1/*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> 9 * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. 10 * 11 * This software is licensed as described in the file COPYING, which 12 * you should have received as part of this distribution. The terms 13 * are also available at http://curl.haxx.se/docs/copyright.html. 14 * 15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 16 * copies of the Software, and permit persons to whom the Software is 17 * furnished to do so, under the terms of the COPYING file. 18 * 19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20 * KIND, either express or implied. 21 * 22 ***************************************************************************/ 23 24/* 25 * Source file for all PolarSSL-specific code for the TLS/SSL layer. No code 26 * but sslgen.c should ever call or use these functions. 27 * 28 */ 29 30#include "curl_setup.h" 31 32#ifdef USE_POLARSSL 33 34#include <polarssl/net.h> 35#include <polarssl/ssl.h> 36#include <polarssl/certs.h> 37#include <polarssl/x509.h> 38#include <polarssl/version.h> 39 40#if POLARSSL_VERSION_NUMBER >= 0x01000000 41#include <polarssl/error.h> 42#endif /* POLARSSL_VERSION_NUMBER >= 0x01000000 */ 43 44#if POLARSSL_VERSION_NUMBER>0x01010000 45#include <polarssl/entropy.h> 46#include <polarssl/ctr_drbg.h> 47#else 48#include <polarssl/havege.h> 49#endif /* POLARSSL_VERSION_NUMBER>0x01010000 */ 50 51 52#if POLARSSL_VERSION_NUMBER<0x01000000 53/* 54 Earlier versions of polarssl had no WANT_READ or WANT_WRITE, only TRY_AGAIN 55*/ 56#define POLARSSL_ERR_NET_WANT_READ POLARSSL_ERR_NET_TRY_AGAIN 57#define POLARSSL_ERR_NET_WANT_WRITE POLARSSL_ERR_NET_TRY_AGAIN 58#endif 59 60#include "urldata.h" 61#include "sendf.h" 62#include "inet_pton.h" 63#include "polarssl.h" 64#include "sslgen.h" 65#include "parsedate.h" 66#include "connect.h" /* for the connect timeout */ 67#include "select.h" 68#include "rawstr.h" 69#include "polarssl_threadlock.h" 70 71#define _MPRINTF_REPLACE /* use our functions only */ 72#include <curl/mprintf.h> 73#include "curl_memory.h" 74/* The last #include file should be: */ 75#include "memdebug.h" 76 77/* apply threading? */ 78#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) 79#define THREADING_SUPPORT 80#endif 81 82#if defined(THREADING_SUPPORT) && POLARSSL_VERSION_NUMBER>0x01010000 83static entropy_context entropy; 84 85static int entropy_init_initialized = 0; 86 87/* start of entropy_init_mutex() */ 88static void entropy_init_mutex(entropy_context *ctx) 89{ 90 /* lock 0 = entropy_init_mutex() */ 91 polarsslthreadlock_lock_function(0); 92 if(entropy_init_initialized == 0) { 93 entropy_init(ctx); 94 entropy_init_initialized = 1; 95 } 96 polarsslthreadlock_unlock_function(0); 97} 98/* end of entropy_init_mutex() */ 99 100/* start of entropy_func_mutex() */ 101static int entropy_func_mutex(void *data, unsigned char *output, size_t len) 102{ 103 int ret; 104 /* lock 1 = entropy_func_mutex() */ 105 polarsslthreadlock_lock_function(1); 106 ret = entropy_func(data, output, len); 107 polarsslthreadlock_unlock_function(1); 108 109 return ret; 110} 111/* end of entropy_func_mutex() */ 112 113#endif /* THREADING_SUPPORT && POLARSSL_VERSION_NUMBER>0x01010000 */ 114 115/* Define this to enable lots of debugging for PolarSSL */ 116#undef POLARSSL_DEBUG 117 118#ifdef POLARSSL_DEBUG 119static void polarssl_debug(void *context, int level, char *line) 120{ 121 struct SessionHandle *data = NULL; 122 123 if(!context) 124 return; 125 126 data = (struct SessionHandle *)context; 127 128 infof(data, "%s\n", line); 129} 130#else 131#endif 132 133static Curl_recv polarssl_recv; 134static Curl_send polarssl_send; 135 136 137static CURLcode 138polarssl_connect_step1(struct connectdata *conn, 139 int sockindex) 140{ 141 struct SessionHandle *data = conn->data; 142 struct ssl_connect_data* connssl = &conn->ssl[sockindex]; 143 144 bool sni = TRUE; /* default is SNI enabled */ 145 int ret = -1; 146#ifdef