aboutsummaryrefslogtreecommitdiff
path: root/src/IO/tls_openssl.c
AgeCommit message (Collapse)Author
2024-06-01Don't call SSL_get_error() with pending dataRodrigo Arias Mallo
When a positive non-zero value is returned from SSL_read or SSL_write, there is data read or written, so there is no need to check for errors. Only in the case the return value is 0 or negative.
2024-06-01Handle SSL_ERROR_ZERO_RETURN in OpenSSLRodrigo Arias Mallo
It may be returned when the server closes the connection, see: https://www.openssl.org/docs/manmaster/man3/SSL_get_error.html We simply handle it as if there was no error and return zero bytes read. Fixes: https://github.com/dillo-browser/dillo/issues/175
2024-05-18Avoid reaching into X509_ALGORTheo Buehler
It would be nice if X509_ALGOR could be made opaque at some point. There is a somewhat clumsy accessor X509_ALGOR_get0() that allows obtaining the ASN1_OBJECT sitting inside an X509_ALGOR. Use this instead.
2024-04-05Use SSL_get1_peer_certificate() in OpenSSL 3Rodrigo Arias Mallo
The function SSL_get_peer_certificate() is deprecated in 3.0.0, but still defined as a compatibility macro. Fixes: https://github.com/dillo-browser/dillo/issues/118
2024-02-18Don't call SSL_shutdown on fatal SSL errorsRodrigo Arias Mallo
2024-02-18Handle errors in SSL_read() and SSL_write()Rodrigo Arias Mallo
We cannot rely on the return value and the errno, the function SSL_get_error() must be used to determine what happen and if we need to retry again. A wrapper function translates the SSL error into a proper errno value. In the case a premature EOF is sent by the server, the error queue is emptied before the error is returned. Fixes: https://github.com/dillo-browser/dillo/issues/79
2024-01-15Prevent nested calls to Tls_connect()Rodrigo Arias Mallo
They may accidentally happen if a fd callback is still attached to the connection socket while we wait in a FTLK dialog, causing another call to Tls_connect() which will end up in an infinite loop.
2024-01-15Remove fd watch while perforing TLS checkRodrigo Arias Mallo
Avoids calling the callback while the TLS dialog is opened, which was causing and infinite loop of recursive calls to Tls_connect(). Fixes: https://github.com/dillo-browser/dillo/issues/49
2024-01-14Report TLS errors if any before abortingRodrigo Arias Mallo
Instead of just assert that there are no previous TLS errors, print the error queue and then abort. It prevents the error queue to be emptied before having a chance to see what error was stored.
2024-01-11Replace dReturn_val_if_fail() by a simple if()Rodrigo Arias Mallo
The macro hides a return path and makes it more difficult to read the condition as it is negated.
2024-01-11Report OpenSSL and mbedTLS versionsRodrigo Arias Mallo
2023-12-30Fix declaration after case statementRodrigo Arias Mallo
2023-12-30Fix EVP_PKEY_get_id() for OpenSSL 1.1Rodrigo Arias Mallo
Before OpenSSL 3.0, the EVP_PKEY_get_id() was named EVP_PKEY_id().
2023-12-30Use TLS_client_method() for SSL_CTX_new()Rodrigo Arias Mallo
The SSLv23_client_method() function is deprecated: https://www.openssl.org/docs/man3.2/man3/SSLv23_client_method.html
2023-12-30Add support for OpenSSL, mbedTLS 2 and mbedTLS 3Rodrigo Arias Mallo
Brings the previous OpenSSL implementation into src/IO/tls_openssl.c. Now, the TLS functions have the implementation name as prefix, like a_Tls_openssl_connect(). The generic interface at IO/tls.h hides the implementation which is selected at configure time. The appropriate functions of that implementation are called from IO/tls.c to IO/tls_<impl>.c. In this way, support for more TLS libraries can easily be added. In the case of mbedTLS, there are some incompatible changes from version 2 to 3, so we use some ifdefs to fix the differences.