssize_t rrtn;
133   int theErr;
134 
135   *dataLength = 0;
136 
137   for(;;) {
138     bytesRead = 0;
139     rrtn = read(sock, currData, bytesToGo);
140     if(rrtn <= 0) {
141       /* this is guesswork... */
142       theErr = errno;
143       if(rrtn == 0) { /* EOF = server hung up */
144         /* the framework will turn this into errSSLClosedNoNotify */
145         rtn = errSSLClosedGraceful;
146       }
147       else /* do the switch */
148         switch(theErr) {
149           case ENOENT:
150             /* connection closed */
151             rtn = errSSLClosedGraceful;
152             break;
153           case ECONNRESET:
154             rtn = errSSLClosedAbort;
155             break;
156           case EAGAIN:
157             rtn = errSSLWouldBlock;
158             connssl->ssl_direction = false;
159             break;
160           default:
161             rtn = ioErr;
162             break;
163         }
164       break;
165     }
166     else {
167       bytesRead = rrtn;
168     }
169     bytesToGo -= bytesRead;
170     currData  += bytesRead;
171 
172     if(bytesToGo == 0) {
173       /* filled buffer with incoming data, done */
174       break;
175     }
176   }
177   *dataLength = initLen - bytesToGo;
178 
179   return rtn;
180 }
181 
SocketWrite(SSLConnectionRef connection,const void * data,size_t * dataLength)182 static OSStatus SocketWrite(SSLConnectionRef connection,
183                             const void *data,
184                             size_t *dataLength)  /* IN/OUT */
185 {
186   size_t bytesSent = 0;
187   /*int sock = *(int *)connection;*/
188   struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
189   int sock = connssl->ssl_sockfd;
190   ssize_t length;
191   size_t dataLen = *dataLength;
192   const UInt8 *dataPtr = (UInt8 *)data;
193   OSStatus ortn;
194   int theErr;
195 
196   *dataLength = 0;
197 
198   do {
199     length = write(sock,
200                    (char *)dataPtr + bytesSent,
201                    dataLen - bytesSent);
202   } while((length > 0) &&
203            ( (bytesSent += length) < dataLen) );
204 
205   if(length <= 0) {
206     theErr = errno;
207     if(theErr == EAGAIN) {
208       ortn = errSSLWouldBlock;
209       connssl->ssl_direction = true;
210     }
211     else {
212       ortn = ioErr;
213     }
214   }
215   else {
216     ortn = noErr;
217   }
218   *dataLength = bytesSent;
219   return ortn;
220 }
221 
SSLCipherNameForNumber(SSLCipherSuite cipher)222 CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
223 {
224   switch (cipher) {
225     /* SSL version 3.0 */
226     case SSL_RSA_WITH_NULL_MD5:
227       return "SSL_RSA_WITH_NULL_MD5";
228       break;
229     case SSL_RSA_WITH_NULL_SHA:
230       return "SSL_RSA_WITH_NULL_SHA";
231       break;
232     case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
233       return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
234       break;
235     case SSL_RSA_WITH_RC4_128_MD5:
236       return "SSL_RSA_WITH_RC4_128_MD5";
237       break;
238     case SSL_RSA_WITH_RC4_128_SHA:
239       return "SSL_RSA_WITH_RC4_128_SHA";
240       break;
241     case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
242       return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
243       break;
244     case SSL_RSA_WITH_IDEA_CBC_SHA:
245       return "SSL_RSA_WITH_IDEA_CBC_SHA";
246       break;
247     case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
248       return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
249       break;
250     case SSL_RSA_WITH_DES_CBC_SHA:
251       return "SSL_RSA_WITH_DES_CBC_SHA";
252       break;
253     case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
254       return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
255       break;
256     case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
257       return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
258       break;
259     case SSL_DH_DSS_WITH_DES_CBC_SHA:
260       return "SSL_DH_DSS_WITH_DES_CBC_SHA";
261       break;
262     case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
263       return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
264       break;
265     case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
266       return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
267       break;
268     case SSL_DH_RSA_WITH_DES_CBC_SHA:
269       return "SSL_DH_RSA_WITH_DES_CBC_SHA";
270       break;
271     case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
272       return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
273       break;
274     case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
275       return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
276       break;
277     case SSL_DHE_DSS_WITH_DES_CBC_SHA:
278       return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
279       break;
280     case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
281       return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
282       break;
283     case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
284       return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
285       break;
286     case SSL_DHE_RSA_WITH_DES_CBC_SHA:
287       return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
288       break;
289     case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
290       return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
291       break;
292     case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
293       return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
294       break;
295     case SSL_DH_anon_WITH_RC4_128_MD5:
296       return "SSL_DH_anon_WITH_RC4_128_MD5";
297       break;
298     case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
299       return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
300       break;
301     case SSL_DH_anon_WITH_DES_CBC_SHA:
302       return "SSL_DH_anon_WITH_DES_CBC_SHA";
303       break;
304     case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
305       return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
306       break;
307     case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
308       return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
309       break;
310     case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
311       return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
312       break;
313     /* TLS 1.0 with AES (RFC 3268)
314        (Apparently these are used in SSLv3 implementations as well.) */
315     case TLS_RSA_WITH_AES_128_CBC_SHA:
316       return "TLS_RSA_WITH_AES_128_CBC_SHA";
317       break;
318     case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
319       return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
320       break;
321     case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
322       return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
323       break;
324     case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
325       return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
326       break;
327     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
328       return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
329       break;
330     case TLS_DH_anon_WITH_AES_128_CBC_SHA:
331       return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
332       break;
333     case TLS_RSA_WITH_AES_256_CBC_SHA:
334       return "TLS_RSA_WITH_AES_256_CBC_SHA";
335       break;
336     case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
337       return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
338       break;
339     case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
340       return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
341       break;
342     case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
343       return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
344       break;
345     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
346       return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
347       break;
348     case TLS_DH_anon_WITH_AES_256_CBC_SHA:
349       return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
350       break;
351     /* SSL version 2.0 */
352     case SSL_RSA_WITH_RC2_CBC_MD5:
353       return "SSL_RSA_WITH_RC2_CBC_MD5";
354       break;
355     case SSL_RSA_WITH_IDEA_CBC_MD5:
356       return "SSL_RSA_WITH_IDEA_CBC_MD5";
357       break;
358     case SSL_RSA_WITH_DES_CBC_MD5:
359       return "SSL_RSA_WITH_DES_CBC_MD5";
360       break;
361     case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
362       return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
363       break;
364   }
365   return "SSL_NULL_WITH_NULL_NULL";
366 }
367 
TLSCipherNameForNumber(SSLCipherSuite cipher)368 CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
369 {
370   switch(cipher) {
371     /* TLS 1.0 with AES (RFC 3268) */
372     case TLS_RSA_WITH_AES_128_CBC_SHA:
373       return "TLS_RSA_WITH_AES_128_CBC_SHA";
374       break;
375     case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
376       return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
377       break;
378     case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
379       return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
380       break;
381     case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
382       return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
383       break;
384     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
385       return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
386       break;
387     case TLS_DH_anon_WITH_AES_128_CBC_SHA:
388       return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
389       break;
390     case TLS_RSA_WITH_AES_256_CBC_SHA:
391       return "TLS_RSA_WITH_AES_256_CBC_SHA";
392       break;
393     case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
394       return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
395       break;
396     case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
397       return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
398       break;
399     case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
400       return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
401       break;
402     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
403       return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
404       break;
405     case TLS_DH_anon_WITH_AES_256_CBC_SHA:
406       return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
407       break;
408 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
409     /* TLS 1.0 with ECDSA (RFC 4492) */
410     case TLS_ECDH_ECDSA_WITH_NULL_SHA:
411       return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
412       break;
413     case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
414       return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
415       break;
416     case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
417       return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
418       break;
419     case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
420       return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
421       break;
422     case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
423       return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
424       break;
425     case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
426       return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
427       break;
428     case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
429       return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
430       break;
431     case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
432       return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
433       break;
434     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
435       return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
436       break;
437     case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
438       return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
439       break;
440     case TLS_ECDH_RSA_WITH_NULL_SHA:
441       return "TLS_ECDH_RSA_WITH_NULL_SHA";
442       break;
443     case TLS_ECDH_RSA_WITH_RC4_128_SHA:
444       return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
445       break;
446     case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
447       return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
448       break;
449     case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
450       return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
451       break;
452     case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
453       return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
454       break;
455     case TLS_ECDHE_RSA_WITH_NULL_SHA:
456       return "TLS_ECDHE_RSA_WITH_NULL_SHA";
457       break;
458     case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
459       return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
460       break;
461     case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
462       return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
463       break;
