diff --git a/rust/rust_ffi/src/ffi_fun/fun_call.rs b/rust/rust_ffi/src/ffi_fun/fun_call.rs index 140a521babaf60d7e6cd66fd20a3569a84957673..2e8cf78e26206476d60166b01a4ba16e77d7a492 100644 --- a/rust/rust_ffi/src/ffi_fun/fun_call.rs +++ b/rust/rust_ffi/src/ffi_fun/fun_call.rs @@ -2541,4 +2541,12 @@ extern "C" { line: libc::c_int, source: *const libc::c_char, ) -> libc::c_int; + pub fn curl_dbg_recv( + sockfd: libc::c_int, + buf: *mut libc::c_void, + len: size_t, + flags: libc::c_int, + line: libc::c_int, + source: *const libc::c_char, + ) -> ssize_t; } diff --git a/rust/rust_project/src/vtls/nss.rs b/rust/rust_project/src/vtls/nss.rs index 1f3155f96b2d37a65c7a294c2129aa03032d8d67..5521bfda2f9e3b7443b6e171abc9757f38f02bdd 100644 --- a/rust/rust_project/src/vtls/nss.rs +++ b/rust/rust_project/src/vtls/nss.rs @@ -19,11 +19,13 @@ use rust_ffi::src::ffi_struct::struct_define::*; use crate::src::vtls::vtls::*; #[inline] -unsafe extern "C" fn stat( +extern "C" fn stat( mut __path: *const libc::c_char, mut __statbuf: *mut stat, -) -> libc::c_int { - return __xstat(1 as libc::c_int, __path, __statbuf); +) -> i32 { + unsafe{ + return __xstat(1 as i32, __path, __statbuf); + } } static mut nss_initlock: *mut PRLock = 0 as *const PRLock as *mut PRLock; static mut nss_crllock: *mut PRLock = 0 as *const PRLock as *mut PRLock; @@ -36,663 +38,663 @@ static mut nss_crl_list: Curl_llist = Curl_llist { size: 0, }; static mut nss_context: *mut NSSInitContext = 0 as *const NSSInitContext as *mut NSSInitContext; -static mut initialized: libc::c_int = 0 as libc::c_int; +static mut initialized: i32 = 0 as i32; static mut cipherlist: [cipher_s; 94] = [ { let mut init = cipher_s { name: b"rc4\0" as *const u8 as *const libc::c_char, - num: 0xff01 as libc::c_int, + num: 0xff01 as i32, }; init }, { let mut init = cipher_s { name: b"rc4-md5\0" as *const u8 as *const libc::c_char, - num: 0xff01 as libc::c_int, + num: 0xff01 as i32, }; init }, { let mut init = cipher_s { name: b"rc4export\0" as *const u8 as *const libc::c_char, - num: 0xff02 as libc::c_int, + num: 0xff02 as i32, }; init }, { let mut init = cipher_s { name: b"rc2\0" as *const u8 as *const libc::c_char, - num: 0xff03 as libc::c_int, + num: 0xff03 as i32, }; init }, { let mut init = cipher_s { name: b"rc2export\0" as *const u8 as *const libc::c_char, - num: 0xff04 as libc::c_int, + num: 0xff04 as i32, }; init }, { let mut init = cipher_s { name: b"des\0" as *const u8 as *const libc::c_char, - num: 0xff06 as libc::c_int, + num: 0xff06 as i32, }; init }, { let mut init = cipher_s { name: b"desede3\0" as *const u8 as *const libc::c_char, - num: 0xff07 as libc::c_int, + num: 0xff07 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_rc4_128_md5\0" as *const u8 as *const libc::c_char, - num: 0x4 as libc::c_int, + num: 0x4 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x5 as libc::c_int, + num: 0x5 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xa as libc::c_int, + num: 0xa as i32, }; init }, { let mut init = cipher_s { name: b"rsa_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x9 as libc::c_int, + num: 0x9 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_rc4_40_md5\0" as *const u8 as *const libc::c_char, - num: 0x3 as libc::c_int, + num: 0x3 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_rc2_40_md5\0" as *const u8 as *const libc::c_char, - num: 0x6 as libc::c_int, + num: 0x6 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_null_md5\0" as *const u8 as *const libc::c_char, - num: 0x1 as libc::c_int, + num: 0x1 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0x2 as libc::c_int, + num: 0x2 as i32, }; init }, { let mut init = cipher_s { name: b"fips_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xfeff as libc::c_int, + num: 0xfeff as i32, }; init }, { let mut init = cipher_s { name: b"fips_des_sha\0" as *const u8 as *const libc::c_char, - num: 0xfefe as libc::c_int, + num: 0xfefe as i32, }; init }, { let mut init = cipher_s { name: b"fortezza\0" as *const u8 as *const libc::c_char, - num: 0x1d as libc::c_int, + num: 0x1d as i32, }; init }, { let mut init = cipher_s { name: b"fortezza_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x1e as libc::c_int, + num: 0x1e as i32, }; init }, { let mut init = cipher_s { name: b"fortezza_null\0" as *const u8 as *const libc::c_char, - num: 0x1c as libc::c_int, + num: 0x1c as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0x16 as libc::c_int, + num: 0x16 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0x13 as libc::c_int, + num: 0x13 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x15 as libc::c_int, + num: 0x15 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_des_sha\0" as *const u8 as *const libc::c_char, - num: 0x12 as libc::c_int, + num: 0x12 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_des_56_sha\0" as *const u8 as *const libc::c_char, - num: 0x62 as libc::c_int, + num: 0x62 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_rc4_56_sha\0" as *const u8 as *const libc::c_char, - num: 0x64 as libc::c_int, + num: 0x64 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x66 as libc::c_int, + num: 0x66 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x32 as libc::c_int, + num: 0x32 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x38 as libc::c_int, + num: 0x38 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_128_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x33 as libc::c_int, + num: 0x33 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_256_cbc_sha\0" as *const u8 as *const libc::c_char, - num: 0x39 as libc::c_int, + num: 0x39 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x2f as libc::c_int, + num: 0x2f as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x35 as libc::c_int, + num: 0x35 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc001 as libc::c_int, + num: 0xc001 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc002 as libc::c_int, + num: 0xc002 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc003 as libc::c_int, + num: 0xc003 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc004 as libc::c_int, + num: 0xc004 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc005 as libc::c_int, + num: 0xc005 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc006 as libc::c_int, + num: 0xc006 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc007 as libc::c_int, + num: 0xc007 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc008 as libc::c_int, + num: 0xc008 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc009 as libc::c_int, + num: 0xc009 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00a as libc::c_int, + num: 0xc00a as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00b as libc::c_int, + num: 0xc00b as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00c as libc::c_int, + num: 0xc00c as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00d as libc::c_int, + num: 0xc00d as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00e as libc::c_int, + num: 0xc00e as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc00f as libc::c_int, + num: 0xc00f as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_null\0" as *const u8 as *const libc::c_char, - num: 0xc010 as libc::c_int, + num: 0xc010 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_rc4_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc011 as libc::c_int, + num: 0xc011 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc012 as libc::c_int, + num: 0xc012 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc013 as libc::c_int, + num: 0xc013 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc014 as libc::c_int, + num: 0xc014 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_anon_null_sha\0" as *const u8 as *const libc::c_char, - num: 0xc015 as libc::c_int, + num: 0xc015 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_anon_rc4_128sha\0" as *const u8 as *const libc::c_char, - num: 0xc016 as libc::c_int, + num: 0xc016 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_anon_3des_sha\0" as *const u8 as *const libc::c_char, - num: 0xc017 as libc::c_int, + num: 0xc017 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_anon_aes_128_sha\0" as *const u8 as *const libc::c_char, - num: 0xc018 as libc::c_int, + num: 0xc018 as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_anon_aes_256_sha\0" as *const u8 as *const libc::c_char, - num: 0xc019 as libc::c_int, + num: 0xc019 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_null_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3b as libc::c_int, + num: 0x3b as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3c as libc::c_int, + num: 0x3c as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x3d as libc::c_int, + num: 0x3d as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x67 as libc::c_int, + num: 0x67 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_256_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x6b as libc::c_int, + num: 0x6b as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc023 as libc::c_int, + num: 