From 4958d918b647779ac45fa5a1ebb5c5d5363ae754 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 30 Dec 2024 17:45:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=80=E8=87=B4=E6=80=A7=E6=95=B4=E6=94=B9?= =?UTF-8?q?=E3=80=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: cy --- BUILD.gn | 169 ++++++++-- buildconf.bat | 319 ------------------ bundle.json | 18 +- customized/include/curl_config_standard.h | 21 +- .../include/curl_config_standard_http3.h | 21 +- lib/url.c | 49 ++- lib/vtls/gtls.c | 146 ++++---- plan9/include/mkfile | 36 -- 8 files changed, 276 insertions(+), 503 deletions(-) delete mode 100644 buildconf.bat delete mode 100644 plan9/include/mkfile diff --git a/BUILD.gn b/BUILD.gn index e9e4e88e3..d3e56aae8 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -12,6 +12,119 @@ # limitations under the License. import("//build/ohos.gni") +cares_srcs = [ + "ares__addrinfo2hostent.c", + "ares__addrinfo_localhost.c", + "ares__close_sockets.c", + "ares__get_hostent.c", + "ares__parse_into_addrinfo.c", + "ares__read_line.c", + "ares__readaddrinfo.c", + "ares__sortaddrinfo.c", + "ares__timeval.c", + "ares_android.c", + "ares_cancel.c", + "ares_create_query.c", + "ares_data.c", + "ares_destroy.c", + "ares_expand_name.c", + "ares_expand_string.c", + "ares_fds.c", + "ares_free_hostent.c", + "ares_free_string.c", + "ares_freeaddrinfo.c", + "ares_getaddrinfo.c", + "ares_getenv.c", + "ares_gethostbyaddr.c", + "ares_gethostbyname.c", + "ares_getnameinfo.c", + "ares_getsock.c", + "ares_init.c", + "ares_library_init.c", + "ares_llist.c", + "ares_mkquery.c", + "ares_nowarn.c", + "ares_options.c", + "ares_parse_a_reply.c", + "ares_parse_aaaa_reply.c", + "ares_parse_caa_reply.c", + "ares_parse_mx_reply.c", + "ares_parse_naptr_reply.c", + "ares_parse_ns_reply.c", + "ares_parse_ptr_reply.c", + "ares_parse_soa_reply.c", + "ares_parse_srv_reply.c", + "ares_parse_txt_reply.c", + "ares_parse_uri_reply.c", + "ares_platform.c", + "ares_process.c", + "ares_query.c", + "ares_rand.c", + "ares_search.c", + "ares_send.c", + "ares_strcasecmp.c", + "ares_strdup.c", + "ares_strerror.c", + "ares_strsplit.c", + "ares_timeout.c", + "ares_version.c", + "ares_writev.c", + "bitncmp.c", + "inet_net_pton.c", + "inet_ntop.c", + "windows_port.c", +] + +src_path = "//third_party/cares" +cares_path = root_out_dir + "/third_party_cares" +code_dir = cares_path + "/c-ares-1.18.1" + +action("installOpenEulerCares") { + print("Cares install") + script = "install_cares.sh" + args = [ + rebase_path(src_path, root_build_dir), + rebase_path(cares_path, root_build_dir), + ] + inputs = [ src_path ] + outputs = [] + foreach(src, cares_srcs) { + outputs += [ "$code_dir/src/lib/" + src ] + } +} + +config("c_ares_config") { + cflags = [ + "-D_GNU_SOURCE", + "-D_HAS_EXCEPTIONS=0", + "-DHAVE_CONFIG_H", + "-Wno-macro-redefined", + ] +} + +ohos_static_library("c_ares") { + deps = [ ":installOpenEulerCares" ] + sources = [] + foreach(src, cares_srcs) { + sources += [ "$code_dir/src/lib/" + src ] + } + + public_configs = [ ":c_ares_config" ] + defines = [] + if (is_standard_system) { + defines += [ "OHOS_DNS_PROXY_BY_NETSYS=1" ] + } + + include_dirs = [ + "//third_party/cares/include", + "$code_dir", + "$code_dir/include", + ] + + subsystem_name = "thirdparty" + part_name = "curl" +} + declare_args() { netstack_feature_http3 = false } @@ -282,6 +395,10 @@ if (defined(ohos_lite)) { "//third_party/curl/customized/include", ] + if (is_cares_on) { + include_dirs += [ "//third_party/cares/include" ] + } + cflags = [ "-Wno-deprecated-declarations" ] } @@ -297,7 +414,7 @@ if (defined(ohos_lite)) { ohos_source_set("curl") { configs = [ ":curl_config" ] - external_deps = [ "openssl:libssl_shared" ] + configs += [ "//third_party/openssl:ssl_config_public" ] public_configs = [ ":curl_config_public" ] @@ -420,14 +537,13 @@ if (defined(ohos_lite)) { "//third_party/zlib:shared_libz", ] } else { - external_deps += [ + external_deps = [ "nghttp2:libnghttp2_shared", "openssl:libcrypto_shared", "openssl:libssl_shared", "zlib:shared_libz", ] } - if (current_os != "ios" && is_cares_on) { if (is_arkui_x) { deps += [ @@ -435,17 +551,13 @@ if (defined(ohos_lite)) { "//third_party/cares:c_ares", ] } else { - external_deps += [ - "brotli:brotli_shared", - "cares:c_ares", - ] + external_deps += [ "brotli:brotli_shared" ] } defines = [ - "USE_ARES", - "HAVE_BROTLI", "DISABLE_GETENV", ] } + subsystem_name = "thirdparty" part_name = "curl" } @@ -457,7 +569,7 @@ if (defined(ohos_lite)) { configs += [ "//vendor/open_source/quiche/quiche:quiche_config" ] configs += [ "//vendor/open_source/boringssl:boringssl_config" ] } else { - external_deps = [ "openssl:libssl_shared" ] + configs += [ "//third_party/openssl:ssl_config_public" ] } sources = curl_source @@ -583,13 +695,13 @@ if (defined(ohos_lite)) { "zlib:shared_libz", ] } else { - external_deps += [ + external_deps = [ "nghttp2:libnghttp2_shared", "zlib:shared_libz", ] if (netstack_feature_http3) { - deps += [ "//vendor/open_source/quiche/quiche:lib" ] + deps = [ "//vendor/open_source/quiche/quiche:lib" ] } else { external_deps += [ "openssl:libcrypto_shared", @@ -597,54 +709,50 @@ if (defined(ohos_lite)) { ] } } + if (is_cares_on) { - if (is_arkui_x) { - deps += [ - "//third_party/brotli:brotli_shared", - "//third_party/cares:c_ares", - ] + if (defined(deps)) { + deps += [ ":c_ares" ] } else { - external_deps += [ - "brotli:brotli_shared", - "cares:c_ares", - ] + deps = [ ":c_ares" ] } + external_deps += [ "brotli:brotli_shared" ] + external_deps += [ "netmanager_base:netsys_client" ] defines = [ "USE_ARES", "HAVE_BROTLI", "DISABLE_GETENV", ] } + subsystem_name = "thirdparty" part_name = "curl" } ohos_shared_library("curl_shared") { - if (current_os == "ios") { - ldflags = [ - "-Wl", - "-install_name", - "@rpath/libcurl_shared.framework/libcurl_shared", - ] - } + branch_protector_ret = "pac_ret" deps = [ ":curl" ] + configs = [ ":curl_config" ] + public_configs = [ ":curl_config_public" ] install_images = [ "updater", "system", ] + + subsystem_name = "thirdparty" innerapi_tags = [ "chipsetsdk", "platformsdk", "sasdk", ] - subsystem_name = "thirdparty" part_name = "curl" } ohos_shared_library("curl_shared_http3") { + branch_protector_ret = "pac_ret" if (current_os == "ios") { ldflags = [ "-Wl", @@ -677,6 +785,9 @@ if (defined(ohos_lite)) { subsystem_name = "thirdparty" part_name = "curl" } + } else { + group("libcurl_shared") { + } } } diff --git a/buildconf.bat b/buildconf.bat deleted file mode 100644 index 615366118..000000000 --- a/buildconf.bat +++ /dev/null @@ -1,319 +0,0 @@ -@echo off -rem *************************************************************************** -rem * _ _ ____ _ -rem * Project ___| | | | _ \| | -rem * / __| | | | |_) | | -rem * | (__| |_| | _ <| |___ -rem * \___|\___/|_| \_\_____| -rem * -rem * Copyright (C) Daniel Stenberg, , et