ENABLE_IPV6 147 struct in6_addr addr; 148#else 149 struct in_addr addr; 150#endif 151 void *old_session = NULL; 152 size_t old_session_size = 0; 153 154 char errorbuf[128]; 155 memset(errorbuf, 0, sizeof(errorbuf)); 156 157 158 /* PolarSSL only supports SSLv3 and TLSv1 */ 159 if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { 160 failf(data, "PolarSSL does not support SSLv2"); 161 return CURLE_SSL_CONNECT_ERROR; 162 } 163 else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) 164 sni = FALSE; /* SSLv3 has no SNI */ 165 166#if POLARSSL_VERSION_NUMBER<0x01010000 167 havege_init(&connssl->hs); 168#else 169#ifdef THREADING_SUPPORT 170 entropy_init_mutex(&entropy); 171 172 if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy, 173 connssl->ssn.id, connssl->ssn.length)) != 0) { 174#ifdef POLARSSL_ERROR_C 175 error_strerror(ret, errorbuf, sizeof(errorbuf)); 176#endif /* POLARSSL_ERROR_C */ 177 failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", 178 -ret, errorbuf); 179 } 180#else 181 entropy_init(&connssl->entropy); 182 183 if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy, 184 connssl->ssn.id, connssl->ssn.length)) != 0) { 185#ifdef POLARSSL_ERROR_C 186 error_strerror(ret, errorbuf, sizeof(errorbuf)); 187#endif /* POLARSSL_ERROR_C */ 188 failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", 189 -ret, errorbuf); 190 } 191#endif /* THREADING_SUPPORT */ 192#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ 193 194 /* Load the trusted CA */ 195 memset(&connssl->cacert, 0, sizeof(x509_cert)); 196 197 if(data->set.str[STRING_SSL_CAFILE]) { 198 ret = x509parse_crtfile(&connssl->cacert, 199 data->set.str[STRING_SSL_CAFILE]); 200 201 if(ret<0) { 202#ifdef POLARSSL_ERROR_C 203 error_strerror(ret, errorbuf, sizeof(errorbuf)); 204#endif /* POLARSSL_ERROR_C */ 205 failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s", 206 data->set.str[STRING_SSL_CAFILE], -ret, errorbuf); 207 208 if(data->set.ssl.verifypeer) 209 return CURLE_SSL_CACERT_BADFILE; 210 } 211 } 212 213 /* Load the client certificate */ 214 memset(&connssl->clicert, 0, sizeof(x509_cert)); 215 216 if(data->set.str[STRING_CERT]) { 217 ret = x509parse_crtfile(&connssl->clicert, 218 data->set.str[STRING_CERT]); 219 220 if(ret) { 221#ifdef POLARSSL_ERROR_C 222 error_strerror(ret, errorbuf, sizeof(errorbuf)); 223#endif /* POLARSSL_ERROR_C */ 224 failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s", 225 data->set.str[STRING_CERT], -ret, errorbuf); 226 227 return CURLE_SSL_CERTPROBLEM; 228 } 229 } 230 231 /* Load the client private key */ 232 if(data->set.str[STRING_KEY]) { 233 ret = x509parse_keyfile(&connssl->rsa, 234 data->set.str[STRING_KEY], 235 data->set.str[STRING_KEY_PASSWD]); 236 237 if(ret) { 238#ifdef POLARSSL_ERROR_C 239 error_strerror(ret, errorbuf, sizeof(errorbuf)); 240#endif /* POLARSSL_ERROR_C */ 241 failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s", 242 data->set.str[STRING_KEY], -ret, errorbuf); 243 244 return CURLE_SSL_CERTPROBLEM; 245 } 246 } 247 248 /* Load the CRL */ 249 memset(&connssl->crl, 0, sizeof(x509_crl)); 250 251 if(data->set.str[STRING_SSL_CRLFILE]) { 252 ret = x509parse_crlfile(&connssl->crl, 253 data->set.str[STRING_SSL_CRLFILE]); 254 255 if(ret) { 256#ifdef POLARSSL_ERROR_C 257 error_strerror(ret, errorbuf, sizeof(errorbuf)); 258#endif /* POLARSSL_ERROR_C */ 259 failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s", 260 data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf); 261 262 return CURLE_SSL_CRL_BADFILE; 263 } 264 } 265 266 infof(data, "PolarSSL: Connecting to %s:%d\n", 267 conn->host.name, conn->remote_port); 268 269 if(ssl_init(&connssl->ssl)) { 270 failf(data, "PolarSSL: ssl_init failed"); 271 return CURLE_SSL_CONNECT_ERROR; 272 } 273 274 ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); 275 ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); 276 277#if POLARSSL_VERSION_NUMBER<0x01010000 278 