0xc023 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_128_cbc_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc027 as libc::c_int, + num: 0xc027 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x9c as libc::c_int, + num: 0x9c as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x9e as libc::c_int, + num: 0x9e as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xa2 as libc::c_int, + num: 0xa2 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02b as libc::c_int, + num: 0xc02b as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_ecdsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02d as libc::c_int, + num: 0xc02d as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc02f as libc::c_int, + num: 0xc02f as i32, }; init }, { let mut init = cipher_s { name: b"ecdh_rsa_aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xc031 as libc::c_int, + num: 0xc031 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x9d as libc::c_int, + num: 0x9d as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x9f as libc::c_int, + num: 0x9f as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xa3 as libc::c_int, + num: 0xa3 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc024 as libc::c_int, + num: 0xc024 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_256_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc028 as libc::c_int, + num: 0xc028 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc02c as libc::c_int, + num: 0xc02c as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0xc030 as libc::c_int, + num: 0xc030 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xcca8 as libc::c_int, + num: 0xcca8 as i32, }; init }, { let mut init = cipher_s { name: b"ecdhe_ecdsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xcca9 as libc::c_int, + num: 0xcca9 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0xccaa as libc::c_int, + num: 0xccaa as i32, }; init }, { let mut init = cipher_s { name: b"aes_128_gcm_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x1301 as libc::c_int, + num: 0x1301 as i32, }; init }, { let mut init = cipher_s { name: b"aes_256_gcm_sha_384\0" as *const u8 as *const libc::c_char, - num: 0x1302 as libc::c_int, + num: 0x1302 as i32, }; init }, { let mut init = cipher_s { name: b"chacha20_poly1305_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x1303 as libc::c_int, + num: 0x1303 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_128_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x40 as libc::c_int, + num: 0x40 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_aes_256_sha_256\0" as *const u8 as *const libc::c_char, - num: 0x6a as libc::c_int, + num: 0x6a as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x45 as libc::c_int, + num: 0x45 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x44 as libc::c_int, + num: 0x44 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x88 as libc::c_int, + num: 0x88 as i32, }; init }, { let mut init = cipher_s { name: b"dhe_dss_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x87 as libc::c_int, + num: 0x87 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_camellia_128_sha\0" as *const u8 as *const libc::c_char, - num: 0x41 as libc::c_int, + num: 0x41 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_camellia_256_sha\0" as *const u8 as *const libc::c_char, - num: 0x84 as libc::c_int, + num: 0x84 as i32, }; init }, { let mut init = cipher_s { name: b"rsa_seed_sha\0" as *const u8 as *const libc::c_char, - num: 0x96 as libc::c_int, + num: 0x96 as i32, }; init }, @@ -702,7 +704,8 @@ static mut trust_library: *const libc::c_char = b"libnssckbi.so\0" as *const u8 as *const libc::c_char; static mut pem_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; static mut trust_module: *mut SECMODModule = 0 as *const SECMODModule as *mut SECMODModule; -static mut nspr_io_identity: PRDescIdentity = -(1 as libc::c_int); +/* NSPR I/O layer we use to detect blocking direction during SSL handshake */ +static mut nspr_io_identity: PRDescIdentity = -(1 as i32); static mut nspr_io_methods: PRIOMethods = PRIOMethods { file_type: 0 as PRDescType, close: None, @@ -741,100 +744,114 @@ static mut nspr_io_methods: PRIOMethods = PRIOMethods { reserved_fn_1: None, reserved_fn_0: None, }; -unsafe extern "C" fn nss_error_to_name(mut code: PRErrorCode) -> *const libc::c_char { - let mut name: *const libc::c_char = PR_ErrorToName(code); +extern "C" fn nss_error_to_name(mut code: PRErrorCode) -> *const libc::c_char { + unsafe{ + let mut name: *const libc::c_char = PR_ErrorToName(code); if !name.is_null() { return name; } return b"unknown error\0" as *const u8 as *const libc::c_char; + } } -unsafe extern "C" fn nss_print_error_message(mut data: *mut Curl_easy, mut err: PRUint32) { - Curl_failf( - data, - b"%s\0" as *const u8 as *const libc::c_char, - PR_ErrorToString(err as PRErrorCode, 0 as libc::c_int as PRLanguageCode), - ); +extern "C" fn nss_print_error_message(mut data: *mut Curl_easy, mut err: PRUint32) { + unsafe{ + Curl_failf( + data, + b"%s\0" as *const u8 as *const libc::c_char, + PR_ErrorToString(err as PRErrorCode, 0 as i32 as PRLanguageCode), + ); + } } -unsafe extern "C" fn nss_sslver_to_name(mut nssver: PRUint16) -> *mut libc::c_char { - match nssver as libc::c_int { - 2 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"SSLv2\0" as *const u8 as *const libc::c_char, - ); - } - 768 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"SSLv3\0" as *const u8 as *const libc::c_char, - ); - } - 769 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.0\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - 770 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.1\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - 771 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.2\0" as *const u8 as *const libc::c_char, - ); - } - #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - 772 => { - return Curl_cstrdup.expect("non-null function pointer")( - b"TLSv1.3\0" as *const u8 as *const libc::c_char, - ); - } - _ => { - return curl_maprintf( - b"0x%04x\0" as *const u8 as *const libc::c_char, - nssver as libc::c_int, - ); - } - }; +extern "C" fn nss_sslver_to_name(mut nssver: PRUint16) -> *mut libc::c_char { + unsafe{ + match nssver as i32 { + 2 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"SSLv2\0" as *const u8 as *const libc::c_char, + ); + } + 768 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"SSLv3\0" as *const u8 as *const libc::c_char, + ); + } + 769 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.0\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + 770 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.1\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + 771 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.2\0" as *const u8 as *const libc::c_char, + ); + } + #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + 772 => { + return Curl_cstrdup.expect("non-null function pointer")( + b"TLSv1.3\0" as *const u8 as *const libc::c_char, + ); + } + _ => { + return curl_maprintf( + b"0x%04x\0" as *const u8 as *const libc::c_char, + nssver as i32, + ); + } + }; + + } } -unsafe extern "C" fn set_ciphers( +extern "C" fn set_ciphers( mut data: *mut Curl_easy, mut model: *mut PRFileDesc, mut cipher_list: *mut libc::c_char, ) -> SECStatus { - let mut i: libc::c_uint = 0; + unsafe{ + let mut i: u32 = 0; let mut cipher_state: [PRBool; 94] = [0; 94]; let mut found: PRBool = 0; let mut cipher: *mut libc::c_char = 0 as *mut libc::c_char; + /* use accessors to avoid dynamic linking issues after an update of NSS */ let num_implemented_ciphers: PRUint16 = SSL_GetNumImplementedCiphers(); let mut implemented_ciphers: *const PRUint16 = SSL_GetImplementedCiphers(); if implemented_ciphers.is_null() { return SECFailure; } - i = 0 as libc::c_int as libc::c_uint; - while i < num_implemented_ciphers as libc::c_uint { + i = 0 as u32; + /* First disable all ciphers. This uses a different max value in case + * NSS adds more ciphers later we don't want them available by + * accident + */ + while i < num_implemented_ciphers as u32 { SSL_CipherPrefSet( model, *implemented_ciphers.offset(i as isize) as PRInt32, - 0 as libc::c_int, + 0 as i32, ); i = i.wrapping_add(1); } - i = 0 as libc::c_int as libc::c_uint; - while (i as libc::c_ulong) - < (::std::mem::size_of::<[cipher_s; 94]>() as libc::c_ulong) - .wrapping_div(::std::mem::size_of::() as libc::c_ulong) + i = 0 as u32; + /* Set every entry in our list to false */ + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) { - cipher_state[i as usize] = 0 as libc::c_int; + cipher_state[i as usize] = 0 as i32; i = i.wrapping_add(1); } cipher = cipher_list; while !cipher_list.is_null() - && *cipher_list.offset(0 as libc::c_int as isize) as libc::c_int != 0 + && *cipher_list.offset(0 as isize) as i32 != 0 { - while *cipher as libc::c_int != 0 - && Curl_isspace(*cipher as libc::c_uchar as libc::c_int) != 0 + while *cipher as i32 != 0 + && Curl_isspace(*cipher as i32) != 0 { cipher = cipher.offset(1); } @@ -842,23 +859,23 @@ unsafe extern "C" fn set_ciphers( if !cipher_list.is_null() { let fresh0 = cipher_list; cipher_list = cipher_list.offset(1); - *fresh0 = '\u{0}' as i32 as libc::c_char; + *fresh0 = '\u{0}' as libc::c_char; } - found = 0 as libc::c_int; - i = 0 as libc::c_int as libc::c_uint; - while (i as libc::c_ulong) - < (::std::mem::size_of::<[cipher_s; 94]>() as libc::c_ulong) - .wrapping_div(::std::mem::size_of::() as libc::c_ulong) + found = 0 as i32; + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) { if Curl_strcasecompare(cipher, cipherlist[i as usize].name) != 0 { - cipher_state[i as usize] = 1 as libc::c_int; - found = 1 as libc::c_int; + cipher_state[i as usize] = 1 as i32; + found = 1 as i32; break; } else { i = i.wrapping_add(1); } } - if found == 0 as libc::c_int { + if found == 0 as i32 { Curl_failf( data, b"Unknown cipher in list: %s\0" as *const u8 as *const libc::c_char, @@ -870,14 +887,14 @@ unsafe extern "C" fn set_ciphers( cipher = cipher_list; } } - i = 0 as libc::c_int as libc::c_uint; - while (i as libc::c_ulong) - < (::std::mem::size_of::<[cipher_s; 94]>() as libc::c_ulong) - .wrapping_div(::std::mem::size_of::() as libc::c_ulong) + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) { if !