al. -rem * -rem * This software is licensed as described in the file COPYING, which -rem * you should have received as part of this distribution. The terms -rem * are also available at https://curl.se/docs/copyright.html. -rem * -rem * You may opt to use, copy, modify, merge, publish, distribute and/or sell -rem * copies of the Software, and permit persons to whom the Software is -rem * furnished to do so, under the terms of the COPYING file. -rem * -rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -rem * KIND, either express or implied. -rem * -rem * SPDX-License-Identifier: curl -rem * -rem *************************************************************************** - -rem NOTES -rem -rem This batch file must be used to set up a git tree to build on systems where -rem there is no autotools support (i.e. DOS and Windows). -rem - -:begin - rem Set our variables - if "%OS%" == "Windows_NT" setlocal - set MODE=GENERATE - - rem Switch to this batch file's directory - cd /d "%~0\.." 1>NUL 2>&1 - - rem Check we are running from a curl git repository - if not exist GIT-INFO goto norepo - - rem Detect programs. HAVE_ - rem When not found the variable is set undefined. The undefined pattern - rem allows for statements like "if not defined HAVE_PERL (command)" - groff --version NUL 2>&1 - if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y) - nroff --version NUL 2>&1 - if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y) - perl --version NUL 2>&1 - if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y) - gzip --version NUL 2>&1 - if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y) - -:parseArgs - if "%~1" == "" goto start - - if /i "%~1" == "-clean" ( - set MODE=CLEAN - ) else if /i "%~1" == "-?" ( - goto syntax - ) else if /i "%~1" == "-h" ( - goto syntax - ) else if /i "%~1" == "-help" ( - goto syntax - ) else ( - goto unknown - ) - - shift & goto parseArgs - -:start - if "%MODE%" == "GENERATE" ( - echo. - echo Generating prerequisite files - - call :generate - if errorlevel 3 goto nogenhugehelp - if errorlevel 2 goto nogenmakefile - if errorlevel 1 goto warning - - ) else ( - echo. - echo Removing prerequisite files - - call :clean - if errorlevel 2 goto nocleanhugehelp - if errorlevel 1 goto nocleanmakefile - ) - - goto success - -rem Main generate function. -rem -rem Returns: -rem -rem 0 - success -rem 1 - success with simplified tool_hugehelp.c -rem 2 - failed to generate Makefile -rem 3 - failed to generate tool_hugehelp.c -rem -:generate - if "%OS%" == "Windows_NT" setlocal - set BASIC_HUGEHELP=0 - - rem Create Makefile - echo * %CD%\Makefile - if exist Makefile.dist ( - copy /Y Makefile.dist Makefile 1>NUL 2>&1 - if errorlevel 1 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 2 - ) - ) - - rem Create tool_hugehelp.c - echo * %CD%\src\tool_hugehelp.c - call :genHugeHelp - if errorlevel 2 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 3 - ) - if errorlevel 1 ( - set BASIC_HUGEHELP=1 - ) - cmd /c exit 0 - - rem Setup c-ares git tree - if exist ares\buildconf.bat ( - echo. - echo Configuring c-ares build environment - cd ares - call buildconf.bat - cd .. - ) - - if "%BASIC_HUGEHELP%" == "1" ( - if "%OS%" == "Windows_NT" endlocal - exit /B 1 - ) - - if "%OS%" == "Windows_NT" endlocal - exit /B 0 - -rem Main clean function. -rem -rem Returns: -rem -rem 0 - success -rem 1 - failed to clean Makefile -rem 2 - failed to clean tool_hugehelp.c -rem -:clean - rem Remove Makefile - echo * %CD%\Makefile - if exist Makefile ( - del Makefile 2>NUL - if exist Makefile ( - exit /B 1 - ) - ) - - rem Remove tool_hugehelp.c - echo * %CD%\src\tool_hugehelp.c - if exist src\tool_hugehelp.c ( - del src\tool_hugehelp.c 2>NUL - if exist src\tool_hugehelp.c ( - exit /B 2 - ) - ) - - exit /B - -rem Function to generate src\tool_hugehelp.c -rem -rem Returns: -rem -rem 0 - full tool_hugehelp.c generated -rem 1 - simplified tool_hugehelp.c -rem 2 - failure -rem -:genHugeHelp - if "%OS%" == "Windows_NT" setlocal - set LC_ALL=C - set ROFFCMD= - set BASIC=1 - - if defined HAVE_PERL ( - if defined HAVE_GROFF ( - set ROFFCMD=groff -mtty-char -Tascii -P-c -man - ) else if defined HAVE_NROFF ( - set ROFFCMD=nroff -c -Tascii -man - ) - ) - - if defined ROFFCMD ( - echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - - if defined HAVE_GZIP ( - echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c - ) - - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c - if defined HAVE_GZIP ( - echo #else>> src\tool_hugehelp.c - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c - echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c - ) - - set BASIC=0 - ) else ( - if exist src\tool_hugehelp.c.cvs ( - copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 - ) else ( - echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - echo.>> src\tool_hugehelp.c - echo void hugehelp(void^)>> src\tool_hugehelp.c - echo {>> src\tool_hugehelp.c - echo #ifdef USE_MANUAL>> src\tool_hugehelp.c - echo fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c - echo #endif>> src\tool_hugehelp.c - echo }>> src\tool_hugehelp.c - ) - ) - - findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1 - if errorlevel 1 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 2 - ) - - if "%BASIC%" == "1" ( - if "%OS%" == "Windows_NT" endlocal - exit /B 1 - ) - - if "%OS%" == "Windows_NT" endlocal - exit /B 0 - -rem Function to clean-up local variables under DOS, Windows 3.x and -rem Windows 9x as setlocal isn't available until Windows NT -rem -:dosCleanup - set MODE= - set HAVE_GROFF= - set HAVE_NROFF= - set HAVE_PERL= - set HAVE_GZIP= - set BASIC_HUGEHELP= - set LC_ALL - set ROFFCMD= - set BASIC= - - exit /B - -:syntax - rem Display the help - echo. - echo Usage: buildconf [-clean] - echo. - echo -clean - Removes the files - goto error - -:unknown - echo. - echo Error: Unknown argument '%1' - goto error - -:norepo - echo. - echo Error: This batch file should only be used with a curl git repository - goto error - -:nogenmakefile - echo. - echo Error: Unable to generate Makefile - goto error - -:nogenhugehelp - echo. - echo Error: Unable to generate src\tool_hugehelp.c - goto error - -:nocleanmakefile - echo. - echo Error: Unable to clean Makefile - goto error - -:nocleanhugehelp - echo. - echo Error: Unable to clean src\tool_hugehelp.c - goto error - -:warning - echo. - echo Warning: The curl manual could not be integrated in the source. This means when - echo you build curl the manual will not be available (curl --man^). Integration of - echo the manual is not required and a summary of the options will still be available - echo (curl --help^). To integrate the manual your PATH is required to have - echo groff/nroff, perl and optionally gzip for compression. - goto success - -:error - if "%OS%" == "Windows_NT" ( - endlocal - ) else ( - call :dosCleanup - ) - exit /B 