luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gskit: remove

Browse Source 
We remove support for building curl with gskit.

 - This is a niche TLS library, only running on some IBM systems
 - no regular curl contributors use this backend
 - no CI builds use or verify this backend
 - gskit, or the curl adaption for it, lacks many modern TLS features
   making it an inferior solution
 - build breakages in this code take weeks or more to get detected
 - fixing gskit code is mostly done "flying blind"

This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.

It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.

Closes #11460
This commit is contained in:
Daniel Stenberg 2023-08-07 13:02:32 +02:00
parent 08b9f246f4
commit 78d6232f1f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
33 changed files with 35 additions and 1995 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
docs/CIPHERS.md
View File

@ -165,71 +165,6 @@ When specifying multiple cipher names, separate them with colon (`:`).
`TLS_AES_128_CCM_8_SHA256` `TLS_AES_128_CCM_8_SHA256`
`TLS_AES_128_CCM_SHA256` `TLS_AES_128_CCM_SHA256`
## GSKit
Ciphers are internally defined as [numeric
codes](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm). libcurl
maps them to the following case-insensitive names.
### SSL2 cipher suites (insecure: disabled by default)
`rc2-md5`
`rc4-md5`
`exp-rc2-md5`
`exp-rc4-md5`
`des-cbc-md5`
`des-cbc3-md5`
### SSL3 cipher suites
`null-md5`
`null-sha`
`rc4-md5`
`rc4-sha`
`exp-rc2-cbc-md5`
`exp-rc4-md5`
`exp-des-cbc-sha`
`des-cbc3-sha`
### TLS v1.0 cipher suites
`null-md5`
`null-sha`
`rc4-md5`
`rc4-sha`
`exp-rc2-cbc-md5`
`exp-rc4-md5`
`exp-des-cbc-sha`
`des-cbc3-sha`
`aes128-sha`
`aes256-sha`
### TLS v1.1 cipher suites
`null-md5`
`null-sha`
`rc4-md5`
`rc4-sha`
`exp-des-cbc-sha`
`des-cbc3-sha`
`aes128-sha`
`aes256-sha`
### TLS v1.2 cipher suites
`null-md5`
`null-sha`
`null-sha256`
`rc4-md5`
`rc4-sha`
`des-cbc3-sha`
`aes128-sha`
`aes256-sha`
`aes128-sha256`
`aes256-sha256`
`aes128-gcm-sha256`
`aes256-gcm-sha384`
## WolfSSL ## WolfSSL
`RC4-SHA`, `RC4-SHA`,

14
docs/DEPRECATE.md
View File

@ -6,18 +6,6 @@ email the
as soon as possible and explain to us why this is a problem for you and as soon as possible and explain to us why this is a problem for you and
how your use case cannot be satisfied properly using a workaround. how your use case cannot be satisfied properly using a workaround.
## gskit
We remove support for building curl with the gskit TLS library in August 2023.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features making it
an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
## mingw v1 ## mingw v1
We remove support for building curl with the original legacy mingw version 1 We remove support for building curl with the original legacy mingw version 1
@ -57,3 +45,5 @@ curl will remove the support for space-separated names in July 2024.
- NPN - NPN
- Support for systems without 64 bit data types - Support for systems without 64 bit data types
- NSS - NSS
- gskit

6
docs/FAQ
View File

@ -423,9 +423,9 @@ FAQ
curl can be built to use one of the following SSL alternatives: OpenSSL, curl can be built to use one of the following SSL alternatives: OpenSSL,
libressl, BoringSSL, AWS-LC, GnuTLS, wolfSSL, mbedTLS, Secure Transport libressl, BoringSSL, AWS-LC, GnuTLS, wolfSSL, mbedTLS, Secure Transport
(native iOS/OS X), Schannel (native Windows), GSKit (native IBM i), BearSSL, (native iOS/OS X), Schannel (native Windows), BearSSL or Rustls. They all
or Rustls. They all have their pros and cons, and we try to maintain a have their pros and cons, and we try to maintain a comparison of them here:
comparison of them here: https://curl.se/docs/ssl-compared.html https://curl.se/docs/ssl-compared.html
2.4 Does curl support SOCKS (RFC 1928) ? 2.4 Does curl support SOCKS (RFC 1928) ?

