luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0a5ea09a91
curl/lib/vtls
History
Max Faxälv 0a5ea09a91
spnego_gssapi: implement TLS channel bindings for openssl 
Channel Bindings are used to tie the session context to a specific TLS
channel. This is to provide additional proof of valid identity,
mitigating authentication relay attacks.

Major web servers have the ability to require (None/Accept/Require)
GSSAPI channel binding, rendering Curl unable to connect to such
websites unless support for channel bindings is implemented.

IIS calls this feature Extended Protection (EPA), which is used in
Enterprise environments using Kerberos for authentication.

This change require krb5 >= 1.19, otherwise channel bindings won't be
forwarded through SPNEGO.

Co-Authored-By: Steffen Kieß <947515+steffen-kiess@users.noreply.github.com>
Closes #13098
2024-08-12 19:16:54 +02:00
..
bearssl.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
bearssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
cipher_suite.c vtls: fix MSVC 'cast truncates constant value' warning 2024-08-03 09:22:25 +02:00
cipher_suite.h sectransp: use common code for cipher suite lookup 2024-05-29 13:08:14 +02:00
gtls.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
gtls.h connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
hostcheck.c code: language cleanup in comments 2024-07-01 22:58:55 +02:00
hostcheck.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
keylog.c tls: use shared init code for TCP+QUIC 2024-04-09 09:08:05 +02:00
keylog.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls_threadlock.c mbedtls: properly cleanup the thread-shared entropy 2024-03-12 03:09:37 -04:00
mbedtls_threadlock.h tidy-up: one comment and EOF newlines 2024-03-12 15:38:44 +00:00
mbedtls.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
mbedtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
openssl.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
openssl.h openssl: stop duplicate ssl key logging for legacy OpenSSL 2024-05-24 15:22:53 -04:00
rustls.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
rustls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
schannel_int.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
schannel_verify.c tidy-up: OS names 2024-08-04 19:17:45 +02:00
schannel.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
schannel.h build: do not publish HAVE_BORINGSSL, HAVE_AWSLC macros 2023-10-08 22:29:45 +00:00
sectransp.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
sectransp.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
vtls_int.h spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
vtls.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
vtls.h spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
wolfssl.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
wolfssl.h wolfssl: improve shutdown handling 2024-08-05 08:49:20 +02:00
x509asn1.c x509asn1: raise size limit for x509 certification information 2024-08-02 23:20:57 +02:00
x509asn1.h x509asn1: unittests and fixes for gtime2str 2024-07-30 23:08:59 +02:00