1 - -:success - if "%OS%" == "Windows_NT" ( - endlocal - ) else ( - call :dosCleanup - ) - exit /B 0 diff --git a/bundle.json b/bundle.json index 7afb47fe5..5f0fd2f4d 100644 --- a/bundle.json +++ b/bundle.json @@ -23,19 +23,13 @@ "ram": "", "deps": { "components": [ - "cares", "nghttp2", "openssl", "zlib", - "brotli" + "netmanager_base", + "brotli" ], - "third_party": [ - "nghttp2", - "openssl", - "zlib", - "cares", - "nghttp2" - ] + "third_party": [] }, "build": { "sub_component": [ @@ -57,11 +51,7 @@ } }, { - "name":"//third_party/curl:libcurl_shared", - "header":{ - "header_files":[], - "header_base":"//third_party/curl/include/curl" - } + "name":"//third_party/curl:libcurl_shared" } ], "test": [] diff --git a/customized/include/curl_config_standard.h b/customized/include/curl_config_standard.h index e487a4405..fb2b6a270 100644 --- a/customized/include/curl_config_standard.h +++ b/customized/include/curl_config_standard.h @@ -543,7 +543,7 @@ /* #undef HAVE_POLL */ /* If you have a fine poll */ -/* #undef HAVE_POLL_FINE */ +#define HAVE_POLL_FINE 1 /* Define to 1 if you have the header file. */ #define HAVE_POLL_H 1 @@ -1043,6 +1043,25 @@ /* Use Unix domain sockets */ #define USE_UNIX_SOCKETS 1 +#define HAVE_ATOMIC 1 +#define HAVE_FCHMOD 1 +#define HAVE_CLOCK_GETTIME_MONOTONIC 1 +#define HAVE_CLOCK_GETTIME_MONOTONIC_RAW 1 +#define HAVE_FSEEKO 1 +#define HAVE_GETHOSTBYNAME_R 1 +#define HAVE_GETHOSTBYNAME_R_6 1 +#define HAVE_SA_FAMILY_T 1 +#define HAVE_SUSECONDS_T 1 +#define HAVE_NETINET_UDP_H 1 +#define HAVE_SSL_SET0_WBIO 1 +#define HAVE_SCHED_YIELD 1 +#define HAVE_SENDMSG 1 +#define HAVE_FSETXATTR_5 1 +#define HAVE_SNPRINTF 1 +#define HAVE_STDATOMIC_H 1 +#define HAVE_TERMIO_H 1 +#define HAVE_WRITABLE_ARGV 1 + /* Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz). */ /* #undef USE_WIN32_IDN */ diff --git a/customized/include/curl_config_standard_http3.h b/customized/include/curl_config_standard_http3.h index 6cd8b8f92..51ab5a679 100644 --- a/customized/include/curl_config_standard_http3.h +++ b/customized/include/curl_config_standard_http3.h @@ -544,7 +544,7 @@ /* #undef HAVE_POLL */ /* If you have a fine poll */ -/* #undef HAVE_POLL_FINE */ +#define HAVE_POLL_FINE 1 /* Define to 1 if you have the header file. */ #define HAVE_POLL_H 1 @@ -1044,6 +1044,25 @@ /* Use Unix domain sockets */ #define USE_UNIX_SOCKETS 1 +#define HAVE_ATOMIC 1 +#define HAVE_FCHMOD 1 +#define HAVE_CLOCK_GETTIME_MONOTONIC 1 +#define HAVE_CLOCK_GETTIME_MONOTONIC_RAW 1 +#define HAVE_FSEEKO 1 +#define HAVE_GETHOSTBYNAME_R 1 +#define HAVE_GETHOSTBYNAME_R_6 1 +#define HAVE_SA_FAMILY_T 1 +#define HAVE_SUSECONDS_T 1 +#define HAVE_NETINET_UDP_H 1 +#define HAVE_SSL_SET0_WBIO 1 +#define HAVE_SCHED_YIELD 1 +#define HAVE_SENDMSG 1 +#define HAVE_FSETXATTR_5 1 +#define HAVE_SNPRINTF 1 +#define HAVE_STDATOMIC_H 1 +#define HAVE_TERMIO_H 1 +#define HAVE_WRITABLE_ARGV 1 + /* Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz). */ /* #undef USE_WIN32_IDN */ diff --git a/lib/url.c b/lib/url.c index e5c619643..48fa6074b 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2762,40 +2762,29 @@ static CURLcode override_login(struct Curl_easy *data, bool url_provided = FALSE; if(data->state.aptr.user) { - /* there was a username with a length in the URL. Use the URL decoded - version */ + /* there was a user name in the URL. Use the URL decoded version */ userp = &data->state.aptr.user; url_provided = TRUE; } - if(!