1
docs/INTERNALS.md
View File

@ -27,7 +27,6 @@ versions of libs and build tools.
- wolfSSL 2.0.0 - wolfSSL 2.0.0
- OpenLDAP 2.0 - OpenLDAP 2.0
- MIT Kerberos 1.2.4 - MIT Kerberos 1.2.4
- GSKit V5R3M0
- Heimdal ? - Heimdal ?
- nghttp2 1.15.0 - nghttp2 1.15.0
- WinSock 2.2 (on Windows 95+ and Windows CE .NET 4.1+) - WinSock 2.2 (on Windows 95+ and Windows CE .NET 4.1+)

5
docs/cmdline-opts/page-footer
View File

@ -60,9 +60,8 @@ the case insensitive name of the particular backend to use when curl is
invoked. Setting a name that is not a built-in alternative will make curl invoked. Setting a name that is not a built-in alternative will make curl
stay with the default. stay with the default.
SSL backend names (case-insensitive): **bearssl**, **gnutls**, **gskit**, SSL backend names (case-insensitive): **bearssl**, **gnutls**, **mbedtls**,
**mbedtls**, **openssl**, **rustls**, **schannel**, **secure-transport**, **openssl**, **rustls**, **schannel**, **secure-transport**, **wolfssl**
**wolfssl**
.IP "HOME <dir>" .IP "HOME <dir>"
If set, this is used to find the home directory when that is needed. Like when If set, this is used to find the home directory when that is needed. Like when
looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME* looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME*

2
docs/cmdline-opts/pinnedpubkey.d
View File

@ -23,7 +23,7 @@ abort the connection before sending or receiving any data.
PEM/DER support: PEM/DER support:
7.39.0: OpenSSL, GnuTLS and GSKit 7.39.0: OpenSSL and GnuTLS
7.43.0: wolfSSL 7.43.0: wolfSSL

4
docs/cmdline-opts/write-out.d
View File

@ -49,7 +49,7 @@ The variables available are:
.TP 15 .TP 15
**certs** **certs**
Output the certificate chain with details. Supported only by the OpenSSL, Output the certificate chain with details. Supported only by the OpenSSL,
GnuTLS, Schannel, GSKit and Secure Transport backends. (Added in 7.88.0) GnuTLS, Schannel and Secure Transport backends. (Added in 7.88.0)
.TP .TP
**content_type** **content_type**
The Content-Type of the requested document, if there was any. The Content-Type of the requested document, if there was any.
@ -105,7 +105,7 @@ The http method used in the most recent HTTP request. (Added in 7.72.0)
.TP .TP
**num_certs** **num_certs**
Number of server certificates received in the TLS handshake. Supported only by Number of server certificates received in the TLS handshake. Supported only by
the OpenSSL, GnuTLS, Schannel, GSKit and Secure Transport backends. (Added the OpenSSL, GnuTLS, Schannel and Secure Transport backends. (Added
in 7.88.0) in 7.88.0)
.TP .TP
**num_connects** **num_connects**

2
docs/libcurl/curl_global_sslset.3
View File

@ -38,7 +38,7 @@ typedef enum {
CURLSSLBACKEND_OPENSSL = 1, /* or one of its forks */ CURLSSLBACKEND_OPENSSL = 1, /* or one of its forks */
CURLSSLBACKEND_GNUTLS = 2, CURLSSLBACKEND_GNUTLS = 2,
CURLSSLBACKEND_NSS = 3, CURLSSLBACKEND_NSS = 3,
CURLSSLBACKEND_GSKIT = 5, CURLSSLBACKEND_GSKIT = 5, /* deprecated */
CURLSSLBACKEND_POLARSSL = 6, /* deprecated */ CURLSSLBACKEND_POLARSSL = 6, /* deprecated */
CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_WOLFSSL = 7,
CURLSSLBACKEND_SCHANNEL = 8, CURLSSLBACKEND_SCHANNEL = 8,

2
docs/libcurl/libcurl-env.3
View File

@ -50,7 +50,7 @@ specific backend at first use. If no selection is done by the program using
libcurl, this variable's selection will be used. Setting a name that is not a libcurl, this variable's selection will be used. Setting a name that is not a
built-in alternative will make libcurl stay with the default. built-in alternative will make libcurl stay with the default.
SSL backend names (case-insensitive): BearSSL, GnuTLS, gskit, mbedTLS, SSL backend names (case-insensitive): BearSSL, GnuTLS, mbedTLS,
nss, OpenSSL, rustls, Schannel, Secure-Transport, wolfSSL nss, OpenSSL, rustls, Schannel, Secure-Transport, wolfSSL
.IP HOME .IP HOME
When the netrc feature is used (\fICURLOPT_NETRC(3)\fP), this variable is When the netrc feature is used (\fICURLOPT_NETRC(3)\fP), this variable is

2
docs/libcurl/opts/CURLINFO_CERTINFO.3
View File

@ -75,7 +75,7 @@ if(curl) {
} }
.fi .fi
.SH AVAILABILITY .SH AVAILABILITY
This option is only working in libcurl built with OpenSSL, Schannel, GSKit or This option is only working in libcurl built with OpenSSL, Schannel or
Secure Transport support. Schannel support added in 7.50.0. Secure Transport Secure Transport support. Schannel support added in 7.50.0. Secure Transport
support added in 7.79.0. support added in 7.79.0.