(cipher_state[i as usize] == 0) { - if SSL_CipherPrefSet(model, cipherlist[i as usize].num, 1 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_CipherPrefSet(model, cipherlist[i as usize].num, 1 as i32) as i32 + != SECSuccess as i32 { Curl_failf( data, @@ -890,74 +907,104 @@ unsafe extern "C" fn set_ciphers( i = i.wrapping_add(1); } return SECSuccess; + + } } -unsafe extern "C" fn any_cipher_enabled() -> bool { - let mut i: libc::c_uint = 0; - i = 0 as libc::c_int as libc::c_uint; - while (i as libc::c_ulong) - < (::std::mem::size_of::<[cipher_s; 94]>() as libc::c_ulong) - .wrapping_div(::std::mem::size_of::() as libc::c_ulong) + + +/* + * Return true if at least one cipher-suite is enabled. Used to determine + * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers. + */ +extern "C" fn any_cipher_enabled() -> bool { + unsafe{ + let mut i: u32 = 0; + i = 0 as u32; + while (i as u64) + < (::std::mem::size_of::<[cipher_s; 94]>() as u64) + .wrapping_div(::std::mem::size_of::() as u64) { - let mut policy: PRInt32 = 0 as libc::c_int; + let mut policy: PRInt32 = 0 as i32; SSL_CipherPolicyGet(cipherlist[i as usize].num, &mut policy); if policy != 0 { - return 1 as libc::c_int != 0; + return 1 as i32 != 0; } i = i.wrapping_add(1); } - return 0 as libc::c_int != 0; + return 0 as i32 != 0; + } } -unsafe extern "C" fn is_file(mut filename: *const libc::c_char) -> libc::c_int { - let mut st: stat = stat { - st_dev: 0, - st_ino: 0, - st_nlink: 0, - st_mode: 0, - st_uid: 0, - st_gid: 0, - __pad0: 0, - st_rdev: 0, - st_size: 0, - st_blksize: 0, - st_blocks: 0, - st_atim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_mtim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - st_ctim: timespec { - tv_sec: 0, - tv_nsec: 0, - }, - __glibc_reserved: [0; 3], - }; - if filename.is_null() { - return 0 as libc::c_int; - } - if stat(filename, &mut st) == 0 as libc::c_int { - if st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o100000 as libc::c_int as libc::c_uint - || st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o10000 as libc::c_int as libc::c_uint - || st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o20000 as libc::c_int as libc::c_uint - { - return 1 as libc::c_int; + +/* + * Determine whether the nickname passed in is a filename that needs to + * be loaded as a PEM or a regular NSS nickname. + * + * returns 1 for a file + * returns 0 for not a file (NSS nickname) + */ +extern "C" fn is_file(mut filename: *const libc::c_char) -> i32 { + unsafe{ + let mut st: stat = stat { + st_dev: 0, + st_ino: 0, + st_nlink: 0, + st_mode: 0, + st_uid: 0, + st_gid: 0, + __pad0: 0, + st_rdev: 0, + st_size: 0, + st_blksize: 0, + st_blocks: 0, + st_atim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_mtim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + st_ctim: timespec { + tv_sec: 0, + tv_nsec: 0, + }, + __glibc_reserved: [0; 3], + }; + if filename.is_null() { + return 0 as i32; + } + if stat(filename, &mut st) == 0 as i32 { + if st.st_mode & 0o170000 as u32 + == 0o100000 as u32 + || st.st_mode & 0o170000 as u32 + == 0o10000 as u32 + || st.st_mode & 0o170000 as u32 + == 0o20000 as u32 + { + return 1 as i32; + } } + return 0 as i32; } - return 0 as libc::c_int; } -unsafe extern "C" fn dup_nickname( + +/* Check if the given string is filename or nickname of a certificate. If the + * given string is recognized as filename, return NULL. If the given string is + * recognized as nickname, return a duplicated string. The returned string + * should be later deallocated using free(). If the OOM failure occurs, we + * return NULL, too. + */ +extern "C" fn dup_nickname( mut data: *mut Curl_easy, mut str: *const libc::c_char, ) -> *mut libc::c_char { - let mut n: *const libc::c_char = 0 as *const libc::c_char; + unsafe{ + let mut n: *const libc::c_char = 0 as *const libc::c_char; if is_file(str) == 0 { + /* no such file exists, use the string as nickname */ return Curl_cstrdup.expect("non-null function pointer")(str); } + /* search the first slash; we require at least one slash in a file name */ n = strchr(str, '/' as i32); if n.is_null() { Curl_infof( @@ -970,61 +1017,77 @@ unsafe extern "C" fn dup_nickname( return Curl_cstrdup.expect("non-null function pointer")(str); } return 0 as *mut libc::c_char; + } + /* we'll use the PEM reader to read the certificate from file */ } -unsafe extern "C" fn nss_find_slot_by_name( + + +/* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition + * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more + * details, go to . + */ +extern "C" fn nss_find_slot_by_name( mut slot_name: *const libc::c_char, ) -> *mut PK11SlotInfo { - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + unsafe{ + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; PR_Lock(nss_findslot_lock); slot = PK11_FindSlotByName(slot_name); PR_Unlock(nss_findslot_lock); return slot; + } } -unsafe extern "C" fn insert_wrapped_ptr( +/* wrap 'ptr' as list node and tail-insert into 'list' */ +extern "C" fn insert_wrapped_ptr( mut list: *mut Curl_llist, mut ptr: *mut libc::c_void, ) -> CURLcode { - let mut wrap: *mut ptr_list_wrap = Curl_cmalloc.expect("non-null function pointer")( - ::std::mem::size_of::() as libc::c_ulong, - ) as *mut ptr_list_wrap; - if wrap.is_null() { - return CURLE_OUT_OF_MEMORY; + unsafe{ + let mut wrap: *mut ptr_list_wrap = Curl_cmalloc.expect("non-null function pointer")( + ::std::mem::size_of::() as u64, + ) as *mut ptr_list_wrap; + if wrap.is_null() { + return CURLE_OUT_OF_MEMORY; + } + (*wrap).ptr = ptr; + Curl_llist_insert_next( + list, + (*list).tail, + wrap as *const libc::c_void, + &mut (*wrap).node, + ); + return CURLE_OK; } - let ref mut fresh1 = (*wrap).ptr; - *fresh1 = ptr; - Curl_llist_insert_next( - list, - (*list).tail, - wrap as *const libc::c_void, - &mut (*wrap).node, - ); - return CURLE_OK; } -unsafe extern "C" fn nss_create_object( +/* Call PK11_CreateGenericObject() with the given obj_class and filename. If + * the call succeeds, append the object handle to the list of objects so that + * the object can be destroyed in nss_close(). */ +extern "C" fn nss_create_object( mut connssl: *mut ssl_connect_data, mut obj_class: CK_OBJECT_CLASS, mut filename: *const libc::c_char, mut cacert: bool, ) -> CURLcode { - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + unsafe{ + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; let mut obj: *mut PK11GenericObject = 0 as *mut PK11GenericObject; - let mut cktrue: CK_BBOOL = 1 as libc::c_int as CK_BBOOL; - let mut ckfalse: CK_BBOOL = 0 as libc::c_int as CK_BBOOL; + let mut cktrue: CK_BBOOL = 1 as i32 as CK_BBOOL; + let mut ckfalse: CK_BBOOL = 0 as i32 as CK_BBOOL; let mut attrs: [CK_ATTRIBUTE; 4] = [CK_ATTRIBUTE { type_0: 0, pValue: 0 as *mut libc::c_void, ulValueLen: 0, }; 4]; - let mut attr_cnt: libc::c_int = 0 as libc::c_int; - let mut result: CURLcode = (if cacert as libc::c_int != 0 { - CURLE_SSL_CACERT_BADFILE as libc::c_int + let mut attr_cnt: i32 = 0 as i32; + let mut result: CURLcode = (if cacert as i32 != 0 { + CURLE_SSL_CACERT_BADFILE as i32 } else { - CURLE_SSL_CERTPROBLEM as libc::c_int + CURLE_SSL_CERTPROBLEM as i32 }) as CURLcode; - let slot_id: libc::c_int = if cacert as libc::c_int != 0 { - 0 as libc::c_int + let slot_id: i32 = if cacert as i32 != 0 { + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }; let mut slot_name: *mut libc::c_char = curl_maprintf( b"PEM Token #%d\0" as *const u8 as *const libc::c_char, @@ -1039,137 +1102,164 @@ unsafe extern "C" fn nss_create_object( if slot.is_null() { return result; } - let fresh2 = attr_cnt; attr_cnt = attr_cnt + 1; - let mut ptr: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(fresh2 as isize); - (*ptr).type_0 = 0 as libc::c_int as CK_ATTRIBUTE_TYPE; - let ref mut fresh3 = (*ptr).pValue; - *fresh3 = &mut obj_class as *mut CK_OBJECT_CLASS as CK_VOID_PTR; - (*ptr).ulValueLen = ::std::mem::size_of::() as libc::c_ulong; - let fresh4 = attr_cnt; + let mut ptr: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); + (*ptr).type_0 = 0 as CK_ATTRIBUTE_TYPE; + (*ptr).pValue = &mut obj_class as *mut CK_OBJECT_CLASS as CK_VOID_PTR; + (*ptr).ulValueLen = ::std::mem::size_of::() as u64; attr_cnt = attr_cnt + 1; - let mut ptr_0: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(fresh4 as isize); - (*ptr_0).type_0 = 0x1 as libc::c_int as CK_ATTRIBUTE_TYPE; - let ref mut fresh5 = (*ptr_0).pValue; - *fresh5 = &mut cktrue as *mut CK_BBOOL as CK_VOID_PTR; - (*ptr_0).ulValueLen = ::std::mem::size_of::() as libc::c_ulong; - let fresh6 = attr_cnt; + let mut ptr_0: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); + (*ptr_0).type_0 = 0x1 as CK_ATTRIBUTE_TYPE; + (*ptr_0).pValue = &mut cktrue as *mut CK_BBOOL as CK_VOID_PTR; + (*ptr_0).ulValueLen = ::std::mem::size_of::() as u64; attr_cnt = attr_cnt + 1; - let mut ptr_1: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(fresh6 as isize); - (*ptr_1).type_0 = 0x3 as libc::c_int as CK_ATTRIBUTE_TYPE; - let ref mut fresh7 = (*ptr_1).pValue; - *fresh7 = filename as *mut libc::c_uchar as CK_VOID_PTR; - (*ptr_1).ulValueLen = (strlen(filename)).wrapping_add(1 as libc::c_int as libc::c_ulong); - if 0x1 as libc::c_int as libc::c_ulong == obj_class { - let mut pval: *mut CK_BBOOL = if cacert as libc::c_int != 0 { + let mut ptr_1: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); + (*ptr_1).type_0 = 0x3 as CK_ATTRIBUTE_TYPE; + (*ptr_1).pValue = filename as *mut u8 as CK_VOID_PTR; + (*ptr_1).ulValueLen = (strlen(filename)).wrapping_add(1 as u64); + if 0x1 as u64 == obj_class { + let mut pval: *mut CK_BBOOL = if cacert as i32 != 0 { &mut cktrue } else { &mut ckfalse }; - let fresh8 = attr_cnt; attr_cnt = attr_cnt + 1; - let mut ptr_2: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(fresh8 as isize); - (*ptr_2).type_0 = (0x80000000 as libc::c_uint | 0x4e534350 as libc::c_int as libc::c_uint) - .wrapping_add(0x2000 as libc::c_int as libc::c_uint) + let mut ptr_2: *mut CK_ATTRIBUTE = attrs.as_mut_ptr().offset(attr_cnt as isize); + (*ptr_2).type_0 = (0x80000000 as u32 | 0x4e534350 as u32) + .wrapping_add(0x2000 as u32) as CK_ATTRIBUTE_TYPE; - let ref mut fresh9 = (*ptr_2).pValue; - *fresh9 = pval as CK_VOID_PTR; - (*ptr_2).ulValueLen = ::std::mem::size_of::() as libc::c_ulong; + (*ptr_2).pValue = pval as CK_VOID_PTR; + (*ptr_2).ulValueLen = ::std::mem::size_of::() as u64; } // done - 511 if cfg!(HAVE_PK11_CREATEMANAGEDGENERICOBJECT){ - obj = PK11_CreateManagedGenericObject(slot, attrs.as_mut_ptr(), attr_cnt, 0 as libc::c_int); + obj = PK11_CreateManagedGenericObject(slot, attrs.as_mut_ptr(), attr_cnt, 0 as i32); } PK11_FreeSlot(slot); if obj.is_null() { return result; } - if insert_wrapped_ptr(&mut (*backend).obj_list, obj as *mut libc::c_void) as libc::c_uint - != CURLE_OK as libc::c_int as libc::c_uint + if insert_wrapped_ptr(&mut (*backend).obj_list, obj as *mut libc::c_void) as u32 + != CURLE_OK as u32 { PK11_DestroyGenericObject(obj); return CURLE_OUT_OF_MEMORY; } - if !cacert && 0x1 as libc::c_int as libc::c_ulong == obj_class { - let ref mut fresh10 = (*backend).obj_clicert; - *fresh10 = obj; + if !cacert && 0x1 as u64 == obj_class { + /* store reference to a client certificate */ + (*backend).obj_clicert = obj; } + /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + * PK11_DestroyGenericObject() does not release resources allocated by + * PK11_CreateGenericObject() early enough. */ return CURLE_OK; + } } -unsafe extern "C" fn nss_destroy_object(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { - let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; + +/* Destroy the NSS object whose handle is given by ptr. This function is + * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy + * NSS objects in nss_close() */ +extern "C" fn nss_destroy_object(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { + unsafe{ + let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; let mut obj: *mut PK11GenericObject = (*wrap).ptr as *mut PK11GenericObject; PK11_DestroyGenericObject(obj); Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); + } } -unsafe extern "C" fn nss_destroy_crl_item(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { - let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; + +/* same as nss_destroy_object() but for CRL items */ +extern "C" fn nss_destroy_crl_item(mut user: *mut libc::c_void, mut ptr: *mut libc::c_void) { + unsafe{ + let mut wrap: *mut ptr_list_wrap = ptr as *mut ptr_list_wrap; let mut crl_der: *mut SECItem = (*wrap).ptr as *mut SECItem; - SECITEM_FreeItem(crl_der, 1 as libc::c_int); + SECITEM_FreeItem(crl_der, 1 as i32); Curl_cfree.expect("non-null function pointer")(wrap as *mut libc::c_void); + } } -unsafe extern "C" fn nss_load_cert( +extern "C" fn nss_load_cert( mut ssl: *mut ssl_connect_data, mut filename: *const libc::c_char, mut cacert: PRBool, ) -> CURLcode { - let mut result: CURLcode = (if cacert != 0 { - CURLE_SSL_CACERT_BADFILE as libc::c_int - } else { - CURLE_SSL_CERTPROBLEM as libc::c_int - }) as CURLcode; - if is_file(filename) != 0 { - result = nss_create_object( - ssl, - 0x1 as libc::c_int as CK_OBJECT_CLASS, - filename, - cacert != 0, - ); - } - if result as u64 == 0 && cacert == 0 { - let mut nickname: *mut libc::c_char = 0 as *mut libc::c_char; - let mut n: *mut libc::c_char = strrchr(filename, '/' as i32); - if !n.is_null() { - n = n.offset(1); + unsafe{ + /* libnsspem.so leaks memory if the requested file does not exist. For more + * details, go to . */ + let mut result: CURLcode = (if cacert != 0 { + CURLE_SSL_CACERT_BADFILE as i32 + } else { + CURLE_SSL_CERTPROBLEM as i32 + }) as CURLcode; + if is_file(filename) != 0 { + /* we have successfully loaded a client certificate */ + result = nss_create_object( + ssl, + 0x1 as CK_OBJECT_CLASS, + filename, + cacert != 0, + ); } - nickname = curl_maprintf(b"PEM Token #1:%s\0" as *const u8 as *const libc::c_char, n); - if !nickname.is_null() { - let mut cert: *mut CERTCertificate = - PK11_FindCertFromNickname(nickname, 0 as *mut libc::c_void); - if !cert.is_null() { - CERT_DestroyCertificate(cert); + if result as u64 == 0 && cacert == 0 { + let mut nickname: *mut libc::c_char = 0 as *mut libc::c_char; + let mut n: *mut libc::c_char = strrchr(filename, '/' as i32); + if !n.is_null() { + n = n.offset(1); + } + /* The following undocumented magic helps to avoid a SIGSEGV on call + * of PK11_ReadRawAttribute() from SelectClientCert() when using an + * immature version of libnsspem.so. For more details, go to + * . */ + nickname = curl_maprintf(b"PEM Token #1:%s\0" as *const u8 as *const libc::c_char, n); + if !nickname.is_null() { + let mut cert: *mut CERTCertificate = + PK11_FindCertFromNickname(nickname, 0 as *mut libc::c_void); + if !cert.is_null() { + CERT_DestroyCertificate(cert); + } + Curl_cfree.expect("non-null function pointer")(nickname as *mut libc::c_void); } - Curl_cfree.expect("non-null function pointer")(nickname as *mut libc::c_void); } + return result; + } - return result; } -unsafe extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { - let mut db: *mut CERTCertDBHandle = CERT_GetDefaultCertDB(); - let mut crl: *mut CERTSignedCrl = SEC_FindCrlByDERCert(db, crl_der, 0 as libc::c_int); + +/* add given CRL to cache if it is not already there */ +extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { + unsafe{ + let mut db: *mut CERTCertDBHandle = CERT_GetDefaultCertDB(); + let mut crl: *mut CERTSignedCrl = SEC_FindCrlByDERCert(db, crl_der, 0 as i32); if !crl.is_null() { + /* CRL already cached */ SEC_DestroyCrl(crl); - SECITEM_FreeItem(crl_der, 1 as libc::c_int); + SECITEM_FreeItem(crl_der, 1 as i32); return CURLE_OK; } + + + /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */ PR_Lock(nss_crllock); - if SECSuccess as libc::c_int != CERT_CacheCRL(db, crl_der) as libc::c_int { - SECITEM_FreeItem(crl_der, 1 as libc::c_int); + if SECSuccess as i32 != CERT_CacheCRL(db, crl_der) as i32 { + /* unable to cache CRL */ + SECITEM_FreeItem(crl_der, 1 as i32); PR_Unlock(nss_crllock); return CURLE_SSL_CRL_BADFILE; } - if insert_wrapped_ptr(&mut nss_crl_list, crl_der as *mut libc::c_void) as libc::c_uint - != CURLE_OK as libc::c_int as libc::c_uint + /* store the CRL item so that we can free it in nss_cleanup() */ + if insert_wrapped_ptr(&mut nss_crl_list, crl_der as *mut libc::c_void) as u32 + != CURLE_OK as u32 { - if SECSuccess as libc::c_int == CERT_UncacheCRL(db, crl_der) as libc::c_int { - SECITEM_FreeItem(crl_der, 1 as libc::c_int); + if SECSuccess as i32 == CERT_UncacheCRL(db, crl_der) as i32 { + SECITEM_FreeItem(crl_der, 1 as i32); } PR_Unlock(nss_crllock); return CURLE_OUT_OF_MEMORY; } + /* we need to clear session cache, so that the CRL could take effect */ SSL_ClearSessionCache(); PR_Unlock(nss_crllock); return CURLE_OK; + } } // unsafe extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { // let mut current_block: u64; @@ -1183,24 +1273,24 @@ unsafe extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { // let mut filedata: SECItem = { // let mut init = SECItemStr { // type_0: siBuffer, -// data: 0 as *mut libc::c_uchar, -// len: 0 as libc::c_int as libc::c_uint, +// data: 0 as *mut u8, +// len: 0 as i32 as u32, // }; // init // }; // let mut crl_der: *mut SECItem = 0 as *mut SECItem; // let mut body: *mut libc::c_char = 0 as *mut libc::c_char; -// infile = PR_Open(crlfilename, 0x1 as libc::c_int, 0 as libc::c_int); +// infile = PR_Open(crlfilename, 0x1 as i32, 0 as i32); // if infile.is_null() { // return CURLE_SSL_CRL_BADFILE; // } -// if !