*passwdp) { - ret = Curl_parsenetrc(conn->host.name, - userp, passwdp, - data->set.str[STRING_NETRC_FILE]); - if(ret > 0) { - infof(data, "Couldn't find host %s in the %s file; using defaults", - conn->host.name, - (data->set.str[STRING_NETRC_FILE] ? - data->set.str[STRING_NETRC_FILE] : ".netrc")); - } - else if(ret < 0) { - failf(data, ".netrc parser error"); - return CURLE_READ_ERROR; - } - else { - if(!(conn->handler->flags&PROTOPT_USERPWDCTRL)) { - /* if the protocol can't handle control codes in credentials, make - sure there are none */ - if(str_has_ctrl(*userp) || str_has_ctrl(*passwdp)) { - failf(data, "control code detected in .netrc credentials"); - return CURLE_READ_ERROR; - } - } - /* set bits.netrc TRUE to remember that we got the name from a .netrc - file, so that it is safe to use even if we followed a Location: to a - different host or similar. */ - conn->bits.netrc = TRUE; - } + ret = Curl_parsenetrc(conn->host.name, + userp, passwdp, + data->set.str[STRING_NETRC_FILE]); + if(ret > 0) { + infof(data, "Couldn't find host %s in the %s file; using defaults", + conn->host.name, + (data->set.str[STRING_NETRC_FILE] ? + data->set.str[STRING_NETRC_FILE] : ".netrc")); + } + else if(ret < 0) { + failf(data, ".netrc parser error"); + return CURLE_READ_ERROR; + } + else { + /* set bits.netrc TRUE to remember that we got the name from a .netrc + file, so that it is safe to use even if we followed a Location: to a + different host or similar. */ + conn->bits.netrc = TRUE; } if(url_provided) { Curl_safefree(conn->user); diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index b95c5be3c..7cc3c6d52 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -536,6 +536,13 @@ CURLcode gtls_client_init(struct Curl_easy *data, init_flags |= GNUTLS_NO_TICKETS; #endif +#if defined(GNUTLS_NO_STATUS_REQUEST) + if(!config->verifystatus) + /* Disable the "status_request" TLS extension, enabled by default since + GnuTLS 3.8.0. */ + init_flags |= GNUTLS_NO_STATUS_REQUEST; +#endif + rc = gnutls_init(>ls->session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); @@ -921,104 +928,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, infof(data, " server certificate verification SKIPPED"); if(config->verifystatus) { - if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { - gnutls_datum_t status_request; - gnutls_ocsp_resp_t ocsp_resp; + gnutls_datum_t status_request; + gnutls_ocsp_resp_t ocsp_resp; + gnutls_ocsp_cert_status_t status; + gnutls_x509_crl_reason_t reason; - gnutls_ocsp_cert_status_t status; - gnutls_x509_crl_reason_t reason; + rc = gnutls_ocsp_status_request_get(session, &status_request); - rc = gnutls_ocsp_status_request_get(session, &status_request); + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + failf(data, "No OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - infof(data, " server certificate status verification FAILED"); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - failf(data, "No OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + gnutls_ocsp_resp_init(&ocsp_resp); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - gnutls_ocsp_resp_init(&ocsp_resp); + (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, + &status, NULL, NULL, NULL, &reason); - rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + switch(status) { + case GNUTLS_OCSP_CERT_GOOD: + break; - (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, - &status, NULL, NULL, NULL, &reason); + case