ssl_set_rng(&connssl->ssl, havege_rand, 279 &connssl->hs); 280#else 281 ssl_set_rng(&connssl->ssl, ctr_drbg_random, 282 &connssl->ctr_drbg); 283#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ 284 ssl_set_bio(&connssl->ssl, 285 net_recv, &conn->sock[sockindex], 286 net_send, &conn->sock[sockindex]); 287 288 289#if POLARSSL_VERSION_NUMBER<0x01000000 290 ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers); 291#else 292 ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites); 293#endif 294 if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { 295 memcpy(&connssl->ssn, old_session, old_session_size); 296 infof(data, "PolarSSL re-using session\n"); 297 } 298 299/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's 300 1.1.4 version and the like */ 301#if POLARSSL_VERSION_NUMBER<0x01020000 302 ssl_set_session(&connssl->ssl, 1, 600, 303 &connssl->ssn); 304#else 305 ssl_set_session(&connssl->ssl, 306 &connssl->ssn); 307#endif 308 309 ssl_set_ca_chain(&connssl->ssl, 310 &connssl->cacert, 311 &connssl->crl, 312 conn->host.name); 313 314 ssl_set_own_cert(&connssl->ssl, 315 &connssl->clicert, &connssl->rsa); 316 317 if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) && 318#ifdef ENABLE_IPV6 319 !Curl_inet_pton(AF_INET6, conn->host.name, &addr) && 320#endif 321 sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) { 322 infof(data, "WARNING: failed to configure " 323 "server name indication (SNI) TLS extension\n"); 324 } 325 326#ifdef POLARSSL_DEBUG 327 ssl_set_dbg(&connssl->ssl, polarssl_debug, data); 328#endif 329 330 connssl->connecting_state = ssl_connect_2; 331 332 return CURLE_OK; 333} 334 335static CURLcode 336polarssl_connect_step2(struct connectdata *conn, 337 int sockindex) 338{ 339 int ret; 340 struct SessionHandle *data = conn->data; 341 struct ssl_connect_data* connssl = &conn->ssl[sockindex]; 342 char buffer[1024]; 343 344 char errorbuf[128]; 345 memset(errorbuf, 0, sizeof(errorbuf)); 346 347 conn->recv[sockindex] = polarssl_recv; 348 conn->send[sockindex] = polarssl_send; 349 350 for(;;) { 351 if(!(ret = ssl_handshake(&connssl->ssl))) 352 break; 353 else if(ret != POLARSSL_ERR_NET_WANT_READ && 354 ret != POLARSSL_ERR_NET_WANT_WRITE) { 355#ifdef POLARSSL_ERROR_C 356 error_strerror(ret, errorbuf, sizeof(errorbuf)); 357#endif /* POLARSSL_ERROR_C */ 358 failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s", 359 -ret, errorbuf); 360 361 return CURLE_SSL_CONNECT_ERROR; 362 } 363 else { 364 if(ret == POLARSSL_ERR_NET_WANT_READ) { 365 connssl->connecting_state = ssl_connect_2_reading; 366 return CURLE_OK; 367 } 368 if(ret == POLARSSL_ERR_NET_WANT_WRITE) { 369 connssl->connecting_state = ssl_connect_2_writing; 370 return CURLE_OK; 371 } 372 failf(data, "SSL_connect failed with error %d.", ret); 373 return CURLE_SSL_CONNECT_ERROR; 374 375 } 376 } 377 378 infof(data, "PolarSSL: Handshake complete, cipher is %s\n", 379#if POLARSSL_VERSION_NUMBER<0x01000000 380 ssl_get_cipher(&conn->ssl[sockindex].ssl) 381#elif POLARSSL_VERSION_NUMBER >= 0x01010000 382 ssl_get_ciphersuite(&conn->ssl[sockindex].ssl) 383#else 384 ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl) 385#endif 386 ); 387 388 ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); 389 390 if(ret && data->set.ssl.verifypeer) { 391 if(ret & BADCERT_EXPIRED) 392 failf(data, "Cert verify failed: BADCERT_EXPIRED"); 393 394 if(ret & BADCERT_REVOKED) { 395 failf(data, "Cert verify failed: BADCERT_REVOKED"); 396 return CURLE_SSL_CACERT; 397 } 398 399 if(ret & BADCERT_CN_MISMATCH) 400 failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); 401 402 if(ret & BADCERT_NOT_TRUSTED) 403 failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); 404 405 return CURLE_PEER_FAILED_VERIFICATION; 406 } 407 408/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's 409 1.1.4 version and the like */ 410#if POLARSSL_VERSION_NUMBER<0x01020000 411 if(conn->ssl[sockindex].ssl.peer_cert) { 412#else 413 