464     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
465       return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
466       break;
467     case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
468       return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
469       break;
470     case TLS_ECDH_anon_WITH_NULL_SHA:
471       return "TLS_ECDH_anon_WITH_NULL_SHA";
472       break;
473     case TLS_ECDH_anon_WITH_RC4_128_SHA:
474       return "TLS_ECDH_anon_WITH_RC4_128_SHA";
475       break;
476     case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
477       return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
478       break;
479     case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
480       return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
481       break;
482     case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
483       return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
484       break;
485 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
486 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
487     /* TLS 1.2 (RFC 5246) */
488     case TLS_RSA_WITH_NULL_MD5:
489       return "TLS_RSA_WITH_NULL_MD5";
490       break;
491     case TLS_RSA_WITH_NULL_SHA:
492       return "TLS_RSA_WITH_NULL_SHA";
493       break;
494     case TLS_RSA_WITH_RC4_128_MD5:
495       return "TLS_RSA_WITH_RC4_128_MD5";
496       break;
497     case TLS_RSA_WITH_RC4_128_SHA:
498       return "TLS_RSA_WITH_RC4_128_SHA";
499       break;
500     case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
501       return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
502       break;
503     case TLS_RSA_WITH_NULL_SHA256:
504       return "TLS_RSA_WITH_NULL_SHA256";
505       break;
506     case TLS_RSA_WITH_AES_128_CBC_SHA256:
507       return "TLS_RSA_WITH_AES_128_CBC_SHA256";
508       break;
509     case TLS_RSA_WITH_AES_256_CBC_SHA256:
510       return "TLS_RSA_WITH_AES_256_CBC_SHA256";
511       break;
512     case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
513       return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
514       break;
515     case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
516       return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
517       break;
518     case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
519       return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
520       break;
521     case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
522       return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
523       break;
524     case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
525       return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
526       break;
527     case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
528       return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
529       break;
530     case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
531       return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
532       break;
533     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
534       return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
535       break;
536     case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
537       return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
538       break;
539     case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
540       return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
541       break;
542     case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
543       return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
544       break;
545     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
546       return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
547       break;
548     case TLS_DH_anon_WITH_RC4_128_MD5:
549       return "TLS_DH_anon_WITH_RC4_128_MD5";
550       break;
551     case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
552       return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
553       break;
554     case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
555       return "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
556       break;
557     case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
558       return "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
559       break;
560     /* TLS 1.2 with AES GCM (RFC 5288) */
561     case TLS_RSA_WITH_AES_128_GCM_SHA256:
562       return "TLS_RSA_WITH_AES_128_GCM_SHA256";
563       break;
564     case TLS_RSA_WITH_AES_256_GCM_SHA384:
565       return "TLS_RSA_WITH_AES_256_GCM_SHA384";
566       break;
567     case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
568       return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
569       break;
570     case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
571       return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
572       break;
573     case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
574       return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
575       break;
576     case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
577       return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
578       break;
579     case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
580       return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
581       break;
582     case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
583       return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
584       break;
585     case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
586       return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
587       break;
588     case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
589       return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
590       break;
591     case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
592       return "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
593       break;
594     case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
595       return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
596       break;
597     /* TLS 1.2 with elliptic curve ciphers (RFC 5289) */
598     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
599       return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
600       break;
601     case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
602       return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
603       break;
604     case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
605       return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
606       break;
607     case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
608       return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
609       break;
610     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
611       return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
612       break;
613     case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
614       return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
615       break;
616     case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
617       return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
618       break;
619     case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
620       return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
621       break;
622     case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
623       return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
624       break;
625     case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
626       return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
627       break;
628     case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
629       return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
630       break;
631     case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
632       return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
633       break;
634     case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
635       return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
636       break;
637     case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
638       return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
639       break;
640     case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
641       return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
642       break;
643     case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
644       return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
645       break;
646     case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
647       return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
648       break;
649 #else
650     case SSL_RSA_WITH_NULL_MD5:
651       return "TLS_RSA_WITH_NULL_MD5";
652       break;
653     case SSL_RSA_WITH_NULL_SHA:
654       return "TLS_RSA_WITH_NULL_SHA";
655       break;
656     case SSL_RSA_WITH_RC4_128_MD5:
657       return "TLS_RSA_WITH_RC4_128_MD5";
658       break;
659     case SSL_RSA_WITH_RC4_128_SHA:
660       return "TLS_RSA_WITH_RC4_128_SHA";
661       break;
662     case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
663       return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
664       break;
665     case SSL_DH_anon_WITH_RC4_128_MD5:
666       return "TLS_DH_anon_WITH_RC4_128_MD5";
667       break;
668     case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
669       return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
670       break;
671 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
672 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
673     /* TLS PSK (RFC 4279): */
674     case TLS_PSK_WITH_RC4_128_SHA:
675       return "TLS_PSK_WITH_RC4_128_SHA";
676       break;
677     case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
678       return "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
679       break;
680     case TLS_PSK_WITH_AES_128_CBC_SHA:
681       return "TLS_PSK_WITH_AES_128_CBC_SHA";
682       break;
683     case TLS_PSK_WITH_AES_256_CBC_SHA:
684       return "TLS_PSK_WITH_AES_256_CBC_SHA";
685       break;
686     case TLS_DHE_PSK_WITH_RC4_128_SHA:
687       return "TLS_DHE_PSK_WITH_RC4_128_SHA";
688       break;
689     case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
690       return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
691       break;
692     case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
693       return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
694       break;
695     case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
696       return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
697       break;
698     case TLS_RSA_PSK_WITH_RC4_128_SHA:
699       return "TLS_RSA_PSK_WITH_RC4_128_SHA";
700       break;
701     case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
702       return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
703       break;
704     case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
705       return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
706       break;
707     case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
708       return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
709       break;
710     /* More TLS PSK (RFC 4785): */
711     case TLS_PSK_WITH_NULL_SHA:
712       return "TLS_PSK_WITH_NULL_SHA";
713       break;
714     case TLS_DHE_PSK_WITH_NULL_SHA:
715       return "TLS_DHE_PSK_WITH_NULL_SHA";
716       break;
717     case TLS_RSA_PSK_WITH_NULL_SHA:
718       return "TLS_RSA_PSK_WITH_NULL_SHA";
719       break;
720     /* Even more TLS PSK (RFC 5487): */
721     case TLS_PSK_WITH_AES_128_GCM_SHA256:
722       return "TLS_PSK_WITH_AES_128_GCM_SHA256";
723       break;
724     case TLS_PSK_WITH_AES_256_GCM_SHA384:
725       return "TLS_PSK_WITH_AES_256_GCM_SHA384";
726       break;
727     case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
728       return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
729       break;
730     case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
731       return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
732       break;
733     case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
734       return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
735       break;
736     case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
737       return "TLS_PSK_WITH_AES_256_GCM_SHA384";
738       break;
739     case TLS_PSK_WITH_AES_128_CBC_SHA256:
740       return "TLS_PSK_WITH_AES_128_CBC_SHA256";
741       break;
742     case TLS_PSK_WITH_AES_256_CBC_SHA384:
743       return "TLS_PSK_WITH_AES_256_CBC_SHA384";
744       break;
745     case TLS_PSK_WITH_NULL_SHA256:
746       return "TLS_PSK_WITH_NULL_SHA256";
747       break;
748     case TLS_PSK_WITH_NULL_SHA384:
749       return "TLS_PSK_WITH_NULL_SHA384";
750       break;
751     case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
752       return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
753       break;
754     case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
755       return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
756       break;
757     case TLS_DHE_PSK_WITH_NULL_SHA256:
758       return "TLS_DHE_PSK_WITH_NULL_SHA256";
759       break;
760     case TLS_DHE_PSK_WITH_NULL_SHA384:
761       return "TLS_RSA_PSK_WITH_NULL_SHA384";
762       break;
763     case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
764       return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
765       break;
766     case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
767       return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
768       break;
769     case TLS_RSA_PSK_WITH_NULL_SHA256:
770       return "TLS_RSA_PSK_WITH_NULL_SHA256";
771       break;
772     case TLS_RSA_PSK_WITH_NULL_SHA384:
773       return "TLS_RSA_PSK_WITH_NULL_SHA384";
774       break;
775 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
776   }
777   return "TLS_NULL_WITH_NULL_NULL";
778 }
779 
780 #if CURL_BUILD_MAC
GetDarwinVersionNumber(int * major,int * minor)781 CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
782 {
783   int mib[2];
784   char *os_version;
785   size_t os_version_len;
786   char *os_version_major, *os_version_minor;
787   char *tok_buf;
788 
789   /* Get the Darwin kernel version from the kernel using sysctl(): */
790   mib[0] = CTL_KERN;
791   mib[1] = KERN_OSRELEASE;
792   if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
793     return;
794   os_version = malloc(os_version_len*sizeof(char));
795   if(!os_version)
796     return;
797   if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
798     free(os_version);
799     return;
800   }
801 
802   /* Parse the version: */
803   os_version_major = strtok_r(os_version, ".", &tok_buf);
804   os_version_minor = strtok_r(NULL, ".", &tok_buf);
805   *major = atoi(os_version_major);
806   *minor = atoi(os_version_minor);
807   free(os_version);
808 }
809 #endif /* CURL_BUILD_MAC */
810 
811 /* Apple provides a myriad of ways of getting information about a certificate
812    into a string. Some aren't available under iOS or newer cats. So here's
813    a unified function for getting a string describing the certificate that
814    ought to work in all cats starting with Leopard. */
CopyCertSubject(SecCertificateRef cert)815 CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
816 {
817   CFStringRef server_cert_summary = CFSTR("(null)");
818 
819 #if CURL_BUILD_IOS
820   /* iOS: There's only one way to do this. */
821   server_cert_summary = SecCertificateCopySubjectSummary(cert);
822 #else
823 #if CURL_BUILD_MAC_10_7
824   /* Lion & later: Get the long description if we can. */
825   if(SecCertificateCopyLongDescription != NULL)
826     server_cert_summary =
827       SecCertificateCopyLongDescription(NULL, cert, NULL);
828   else
829 #endif /* CURL_BUILD_MAC_10_7 */
830 #if CURL_BUILD_MAC_10_6
831   /* Snow Leopard: Get the certificate summary. */
832   if(SecCertificateCopySubjectSummary != NULL)
833     server_cert_summary = SecCertificateCopySubjectSummary(cert);
834   else
835 #endif /* CURL_BUILD_MAC_10_6 */
836   /* Leopard is as far back as we go... */
837   (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
838 #endif /* CURL_BUILD_IOS */
839   return server_cert_summary;
840 }
841 
842 #if CURL_SUPPORT_MAC_10_6
843 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise
844    deprecation warnings, so let's not compile this unless it's necessary: */
CopyIdentityWithLabelOldSchool(char * label,SecIdentityRef * out_c_a_k)845 static OSStatus CopyIdentityWithLabelOldSchool(char *label,
846                                                SecIdentityRef *out_c_a_k)
847 {
848   OSStatus status = errSecItemNotFound;
849   SecKeychainAttributeList attr_list;
850   SecKeychainAttribute attr;
851   SecKeychainSearchRef search = NULL;
852   SecCertificateRef cert = NULL;
853 
854   /* Set up the attribute list: */
855   attr_list.count = 1L;
856   attr_list.attr = &attr;
857 
858   /* Set up our lone search criterion: */
859   attr.tag = kSecLabelItemAttr;
860   attr.data = label;
861   attr.length = (UInt32)strlen(label);
862 
863   /* Start searching: */
864   status = SecKeychainSearchCreateFromAttributes(NULL,
865                                                  kSecCertificateItemClass,
866                                                  &attr_list,
867                                                  &search);
868   if(status == noErr) {
869     status = SecKeychainSearchCopyNext(search,
870                                        (SecKeychainItemRef *)&cert);
871     if(status == noErr && cert) {
872       /* If we found a certificate, does it have a private key? */
873       status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
874       CFRelease(cert);
875     }
876   }
877 
878   if(search)
879     CFRelease(search);
880   return status;
881 }
882 #endif /* CURL_SUPPORT_MAC_10_6 */
883 
CopyIdentityWithLabel(char * label,SecIdentityRef * out_cert_and_key)884 static OSStatus CopyIdentityWithLabel(char *label,
885                                       SecIdentityRef *out_cert_and_key)
886 {
887   OSStatus status = errSecItemNotFound;
888   CFArrayRef keys_list;
889   CFIndex keys_list_count;
890   CFIndex i;
891   CFStringRef common_name;
892 
893 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
894   /* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
895      kSecClassIdentity was introduced in Lion. If both exist, let's use them
896      to find the certificate. */
897   if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
898     CFTypeRef keys[5];
899     CFTypeRef values[5];
900     CFDictionaryRef query_dict;
901     CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
902       kCFStringEncodingUTF8);
903 
904     /* Set up our search criteria and expected results: */
905     values[0] = kSecClassIdentity; /* we want a certificate and a key */
906     keys[0] = kSecClass;
907     values[1] = kCFBooleanTrue;    /* we want a reference */
908     keys[1] = kSecReturnRef;
909     values[2] = kSecMatchLimitAll; /* kSecMatchLimitOne would be better if the
910                                     * label matching below worked correctly */
911     keys[2] = kSecMatchLimit;
912     /* identity searches need a SecPolicyRef in order to work */
913     values[3] = SecPolicyCreateSSL(false, NULL);
914     keys[3] = kSecMatchPolicy;
915     /* match the name of the certificate (doesn't work in macOS 10.12.1) */
916     values[4] = label_cf;
917     keys[4] = kSecAttrLabel;
918     query_dict = CFDictionaryCreate(NULL, (const void **)keys,
919                                     (const void **)values, 5L,
920                                     &kCFCopyStringDictionaryKeyCallBacks,
921                                     &kCFTypeDictionaryValueCallBacks);
922     CFRelease(values[3]);
923 
924     /* Do we have a match? */
925     status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list);
926 
927     /* Because kSecAttrLabel matching doesn't work with kSecClassIdentity,
928      * we need to find the correct identity ourselves */
929     if(status == noErr) {
930       keys_list_count = CFArrayGetCount(keys_list);
931       *out_cert_and_key = NULL;
932       for(i=0; i<keys_list_count; i++) {
933         OSStatus err = noErr;
934         SecCertificateRef cert = NULL;
935         *out_cert_and_key =
936           (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
937         err = SecIdentityCopyCertificate(*out_cert_and_key, &cert);
938         if(err == noErr) {
939           SecCertificateCopyCommonName(cert, &common_name);
940           if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
941             CFRelease(cert);
942             CFRelease(common_name);
943             status = noErr;
944             break;
945           }
946           CFRelease(common_name);
947         }
948         *out_cert_and_key = NULL;
949         status = 1;
950         CFRelease(cert);
951       }
952     }
953 
954     CFRelease(query_dict);
955     CFRelease(label_cf);
956   }
957   else {
958 #if CURL_SUPPORT_MAC_10_6
959     /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
960     status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
961 #endif /* CURL_SUPPORT_MAC_10_6 */
962   }
963 #elif CURL_SUPPORT_MAC_10_6
964   /* For developers building on older cats, we have no choice but to fall back
965      to SecKeychainSearch. */
966   status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
967 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
968   return status;
969 }
970 
CopyIdentityFromPKCS12File(const char * cPath,const char * cPassword,SecIdentityRef * out_cert_and_key)971 static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
972                                            const char *cPassword,
973                                            SecIdentityRef *out_cert_and_key)
974 {
975   OSStatus status = errSecItemNotFound;
976   CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL,
977     (const UInt8 *)cPath, strlen(cPath), false);
978   CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
979     cPassword, kCFStringEncodingUTF8) : NULL;
980   CFDataRef pkcs_data = NULL;
981 
982   /* We can import P12 files on iOS or OS X 10.7 or later: */
983   /* These constants are documented as having first appeared in 10.6 but they
984      raise linker errors when used on that cat for some reason. */
985 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
986   if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
987     NULL, NULL, &status)) {
988     const void *cKeys[] = {kSecImportExportPassphrase};
989     const void *cValues[] = {password};
990     CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
991       password ? 1L : 0L, NULL, NULL);
992     CFArrayRef items = NULL;
993 
994     /* Here we go: */
995     status = SecPKCS12Import(pkcs_data, options, &items);
996     if(status == errSecSuccess && items && CFArrayGetCount(items)) {
997       CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);
998       const void *temp_identity = CFDictionaryGetValue(identity_and_trust,
999         kSecImportItemIdentity);
1000 
1001       /* Retain the identity; we don't care about any other data... */
1002       CFRetain(temp_identity);
1003       *out_cert_and_key = (SecIdentityRef)temp_identity;
1004     }
1005 
1006     if(items)
1007       CFRelease(items);
1008     CFRelease(options);
1009     CFRelease(pkcs_data);
1010   }
1011 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
1012   if(password)
1013     CFRelease(password);
1014   CFRelease(pkcs_url);
1015   return status;
1016 }
1017 
1018 /* This code was borrowed from nss.c, with some modifications:
1019  * Determine whether the nickname passed in is a filename that needs to
1020  * be loaded as a PEM or a regular NSS nickname.
1021  *
1022  * returns 1 for a file
1023  * returns 0 for not a file
1024  */
is_file(const char * filename)1025 CF_INLINE bool is_file(const char *filename)
1026 {
1027   struct_stat st;
1028 
1029   if(filename == NULL)
1030     return false;
1031 
1032   if(stat(filename, &st) == 0)
1033     return S_ISREG(st.st_mode);
1034   return false;
1035 }
1036 
darwinssl_connect_step1(struct connectdata * conn,int sockindex)1037 static CURLcode darwinssl_connect_step1(struct connectdata *conn,
1038                                         int sockindex)
1039 {
1040   struct Curl_easy *data = conn->data;
1041   curl_socket_t sockfd = conn->sock[sockindex];
1042   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1043   const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
1044   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
1045   char * const ssl_cert = SSL_SET_OPTION(cert);
1046   const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1047     conn->host.name;
1048   const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
1049 #ifdef ENABLE_IPV6
1050   struct in6_addr addr;
1051 #else
1052   struct in_addr addr;
1053 #endif /* ENABLE_IPV6 */
1054   size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
1055   SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
1056   OSStatus err = noErr;
1057 #if CURL_BUILD_MAC
1058   int darwinver_maj = 0, darwinver_min = 0;
1059 
1060   GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
1061 #endif /* CURL_BUILD_MAC */
1062 
1063 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1064   if(SSLCreateContext != NULL) {  /* use the newer API if avaialble */
1065     if(connssl->ssl_ctx)
1066       CFRelease(connssl->ssl_ctx);
1067     connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
1068     if(!connssl->ssl_ctx) {
1069       failf(data, "SSL: couldn't create a context!");
1070       return CURLE_OUT_OF_MEMORY;
1071     }
1072   }
1073   else {
1074   /* The old ST API does not exist under iOS, so don't compile it: */
1075 #if CURL_SUPPORT_MAC_10_8
1076     if(connssl->ssl_ctx)
1077       (void)SSLDisposeContext(connssl->ssl_ctx);
1078     err = SSLNewContext(false, &(connssl->ssl_ctx));
1079     if(err != noErr) {
1080       failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1081       return CURLE_OUT_OF_MEMORY;
1082     }
1083 #endif /* CURL_SUPPORT_MAC_10_8 */
1084   }
1085 #else
1086   if(connssl->ssl_ctx)
1087     (void)SSLDisposeContext(connssl->ssl_ctx);
1088   err = SSLNewContext(false, &(connssl->ssl_ctx));
1089   if(err != noErr) {
1090     failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1091     return CURLE_OUT_OF_MEMORY;
1092   }