4
docs/libcurl/opts/CURLINFO_TLS_SESSION.3
View File

@ -63,8 +63,8 @@ if(curl) {
} }
.fi .fi
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.34.0. Deprecated since 7.48.0 and supported OpenSSL, GnuTLS, Added in 7.34.0. Deprecated since 7.48.0 and supported OpenSSL, GnuTLS, and
NSS and gskit only up until this version was released. NSS only up until this version was released.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO" .SH "SEE ALSO"

9
docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
View File

@ -57,18 +57,15 @@ struct curl_tlssessioninfo {
The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_* The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_*
series: CURLSSLBACKEND_NONE (when built without TLS support), series: CURLSSLBACKEND_NONE (when built without TLS support),
CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_SECURETRANSPORT, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_SECURETRANSPORT, CURLSSLBACKEND_GNUTLS,
CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL,
CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL
CURLSSLBACKEND_MESALINK. (Note that the OpenSSL forks are all reported as just forks are all reported as just OpenSSL here.)
OpenSSL here.)
The \fIinternals\fP struct member will point to a TLS library specific pointer The \fIinternals\fP struct member will point to a TLS library specific pointer
for the active ("in use") SSL connection, with the following underlying types: for the active ("in use") SSL connection, with the following underlying types:
.RS .RS
.IP GnuTLS .IP GnuTLS
\fBgnutls_session_t\fP \fBgnutls_session_t\fP
.IP gskit
\fBgsk_handle\fP
.IP NSS .IP NSS
\fBPRFileDesc *\fP \fBPRFileDesc *\fP
.IP OpenSSL .IP OpenSSL

2
docs/libcurl/opts/CURLOPT_CERTINFO.3
View File

@ -74,7 +74,7 @@ if(curl) {
} }
.fi .fi
.SH AVAILABILITY .SH AVAILABILITY
This option is supported by the OpenSSL, GnuTLS, Schannel, GSKit and Secure This option is supported by the OpenSSL, GnuTLS, Schannel and Secure
Transport backends. Schannel support added in 7.50.0. Secure Transport support Transport backends. Schannel support added in 7.50.0. Secure Transport support
added in 7.79.0. added in 7.79.0.
.SH RETURN VALUE .SH RETURN VALUE

2
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
View File

@ -102,8 +102,6 @@ PEM/DER support:
7.39.0: OpenSSL, GnuTLS 7.39.0: OpenSSL, GnuTLS
7.39.0-7.48.0,7.58.1+: GSKit
7.43.0: wolfSSL 7.43.0: wolfSSL
7.47.0: mbedTLS 7.47.0: mbedTLS

2
docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3
View File

@ -98,7 +98,7 @@ footer:
.SH AVAILABILITY .SH AVAILABILITY
PEM/DER support: PEM/DER support:
7.52.0: GSKit, GnuTLS, OpenSSL, mbedTLS, wolfSSL 7.52.0: GnuTLS, OpenSSL, mbedTLS, wolfSSL
sha256 support: sha256 support:

6
include/curl/curl.h
View File

@ -161,7 +161,7 @@ typedef enum {
CURLSSLBACKEND_GNUTLS = 2, CURLSSLBACKEND_GNUTLS = 2,
CURLSSLBACKEND_NSS = 3, CURLSSLBACKEND_NSS = 3,
CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */
CURLSSLBACKEND_GSKIT = 5, CURLSSLBACKEND_GSKIT CURL_DEPRECATED(8.3.0, "") = 5,
CURLSSLBACKEND_POLARSSL CURL_DEPRECATED(7.69.0, "") = 6, CURLSSLBACKEND_POLARSSL CURL_DEPRECATED(7.69.0, "") = 6,
CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_WOLFSSL = 7,
CURLSSLBACKEND_SCHANNEL = 8, CURLSSLBACKEND_SCHANNEL = 8,
@ -2824,8 +2824,8 @@ CURL_EXTERN void curl_slist_free_all(struct curl_slist *list);
*/ */
CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused);
/* info about the certificate chain, only for OpenSSL, GnuTLS, Schannel, NSS /* info about the certificate chain, only for OpenSSL, GnuTLS, Schannel and
and GSKit builds. Asked for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ NSS builds. Asked for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */
struct curl_certinfo { struct curl_certinfo {
int num_of_certs; /* number of certificates with information */ int num_of_certs; /* number of certificates with information */
struct curl_slist **certinfo; /* for each index in this array, there's a struct curl_slist **certinfo; /* for each index in this array, there's a