(PR_SUCCESS as libc::c_int -// != PR_GetOpenFileInfo(infile, &mut info) as libc::c_int) +// if !(PR_SUCCESS as i32 +// != PR_GetOpenFileInfo(infile, &mut info) as i32) // { // if !(SECITEM_AllocItem( // 0 as *mut PLArenaPool, // &mut filedata, -// (info.size + 1 as libc::c_int) as libc::c_uint, +// (info.size + 1 as i32) as u32, // )) // .is_null() // { @@ -1210,7 +1300,7 @@ unsafe extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { // crl_der = SECITEM_AllocItem( // 0 as *mut PLArenaPool, // 0 as *mut SECItem, -// 0 as libc::c_uint, +// 0 as u32, // ); // if !crl_der.is_null() { // body = filedata.data as *mut libc::c_char; @@ -1241,7 +1331,7 @@ unsafe extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { // if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { // current_block = 8725644592553896754; // } else { -// SECITEM_FreeItem(&mut filedata, 0 as libc::c_int); +// SECITEM_FreeItem(&mut filedata, 0 as i32); // current_block = 17478428563724192186; // } // } @@ -1262,12 +1352,13 @@ unsafe extern "C" fn nss_cache_crl(mut crl_der: *mut SECItem) -> CURLcode { // } // } // PR_Close(infile); -// SECITEM_FreeItem(crl_der, 1 as libc::c_int); -// SECITEM_FreeItem(&mut filedata, 0 as libc::c_int); +// SECITEM_FreeItem(crl_der, 1 as i32); +// SECITEM_FreeItem(&mut filedata, 0 as i32); // return CURLE_SSL_CRL_BADFILE; // } -unsafe extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { - let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; +extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLcode { + unsafe{ + let mut infile: *mut PRFileDesc = 0 as *mut PRFileDesc; let mut info: PRFileInfo = PRFileInfo { type_0: 0 as PRFileType, size: 0, @@ -1277,110 +1368,115 @@ unsafe extern "C" fn nss_load_crl(mut crlfilename: *const libc::c_char) -> CURLc let mut filedata: SECItem = { let mut init = SECItemStr { type_0: siBuffer, - data: 0 as *mut libc::c_uchar, - len: 0 as libc::c_int as libc::c_uint, + data: 0 as *mut u8, + len: 0 as i32 as u32, }; init }; let mut crl_der: *mut SECItem = 0 as *mut SECItem; let mut body: *mut libc::c_char = 0 as *mut libc::c_char; - infile = PR_Open(crlfilename, 0x1 as libc::c_int, 0 as libc::c_int); + infile = PR_Open(crlfilename, 0x1 as i32, 0 as i32); if infile.is_null() { return CURLE_SSL_CRL_BADFILE; } // 创建一个循环 - 'error: loop { - if PR_SUCCESS as libc::c_int != PR_GetOpenFileInfo(infile, &mut info) as libc::c_int { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + 'fail: loop { + if PR_SUCCESS as i32 != PR_GetOpenFileInfo(infile, &mut info) as i32 + { + break 'fail; } if (SECITEM_AllocItem( 0 as *mut PLArenaPool, &mut filedata, - (info.size + 1 as libc::c_int) as libc::c_uint, + (info.size + 1 as i32) as u32, )) - .is_null() + .is_null() { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } if info.size != PR_Read(infile, filedata.data as *mut libc::c_void, info.size) { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } - crl_der = SECITEM_AllocItem(0 as *mut PLArenaPool, 0 as *mut SECItem, 0 as libc::c_uint); + crl_der = SECITEM_AllocItem( + 0 as *mut PLArenaPool, + 0 as *mut SECItem, + 0 as u32, + ); if crl_der.is_null() { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } + /* place a trailing zero right after the visible data */ body = filedata.data as *mut libc::c_char; filedata.len = (filedata.len).wrapping_sub(1); *body.offset(filedata.len as isize) = '\u{0}' as i32 as libc::c_char; body = strstr(body, b"-----BEGIN\0" as *const u8 as *const libc::c_char); if !body.is_null() { + /* assume ASCII */ let mut trailer: *mut libc::c_char = 0 as *mut libc::c_char; let mut begin: *mut libc::c_char = strchr(body, '\n' as i32); if begin.is_null() { begin = strchr(body, '\r' as i32); } if begin.is_null() { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } begin = begin.offset(1); trailer = strstr(begin, b"-----END\0" as *const u8 as *const libc::c_char); if trailer.is_null() { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } - *trailer = '\u{0}' as i32 as libc::c_char; + /* retrieve DER from ASCII */ + *trailer = '\u{0}' as libc::c_char; if ATOB_ConvertAsciiToItem(crl_der, begin) as u64 != 0 { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); - break 'error; + break 'fail; } - SECITEM_FreeItem(&mut filedata, 0 as libc::c_int); + SECITEM_FreeItem(&mut filedata, 0 as i32); } else { + /* assume DER */ *crl_der = filedata; } PR_Close(infile); // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); return nss_cache_crl(crl_der); - break; + break 'fail; } PR_Close(infile); - SECITEM_FreeItem(crl_der, 1 as libc::c_int); - SECITEM_FreeItem(&mut filedata, 0 as libc::c_int); + SECITEM_FreeItem(crl_der, 1 as i32); + SECITEM_FreeItem(&mut filedata, 0 as i32); return CURLE_SSL_CRL_BADFILE; + } } -unsafe extern "C" fn nss_load_key( +extern "C" fn nss_load_key( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, mut key_file: *mut libc::c_char, ) -> CURLcode { - let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; + unsafe{ + let mut slot: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; let mut tmp: *mut PK11SlotInfo = 0 as *mut PK11SlotInfo; let mut status: SECStatus = SECSuccess; let mut result: CURLcode = CURLE_OK; let mut ssl: *mut ssl_connect_data = ((*conn).ssl).as_mut_ptr(); result = nss_create_object( ssl, - 0x3 as libc::c_int as CK_OBJECT_CLASS, + 0x3 as CK_OBJECT_CLASS, key_file, - 0 as libc::c_int != 0, + 0 as i32 != 0, ); if result as u64 != 0 { - PR_SetError(SEC_ERROR_BAD_KEY as libc::c_int, 0 as libc::c_int); + PR_SetError(SEC_ERROR_BAD_KEY as i32, 0 as i32); return result; } slot = nss_find_slot_by_name(b"PEM Token #1\0" as *const u8 as *const libc::c_char); if slot.is_null() { return CURLE_SSL_CERTPROBLEM; } + /* This will force the token to be seen as re-inserted */ tmp = SECMOD_WaitForAnyTokenEvent( pem_module, - 0 as libc::c_int as libc::c_ulong, - 0 as libc::c_int as PRIntervalTime, + 0 as u64, + 0 as PRIntervalTime, ); if !tmp.is_null() { PK11_FreeSlot(tmp); @@ -1392,18 +1488,18 @@ unsafe extern "C" fn nss_load_key( #[cfg(not(CURL_DISABLE_PROXY))] let SSL_SET_OPTION_key_passwd = PK11_Authenticate( slot, - 1 as libc::c_int, - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + 1 as i32, + (if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.key_passwd } else { @@ -1413,57 +1509,61 @@ unsafe extern "C" fn nss_load_key( #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_key_passwd = PK11_Authenticate( slot, - 1 as libc::c_int, + 1 as i32, (*data).set.ssl.key_passwd as *mut libc::c_void, ); status = SSL_SET_OPTION_key_passwd; PK11_FreeSlot(slot); - return (if SECSuccess as libc::c_int == status as libc::c_int { - CURLE_OK as libc::c_int + return (if SECSuccess as i32 == status as i32 { + CURLE_OK as i32 } else { - CURLE_SSL_CERTPROBLEM as libc::c_int + CURLE_SSL_CERTPROBLEM as i32 }) as CURLcode; + } } -unsafe extern "C" fn display_error( +extern "C" fn display_error( mut data: *mut Curl_easy, mut err: PRInt32, mut filename: *const libc::c_char, -) -> libc::c_int { - match err { - -8177 => { - Curl_failf( - data, - b"Unable to load client key: Incorrect password\0" as *const u8 - as *const libc::c_char, - ); - return 1 as libc::c_int; - } - -8077 => { - Curl_failf( - data, - b"Unable to load certificate %s\0" as *const u8 as *const libc::c_char, - filename, - ); - return 1 as libc::c_int; +) -> i32 { + unsafe{ + match err { + -8177 => { + Curl_failf( + data, + b"Unable to load client key: Incorrect password\0" as *const u8 + as *const libc::c_char, + ); + return 1 as i32; + } + -8077 => { + Curl_failf( + data, + b"Unable to load certificate %s\0" as *const u8 as *const libc::c_char, + filename, + ); + return 1 as i32; + } + _ => {} } - _ => {} + return 0 as i32;/* The caller will print a generic error */ } - return 0 as libc::c_int; } -unsafe extern "C" fn cert_stuff( +extern "C" fn cert_stuff( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, mut cert_file: *mut libc::c_char, mut key_file: *mut libc::c_char, ) -> CURLcode { - let mut result: CURLcode = CURLE_OK; + unsafe{ + let mut result: CURLcode = CURLE_OK; if !cert_file.is_null() { result = nss_load_cert( &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), cert_file, - 0 as libc::c_int, + 0 as i32, ); if result as u64 != 0 { let err: PRErrorCode = PR_GetError(); @@ -1483,6 +1583,7 @@ unsafe extern "C" fn cert_stuff( if !key_file.is_null() { result = nss_load_key(data, conn, sockindex, key_file); } else { + /* In case the cert file also has the key */ result = nss_load_key(data, conn, sockindex, cert_file); } if result as u64 != 0 { @@ -1500,62 +1601,67 @@ unsafe extern "C" fn cert_stuff( } } return CURLE_OK; + } } -unsafe extern "C" fn nss_get_password( - mut slot: *mut PK11SlotInfo, +extern "C" fn nss_get_password( + mut slot: *mut PK11SlotInfo, /* unused */ mut retry: PRBool, mut arg: *mut libc::c_void, ) -> *mut libc::c_char { - if retry != 0 || arg.is_null() { - return 0 as *mut libc::c_char; - } else { - return PORT_Strdup(arg as *mut libc::c_char); - }; + unsafe{ + if retry != 0 || arg.is_null() { + return 0 as *mut libc::c_char; + } else { + return PORT_Strdup(arg as *mut libc::c_char); + }; + } } - -unsafe extern "C" fn nss_auth_cert_hook( +/* bypass the default SSL_AuthCertificate() hook in case we do not want to + * verify peer */ +extern "C" fn nss_auth_cert_hook( mut arg: *mut libc::c_void, mut fd: *mut PRFileDesc, mut checksig: PRBool, mut isServer: PRBool, ) -> SECStatus { - let mut data: *mut Curl_easy = arg as *mut Curl_easy; + unsafe{ + let mut data: *mut Curl_easy = arg as *mut Curl_easy; let mut conn: *mut connectdata = (*data).conn; #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as i32 as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as i32 as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifystatus() as libc::c_int + ((*conn).proxy_ssl_config).verifystatus() as i32 } else { - ((*conn).ssl_config).verifystatus() as libc::c_int + ((*conn).ssl_config).verifystatus() as i32 }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifystatus = ((*conn).ssl_config).verifystatus(); #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifypeer() as libc::c_int + ((*conn).proxy_ssl_config).verifypeer() as i32 } else { - ((*conn).ssl_config).verifypeer() as libc::c_int + ((*conn).ssl_config).verifypeer() as i32 }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifypeer = ((*conn).ssl_config).verifypeer(); @@ -1571,7 +1677,7 @@ unsafe extern "C" fn nss_auth_cert_hook( ); return SECFailure; } - if (*csa).len == 0 as libc::c_int as libc::c_uint { + if (*csa).len == 0 as u32 { Curl_failf( data, b"No OCSP response received\0" as *const u8 as *const libc::c_char, @@ -1582,10 +1688,10 @@ unsafe extern "C" fn nss_auth_cert_hook( CERT_GetDefaultCertDB(), SSL_PeerCertificate(fd), PR_Now(), - &mut *((*csa).items).offset(0 as libc::c_int as isize), + &mut *((*csa).items).offset(0 as isize), arg, ); - if cacheResult as libc::c_int != SECSuccess as libc::c_int { + if cacheResult as i32 != SECSuccess as i32 { Curl_failf( data, b"Invalid OCSP response\0" as *const u8 as *const libc::c_char, @@ -1607,25 +1713,29 @@ unsafe extern "C" fn nss_auth_cert_hook( checksig, isServer, ); + } } - -unsafe extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut libc::c_void) { - let mut data: *mut Curl_easy = arg as *mut Curl_easy; +/** + * Inform the application that the handshake is complete. + */ +extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut libc::c_void) { + unsafe{ + let mut data: *mut Curl_easy = arg as *mut Curl_easy; let mut conn: *mut connectdata = (*data).conn; - let mut buflenmax: libc::c_uint = 50 as libc::c_int as libc::c_uint; - let mut buf: [libc::c_uchar; 50] = [0; 50]; - let mut buflen: libc::c_uint = 0; + let mut buflenmax: u32 = 50 as u32; + let mut buf: [u8; 50] = [0; 50]; + let mut buflen: u32 = 0; let mut state: SSLNextProtoState = SSL_NEXT_PROTO_NO_SUPPORT; if ((*conn).bits).tls_enable_npn() == 0 && ((*conn).bits).tls_enable_alpn() == 0 { return; } - if SSL_GetNextProto(sock, &mut state, buf.as_mut_ptr(), &mut buflen, buflenmax) as libc::c_int - == SECSuccess as libc::c_int + if SSL_GetNextProto(sock, &mut state, buf.as_mut_ptr(), &mut buflen, buflenmax) as i32 + == SECSuccess as i32 { let mut current_block_6: u64; - match state as libc::c_uint { + match state as u32 { 4 | 0 | 2 => { Curl_infof( data, @@ -1655,32 +1765,33 @@ unsafe extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut current_block_6 = 10599921512955367680; } } - if buflen == 2 as libc::c_int as libc::c_uint + if buflen == 2 as u32 && memcmp( b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, buf.as_mut_ptr() as *const libc::c_void, - 2 as libc::c_int as libc::c_ulong, + 2 as u64, ) == 0 { - (*conn).negnpn = CURL_HTTP_VERSION_2_0 as libc::c_int; - } else if buflen == 8 as libc::c_int as libc::c_uint + (*conn).negnpn = CURL_HTTP_VERSION_2_0 as i32; + } else if buflen == 8 as u32 && memcmp( b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, buf.as_mut_ptr() as *const libc::c_void, - 8 as libc::c_int as libc::c_ulong, + 8 as u64, ) == 0 { - (*conn).negnpn = CURL_HTTP_VERSION_1_1 as libc::c_int; + (*conn).negnpn = CURL_HTTP_VERSION_1_1 as i32; } Curl_multiuse_state( data, - if (*conn).negnpn == CURL_HTTP_VERSION_2_0 as libc::c_int { - 2 as libc::c_int + if (*conn).negnpn == CURL_HTTP_VERSION_2_0 as i32 { + 2 as i32 } else { - -(1 as libc::c_int) + -(1 as i32) }, ); } + } } // unsafe extern "C" fn CanFalseStartCallback( // mut sock: *mut PRFileDesc, @@ -1736,44 +1847,44 @@ unsafe extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut // }; // let mut rv: SECStatus = SECSuccess; // let mut negotiatedExtension: PRBool = 0; -// *canFalseStart = 0 as libc::c_int; +// *canFalseStart = 0 as i32; // if SSL_GetChannelInfo( // sock, // &mut channelInfo, -// ::std::mem::size_of::() as libc::c_ulong as PRUintn, -// ) as libc::c_int -// != SECSuccess as libc::c_int +// ::std::mem::size_of::() as u64 as PRUintn, +// ) as i32 +// != SECSuccess as i32 // { // return SECFailure; // } // if SSL_GetCipherSuiteInfo( // channelInfo.cipherSuite, // &mut cipherInfo, -// ::std::mem::size_of::() as libc::c_ulong as PRUintn, -// ) as libc::c_int -// != SECSuccess as libc::c_int +// ::std::mem::size_of::() as u64 as PRUintn, +// ) as i32 +// != SECSuccess as i32 // { // return SECFailure; // } -// if !(channelInfo.protocolVersion as libc::c_int != 0x303 as libc::c_int) { -// if !(cipherInfo.keaType as libc::c_uint != ssl_kea_ecdh as libc::c_int as libc::c_uint) { -// if !(cipherInfo.symCipher as libc::c_uint -// != ssl_calg_aes_gcm as libc::c_int as libc::c_uint) +// if !(channelInfo.protocolVersion as i32 != 0x303 as i32) { +// if !(cipherInfo.keaType as u32 != ssl_kea_ecdh as i32 as u32) { +// if !(cipherInfo.symCipher as u32 +// != ssl_calg_aes_gcm as i32 as u32) // { // rv = SSL_HandshakeNegotiatedExtension( // sock, // ssl_app_layer_protocol_xtn, // &mut negotiatedExtension, // ); -// if rv as libc::c_int != SECSuccess as libc::c_int || negotiatedExtension == 0 { +// if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { // rv = SSL_HandshakeNegotiatedExtension( // sock, // ssl_next_proto_nego_xtn, // &mut negotiatedExtension, // ); // } -// if !(rv as libc::c_int != SECSuccess as libc::c_int || negotiatedExtension == 0) { -// *canFalseStart = 1 as libc::c_int; +// if !(rv as i32 != SECSuccess as i32 || negotiatedExtension == 0) { +// *canFalseStart = 1 as i32; // Curl_infof( // data, // b"Trying TLS False Start\0" as *const u8 as *const libc::c_char, @@ -1784,12 +1895,13 @@ unsafe extern "C" fn HandshakeCallback(mut sock: *mut PRFileDesc, mut arg: *mut // } // return SECSuccess; // } -unsafe extern "C" fn CanFalseStartCallback( +extern "C" fn CanFalseStartCallback( mut sock: *mut PRFileDesc, mut client_data: *mut libc::c_void, mut canFalseStart: *mut PRBool, ) -> SECStatus { - let mut data: *mut Curl_easy = client_data as *mut Curl_easy; + unsafe{ + let mut data: *mut Curl_easy = client_data as *mut Curl_easy; let mut channelInfo: SSLChannelInfo = SSLChannelInfo { length: 0, protocolVersion: 0, @@ -1838,68 +1950,77 @@ unsafe extern "C" fn CanFalseStartCallback( }; let mut rv: SECStatus = SECSuccess; let mut negotiatedExtension: PRBool = 0; - *canFalseStart = 0 as libc::c_int; + *canFalseStart = 0 as i32; if SSL_GetChannelInfo( sock, &mut channelInfo, - ::std::mem::size_of::() as libc::c_ulong as PRUintn, - ) as libc::c_int - != SECSuccess as libc::c_int + ::std::mem::size_of::() as PRUintn, + ) as i32 + != SECSuccess as i32 { return SECFailure; } if SSL_GetCipherSuiteInfo( channelInfo.cipherSuite, &mut cipherInfo, - ::std::mem::size_of::() as libc::c_ulong as PRUintn, - ) as libc::c_int - != SECSuccess as libc::c_int + ::std::mem::size_of::() as PRUintn, + ) as i32 + != SECSuccess as i32 { return SECFailure; } // 创建一个循环 // 循环开始 'end: loop { - if channelInfo.protocolVersion as libc::c_int != 0x303 as libc::c_int { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for + * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310 + */ + if channelInfo.protocolVersion as i32 != 0x303 as i32 { break 'end; } - if cipherInfo.keaType as libc::c_uint != ssl_kea_ecdh as libc::c_int as libc::c_uint { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + /* Only allow ECDHE key exchange algorithm. + * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */ + if cipherInfo.keaType as u32 != ssl_kea_ecdh as u32 + { break 'end; } - if