if(ssl_get_peer_cert(&(connssl->ssl))) { 414#endif 415 /* If the session was resumed, there will be no peer certs */ 416 memset(buffer, 0, sizeof(buffer)); 417 418/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's 419 1.1.4 version and the like */ 420#if POLARSSL_VERSION_NUMBER<0x01020000 421 if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", 422 conn->ssl[sockindex].ssl.peer_cert) != -1) 423#else 424 if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", 425 ssl_get_peer_cert(&(connssl->ssl))) != -1) 426#endif 427 infof(data, "Dumping cert info:\n%s\n", buffer); 428 } 429 430 connssl->connecting_state = ssl_connect_3; 431 infof(data, "SSL connected\n"); 432 433 return CURLE_OK; 434} 435 436static CURLcode 437polarssl_connect_step3(struct connectdata *conn, 438 int sockindex) 439{ 440 CURLcode retcode = CURLE_OK; 441 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 442 struct SessionHandle *data = conn->data; 443 void *old_ssl_sessionid = NULL; 444 ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ; 445 int incache; 446 447 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); 448 449 /* Save the current session data for possible re-use */ 450 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL)); 451 if(incache) { 452 if(old_ssl_sessionid != our_ssl_sessionid) { 453 infof(data, "old SSL session ID is stale, removing\n"); 454 Curl_ssl_delsessionid(conn, old_ssl_sessionid); 455 incache = FALSE; 456 } 457 } 458 if(!incache) { 459 void *new_session = malloc(sizeof(ssl_session)); 460 461 if(new_session) { 462 memcpy(new_session, our_ssl_sessionid, 463 sizeof(ssl_session)); 464 465 retcode = Curl_ssl_addsessionid(conn, new_session, 466 sizeof(ssl_session)); 467 } 468 else { 469 retcode = CURLE_OUT_OF_MEMORY; 470 } 471 472 if(retcode) { 473 failf(data, "failed to store ssl session"); 474 return retcode; 475 } 476 } 477 478 connssl->connecting_state = ssl_connect_done; 479 480 return CURLE_OK; 481} 482 483static ssize_t polarssl_send(struct connectdata *conn, 484 int sockindex, 485 const void *mem, 486 size_t len, 487 CURLcode *curlcode) 488{ 489 int ret = -1; 490 491 ret = ssl_write(&conn->ssl[sockindex].ssl, 492 (unsigned char *)mem, len); 493 494 if(ret < 0) { 495 *curlcode = (ret == POLARSSL_ERR_NET_WANT_WRITE) ? 496 CURLE_AGAIN : CURLE_SEND_ERROR; 497 ret = -1; 498 } 499 500 return ret; 501} 502 503void Curl_polarssl_close_all(struct SessionHandle *data) 504{ 505 (void)data; 506} 507 508void Curl_polarssl_close(struct connectdata *conn, int sockindex) 509{ 510 rsa_free(&conn->ssl[sockindex].rsa); 511 x509_free(&conn->ssl[sockindex].clicert); 512 x509_free(&conn->ssl[sockindex].cacert); 513 x509_crl_free(&conn->ssl[sockindex].crl); 514 ssl_free(&conn->ssl[sockindex].ssl); 515} 516 517static ssize_t polarssl_recv(struct connectdata *conn, 518 int num, 519 char *buf, 520 size_t buffersize, 521 CURLcode *curlcode) 522{ 523 int ret = -1; 524 ssize_t len = -1; 525 526 memset(buf, 0, buffersize); 527 ret = ssl_read(&conn->ssl[num].ssl, (unsigned char *)buf, buffersize); 528 529 if(ret <= 0) { 530 if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) 531 return 0; 532 533 *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ? 534 CURLE_AGAIN : CURLE_RECV_ERROR; 535 return -1; 536 } 537 538 len = ret; 539 540 return len; 541} 542 543void Curl_polarssl_session_free(void *ptr) 544{ 545 free(ptr); 546} 547 548size_t Curl_polarssl_version(char *buffer, size_t size) 549{ 550 unsigned int version = version_get_number(); 551 return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24, 552 (version>>16)&0xff, (version>>8)&0xff); 553} 554 555static CURLcode 556polarssl_connect_common(struct connectdata *conn, 557 int sockindex, 558 bool nonblocking, 559 bool *done) 560{ 561 CURLcode retcode; 562 struct SessionHandle *data = conn->data; 563 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 564 curl_socket_t sockfd = conn->sock[sockindex]; 565 long timeout_ms; 566 