2
lib/Makefile.inc
View File

@ -44,7 +44,6 @@ LIB_VAUTH_HFILES = \
LIB_VTLS_CFILES = \ LIB_VTLS_CFILES = \
vtls/bearssl.c \ vtls/bearssl.c \
vtls/gskit.c \
vtls/gtls.c \ vtls/gtls.c \
vtls/hostcheck.c \ vtls/hostcheck.c \
vtls/keylog.c \ vtls/keylog.c \
@ -61,7 +60,6 @@ LIB_VTLS_CFILES = \
LIB_VTLS_HFILES = \ LIB_VTLS_HFILES = \
vtls/bearssl.h \ vtls/bearssl.h \
vtls/gskit.h \
vtls/gtls.h \ vtls/gtls.h \
vtls/hostcheck.h \ vtls/hostcheck.h \
vtls/keylog.h \ vtls/keylog.h \

3
lib/config-os400.h
View File

@ -338,9 +338,6 @@
/* Define to the function return type for send. */ /* Define to the function return type for send. */
#define SEND_TYPE_RETV int #define SEND_TYPE_RETV int
/* Define to use the GSKit package. */
#define USE_GSKIT
/* Define to use the OS/400 crypto library. */ /* Define to use the OS/400 crypto library. */
#define USE_OS400CRYPTO #define USE_OS400CRYPTO

2
lib/curl_setup.h
View File

@ -647,7 +647,7 @@
#if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_MBEDTLS) || \ #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_MBEDTLS) || \
defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
defined(USE_GSKIT) || defined(USE_BEARSSL) || defined(USE_RUSTLS) defined(USE_BEARSSL) || defined(USE_RUSTLS)
#define USE_SSL /* SSL support has been enabled */ #define USE_SSL /* SSL support has been enabled */
#endif #endif

2
lib/rand.c
View File

@ -188,7 +188,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
* 'rnd' points to. * 'rnd' points to.
* *
* If libcurl is built without TLS support or with a TLS backend that lacks a * If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (rustls, Gskit or mbedTLS), this function will use "weak" * proper random API (rustls or mbedTLS), this function will use "weak"
* random. * random.
* *
* When built *with* TLS support and a backend that offers strong random, it * When built *with* TLS support and a backend that offers strong random, it

14
lib/rand.h
View File

@ -24,20 +24,6 @@
* *
***************************************************************************/ ***************************************************************************/
/*
* Curl_rand() stores 'num' number of random unsigned characters in the buffer
* 'rnd' points to.
*
* If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (Gskit or mbedTLS), this function will use "weak" random.
*
* When built *with* TLS support and a backend that offers strong random, it
* will return error if it cannot provide strong random values.
*
* NOTE: 'data' may be passed in as NULL when coming from external API without
* easy handle!
*
*/
CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num); CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num);
/* /*

88
lib/setup-os400.h
View File

@ -57,94 +57,6 @@ extern int Curl_getnameinfo_a(const struct sockaddr *sa,
int flags); int flags);
#define getnameinfo Curl_getnameinfo_a #define getnameinfo Curl_getnameinfo_a
/* GSKit wrappers. */
extern int Curl_gsk_environment_open(gsk_handle * my_env_handle);
#define gsk_environment_open Curl_gsk_environment_open
extern int Curl_gsk_secure_soc_open(gsk_handle my_env_handle,
gsk_handle * my_session_handle);
#define gsk_secure_soc_open Curl_gsk_secure_soc_open
extern int Curl_gsk_environment_close(gsk_handle * my_env_handle);
#define gsk_environment_close Curl_gsk_environment_close
extern int Curl_gsk_secure_soc_close(gsk_handle * my_session_handle);
#define gsk_secure_soc_close Curl_gsk_secure_soc_close
extern int Curl_gsk_environment_init(gsk_handle my_env_handle);
#define gsk_environment_init Curl_gsk_environment_init
extern int Curl_gsk_secure_soc_init(gsk_handle my_session_handle);
#define gsk_secure_soc_init Curl_gsk_secure_soc_init
extern int Curl_gsk_attribute_set_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
const char *buffer,
int bufSize);
#define gsk_attribute_set_buffer Curl_gsk_attribute_set_buffer_a
extern int Curl_gsk_attribute_set_enum(gsk_handle my_gsk_handle,
GSK_ENUM_ID enumID,
GSK_ENUM_VALUE enumValue);
#define gsk_attribute_set_enum Curl_gsk_attribute_set_enum
extern int Curl_gsk_attribute_set_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID,
int numValue);
#define gsk_attribute_set_numeric_value Curl_gsk_attribute_set_numeric_value
extern int Curl_gsk_attribute_set_callback(gsk_handle my_gsk_handle,
GSK_CALLBACK_ID callBackID,
void *callBackAreaPtr);
#define gsk_attribute_set_callback Curl_gsk_attribute_set_callback
extern int Curl_gsk_attribute_get_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
const char **buffer,
int *bufSize);
#define gsk_attribute_get_buffer Curl_gsk_attribute_get_buffer_a
extern int Curl_gsk_attribute_get_enum(gsk_handle my_gsk_handle,
GSK_ENUM_ID enumID,
GSK_ENUM_VALUE *enumValue);
#define gsk_attribute_get_enum Curl_gsk_attribute_get_enum
extern int Curl_gsk_attribute_get_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID,
int *numValue);
#define gsk_attribute_get_numeric_value Curl_gsk_attribute_get_numeric_value
extern int Curl_gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
GSK_CERT_ID certID,
const gsk_cert_data_elem **certDataElem,
int *certDataElementCount);
#define gsk_attribute_get_cert_info Curl_gsk_attribute_get_cert_info
extern int Curl_gsk_secure_soc_misc(gsk_handle my_session_handle,
GSK_MISC_ID miscID);
#define gsk_secure_soc_misc Curl_gsk_secure_soc_misc
extern int Curl_gsk_secure_soc_read(gsk_handle my_session_handle,
char *readBuffer,
int readBufSize, int *amtRead);
#define gsk_secure_soc_read Curl_gsk_secure_soc_read
extern int Curl_gsk_secure_soc_write(gsk_handle my_session_handle,
char *writeBuffer,
int writeBufSize, int *amtWritten);
#define gsk_secure_soc_write Curl_gsk_secure_soc_write
extern const char * Curl_gsk_strerror_a(int gsk_return_value);
#define gsk_strerror Curl_gsk_strerror_a
extern int Curl_gsk_secure_soc_startInit(gsk_handle my_session_handle,
int IOCompletionPort,
Qso_OverlappedIO_t * communicationsArea);
#define gsk_secure_soc_startInit Curl_gsk_secure_soc_startInit
/* GSSAPI wrappers. */ /* GSSAPI wrappers. */
extern OM_uint32 Curl_gss_import_name_a(OM_uint32 * minor_status, extern OM_uint32 Curl_gss_import_name_a(OM_uint32 * minor_status,