cipherInfo.symCipher as libc::c_uint != ssl_calg_aes_gcm as libc::c_int as libc::c_uint { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC + * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt + * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */ + if cipherInfo.symCipher as u32 + != ssl_calg_aes_gcm as u32 + { break 'end; } + /* Enforce ALPN or NPN to do False Start, as an indicator of server + * compatibility. */ rv = SSL_HandshakeNegotiatedExtension( sock, ssl_app_layer_protocol_xtn, &mut negotiatedExtension, ); - if rv as libc::c_int != SECSuccess as libc::c_int || negotiatedExtension == 0 { + if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { rv = SSL_HandshakeNegotiatedExtension( sock, ssl_next_proto_nego_xtn, &mut negotiatedExtension, ); } - if rv as libc::c_int != SECSuccess as libc::c_int || negotiatedExtension == 0 { - // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); + if rv as i32 != SECSuccess as i32 || negotiatedExtension == 0 { break 'end; } - *canFalseStart = 1 as libc::c_int; - Curl_infof( - data, - b"Trying TLS False Start\0" as *const u8 as *const libc::c_char, - ); + *canFalseStart = 1 as i32; + Curl_infof(data, b"Trying TLS False Start\0" as *const u8 as *const libc::c_char); + break 'end; } // 循环结束 // curl_mprintf(b"hanxj\0" as *const u8 as *const libc::c_char); return SECSuccess; + } } -unsafe extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut CERTCertificate) { - let mut subject: *mut libc::c_char = 0 as *mut libc::c_char; +extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut CERTCertificate) { + unsafe{ + let mut subject: *mut libc::c_char = 0 as *mut libc::c_char; let mut issuer: *mut libc::c_char = 0 as *mut libc::c_char; let mut common_name: *mut libc::c_char = 0 as *mut libc::c_char; let mut printableTime: PRExplodedTime = PRExplodedTime { @@ -1936,7 +2057,7 @@ unsafe extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut ); PR_FormatTime( timeString.as_mut_ptr(), - 256 as libc::c_int, + 256 as i32, b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, &mut printableTime, ); @@ -1952,7 +2073,7 @@ unsafe extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut ); PR_FormatTime( timeString.as_mut_ptr(), - 256 as libc::c_int, + 256 as i32, b"%b %d %H:%M:%S %Y GMT\0" as *const u8 as *const libc::c_char, &mut printableTime, ); @@ -1974,12 +2095,14 @@ unsafe extern "C" fn display_cert_info(mut data: *mut Curl_easy, mut cert: *mut PR_Free(subject as *mut libc::c_void); PR_Free(issuer as *mut libc::c_void); PR_Free(common_name as *mut libc::c_void); + } } -unsafe extern "C" fn display_conn_info( +extern "C" fn display_conn_info( mut data: *mut Curl_easy, mut sock: *mut PRFileDesc, ) -> CURLcode { - let mut result: CURLcode = CURLE_OK; + unsafe{ + let mut result: CURLcode = CURLE_OK; let mut channel: SSLChannelInfo = SSLChannelInfo { length: 0, protocolVersion: 0, @@ -2033,19 +2156,19 @@ unsafe extern "C" fn display_conn_info( if SSL_GetChannelInfo( sock, &mut channel, - ::std::mem::size_of::() as libc::c_ulong as PRUintn, - ) as libc::c_int - == SECSuccess as libc::c_int - && channel.length as libc::c_ulong - == ::std::mem::size_of::() as libc::c_ulong - && channel.cipherSuite as libc::c_int != 0 + ::std::mem::size_of::() as PRUintn, + ) as i32 + == SECSuccess as i32 + && channel.length as u64 + == ::std::mem::size_of::() as u64 + && channel.cipherSuite as i32 != 0 { if SSL_GetCipherSuiteInfo( channel.cipherSuite, &mut suite, - ::std::mem::size_of::() as libc::c_ulong as PRUintn, - ) as libc::c_int - == SECSuccess as libc::c_int + ::std::mem::size_of::() as PRUintn, + ) as i32 + == SECSuccess as i32 { Curl_infof( data, @@ -2064,7 +2187,8 @@ unsafe extern "C" fn display_conn_info( display_cert_info(data, cert); CERT_DestroyCertificate(cert); } else { - let mut i: libc::c_int = 1 as libc::c_int; + /* Count certificates in chain. */ + let mut i: i32 = 1 as i32; now = PR_Now(); if (*cert).isRoot == 0 { cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); @@ -2082,13 +2206,12 @@ unsafe extern "C" fn display_conn_info( } result = Curl_ssl_init_certinfo(data, i); if result as u64 == 0 { - i = 0 as libc::c_int; + i = 0 as i32; while !cert.is_null() { - let fresh11 = i; i = i + 1; result = Curl_extract_certinfo( data, - fresh11, + i, (*cert).derCert.data as *mut libc::c_char, ((*cert).derCert.data as *mut libc::c_char) .offset((*cert).derCert.len as isize), @@ -2109,56 +2232,58 @@ unsafe extern "C" fn display_conn_info( } } return result; + } } #[cfg(not(CURL_DISABLE_PROXY))] -unsafe extern "C" fn BadCertHandler( +extern "C" fn BadCertHandler( mut arg: *mut libc::c_void, mut sock: *mut PRFileDesc, ) -> SECStatus { - let mut data: *mut Curl_easy = arg as *mut Curl_easy; + unsafe{ + let mut data: *mut Curl_easy = arg as *mut Curl_easy; let mut conn: *mut connectdata = (*data).conn; let mut err: PRErrorCode = PR_GetError(); let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; #[cfg(not(CURL_DISABLE_PROXY))] if true { - *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + *if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { &mut (*data).set.proxy_ssl.certverifyresult } else { &mut (*data).set.ssl.certverifyresult - } = err as libc::c_long; + } = err as i64; } #[cfg(CURL_DISABLE_PROXY)] if true { - (*data).set.ssl.certverifyresult = err as libc::c_long; + (*data).set.ssl.certverifyresult = err as i64; } - if err == SSL_ERROR_BAD_CERT_DOMAIN as libc::c_int - && (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 + && (if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifyhost() as libc::c_int + ((*conn).proxy_ssl_config).verifyhost() as i32 } else { - ((*conn).ssl_config).verifyhost() as libc::c_int + ((*conn).ssl_config).verifyhost() as i32 }) == 0 { return SECSuccess; @@ -2173,22 +2298,27 @@ unsafe extern "C" fn BadCertHandler( CERT_DestroyCertificate(cert); } return SECFailure; + } } #[cfg(CURL_DISABLE_PROXY)] -unsafe extern "C" fn BadCertHandler( +extern "C" fn BadCertHandler( mut arg: *mut libc::c_void, mut sock: *mut PRFileDesc, ) -> SECStatus { - let mut data: *mut Curl_easy = arg as *mut Curl_easy; + unsafe{ + let mut data: *mut Curl_easy = arg as *mut Curl_easy; let mut conn: *mut connectdata = (*data).conn; let mut err: PRErrorCode = PR_GetError(); let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; - (*data).set.ssl.certverifyresult = err as libc::c_long; - if err == SSL_ERROR_BAD_CERT_DOMAIN as libc::c_int + /* remember the cert verification result */ + (*data).set.ssl.certverifyresult = err as i64; + if err == SSL_ERROR_BAD_CERT_DOMAIN as i32 && ((*conn).ssl_config).verifyhost() == 0 { + /* we are asked not to verify the host name */ return SECSuccess; } + /* print only info about the cert, the error is printed off the callback */ cert = SSL_PeerCertificate(sock); if !cert.is_null() { Curl_infof(data, b"Server certificate:\0" as *const u8 as *const libc::c_char); @@ -2196,12 +2326,21 @@ unsafe extern "C" fn BadCertHandler( CERT_DestroyCertificate(cert); } return SECFailure; + } } -unsafe extern "C" fn check_issuer_cert( +/** + * + * Check that the Peer certificate's issuer certificate matches the one found + * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the + * issuer check, so we provide comments that mimic the OpenSSL + * X509_check_issued function (in x509v3/v3_purp.c) + */ +extern "C" fn check_issuer_cert( mut sock: *mut PRFileDesc, mut issuer_nickname: *mut libc::c_char, ) -> SECStatus { - let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; + unsafe{ + let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; let mut cert_issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; let mut issuer: *mut CERTCertificate = 0 as *mut CERTCertificate; let mut res: SECStatus = SECSuccess; @@ -2213,8 +2352,8 @@ unsafe extern "C" fn check_issuer_cert( if cert_issuer.is_null() || issuer.is_null() { res = SECFailure; } else if SECITEM_CompareItem(&mut (*cert_issuer).derCert, &mut (*issuer).derCert) - as libc::c_int - != SECEqual as libc::c_int + as i32 + != SECEqual as i32 { res = SECFailure; } @@ -2222,12 +2361,14 @@ unsafe extern "C" fn check_issuer_cert( CERT_DestroyCertificate(issuer); CERT_DestroyCertificate(cert_issuer); return res; + } } -unsafe extern "C" fn cmp_peer_pubkey( +extern "C" fn cmp_peer_pubkey( mut connssl: *mut ssl_connect_data, mut pinnedpubkey: *const libc::c_char, ) -> CURLcode { - let mut result: CURLcode = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + unsafe{ + let mut result: CURLcode = CURLE_SSL_PINNEDPUBKEYNOTMATCH; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut data: *mut Curl_easy = (*backend).data; let mut cert: *mut CERTCertificate = 0 as *mut CERTCertificate; @@ -2236,6 +2377,7 @@ unsafe extern "C" fn cmp_peer_pubkey( } cert = SSL_PeerCertificate((*backend).nss_handle); if !cert.is_null() { + /* no pinned public key specified */ let mut pubkey: *mut SECKEYPublicKey = CERT_ExtractPublicKey(cert); if !pubkey.is_null() { let mut cert_der: *mut SECItem = PK11_DEREncodePublicKey(pubkey); @@ -2246,13 +2388,13 @@ unsafe extern "C" fn cmp_peer_pubkey( (*cert_der).data, (*cert_der).len as size_t, ); - SECITEM_FreeItem(cert_der, 1 as libc::c_int); + SECITEM_FreeItem(cert_der, 1 as i32); } SECKEY_DestroyPublicKey(pubkey); } CERT_DestroyCertificate(cert); } - match result as libc::c_uint { + match result as u32 { 0 => { Curl_infof( data, @@ -2268,26 +2410,35 @@ unsafe extern "C" fn cmp_peer_pubkey( _ => {} } return result; + } } -unsafe extern "C" fn SelectClientCert( + + +/** + * + * Callback to pick the SSL client certificate. + */ +extern "C" fn SelectClientCert( mut arg: *mut libc::c_void, mut sock: *mut PRFileDesc, mut caNames: *mut CERTDistNamesStr, mut pRetCert: *mut *mut CERTCertificateStr, mut pRetKey: *mut *mut SECKEYPrivateKeyStr, ) -> SECStatus { - let mut connssl: *mut ssl_connect_data = arg as *mut ssl_connect_data; + unsafe{ + let mut connssl: *mut ssl_connect_data = arg as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut data: *mut Curl_easy = (*backend).data; let mut nickname: *const libc::c_char = (*backend).client_nickname; static mut pem_slotname: [libc::c_char; 13] = unsafe { *::std::mem::transmute::<&[u8; 13], &[libc::c_char; 13]>(b"PEM Token #1\0") }; if !