1093 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1094   connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */
1095 
1096   /* check to see if we've been told to use an explicit SSL/TLS version */
1097 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1098   if(SSLSetProtocolVersionMax != NULL) {
1099     switch(conn->ssl_config.version) {
1100     case CURL_SSLVERSION_DEFAULT:
1101     case CURL_SSLVERSION_TLSv1:
1102       (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1103       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1104       break;
1105     case CURL_SSLVERSION_TLSv1_0:
1106       (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1107       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1);
1108       break;
1109     case CURL_SSLVERSION_TLSv1_1:
1110       (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11);
1111       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11);
1112       break;
1113     case CURL_SSLVERSION_TLSv1_2:
1114       (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12);
1115       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1116       break;
1117     case CURL_SSLVERSION_TLSv1_3:
1118       failf(data, "DarwinSSL: TLS 1.3 is not yet supported");
1119       return CURLE_SSL_CONNECT_ERROR;
1120     case CURL_SSLVERSION_SSLv3:
1121       err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
1122       if(err != noErr) {
1123         failf(data, "Your version of the OS does not support SSLv3");
1124         return CURLE_SSL_CONNECT_ERROR;
1125       }
1126       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
1127       break;
1128     case CURL_SSLVERSION_SSLv2:
1129       err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
1130       if(err != noErr) {
1131         failf(data, "Your version of the OS does not support SSLv2");
1132         return CURLE_SSL_CONNECT_ERROR;
1133       }
1134       (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
1135       break;
1136     default:
1137       failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1138       return CURLE_SSL_CONNECT_ERROR;
1139     }
1140   }
1141   else {
1142 #if CURL_SUPPORT_MAC_10_8
1143     (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1144                                        kSSLProtocolAll,
1145                                        false);
1146     switch (conn->ssl_config.version) {
1147     case CURL_SSLVERSION_DEFAULT:
1148     case CURL_SSLVERSION_TLSv1:
1149       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1150                                          kTLSProtocol1,
1151                                          true);
1152       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1153                                          kTLSProtocol11,
1154                                          true);
1155       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1156                                          kTLSProtocol12,
1157                                          true);
1158       break;
1159     case CURL_SSLVERSION_TLSv1_0:
1160       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1161                                          kTLSProtocol1,
1162                                          true);
1163       break;
1164     case CURL_SSLVERSION_TLSv1_1:
1165       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1166                                          kTLSProtocol11,
1167                                          true);
1168       break;
1169     case CURL_SSLVERSION_TLSv1_2:
1170       (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1171                                          kTLSProtocol12,
1172                                          true);
1173       break;
1174     case CURL_SSLVERSION_TLSv1_3:
1175       failf(data, "DarwinSSL: TLS 1.3 is not yet supported");
1176       return CURLE_SSL_CONNECT_ERROR;
1177     case CURL_SSLVERSION_SSLv3:
1178       err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1179                                          kSSLProtocol3,
1180                                          true);
1181       if(err != noErr) {
1182         failf(data, "Your version of the OS does not support SSLv3");
1183         return CURLE_SSL_CONNECT_ERROR;
1184       }
1185       break;
1186     case CURL_SSLVERSION_SSLv2:
1187       err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1188                                          kSSLProtocol2,
1189                                          true);
1190       if(err != noErr) {
1191         failf(data, "Your version of the OS does not support SSLv2");
1192         return CURLE_SSL_CONNECT_ERROR;
1193       }
1194       break;
1195     default:
1196       failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1197       return CURLE_SSL_CONNECT_ERROR;
1198     }
1199 #endif  /* CURL_SUPPORT_MAC_10_8 */
1200   }
1201 #else
1202   (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
1203   switch(conn->ssl_config.version) {
1204   case CURL_SSLVERSION_DEFAULT:
1205   case CURL_SSLVERSION_TLSv1:
1206   case CURL_SSLVERSION_TLSv1_0:
1207     (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1208                                        kTLSProtocol1,
1209                                        true);
1210     break;
1211   case CURL_SSLVERSION_TLSv1_1:
1212     failf(data, "Your version of the OS does not support TLSv1.1");
1213     return CURLE_SSL_CONNECT_ERROR;
1214   case CURL_SSLVERSION_TLSv1_2:
1215     failf(data, "Your version of the OS does not support TLSv1.2");
1216     return CURLE_SSL_CONNECT_ERROR;
1217   case CURL_SSLVERSION_TLSv1_3:
1218     failf(data, "Your version of the OS does not support TLSv1.3");
1219     return CURLE_SSL_CONNECT_ERROR;
1220   case CURL_SSLVERSION_SSLv2:
1221     err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1222                                        kSSLProtocol2,
1223                                        true);
1224     if(err != noErr) {
1225       failf(data, "Your version of the OS does not support SSLv2");
1226       return CURLE_SSL_CONNECT_ERROR;
1227     }
1228     break;
1229   case CURL_SSLVERSION_SSLv3:
1230     err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1231                                        kSSLProtocol3,
1232                                        true);
1233     if(err != noErr) {
1234       failf(data, "Your version of the OS does not support SSLv3");
1235       return CURLE_SSL_CONNECT_ERROR;
1236     }
1237     break;
1238   default:
1239     failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1240     return CURLE_SSL_CONNECT_ERROR;
1241   }
1242 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1243 
1244   if(SSL_SET_OPTION(key)) {
1245     infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
1246           "Transport. The private key must be in the Keychain.\n");
1247   }
1248 
1249   if(ssl_cert) {
1250     SecIdentityRef cert_and_key = NULL;
1251     bool is_cert_file = is_file(ssl_cert);
1252 
1253     /* User wants to authenticate with a client cert. Look for it:
1254        If we detect that this is a file on disk, then let's load it.
1255        Otherwise, assume that the user wants to use an identity loaded
1256        from the Keychain. */
1257     if(is_cert_file) {
1258       if(!SSL_SET_OPTION(cert_type))
1259         infof(data, "WARNING: SSL: Certificate type not set, assuming "
1260                     "PKCS#12 format.\n");
1261       else if(strncmp(SSL_SET_OPTION(cert_type), "P12",
1262         strlen(SSL_SET_OPTION(cert_type))) != 0)
1263         infof(data, "WARNING: SSL: The Security framework only supports "
1264                     "loading identities that are in PKCS#12 format.\n");
1265 
1266       err = CopyIdentityFromPKCS12File(ssl_cert,
1267         SSL_SET_OPTION(key_passwd), &cert_and_key);
1268     }
1269     else
1270       err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
1271 
1272     if(err == noErr) {
1273       SecCertificateRef cert = NULL;
1274       CFTypeRef certs_c[1];
1275       CFArrayRef certs;
1276 
1277       /* If we found one, print it out: */
1278       err = SecIdentityCopyCertificate(cert_and_key, &cert);
1279       if(err == noErr) {
1280         CFStringRef cert_summary = CopyCertSubject(cert);
1281         char cert_summary_c[128];
1282 
1283         if(cert_summary) {
1284           memset(cert_summary_c, 0, 128);
1285           if(CFStringGetCString(cert_summary,
1286                                 cert_summary_c,
1287                                 128,
1288                                 kCFStringEncodingUTF8)) {
1289             infof(data, "Client certificate: %s\n", cert_summary_c);
1290           }
1291           CFRelease(cert_summary);
1292           CFRelease(cert);
1293         }
1294       }
1295       certs_c[0] = cert_and_key;
1296       certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
1297                             &kCFTypeArrayCallBacks);
1298       err = SSLSetCertificate(connssl->ssl_ctx, certs);
1299       if(certs)
1300         CFRelease(certs);
1301       if(err != noErr) {
1302         failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
1303         return CURLE_SSL_CERTPROBLEM;
1304       }
1305       CFRelease(cert_and_key);
1306     }
1307     else {
1308       switch(err) {
1309       case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
1310         failf(data, "SSL: Incorrect password for the certificate \"%s\" "
1311                     "and its private key.", ssl_cert);
1312         break;
1313       case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
1314         failf(data, "SSL: Couldn't make sense of the data in the "
1315                     "certificate \"%s\" and its private key.",
1316                     ssl_cert);
1317         break;
1318       case -25260: /* errSecPassphraseRequired */
1319         failf(data, "SSL The certificate \"%s\" requires a password.",
1320                     ssl_cert);
1321         break;
1322       case errSecItemNotFound:
1323         failf(data, "SSL: Can't find the certificate \"%s\" and its private "
1324                     "key in the Keychain.", ssl_cert);
1325         break;
1326       default:
1327         failf(data, "SSL: Can't load the certificate \"%s\" and its private "
1328                     "key: OSStatus %d", ssl_cert, err);
1329         break;
1330       }
1331       return CURLE_SSL_CERTPROBLEM;
1332     }
1333   }
1334 
1335   /* SSL always tries to verify the peer, this only says whether it should
1336    * fail to connect if the verification fails, or if it should continue
1337    * anyway. In the latter case the result of the verification is checked with
1338    * SSL_get_verify_result() below. */
1339 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
1340   /* Snow Leopard introduced the SSLSetSessionOption() function, but due to
1341      a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
1342      works, it doesn't work as expected under Snow Leopard, Lion or
1343      Mountain Lion.
1344      So we need to call SSLSetEnableCertVerify() on those older cats in order
1345      to disable certificate validation if the user turned that off.
1346      (SecureTransport will always validate the certificate chain by
1347      default.)
1348   Note:
1349   Darwin 11.x.x is Lion (10.7)
1350   Darwin 12.x.x is Mountain Lion (10.8)
1351   Darwin 13.x.x is Mavericks (10.9)
1352   Darwin 14.x.x is Yosemite (10.10)
1353   Darwin 15.x.x is El Capitan (10.11)
1354   */
1355 #if CURL_BUILD_MAC
1356   if(SSLSetSessionOption != NULL && darwinver_maj >= 13) {
1357 #else
1358   if(SSLSetSessionOption != NULL) {
1359 #endif /* CURL_BUILD_MAC */
1360     bool break_on_auth = !conn->ssl_config.verifypeer || ssl_cafile;
1361     err = SSLSetSessionOption(connssl->ssl_ctx,
1362                               kSSLSessionOptionBreakOnServerAuth,
1363                               break_on_auth);
1364     if(err != noErr) {
1365       failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
1366       return CURLE_SSL_CONNECT_ERROR;
1367     }
1368   }
1369   else {
1370 #if CURL_SUPPORT_MAC_10_8
1371     err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1372                                  conn->ssl_config.verifypeer?true:false);
1373     if(err != noErr) {
1374       failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1375       return CURLE_SSL_CONNECT_ERROR;
1376     }
1377 #endif /* CURL_SUPPORT_MAC_10_8 */
1378   }
1379 #else
1380   err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1381                                conn->ssl_config.verifypeer?true:false);
1382   if(err != noErr) {
1383     failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1384     return CURLE_SSL_CONNECT_ERROR;
1385   }
1386 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
1387 
1388   if(ssl_cafile) {
1389     bool is_cert_file = is_file(ssl_cafile);
1390 
1391     if(!is_cert_file) {
1392       failf(data, "SSL: can't load CA certificate file %s", ssl_cafile);
1393       return CURLE_SSL_CACERT_BADFILE;
1394     }
1395     if(!verifypeer) {
1396       failf(data, "SSL: CA certificate set, but certificate verification "
1397             "is disabled");
1398       return CURLE_SSL_CONNECT_ERROR;
1399     }
1400   }
1401 
1402   /* Configure hostname check. SNI is used if available.
1403    * Both hostname check and SNI require SSLSetPeerDomainName().