1329
lib/vtls/gskit.c
View File

File diff suppressed because it is too large Load Diff

40
lib/vtls/gskit.h
View File

@ -1,40 +0,0 @@
#ifndef HEADER_CURL_GSKIT_H
#define HEADER_CURL_GSKIT_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "curl_setup.h"
/*
* This header should only be needed to get included by vtls.c and gskit.c
*/
#include "urldata.h"
#ifdef USE_GSKIT
extern const struct Curl_ssl Curl_ssl_gskit;
#endif /* USE_GSKIT */
#endif /* HEADER_CURL_GSKIT_H */

3
lib/vtls/hostcheck.c
View File

@ -25,7 +25,6 @@
#include "curl_setup.h" #include "curl_setup.h"
#if defined(USE_OPENSSL) \ #if defined(USE_OPENSSL) \
|| defined(USE_GSKIT) \
|| defined(USE_SCHANNEL) || defined(USE_SCHANNEL)
/* these backends use functions from this file */ /* these backends use functions from this file */
@ -133,4 +132,4 @@ bool Curl_cert_hostcheck(const char *match, size_t matchlen,
return FALSE; return FALSE;
} }
#endif /* OPENSSL, GSKIT or schannel+wince */ #endif /* OPENSSL or SCHANNEL */

5
lib/vtls/vtls.c
View File

@ -1240,8 +1240,6 @@ const struct Curl_ssl *Curl_ssl =
&Curl_ssl_sectransp; &Curl_ssl_sectransp;
#elif defined(USE_GNUTLS) #elif defined(USE_GNUTLS)
&Curl_ssl_gnutls; &Curl_ssl_gnutls;
#elif defined(USE_GSKIT)
&Curl_ssl_gskit;
#elif defined(USE_MBEDTLS) #elif defined(USE_MBEDTLS)
&Curl_ssl_mbedtls; &Curl_ssl_mbedtls;
#elif defined(USE_RUSTLS) #elif defined(USE_RUSTLS)
@ -1266,9 +1264,6 @@ static const struct Curl_ssl *available_backends[] = {
#if defined(USE_GNUTLS) #if defined(USE_GNUTLS)
&Curl_ssl_gnutls, &Curl_ssl_gnutls,
#endif #endif
#if defined(USE_GSKIT)
&Curl_ssl_gskit,
#endif
#if defined(USE_MBEDTLS) #if defined(USE_MBEDTLS)
&Curl_ssl_mbedtls, &Curl_ssl_mbedtls,
#endif #endif

1
lib/vtls/vtls_int.h
View File

@ -217,7 +217,6 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf,
#include "openssl.h" /* OpenSSL versions */ #include "openssl.h" /* OpenSSL versions */
#include "gtls.h" /* GnuTLS versions */ #include "gtls.h" /* GnuTLS versions */
#include "gskit.h" /* Global Secure ToolKit versions */
#include "wolfssl.h" /* wolfSSL versions */ #include "wolfssl.h" /* wolfSSL versions */
#include "schannel.h" /* Schannel SSPI version */ #include "schannel.h" /* Schannel SSPI version */
#include "sectransp.h" /* SecureTransport (Darwin) version */ #include "sectransp.h" /* SecureTransport (Darwin) version */