GNUTLS_OCSP_CERT_REVOKED: { + const char *crl_reason; - switch(status) { - case GNUTLS_OCSP_CERT_GOOD: + switch(reason) { + default: + case GNUTLS_X509_CRLREASON_UNSPECIFIED: + crl_reason = "unspecified reason"; break; - case GNUTLS_OCSP_CERT_REVOKED: { - const char *crl_reason; - - switch(reason) { - default: - case GNUTLS_X509_CRLREASON_UNSPECIFIED: - crl_reason = "unspecified reason"; - break; - - case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: - crl_reason = "private key compromised"; - break; - - case GNUTLS_X509_CRLREASON_CACOMPROMISE: - crl_reason = "CA compromised"; - break; - - case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: - crl_reason = "affiliation has changed"; - break; + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: + crl_reason = "private key compromised"; + break; - case GNUTLS_X509_CRLREASON_SUPERSEDED: - crl_reason = "certificate superseded"; - break; + case GNUTLS_X509_CRLREASON_CACOMPROMISE: + crl_reason = "CA compromised"; + break; - case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: - crl_reason = "operation has ceased"; - break; + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: + crl_reason = "affiliation has changed"; + break; - case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: - crl_reason = "certificate is on hold"; - break; + case GNUTLS_X509_CRLREASON_SUPERSEDED: + crl_reason = "certificate superseded"; + break; - case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: - crl_reason = "will be removed from delta CRL"; - break; + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: + crl_reason = "operation has ceased"; + break; - case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: - crl_reason = "privilege withdrawn"; - break; + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: + crl_reason = "certificate is on hold"; + break; - case GNUTLS_X509_CRLREASON_AACOMPROMISE: - crl_reason = "AA compromised"; - break; - } + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: + crl_reason = "will be removed from delta CRL"; + break; - failf(data, "Server certificate was revoked: %s", crl_reason); + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: + crl_reason = "privilege withdrawn"; break; - } - default: - case GNUTLS_OCSP_CERT_UNKNOWN: - failf(data, "Server certificate status is unknown"); + case GNUTLS_X509_CRLREASON_AACOMPROMISE: + crl_reason = "AA compromised"; break; } - gnutls_ocsp_resp_deinit(ocsp_resp); + failf(data, "Server certificate was revoked: %s", crl_reason); + break; + } + + default: + case GNUTLS_OCSP_CERT_UNKNOWN: + failf(data, "Server certificate status is unknown"); + break; + } + gnutls_ocsp_resp_deinit(ocsp_resp); + if(status != GNUTLS_OCSP_CERT_GOOD) return CURLE_SSL_INVALIDCERTSTATUS; - } - else - infof(data, " server certificate status verification OK"); } else infof(data, " server certificate status verification SKIPPED"); diff --git a/plan9/include/mkfile b/plan9/include/mkfile deleted file mode 100644 index a0970e932..000000000 --- a/plan9/include/mkfile +++ /dev/null @@ -1,36 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -# SPDX-License-Identifier: curl -# -########################################################################### - -DIR=/sys/include/ape/curl -HFILES=`{ls curl/*.h} - -all:V: $HFILES - -install:V: all - mkdir -p $DIR - cp curl/*.h $DIR/ - -clean:V: $HFILES # do nothing - -nuke:V: clean -- Gitee