1404    * Also: the verifyhost setting influences SNI usage */
1405   if(conn->ssl_config.verifyhost) {
1406     err = SSLSetPeerDomainName(connssl->ssl_ctx, hostname,
1407     strlen(hostname));
1408 
1409     if(err != noErr) {
1410       infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
1411             err);
1412     }
1413 
1414     if((Curl_inet_pton(AF_INET, hostname, &addr))
1415   #ifdef ENABLE_IPV6
1416     || (Curl_inet_pton(AF_INET6, hostname, &addr))
1417   #endif
1418        ) {
1419       infof(data, "WARNING: using IP address, SNI is being disabled by "
1420             "the OS.\n");
1421     }
1422   }
1423 
1424   /* Disable cipher suites that ST supports but are not safe. These ciphers
1425      are unlikely to be used in any case since ST gives other ciphers a much
1426      higher priority, but it's probably better that we not connect at all than
1427      to give the user a false sense of security if the server only supports
1428      insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
1429   (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
1430   all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1431   allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1432   if(all_ciphers && allowed_ciphers &&
1433      SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
1434        &all_ciphers_count) == noErr) {
1435     for(i = 0UL ; i < all_ciphers_count ; i++) {
1436 #if CURL_BUILD_MAC
1437      /* There's a known bug in early versions of Mountain Lion where ST's ECC
1438         ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
1439         Work around the problem here by disabling those ciphers if we are
1440         running in an affected version of OS X. */
1441       if(darwinver_maj == 12 && darwinver_min <= 3 &&
1442          all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
1443         continue;
1444       }
1445 #endif /* CURL_BUILD_MAC */
1446       switch(all_ciphers[i]) {
1447         /* Disable NULL ciphersuites: */
1448         case SSL_NULL_WITH_NULL_NULL:
1449         case SSL_RSA_WITH_NULL_MD5:
1450         case SSL_RSA_WITH_NULL_SHA:
1451         case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */
1452         case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1453         case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
1454         case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
1455         case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
1456         case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
1457         case 0x002C: /* TLS_PSK_WITH_NULL_SHA */
1458         case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */
1459         case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */
1460         case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */
1461         case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */
1462         case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */
1463         case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */
1464         case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */
1465         case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */
1466         /* Disable anonymous ciphersuites: */
1467         case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
1468         case SSL_DH_anon_WITH_RC4_128_MD5:
1469         case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
1470         case SSL_DH_anon_WITH_DES_CBC_SHA:
1471         case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
1472         case TLS_DH_anon_WITH_AES_128_CBC_SHA:
1473         case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1474         case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
1475         case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
1476         case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
1477         case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
1478         case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
1479         case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
1480         case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
1481         case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
1482         case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
1483         /* Disable weak key ciphersuites: */
1484         case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
1485         case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
1486         case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
1487         case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
1488         case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
1489         case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
1490         case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
1491         case SSL_RSA_WITH_DES_CBC_SHA:
1492         case SSL_DH_DSS_WITH_DES_CBC_SHA:
1493         case SSL_DH_RSA_WITH_DES_CBC_SHA:
1494         case SSL_DHE_DSS_WITH_DES_CBC_SHA:
1495         case SSL_DHE_RSA_WITH_DES_CBC_SHA:
1496         /* Disable IDEA: */
1497         case SSL_RSA_WITH_IDEA_CBC_SHA:
1498         case SSL_RSA_WITH_IDEA_CBC_MD5:
1499         /* Disable RC4: */
1500         case SSL_RSA_WITH_RC4_128_MD5:
1501         case SSL_RSA_WITH_RC4_128_SHA:
1502         case 0xC002: /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
1503         case 0xC007: /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA*/
1504         case 0xC00C: /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
1505         case 0xC011: /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
1506         case 0x008A: /* TLS_PSK_WITH_RC4_128_SHA */
1507         case 0x008E: /* TLS_DHE_PSK_WITH_RC4_128_SHA */
1508         case 0x0092: /* TLS_RSA_PSK_WITH_RC4_128_SHA */
1509           break;
1510         default: /* enable everything else */
1511           allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
1512           break;
1513       }
1514     }
1515     err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
1516                                allowed_ciphers_count);
1517     if(err != noErr) {
1518       failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
1519       return CURLE_SSL_CONNECT_ERROR;
1520     }
1521   }
1522   else {
1523     Curl_safefree(all_ciphers);
1524     Curl_safefree(allowed_ciphers);
1525     failf(data, "SSL: Failed to allocate memory for allowed ciphers");
1526     return CURLE_OUT_OF_MEMORY;
1527   }
1528   Curl_safefree(all_ciphers);
1529   Curl_safefree(allowed_ciphers);
1530 
1531 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
1532   /* We want to enable 1/n-1 when using a CBC cipher unless the user
1533      specifically doesn't want us doing that: */
1534   if(SSLSetSessionOption != NULL) {
1535     /* TODO s/data->set.ssl.enable_beast/SSL_SET_OPTION(enable_beast)/g */
1536     SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
1537                       !data->set.ssl.enable_beast);
1538     SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart,
1539                       data->set.ssl.falsestart); /* false start support */
1540   }
1541 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
1542 
1543   /* Check if there's a cached ID we can/should use here! */
1544   if(data->set.general_ssl.sessionid) {
1545     char *ssl_sessionid;
1546     size_t ssl_sessionid_len;
1547 
1548     Curl_ssl_sessionid_lock(conn);
1549     if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
1550                               &ssl_sessionid_len, sockindex)) {
1551       /* we got a session id, use it! */
1552       err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1553       Curl_ssl_sessionid_unlock(conn);
1554       if(err != noErr) {
1555         failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1556         return CURLE_SSL_CONNECT_ERROR;
1557       }
1558       /* Informational message */
1559       infof(data, "SSL re-using session ID\n");
1560     }
1561     /* If there isn't one, then let's make one up! This has to be done prior
1562        to starting the handshake. */
1563     else {
1564       CURLcode result;
1565       ssl_sessionid =
1566         aprintf("%s:%d:%d:%s:%hu", ssl_cafile,
1567                 verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port);
1568       ssl_sessionid_len = strlen(ssl_sessionid);
1569 
1570       err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1571       if(err != noErr) {
1572         Curl_ssl_sessionid_unlock(conn);
1573         failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1574         return CURLE_SSL_CONNECT_ERROR;
1575       }
1576 
1577       result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
1578                                      sockindex);
1579       Curl_ssl_sessionid_unlock(conn);
1580       if(result) {
1581         failf(data, "failed to store ssl session");
1582         return result;
1583       }
1584     }
1585   }
1586 
1587   err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
1588   if(err != noErr) {
1589     failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
1590     return CURLE_SSL_CONNECT_ERROR;
1591   }
1592 
1593   /* pass the raw socket into the SSL layers */
1594   /* We need to store the FD in a constant memory address, because
1595    * SSLSetConnection() will not copy that address. I've found that
1596    * conn->sock[sockindex] may change on its own. */
1597   connssl->ssl_sockfd = sockfd;
1598   err = SSLSetConnection(connssl->ssl_ctx, connssl);
1599   if(err != noErr) {
1600     failf(data, "SSL: SSLSetConnection() failed: %d", err);
1601     return CURLE_SSL_CONNECT_ERROR;
1602   }
1603 
1604   connssl->connecting_state = ssl_connect_2;
1605   return CURLE_OK;
1606 }
1607 
1608 static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
1609 {
1610   char *sep_start, *sep_end, *cert_start, *cert_end;
1611   size_t i, j, err;
1612   size_t len;
1613   unsigned char *b64;
1614 
1615   /* Jump through the separators at the beginning of the certificate. */
1616   sep_start = strstr(in, "-----");
1617   if(sep_start == NULL)
1618     return 0;
1619   cert_start = strstr(sep_start + 1, "-----");
1620   if(cert_start == NULL)
1621     return -1;
1622 
1623   cert_start += 5;
1624 
1625   /* Find separator after the end of the certificate. */
1626   cert_end = strstr(cert_start, "-----");
1627   if(cert_end == NULL)
1628     return -1;
1629 
1630   sep_end = strstr(cert_end + 1, "-----");
1631   if(sep_end == NULL)
1632     return -1;
1633   sep_end += 5;
1634 
1635   len = cert_end - cert_start;
1636   b64 = malloc(len + 1);
1637   if(!b64)
1638     return -1;
1639 
1640   /* Create base64 string without linefeeds. */
1641   for(i = 0, j = 0; i < len; i++) {
1642     if(cert_start[i] != '\r' && cert_start[i] != '\n')
1643       b64[j++] = cert_start[i];
1644   }
1645   b64[j] = '\0';
1646 
1647   err = Curl_base64_decode((const char *)b64, out, outlen);
1648   free(b64);
1649   if(err) {
1650     free(*out);
1651     return -1;
1652   }
1653 
1654   return sep_end - in;
1655 }
1656 
1657 static int read_cert(const char *file, unsigned char **out, size_t *outlen)
1658 {
1659   int fd;
1660   ssize_t n, len = 0, cap = 512;
1661   unsigned char buf[cap], *data;
1662 
1663   fd = open(file, 0);
1664   if(fd < 0)
1665     return -1;
1666 
1667   data = malloc(cap);
1668   if(!data) {
1669     close(fd);
1670     return -1;
1671   }
1672 
1673   for(;;) {
1674     n = read(fd, buf, sizeof(buf));
1675     if(n < 0) {
1676       close(fd);
1677       free(data);
1678       return -1;
1679     }
1680     else if(n == 0) {
1681       close(fd);
1682       break;
1683     }
1684 
1685     if(len + n >= cap) {
1686       cap *= 2;
1687       data = realloc(data, cap);
1688       if(!data) {
1689         close(fd);
1690         return -1;
1691       }
1692     }
1693 
1694     memcpy(data + len, buf, n);
1695     len += n;
1696   }
1697   data[len] = '\0';
1698 
1699   *out = data;
1700   *outlen = len;
1701 
1702   return 0;
1703 }
1704 
1705 static int sslerr_to_curlerr(struct Curl_easy *data, int err)
1706 {
1707   switch(err) {
1708     case errSSLXCertChainInvalid:
1709       failf(data, "SSL certificate problem: Invalid certificate chain");
1710       return CURLE_SSL_CACERT;
1711     case errSSLUnknownRootCert:
1712       failf(data, "SSL certificate problem: Untrusted root certificate");
1713       return CURLE_SSL_CACERT;
1714     case errSSLNoRootCert:
1715       failf(data, "SSL certificate problem: No root certificate");
1716       return CURLE_SSL_CACERT;
1717     case errSSLCertExpired:
1718       failf(data, "SSL certificate problem: Certificate chain had an "
1719             "expired certificate");
1720       return CURLE_SSL_CACERT;
1721     case errSSLBadCert:
1722       failf(data, "SSL certificate problem: Couldn't understand the server "
1723             "certificate format");
1724       return CURLE_SSL_CONNECT_ERROR;
1725     case errSSLHostNameMismatch:
1726       failf(data, "SSL certificate peer hostname mismatch");
1727       return CURLE_PEER_FAILED_VERIFICATION;
1728     default:
1729       failf(data, "SSL unexpected certificate error %d", err);
1730       return CURLE_SSL_CACERT;
1731   }
1732 }
1733 
1734 static int append_cert_to_array(struct Curl_easy *data,
1735                                 unsigned char *buf, size_t buflen,
1736                                 CFMutableArrayRef array)
1737 {
1738     CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
1739     if(!certdata) {
1740       failf(data, "SSL: failed to allocate array for CA certificate");
1741       return CURLE_OUT_OF_MEMORY;
1742     }
1743 
1744     SecCertificateRef cacert =
1745       SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
1746     CFRelease(certdata);
1747     if(!cacert) {
1748       failf(data, "SSL: failed to create SecCertificate from CA certificate");
1749       return CURLE_SSL_CACERT;
1750     }
1751 
1752     /* Check if cacert is valid. */
1753     CFStringRef subject = CopyCertSubject(cacert);
1754     if(subject) {
1755       char subject_cbuf[128];
1756       memset(subject_cbuf, 0, 128);
1757       if(!CFStringGetCString(subject,
1758                             subject_cbuf,
1759                             128,
1760                             kCFStringEncodingUTF8)) {
1761         CFRelease(cacert);
1762         failf(data, "SSL: invalid CA certificate subject");
1763         return CURLE_SSL_CACERT;
1764       }
1765       CFRelease(subject);
1766     }
1767     else {
1768       CFRelease(cacert);
1769       failf(data, "SSL: invalid CA certificate");
1770       return CURLE_SSL_CACERT;
1771     }
1772 
1773     CFArrayAppendValue(array, cacert);
1774     CFRelease(cacert);
1775 
1776     return CURLE_OK;
1777 }
1778 
1779 static int verify_cert(const char *cafile, struct Curl_easy *data,
1780                        SSLContextRef ctx)
1781 {
1782   int n = 0, rc;
1783   long res;
1784   unsigned char *certbuf, *der;
1785   size_t buflen, derlen, offset = 0;
1786 
1787   if(read_cert(cafile, &certbuf, &buflen) < 0) {
1788     failf(data, "SSL: failed to read or invalid CA certificate");
1789     return CURLE_SSL_CACERT;
1790   }
1791 
1792   /*
1793    * Certbuf now contains the contents of the certificate file, which can be
1794    * - a single DER certificate,
1795    * - a single PEM certificate or
1796    * - a bunch of PEM certificates (certificate bundle).
1797    *
1798    * Go through certbuf, and convert any PEM certificate in it into DER
1799    * format.
1800    */
1801   CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
1802                                                  &kCFTypeArrayCallBacks);
1803   if(array == NULL) {
1804     free(certbuf);
1805     failf(data, "SSL: out of memory creating CA certificate array");
1806     return CURLE_OUT_OF_MEMORY;
1807   }
1808 
1809   while(offset < buflen) {
1810     n++;
1811 
1812     /*
1813      * Check if the certificate is in PEM format, and convert it to DER. If
1814      * this fails, we assume the certificate is in DER format.
1815      */
1816     res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
1817     if(res < 0) {
1818       free(certbuf);
1819       CFRelease(array);
1820       failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
1821             n, offset);
1822       return CURLE_SSL_CACERT;
1823     }
1824     offset += res;
1825 
1826     if(res == 0 && offset == 0) {
1827       /* This is not a PEM file, probably a certificate in DER format. */
1828       rc = append_cert_to_array(data, certbuf, buflen, array);
1829       free(certbuf);
1830       if(rc != CURLE_OK) {
1831         CFRelease(array);
1832         return rc;
1833       }
1834       break;
1835     }
1836     else if(res == 0) {
1837       /* No more certificates in the bundle. */
1838       free(certbuf);
1839       break;
1840     }
1841 
1842     rc = append_cert_to_array(data, der, derlen, array);
1843     free(der);
1844     if(rc != CURLE_OK) {
1845       free(certbuf);
1846       CFRelease(array);
1847       return rc;
1848     }
1849   }
1850 
1851   SecTrustRef trust;
1852   OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
1853   if(trust == NULL) {
1854     failf(data, "SSL: error getting certificate chain");
1855     CFRelease(array);
1856     return CURLE_OUT_OF_MEMORY;
1857   }
1858   else if(ret != noErr) {
1859     CFRelease(array);
1860     return sslerr_to_curlerr(data, ret);
1861   }
1862 
1863   ret = SecTrustSetAnchorCertificates(trust, array);
1864   if(ret != noErr) {
1865     CFRelease(trust);
1866     return sslerr_to_curlerr(data, ret);
1867   }
1868   ret = SecTrustSetAnchorCertificatesOnly(trust, true);
1869   if(ret != noErr) {
1870     CFRelease(trust);
1871     return sslerr_to_curlerr(data, ret);
1872   }
1873 
1874   SecTrustResultType trust_eval = 0;
1875   ret = SecTrustEvaluate(trust, &trust_eval);
1876   CFRelease(array);
1877   CFRelease(trust);
1878   if(ret != noErr) {
1879     return sslerr_to_curlerr(data, ret);
1880   }
1881 
1882   switch (trust_eval) {
1883     case kSecTrustResultUnspecified:
1884     case kSecTrustResultProceed:
1885       return CURLE_OK;
1886 
1887     case kSecTrustResultRecoverableTrustFailure:
1888     case kSecTrustResultDeny:
1889     default:
1890       failf(data, "SSL: certificate verification failed (result: %d)",
1891             trust_eval);
1892       return CURLE_PEER_FAILED_VERIFICATION;
1893   }
1894 }
1895 
1896 static CURLcode
1897 darwinssl_connect_step2(struct connectdata *conn, int sockindex)
1898 {
1899   struct Curl_easy *data = conn->data;
1900   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1901   OSStatus err;
1902   SSLCipherSuite cipher;
1903   SSLProtocol protocol = 0;
1904   const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1905     conn->host.name;
1906 
1907   DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
1908               || ssl_connect_2_reading == connssl->connecting_state
1909               || ssl_connect_2_writing == connssl->connecting_state);
1910 
1911   /* Here goes nothing: */
1912   err = SSLHandshake(connssl->ssl_ctx);
1913 
1914   if(err != noErr) {
1915     switch (err) {
1916       case errSSLWouldBlock:  /* they're not done with us yet */
1917         connssl->connecting_state = connssl->ssl_direction ?
1918             ssl_connect_2_writing : ssl_connect_2_reading;
1919         return CURLE_OK;
1920 
1921       /* The below is errSSLServerAuthCompleted; it's not defined in
1922         Leopard's headers */
1923       case -9841:
1924         if(SSL_CONN_CONFIG(CAfile)) {
1925           int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
1926                                 connssl->ssl_ctx);
1927           if(res != CURLE_OK)
1928             return res;
1929         }
1930         /* the documentation says we need to call SSLHandshake() again */
1931         return darwinssl_connect_step2(conn, sockindex);
1932 
1933       /* These are all certificate problems with the server: */
1934       case errSSLXCertChainInvalid:
1935         failf(data, "SSL certificate problem: Invalid certificate chain");
1936         return CURLE_SSL_CACERT;
1937       case errSSLUnknownRootCert:
1938         failf(data, "SSL certificate problem: Untrusted root certificate");
1939         return CURLE_SSL_CACERT;
1940       case errSSLNoRootCert:
1941         failf(data, "SSL certificate problem: No root certificate");
1942         return CURLE_SSL_CACERT;
1943       case errSSLCertExpired:
1944         failf(data, "SSL certificate problem: Certificate chain had an "
1945               "expired certificate");
1946         return CURLE_SSL_CACERT;
1947       case errSSLBadCert:
1948         failf(data, "SSL certificate problem: Couldn't understand the server "
1949               "certificate format");
1950         return CURLE_SSL_CONNECT_ERROR;
1951 
1952       /* These are all certificate problems with the client: */
1953       case errSecAuthFailed:
1954         failf(data, "SSL authentication failed");
1955         return CURLE_SSL_CONNECT_ERROR;
1956       case errSSLPeerHandshakeFail:
1957         failf(data, "SSL peer handshake failed, the server most likely "
1958               "requires a client certificate to connect");
1959         return CURLE_SSL_CONNECT_ERROR;
1960       case errSSLPeerUnknownCA:
1961         failf(data, "SSL server rejected the client certificate due to "
1962               "the certificate being signed by an unknown certificate "
1963               "authority");
1964         return CURLE_SSL_CONNECT_ERROR;
1965 
1966       /* This error is raised if the server's cert didn't match the server's
1967          host name: */
1968       case errSSLHostNameMismatch:
1969         failf(data, "SSL certificate peer verification failed, the "
1970               "certificate did not match \"%s\"\n", conn->host.dispname);
1971         return CURLE_PEER_FAILED_VERIFICATION;
1972 
1973       /* Generic handshake errors: */
1974       case errSSLConnectionRefused:
1975         failf(data, "Server dropped the connection during the SSL handshake");
1976         return CURLE_SSL_CONNECT_ERROR;
1977       case errSSLClosedAbort:
1978         failf(data, "Server aborted the SSL handshake");
1979         return CURLE_SSL_CONNECT_ERROR;
1980       case errSSLNegotiation:
1981         failf(data, "Could not negotiate an SSL cipher suite with the server");
1982         return CURLE_SSL_CONNECT_ERROR;
1983       /* Sometimes paramErr happens with buggy ciphers: */
1984       case paramErr: case errSSLInternal:
1985         failf(data, "Internal SSL engine error encountered during the "
1986               "SSL handshake");
1987         return CURLE_SSL_CONNECT_ERROR;
1988       case errSSLFatalAlert:
1989         failf(data, "Fatal SSL engine error encountered during the SSL "
1990               "handshake");
1991         return CURLE_SSL_CONNECT_ERROR;
1992       default:
1993         failf(data, "Unknown SSL protocol error in connection to %s:%d",
1994               hostname, err);
1995         return CURLE_SSL_CONNECT_ERROR;
1996     }
1997   }
1998   else {
1999     /* we have been connected fine, we're not waiting for anything else. */
2000     connssl->connecting_state = ssl_connect_3;
2001 
2002     /* Informational message */
2003     (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
2004     (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol);
2005     switch (protocol) {
2006       case kSSLProtocol2:
2007         infof(data, "SSL 2.0 connection using %s\n",
2008               SSLCipherNameForNumber(cipher));
2009         break;
2010       case kSSLProtocol3:
2011         infof(data, "SSL 3.0 connection using %s\n",
2012               SSLCipherNameForNumber(cipher));
2013         break;
2014       case kTLSProtocol1:
2015         infof(data, "TLS 1.0 connection using %s\n",
2016               TLSCipherNameForNumber(cipher));
2017         break;
2018 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
2019       case kTLSProtocol11:
2020         infof(data, "TLS 1.1 connection using %s\n",
2021               TLSCipherNameForNumber(cipher));
2022         break;
2023       case kTLSProtocol12:
2024         infof(data, "TLS 1.2 connection using %s\n",
2025               TLSCipherNameForNumber(cipher));
2026         break;
2027 #endif
2028       default:
2029         infof(data, "Unknown protocol connection\n");
2030         break;
2031     }
2032 
2033     return CURLE_OK;
2034   }
2035 }
2036 
2037 static CURLcode
2038 darwinssl_connect_step3(struct connectdata *conn,
2039                         int sockindex)
2040 {
2041   struct Curl_easy *data = conn->data;
2042   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2043   CFStringRef server_cert_summary;
2044   char server_cert_summary_c[128];
2045   CFArrayRef server_certs = NULL;
2046   SecCertificateRef server_cert;
2047   OSStatus err;
2048   CFIndex i, count;
2049   SecTrustRef trust = NULL;
2050 
2051   /* There is no step 3!