15
lib/vtls/x509asn1.c
View File

@ -24,24 +24,18 @@
#include "curl_setup.h" #include "curl_setup.h"
#if defined(USE_GSKIT) || defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \ #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \
defined(USE_SCHANNEL) || defined(USE_SECTRANSP) defined(USE_SCHANNEL) || defined(USE_SECTRANSP)
#if defined(USE_GSKIT) || defined(USE_WOLFSSL) || defined(USE_SCHANNEL) #if defined(USE_WOLFSSL) || defined(USE_SCHANNEL)
#define WANT_PARSEX509 /* uses Curl_parseX509() */ #define WANT_PARSEX509 /* uses Curl_parseX509() */
#endif #endif
#if defined(USE_GSKIT) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ #if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP)
defined(USE_SECTRANSP)
#define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */ #define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */
#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ #define WANT_PARSEX509 /* ... uses Curl_parseX509() */
#endif #endif
#if defined(USE_GSKIT)
#define WANT_VERIFYHOST /* uses Curl_verifyhost () */
#define WANT_PARSEX509 /* ... uses Curl_parseX509() */
#endif
#include <curl/curl.h> #include <curl/curl.h>
#include "urldata.h" #include "urldata.h"
#include "strcase.h" #include "strcase.h"
@ -1261,8 +1255,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
#endif /* WANT_EXTRACT_CERTINFO */ #endif /* WANT_EXTRACT_CERTINFO */
#endif /* USE_GSKIT or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL * or #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
USE_SECTRANSP */
#ifdef WANT_VERIFYHOST #ifdef WANT_VERIFYHOST

5
lib/vtls/x509asn1.h
View File

@ -27,7 +27,7 @@
#include "curl_setup.h" #include "curl_setup.h"
#if defined(USE_GSKIT) || defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \ #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \
defined(USE_SCHANNEL) || defined(USE_SECTRANSP) defined(USE_SCHANNEL) || defined(USE_SECTRANSP)
#include "cfilters.h" #include "cfilters.h"
@ -76,6 +76,5 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum,
const char *beg, const char *end); const char *beg, const char *end);
CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data,
const char *beg, const char *end); const char *beg, const char *end);
#endif /* USE_GSKIT or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
* or USE_SECTRANSP */
#endif /* HEADER_CURL_X509ASN1_H */ #endif /* HEADER_CURL_X509ASN1_H */

16
packages/OS400/README.OS400
View File

@ -39,22 +39,6 @@ header files are thus altered during build process to use this pragma, in
order to force libcurl enums of being type int (the pragma disposition in use order to force libcurl enums of being type int (the pragma disposition in use
before inclusion is restored before resuming the including unit compilation). before inclusion is restored before resuming the including unit compilation).
Secure socket layer is provided by the IBM GSKit API: unlike other SSL
implementations, GSKit is based on "certificate stores" or keyrings
rather than individual certificate/key files. Certificate stores, as well as
"certificate labels" are managed by external IBM-defined applications.
There are two ways to specify an SSL context:
- By an application identifier.
- By a keyring file pathname and (optionally) certificate label.
To identify an SSL context by application identifier, use option
SETOPT_SSLCERT to specify the application identifier.
To address an SSL context by keyring and certificate label, use CURLOPT_CAINFO
to set-up the keyring pathname, CURLOPT_SSLCERT to define the certificate label
(omitting it will cause the default certificate in keyring to be used) and
CURLOPT_KEYPASSWD to give the keyring password. If SSL is used without
defining any of these options, the default (i.e.: system) keyring is used for
server certificate validation.
Non-standard EBCDIC wrapper prototypes are defined in an additional header Non-standard EBCDIC wrapper prototypes are defined in an additional header
file: ccsidcurl.h. These should be self-explanatory to an OS/400-aware file: ccsidcurl.h. These should be self-explanatory to an OS/400-aware
designer. CCSID 0 can be used to select the current job's CCSID. designer. CCSID 0 can be used to select the current job's CCSID.