int what; 567 568 /* check if the connection has already been established */ 569 if(ssl_connection_complete == connssl->state) { 570 *done = TRUE; 571 return CURLE_OK; 572 } 573 574 if(ssl_connect_1==connssl->connecting_state) { 575 /* Find out how much more time we're allowed */ 576 timeout_ms = Curl_timeleft(data, NULL, TRUE); 577 578 if(timeout_ms < 0) { 579 /* no need to continue if time already is up */ 580 failf(data, "SSL connection timeout"); 581 return CURLE_OPERATION_TIMEDOUT; 582 } 583 retcode = polarssl_connect_step1(conn, sockindex); 584 if(retcode) 585 return retcode; 586 } 587 588 while(ssl_connect_2 == connssl->connecting_state || 589 ssl_connect_2_reading == connssl->connecting_state || 590 ssl_connect_2_writing == connssl->connecting_state) { 591 592 /* check allowed time left */ 593 timeout_ms = Curl_timeleft(data, NULL, TRUE); 594 595 if(timeout_ms < 0) { 596 /* no need to continue if time already is up */ 597 failf(data, "SSL connection timeout"); 598 return CURLE_OPERATION_TIMEDOUT; 599 } 600 601 /* if ssl is expecting something, check if it's available. */ 602 if(connssl->connecting_state == ssl_connect_2_reading 603 || connssl->connecting_state == ssl_connect_2_writing) { 604 605 curl_socket_t writefd = ssl_connect_2_writing== 606 connssl->connecting_state?sockfd:CURL_SOCKET_BAD; 607 curl_socket_t readfd = ssl_connect_2_reading== 608 connssl->connecting_state?sockfd:CURL_SOCKET_BAD; 609 610 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms); 611 if(what < 0) { 612 /* fatal error */ 613 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); 614 return CURLE_SSL_CONNECT_ERROR; 615 } 616 else if(0 == what) { 617 if(nonblocking) { 618 *done = FALSE; 619 return CURLE_OK; 620 } 621 else { 622 /* timeout */ 623 failf(data, "SSL connection timeout"); 624 return CURLE_OPERATION_TIMEDOUT; 625 } 626 } 627 /* socket is readable or writable */ 628 } 629 630 /* Run transaction, and return to the caller if it failed or if 631 * this connection is part of a multi handle and this loop would 632 * execute again. This permits the owner of a multi handle to 633 * abort a connection attempt before step2 has completed while 634 * ensuring that a client using select() or epoll() will always 635 * have a valid fdset to wait on. 636 */ 637 retcode = polarssl_connect_step2(conn, sockindex); 638 if(retcode || (nonblocking && 639 (ssl_connect_2 == connssl->connecting_state || 640 ssl_connect_2_reading == connssl->connecting_state || 641 ssl_connect_2_writing == connssl->connecting_state))) 642 return retcode; 643 644 } /* repeat step2 until all transactions are done. */ 645 646 if(ssl_connect_3==connssl->connecting_state) { 647 retcode = polarssl_connect_step3(conn, sockindex); 648 if(retcode) 649 return retcode; 650 } 651 652 if(ssl_connect_done==connssl->connecting_state) { 653 connssl->state = ssl_connection_complete; 654 conn->recv[sockindex] = polarssl_recv; 655 conn->send[sockindex] = polarssl_send; 656 *done = TRUE; 657 } 658 else 659 *done = FALSE; 660 661 /* Reset our connect state machine */ 662 connssl->connecting_state = ssl_connect_1; 663 664 return CURLE_OK; 665} 666 667CURLcode 668Curl_polarssl_connect_nonblocking(struct connectdata *conn, 669 int sockindex, 670 bool *done) 671{ 672 return polarssl_connect_common(conn, sockindex, TRUE, done); 673} 674 675 676CURLcode 677Curl_polarssl_connect(struct connectdata *conn, 678 int sockindex) 679{ 680 CURLcode retcode; 681 bool done = FALSE; 682 683 retcode = polarssl_connect_common(conn, sockindex, FALSE, &done); 684 if(retcode) 685 return retcode; 686 687 DEBUGASSERT(done); 688 689 return CURLE_OK; 690} 691 692/* 693 * return 0 error initializing SSL 694 * return 1 SSL initialized successfully 695 */ 696int polarssl_init(void) 697{ 698 return polarsslthreadlock_thread_setup(); 699} 700 701void polarssl_cleanup(void) 702{ 703 (void)polarsslthreadlock_thread_cleanup(); 704} 705 706#endif /* USE_POLARSSL */ 707