2052    * Well, okay, if verbose mode is on, let's print the details of the
2053    * server certificates. */
2054 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
2055 #if CURL_BUILD_IOS
2056 #pragma unused(server_certs)
2057   err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
2058   /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
2059      a null trust, so be on guard for that: */
2060   if(err == noErr && trust) {
2061     count = SecTrustGetCertificateCount(trust);
2062     for(i = 0L ; i < count ; i++) {
2063       server_cert = SecTrustGetCertificateAtIndex(trust, i);
2064       server_cert_summary = CopyCertSubject(server_cert);
2065       memset(server_cert_summary_c, 0, 128);
2066       if(CFStringGetCString(server_cert_summary,
2067                             server_cert_summary_c,
2068                             128,
2069                             kCFStringEncodingUTF8)) {
2070         infof(data, "Server certificate: %s\n", server_cert_summary_c);
2071       }
2072       CFRelease(server_cert_summary);
2073     }
2074     CFRelease(trust);
2075   }
2076 #else
2077   /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion.
2078      The function SecTrustGetCertificateAtIndex() is officially present
2079      in Lion, but it is unfortunately also present in Snow Leopard as
2080      private API and doesn't work as expected. So we have to look for
2081      a different symbol to make sure this code is only executed under
2082      Lion or later. */
2083   if(SecTrustEvaluateAsync != NULL) {
2084 #pragma unused(server_certs)
2085     err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
2086     /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
2087        a null trust, so be on guard for that: */
2088     if(err == noErr && trust) {
2089       count = SecTrustGetCertificateCount(trust);
2090       for(i = 0L ; i < count ; i++) {
2091         server_cert = SecTrustGetCertificateAtIndex(trust, i);
2092         server_cert_summary = CopyCertSubject(server_cert);
2093         memset(server_cert_summary_c, 0, 128);
2094         if(CFStringGetCString(server_cert_summary,
2095                               server_cert_summary_c,
2096                               128,
2097                               kCFStringEncodingUTF8)) {
2098           infof(data, "Server certificate: %s\n", server_cert_summary_c);
2099         }
2100         CFRelease(server_cert_summary);
2101       }
2102       CFRelease(trust);
2103     }
2104   }
2105   else {
2106 #if CURL_SUPPORT_MAC_10_8
2107     err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2108     /* Just in case SSLCopyPeerCertificates() returns null too... */
2109     if(err == noErr && server_certs) {
2110       count = CFArrayGetCount(server_certs);
2111       for(i = 0L ; i < count ; i++) {
2112         server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
2113                                                                 i);
2114 
2115         server_cert_summary = CopyCertSubject(server_cert);
2116         memset(server_cert_summary_c, 0, 128);
2117         if(CFStringGetCString(server_cert_summary,
2118                               server_cert_summary_c,
2119                               128,
2120                               kCFStringEncodingUTF8)) {
2121           infof(data, "Server certificate: %s\n", server_cert_summary_c);
2122         }
2123         CFRelease(server_cert_summary);
2124       }
2125       CFRelease(server_certs);
2126     }
2127 #endif /* CURL_SUPPORT_MAC_10_8 */
2128   }
2129 #endif /* CURL_BUILD_IOS */
2130 #else
2131 #pragma unused(trust)
2132   err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2133   if(err == noErr) {
2134     count = CFArrayGetCount(server_certs);
2135     for(i = 0L ; i < count ; i++) {
2136       server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
2137       server_cert_summary = CopyCertSubject(server_cert);
2138       memset(server_cert_summary_c, 0, 128);
2139       if(CFStringGetCString(server_cert_summary,
2140                             server_cert_summary_c,
2141                             128,
2142                             kCFStringEncodingUTF8)) {
2143         infof(data, "Server certificate: %s\n", server_cert_summary_c);
2144       }
2145       CFRelease(server_cert_summary);
2146     }
2147     CFRelease(server_certs);
2148   }
2149 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
2150 
2151   connssl->connecting_state = ssl_connect_done;
2152   return CURLE_OK;
2153 }
2154 
2155 static Curl_recv darwinssl_recv;
2156 static Curl_send darwinssl_send;
2157 
2158 static CURLcode
2159 darwinssl_connect_common(struct connectdata *conn,
2160                          int sockindex,
2161                          bool nonblocking,
2162                          bool *done)
2163 {
2164   CURLcode result;
2165   struct Curl_easy *data = conn->data;
2166   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2167   curl_socket_t sockfd = conn->sock[sockindex];
2168   long timeout_ms;
2169   int what;
2170 
2171   /* check if the connection has already been established */
2172   if(ssl_connection_complete == connssl->state) {
2173     *done = TRUE;
2174     return CURLE_OK;
2175   }
2176 
2177   if(ssl_connect_1==connssl->connecting_state) {
2178     /* Find out how much more time we're allowed */
2179     timeout_ms = Curl_timeleft(data, NULL, TRUE);
2180 
2181     if(timeout_ms < 0) {
2182       /* no need to continue if time already is up */
2183       failf(data, "SSL connection timeout");
2184       return CURLE_OPERATION_TIMEDOUT;
2185     }
2186 
2187     result = darwinssl_connect_step1(conn, sockindex);
2188     if(result)
2189       return result;
2190   }
2191 
2192   while(ssl_connect_2 == connssl->connecting_state ||
2193         ssl_connect_2_reading == connssl->connecting_state ||
2194         ssl_connect_2_writing == connssl->connecting_state) {
2195 
2196     /* check allowed time left */
2197     timeout_ms = Curl_timeleft(data, NULL, TRUE);
2198 
2199     if(timeout_ms < 0) {
2200       /* no need to continue if time already is up */
2201       failf(data, "SSL connection timeout");
2202       return CURLE_OPERATION_TIMEDOUT;
2203     }
2204 
2205     /* if ssl is expecting something, check if it's available. */
2206     if(connssl->connecting_state == ssl_connect_2_reading ||
2207        connssl->connecting_state == ssl_connect_2_writing) {
2208 
2209       curl_socket_t writefd = ssl_connect_2_writing ==
2210       connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2211       curl_socket_t readfd = ssl_connect_2_reading ==
2212       connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2213 
2214       what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
2215                                nonblocking?0:timeout_ms);
2216       if(what < 0) {
2217         /* fatal error */
2218         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2219         return CURLE_SSL_CONNECT_ERROR;
2220       }
2221       else if(0 == what) {
2222         if(nonblocking) {
2223           *done = FALSE;
2224           return CURLE_OK;
2225         }
2226         else {
2227           /* timeout */
2228           failf(data, "SSL connection timeout");
2229           return CURLE_OPERATION_TIMEDOUT;
2230         }
2231       }
2232       /* socket is readable or writable */
2233     }
2234 
2235     /* Run transaction, and return to the caller if it failed or if this
2236      * connection is done nonblocking and this loop would execute again. This
2237      * permits the owner of a multi handle to abort a connection attempt
2238      * before step2 has completed while ensuring that a client using select()
2239      * or epoll() will always have a valid fdset to wait on.