370
packages/OS400/os400sys.c
View File

@ -44,11 +44,6 @@
#include <zlib.h> #include <zlib.h>
#endif #endif
#ifdef USE_GSKIT
#include <gskssl.h>
#include <qsoasync.h>
#endif
#ifdef HAVE_GSSAPI #ifdef HAVE_GSSAPI
#include <gssapi.h> #include <gssapi.h>
#endif #endif
@ -344,371 +339,6 @@ Curl_getaddrinfo_a(const char *nodename, const char *servname,
return status; return status;
} }
#ifdef USE_GSKIT
/* ASCII wrappers for the GSKit procedures. */
/*
* EBCDIC --> ASCII string mapping table.
* Some strings returned by GSKit are dynamically allocated and automatically
* released when closing the handle.
* To provide the same functionality, we use a "private" handle that
* holds the GSKit handle and a list of string mappings. This will allow
* avoid conversion of already converted strings and releasing them upon
* close time.
*/
struct gskstrlist {
struct gskstrlist *next;
const char *ebcdicstr;
const char *asciistr;
};
struct Curl_gsk_descriptor {
gsk_handle h;
struct gskstrlist *strlist;
};
int Curl_gsk_environment_open(gsk_handle *my_env_handle)
{
struct Curl_gsk_descriptor *p;
int rc;
if(!my_env_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
p = (struct Curl_gsk_descriptor *) malloc(sizeof(*p));
if(!p)
return GSK_INSUFFICIENT_STORAGE;
p->strlist = (struct gskstrlist *) NULL;
rc = gsk_environment_open(&p->h);
if(rc != GSK_OK)
free(p);
else
*my_env_handle = (gsk_handle) p;
return rc;
}
int Curl_gsk_secure_soc_open(gsk_handle my_env_handle,
gsk_handle *my_session_handle)
{
struct Curl_gsk_descriptor *p;
gsk_handle h;
int rc;
if(!my_env_handle)
return GSK_INVALID_HANDLE;
if(!my_session_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
h = ((struct Curl_gsk_descriptor *) my_env_handle)->h;
p = (struct Curl_gsk_descriptor *) malloc(sizeof(*p));
if(!p)
return GSK_INSUFFICIENT_STORAGE;
p->strlist = (struct gskstrlist *) NULL;
rc = gsk_secure_soc_open(h, &p->h);
if(rc != GSK_OK)
free(p);
else
*my_session_handle = (gsk_handle) p;
return rc;
}
static void gsk_free_handle(struct Curl_gsk_descriptor *p)
{
struct gskstrlist *q;
while((q = p->strlist)) {
p->strlist = q;
free((void *) q->asciistr);
free(q);
}
free(p);
}
int Curl_gsk_environment_close(gsk_handle *my_env_handle)
{
struct Curl_gsk_descriptor *p;
int rc;
if(!my_env_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
if(!*my_env_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) *my_env_handle;
rc = gsk_environment_close(&p->h);
if(rc == GSK_OK) {
gsk_free_handle(p);
*my_env_handle = (gsk_handle) NULL;
}
return rc;
}
int Curl_gsk_secure_soc_close(gsk_handle *my_session_handle)
{
struct Curl_gsk_descriptor *p;
int rc;
if(!my_session_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
if(!*my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) *my_session_handle;
rc = gsk_secure_soc_close(&p->h);
if(rc == GSK_OK) {
gsk_free_handle(p);
*my_session_handle = (gsk_handle) NULL;
}
return rc;
}
int Curl_gsk_environment_init(gsk_handle my_env_handle)
{
struct Curl_gsk_descriptor *p;
if(!my_env_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_env_handle;
return gsk_environment_init(p->h);
}
int Curl_gsk_secure_soc_init(gsk_handle my_session_handle)
{
struct Curl_gsk_descriptor *p;
if(!my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_session_handle;
return gsk_secure_soc_init(p->h);
}
int
Curl_gsk_attribute_set_buffer_a(gsk_handle my_gsk_handle, GSK_BUF_ID bufID,
const char *buffer, int bufSize)
{
struct Curl_gsk_descriptor *p;
char *ebcdicbuf;
int rc;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
if(!buffer)
return GSK_OS400_ERROR_INVALID_POINTER;
if(bufSize < 0)
return GSK_ATTRIBUTE_INVALID_LENGTH;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
if(!bufSize)
bufSize = strlen(buffer);
ebcdicbuf = malloc(bufSize + 1);
if(!ebcdicbuf)
return GSK_INSUFFICIENT_STORAGE;
QadrtConvertA2E(ebcdicbuf, buffer, bufSize, bufSize);
ebcdicbuf[bufSize] = '\0';
rc = gsk_attribute_set_buffer(p->h, bufID, ebcdicbuf, bufSize);
free(ebcdicbuf);
return rc;
}
int
Curl_gsk_attribute_set_enum(gsk_handle my_gsk_handle, GSK_ENUM_ID enumID,
GSK_ENUM_VALUE enumValue)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
return gsk_attribute_set_enum(p->h, enumID, enumValue);
}
int
Curl_gsk_attribute_set_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID, int numValue)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
return gsk_attribute_set_numeric_value(p->h, numID, numValue);
}
int
Curl_gsk_attribute_set_callback(gsk_handle my_gsk_handle,
GSK_CALLBACK_ID callBackID,
void *callBackAreaPtr)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
return gsk_attribute_set_callback(p->h, callBackID, callBackAreaPtr);
}
static int
cachestring(struct Curl_gsk_descriptor *p,
const char *ebcdicbuf, int bufsize, const char **buffer)
{
int rc;
char *asciibuf;
struct gskstrlist *sp;
for(sp = p->strlist; sp; sp = sp->next)
if(sp->ebcdicstr == ebcdicbuf)
break;
if(!sp) {
sp = (struct gskstrlist *) malloc(sizeof(*sp));
if(!sp)
return GSK_INSUFFICIENT_STORAGE;
asciibuf = malloc(bufsize + 1);
if(!asciibuf) {
free(sp);
return GSK_INSUFFICIENT_STORAGE;
}
QadrtConvertE2A(asciibuf, ebcdicbuf, bufsize, bufsize);
asciibuf[bufsize] = '\0';
sp->ebcdicstr = ebcdicbuf;
sp->asciistr = asciibuf;
sp->next = p->strlist;
p->strlist = sp;
}
*buffer = sp->asciistr;
return GSK_OK;
}
int
Curl_gsk_attribute_get_buffer_a(gsk_handle my_gsk_handle, GSK_BUF_ID bufID,
const char **buffer, int *bufSize)
{
struct Curl_gsk_descriptor *p;
int rc;
const char *mybuf;
int mylen;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
if(!buffer || !bufSize)
return GSK_OS400_ERROR_INVALID_POINTER;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
rc = gsk_attribute_get_buffer(p->h, bufID, &mybuf, &mylen);
if(rc != GSK_OK)
return rc;
rc = cachestring(p, mybuf, mylen, buffer);
if(rc == GSK_OK)
*bufSize = mylen;
return rc;
}
int
Curl_gsk_attribute_get_enum(gsk_handle my_gsk_handle, GSK_ENUM_ID enumID,
GSK_ENUM_VALUE *enumValue)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
return gsk_attribute_get_enum(p->h, enumID, enumValue);
}
int
Curl_gsk_attribute_get_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID, int *numValue)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
return gsk_attribute_get_numeric_value(p->h, numID, numValue);
}
int
Curl_gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
GSK_CERT_ID certID,
const gsk_cert_data_elem **certDataElem,
int *certDataElementCount)
{
struct Curl_gsk_descriptor *p;
if(!my_gsk_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
/* No need to convert code: text results are already in ASCII. */
return gsk_attribute_get_cert_info(p->h, certID,
certDataElem, certDataElementCount);
}
int
Curl_gsk_secure_soc_misc(gsk_handle my_session_handle, GSK_MISC_ID miscID)
{
struct Curl_gsk_descriptor *p;
if(!my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_session_handle;
return gsk_secure_soc_misc(p->h, miscID);
}
int
Curl_gsk_secure_soc_read(gsk_handle my_session_handle, char *readBuffer,
int readBufSize, int *amtRead)
{
struct Curl_gsk_descriptor *p;
if(!my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_session_handle;
return gsk_secure_soc_read(p->h, readBuffer, readBufSize, amtRead);
}
int
Curl_gsk_secure_soc_write(gsk_handle my_session_handle, char *writeBuffer,
int writeBufSize, int *amtWritten)
{
struct Curl_gsk_descriptor *p;
if(!my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_session_handle;
return gsk_secure_soc_write(p->h, writeBuffer, writeBufSize, amtWritten);
}
const char *
Curl_gsk_strerror_a(int gsk_return_value)
{
return set_thread_string(LK_GSK_ERROR, gsk_strerror(gsk_return_value));
}
int
Curl_gsk_secure_soc_startInit(gsk_handle my_session_handle,
int IOCompletionPort,
Qso_OverlappedIO_t *communicationsArea)
{
struct Curl_gsk_descriptor *p;
if(!my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) my_session_handle;
return gsk_secure_soc_startInit(p->h, IOCompletionPort, communicationsArea);
}
#endif /* USE_GSKIT */
#ifdef HAVE_GSSAPI #ifdef HAVE_GSSAPI
/* ASCII wrappers for the GSSAPI procedures. */ /* ASCII wrappers for the GSSAPI procedures. */

2
tests/unit/unit1397.c
View File

@ -34,7 +34,7 @@ static void unit_stop(void)
} }
/* only these backends define the tested functions */ /* only these backends define the tested functions */
#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL) #if defined(USE_OPENSSL) || defined(USE_SCHANNEL)
#include "vtls/hostcheck.h" #include "vtls/hostcheck.h"
struct testcase { struct testcase {
const char *host; const char *host;

3
tests/unit/unit1651.c
View File

@ -34,8 +34,7 @@ static void unit_stop(void)
{ {
} }
#if defined(USE_GSKIT) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ #if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP)
defined(USE_SECTRANSP)
/* cert captured from gdb when connecting to curl.se on October 26 /* cert captured from gdb when connecting to curl.se on October 26
2018 */ 2018 */