2240      */
2241     result = darwinssl_connect_step2(conn, sockindex);
2242     if(result || (nonblocking &&
2243                   (ssl_connect_2 == connssl->connecting_state ||
2244                    ssl_connect_2_reading == connssl->connecting_state ||
2245                    ssl_connect_2_writing == connssl->connecting_state)))
2246       return result;
2247 
2248   } /* repeat step2 until all transactions are done. */
2249 
2250 
2251   if(ssl_connect_3 == connssl->connecting_state) {
2252     result = darwinssl_connect_step3(conn, sockindex);
2253     if(result)
2254       return result;
2255   }
2256 
2257   if(ssl_connect_done == connssl->connecting_state) {
2258     connssl->state = ssl_connection_complete;
2259     conn->recv[sockindex] = darwinssl_recv;
2260     conn->send[sockindex] = darwinssl_send;
2261     *done = TRUE;
2262   }
2263   else
2264     *done = FALSE;
2265 
2266   /* Reset our connect state machine */
2267   connssl->connecting_state = ssl_connect_1;
2268 
2269   return CURLE_OK;
2270 }
2271 
2272 CURLcode
2273 Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
2274                                    int sockindex,
2275                                    bool *done)
2276 {
2277   return darwinssl_connect_common(conn, sockindex, TRUE, done);
2278 }
2279 
2280 CURLcode
2281 Curl_darwinssl_connect(struct connectdata *conn,
2282                        int sockindex)
2283 {
2284   CURLcode result;
2285   bool done = FALSE;
2286 
2287   result = darwinssl_connect_common(conn, sockindex, FALSE, &done);
2288 
2289   if(result)
2290     return result;
2291 
2292   DEBUGASSERT(done);
2293 
2294   return CURLE_OK;
2295 }
2296 
2297 void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
2298 {
2299   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2300 
2301   if(connssl->ssl_ctx) {
2302     (void)SSLClose(connssl->ssl_ctx);
2303 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
2304     if(SSLCreateContext != NULL)
2305       CFRelease(connssl->ssl_ctx);
2306 #if CURL_SUPPORT_MAC_10_8
2307     else
2308       (void)SSLDisposeContext(connssl->ssl_ctx);
2309 #endif  /* CURL_SUPPORT_MAC_10_8 */
2310 #else
2311     (void)SSLDisposeContext(connssl->ssl_ctx);
2312 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
2313     connssl->ssl_ctx = NULL;
2314   }
2315   connssl->ssl_sockfd = 0;
2316 }
2317 
2318 int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
2319 {
2320   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2321   struct Curl_easy *data = conn->data;
2322   ssize_t nread;
2323   int what;
2324   int rc;
2325   char buf[120];
2326 
2327   if(!connssl->ssl_ctx)
2328     return 0;
2329 
2330   if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
2331     return 0;
2332 
2333   Curl_darwinssl_close(conn, sockindex);
2334 
2335   rc = 0;
2336 
2337   what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
2338 
2339   for(;;) {
2340     if(what < 0) {
2341       /* anything that gets here is fatally bad */
2342       failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2343       rc = -1;
2344       break;
2345     }
2346 
2347     if(!what) {                                /* timeout */
2348       failf(data, "SSL shutdown timeout");
2349       break;
2350     }
2351 
2352     /* Something to read, let's do it and hope that it is the close
2353      notify alert from the server. No way to SSL_Read now, so use read(). */
2354 
2355     nread = read(conn->sock[sockindex], buf, sizeof(buf));
2356 
2357     if(nread < 0) {
2358       failf(data, "read: %s", strerror(errno));
2359       rc = -1;
2360     }
2361 
2362     if(nread <= 0)
2363       break;
2364 
2365     what = SOCKET_READABLE(conn->sock[sockindex], 0);
2366   }
2367 
2368   return rc;
2369 }
2370 
2371 void Curl_darwinssl_session_free(void *ptr)
2372 {
2373   /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
2374      cached session ID inside the Security framework. There is a private
2375      function that does this, but I don't want to have to explain to you why I
2376      got your application rejected from the App Store due to the use of a
2377      private API, so the best we can do is free up our own char array that we
2378      created way back in darwinssl_connect_step1... */
2379   Curl_safefree(ptr);
2380 }
2381 
2382 size_t Curl_darwinssl_version(char *buffer, size_t size)
2383 {
2384   return snprintf(buffer, size, "SecureTransport");
2385 }
2386 
2387 /*
2388  * This function uses SSLGetSessionState to determine connection status.
2389  *
2390  * Return codes:
2391  *     1 means the connection is still in place
2392  *     0 means the connection has been closed
2393  *    -1 means the connection status is unknown
2394  */
2395 int Curl_darwinssl_check_cxn(struct connectdata *conn)
2396 {
2397   struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
2398   OSStatus err;
2399   SSLSessionState state;
2400 
2401   if(connssl->ssl_ctx) {
2402     err = SSLGetSessionState(connssl->ssl_ctx, &state);
2403     if(err == noErr)
2404       return state == kSSLConnected || state == kSSLHandshake;
2405     return -1;
2406   }
2407   return 0;
2408 }
2409 
2410 bool Curl_darwinssl_data_pending(const struct connectdata *conn,
2411                                  int connindex)
2412 {
2413   const struct ssl_connect_data *connssl = &conn->ssl[connindex];
2414   OSStatus err;
2415   size_t buffer;
2416 
2417   if(connssl->ssl_ctx) {  /* SSL is in use */
2418     err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
2419     if(err == noErr)
2420       return buffer > 0UL;
2421     return false;
2422   }
2423   else
2424     return false;
2425 }
2426 
2427 int Curl_darwinssl_random(unsigned char *entropy,
2428                           size_t length)
2429 {
2430   /* arc4random_buf() isn't available on cats older than Lion, so let's
2431      do this manually for the benefit of the older cats. */
2432   size_t i;
2433   u_int32_t random_number = 0;
2434 
2435   for(i = 0 ; i < length ; i++) {
2436     if(i % sizeof(u_int32_t) == 0)
2437       random_number = arc4random();
2438     entropy[i] = random_number & 0xFF;
2439     random_number >>= 8;
2440   }
2441   i = random_number = 0;
2442   return 0;
2443 }
2444 
2445 void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
2446                            size_t tmplen,
2447                            unsigned char *md5sum, /* output */
2448                            size_t md5len)
2449 {
2450   (void)md5len;
2451   (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
2452 }
2453 
2454 bool Curl_darwinssl_false_start(void)
2455 {
2456 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
2457   if(SSLSetSessionOption != NULL)
2458     return TRUE;
2459 #endif
2460   return FALSE;
2461 }
2462 
2463 static ssize_t darwinssl_send(struct connectdata *conn,
2464                               int sockindex,
2465                               const void *mem,
2466                               size_t len,
2467                               CURLcode *curlcode)
2468 {
2469   /*struct Curl_easy *data = conn->data;*/
2470   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2471   size_t processed = 0UL;
2472   OSStatus err;
2473 
2474   /* The SSLWrite() function works a little differently than expected. The
2475      fourth argument (processed) is currently documented in Apple's
2476      documentation as: "On return, the length, in bytes, of the data actually
2477      written."
2478 
2479      Now, one could interpret that as "written to the socket," but actually,
2480      it returns the amount of data that was written to a buffer internal to
2481      the SSLContextRef instead. So it's possible for SSLWrite() to return
2482      errSSLWouldBlock and a number of bytes "written" because those bytes were
2483      encrypted and written to a buffer, not to the socket.
2484 
2485      So if this happens, then we need to keep calling SSLWrite() over and
2486      over again with no new data until it quits returning errSSLWouldBlock. */
2487 
2488   /* Do we have buffered data to write from the last time we were called? */
2489   if(connssl->ssl_write_buffered_length) {
2490     /* Write the buffered data: */
2491     err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
2492     switch (err) {
2493       case noErr:
2494         /* processed is always going to be 0 because we didn't write to
2495            the buffer, so return how much was written to the socket */
2496         processed = connssl->ssl_write_buffered_length;
2497         connssl->ssl_write_buffered_length = 0UL;
2498         break;
2499       case errSSLWouldBlock: /* argh, try again */
2500         *curlcode = CURLE_AGAIN;
2501         return -1L;
2502       default:
2503         failf(conn->data, "SSLWrite() returned error %d", err);
2504         *curlcode = CURLE_SEND_ERROR;
2505         return -1L;
2506     }
2507   }
2508   else {
2509     /* We've got new data to write: */
2510     err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
2511     if(err != noErr) {
2512       switch (err) {
2513         case errSSLWouldBlock:
2514           /* Data was buffered but not sent, we have to tell the caller
2515              to try sending again, and remember how much was buffered */
2516           connssl->ssl_write_buffered_length = len;
2517           *curlcode = CURLE_AGAIN;
2518           return -1L;
2519         default:
2520           failf(conn->data, "SSLWrite() returned error %d", err);
2521           *curlcode = CURLE_SEND_ERROR;
2522           return -1L;
2523       }
2524     }
2525   }
2526   return (ssize_t)processed;
2527 }
2528 
2529 static ssize_t darwinssl_recv(struct connectdata *conn,
2530                               int num,
2531                               char *buf,
2532                               size_t buffersize,
2533                               CURLcode *curlcode)
2534 {
2535   /*struct Curl_easy *data = conn->data;*/
2536   struct ssl_connect_data *connssl = &conn->ssl[num];
2537   size_t processed = 0UL;
2538   OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
2539 
2540   if(err != noErr) {
2541     switch (err) {
2542       case errSSLWouldBlock:  /* return how much we read (if anything) */
2543         if(processed)
2544           return (ssize_t)processed;
2545         *curlcode = CURLE_AGAIN;
2546         return -1L;
2547         break;
2548 
2549       /* errSSLClosedGraceful - server gracefully shut down the SSL session
2550          errSSLClosedNoNotify - server hung up on us instead of sending a
2551            closure alert notice, read() is returning 0
2552          Either way, inform the caller that the server disconnected. */
2553       case errSSLClosedGraceful:
2554       case errSSLClosedNoNotify:
2555         *curlcode = CURLE_OK;
2556         return -1L;
2557         break;
2558 
2559       default:
2560         failf(conn->data, "SSLRead() return error %d", err);
2561         *curlcode = CURLE_RECV_ERROR;
2562         return -1L;
2563         break;
2564     }
2565   }
2566   return (ssize_t)processed;
2567 }
2568 
2569 #endif /* USE_DARWINSSL */
2570