((*backend).obj_clicert).is_null() { + /* use the cert/key provided by PEM reader */ let mut cert_der: SECItem = { let mut init = SECItemStr { type_0: siBuffer, - data: 0 as *mut libc::c_uchar, - len: 0 as libc::c_int as libc::c_uint, + data: 0 as *mut u8, + len: 0 as u32, }; init }; @@ -2306,10 +2457,10 @@ unsafe extern "C" fn SelectClientCert( if PK11_ReadRawAttribute( PK11_TypeGeneric, (*backend).obj_clicert as *mut libc::c_void, - 0x11 as libc::c_int as CK_ATTRIBUTE_TYPE, + 0x11 as CK_ATTRIBUTE_TYPE, &mut cert_der, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { Curl_failf( data, @@ -2320,8 +2471,9 @@ unsafe extern "C" fn SelectClientCert( return SECFailure; } cert = PK11_FindCertFromDERCertItem(slot, &mut cert_der, proto_win); - SECITEM_FreeItem(&mut cert_der, 0 as libc::c_int); + SECITEM_FreeItem(&mut cert_der, 0 as i32); if cert.is_null() { + /* extract public key from peer certificate */ Curl_failf( data, b"NSS: client certificate from file not found\0" as *const u8 @@ -2349,14 +2501,16 @@ unsafe extern "C" fn SelectClientCert( *pRetKey = key; return SECSuccess; } - if SECSuccess as libc::c_int + + /* use the default NSS hook */ + if SECSuccess as i32 != NSS_GetClientAuthData( nickname as *mut libc::c_void, sock, caNames, pRetCert, pRetKey, - ) as libc::c_int + ) as i32 || (*pRetCert).is_null() { if nickname.is_null() { @@ -2374,6 +2528,8 @@ unsafe extern "C" fn SelectClientCert( } return SECFailure; } + + /* get certificate nickname if any */ nickname = (**pRetCert).nickname; if nickname.is_null() { nickname = b"[unknown]\0" as *const u8 as *const libc::c_char; @@ -2381,8 +2537,8 @@ unsafe extern "C" fn SelectClientCert( if strncmp( nickname, pem_slotname.as_ptr(), - (::std::mem::size_of::<[libc::c_char; 13]>() as libc::c_ulong) - .wrapping_sub(1 as libc::c_uint as libc::c_ulong), + (::std::mem::size_of::<[libc::c_char; 13]>() as u64) + .wrapping_sub(1 as u64), ) == 0 { Curl_failf( @@ -2408,65 +2564,88 @@ unsafe extern "C" fn SelectClientCert( ); display_cert_info(data, *pRetCert); return SECSuccess; + } } -unsafe extern "C" fn nss_update_connecting_state( + +/* update blocking direction in case of PR_WOULD_BLOCK_ERROR */ +extern "C" fn nss_update_connecting_state( mut state: ssl_connect_state, mut secret: *mut libc::c_void, ) { - let mut connssl: *mut ssl_connect_data = secret as *mut ssl_connect_data; - if PR_GetError() as libc::c_long != -(5998 as libc::c_long) { + unsafe{ + let mut connssl: *mut ssl_connect_data = secret as *mut ssl_connect_data; + if PR_GetError() as i64 != -(5998 as i64) { + /* an unrelated error is passing by */ return; } - match (*connssl).connecting_state as libc::c_uint { + match (*connssl).connecting_state as u32 { 1 | 2 | 3 => {} _ => return, } + /* we are not called from an SSL handshake */ (*connssl).connecting_state = state; + } } -unsafe extern "C" fn nspr_io_recv( + +/* recv() wrapper we use to detect blocking direction during SSL handshake */ +extern "C" fn nspr_io_recv( mut fd: *mut PRFileDesc, mut buf: *mut libc::c_void, mut amount: PRInt32, mut flags: PRIntn, mut timeout: PRIntervalTime, ) -> PRInt32 { - let recv_fn: PRRecvFN = (*(*(*fd).lower).methods).recv; + unsafe{ + let recv_fn: PRRecvFN = (*(*(*fd).lower).methods).recv; let rv: PRInt32 = recv_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout); - if rv < 0 as libc::c_int { + if rv < 0 as i32 { + /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ nss_update_connecting_state(ssl_connect_2_reading, (*fd).secret as *mut libc::c_void); } return rv; + } } -unsafe extern "C" fn nspr_io_send( + +/* send() wrapper we use to detect blocking direction during SSL handshake */ +extern "C" fn nspr_io_send( mut fd: *mut PRFileDesc, mut buf: *const libc::c_void, mut amount: PRInt32, mut flags: PRIntn, mut timeout: PRIntervalTime, ) -> PRInt32 { - let send_fn: PRSendFN = (*(*(*fd).lower).methods).send; + unsafe{ + let send_fn: PRSendFN = (*(*(*fd).lower).methods).send; let rv: PRInt32 = send_fn.expect("non-null function pointer")((*fd).lower, buf, amount, flags, timeout); - if rv < 0 as libc::c_int { + if rv < 0 as i32 { + /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ nss_update_connecting_state(ssl_connect_2_writing, (*fd).secret as *mut libc::c_void); } return rv; + } } -unsafe extern "C" fn nspr_io_close(mut fd: *mut PRFileDesc) -> PRStatus { - let close_fn: PRCloseFN = (*PR_GetDefaultIOMethods()).close; - let ref mut fresh12 = (*fd).secret; - *fresh12 = 0 as *mut PRFilePrivate; +/* close() wrapper to avoid assertion failure due to fd->secret != NULL */ +extern "C" fn nspr_io_close(mut fd: *mut PRFileDesc) -> PRStatus { + unsafe{ + let close_fn: PRCloseFN = (*PR_GetDefaultIOMethods()).close; + (*fd).secret = 0 as *mut PRFilePrivate; return close_fn.expect("non-null function pointer")(fd); + } } -unsafe extern "C" fn nss_load_module( + +/* load a PKCS #11 module */ +extern "C" fn nss_load_module( mut pmod: *mut *mut SECMODModule, mut library: *const libc::c_char, mut name: *const libc::c_char, ) -> CURLcode { - let mut config_string: *mut libc::c_char = 0 as *mut libc::c_char; + unsafe{ + let mut config_string: *mut libc::c_char = 0 as *mut libc::c_char; let mut module: *mut SECMODModule = *pmod; if !module.is_null() { + /* already loaded */ return CURLE_OK; } config_string = curl_maprintf( @@ -2477,9 +2656,10 @@ unsafe extern "C" fn nss_load_module( if config_string.is_null() { return CURLE_OUT_OF_MEMORY; } - module = SECMOD_LoadUserModule(config_string, 0 as *mut SECMODModule, 0 as libc::c_int); + module = SECMOD_LoadUserModule(config_string, 0 as *mut SECMODModule, 0 as i32); Curl_cfree.expect("non-null function pointer")(config_string as *mut libc::c_void); if !module.is_null() && (*module).loaded != 0 { + /* loaded successfully */ *pmod = module; return CURLE_OK; } @@ -2487,111 +2667,127 @@ unsafe extern "C" fn nss_load_module( SECMOD_DestroyModule(module); } return CURLE_FAILED_INIT; + } } -unsafe extern "C" fn nss_unload_module(mut pmod: *mut *mut SECMODModule) { - let mut module: *mut SECMODModule = *pmod; + + +/* unload a PKCS #11 module */ +extern "C" fn nss_unload_module(mut pmod: *mut *mut SECMODModule) { + unsafe{ + let mut module: *mut SECMODModule = *pmod; if module.is_null() { + /* not loaded */ return; } - if SECMOD_UnloadUserModule(module) as libc::c_int != SECSuccess as libc::c_int { + if SECMOD_UnloadUserModule(module) as i32 != SECSuccess as i32 { + /* unload failed */ return; } SECMOD_DestroyModule(module); *pmod = 0 as *mut SECMODModule; + } } -unsafe extern "C" fn nss_init_core( + +/* data might be NULL */ +extern "C" fn nss_init_core( mut data: *mut Curl_easy, mut cert_dir: *const libc::c_char, ) -> CURLcode { - let mut initparams: NSSInitParameters = NSSInitParameters { - length: 0, - passwordRequired: 0, - minPWLen: 0, - manufactureID: 0 as *mut libc::c_char, - libraryDescription: 0 as *mut libc::c_char, - cryptoTokenDescription: 0 as *mut libc::c_char, - dbTokenDescription: 0 as *mut libc::c_char, - FIPSTokenDescription: 0 as *mut libc::c_char, - cryptoSlotDescription: 0 as *mut libc::c_char, - dbSlotDescription: 0 as *mut libc::c_char, - FIPSSlotDescription: 0 as *mut libc::c_char, - }; - let mut err: PRErrorCode = 0; - let mut err_name: *const libc::c_char = 0 as *const libc::c_char; - if !nss_context.is_null() { - return CURLE_OK; - } - memset( - &mut initparams as *mut NSSInitParameters as *mut libc::c_void, - '\u{0}' as i32, - ::std::mem::size_of::() as libc::c_ulong, - ); - initparams.length = ::std::mem::size_of::() as libc::c_ulong as libc::c_uint; - if !cert_dir.is_null() { - let mut certpath: *mut libc::c_char = - curl_maprintf(b"sql:%s\0" as *const u8 as *const libc::c_char, cert_dir); - if certpath.is_null() { - return CURLE_OUT_OF_MEMORY; + unsafe{ + let mut initparams: NSSInitParameters = NSSInitParameters { + length: 0, + passwordRequired: 0, + minPWLen: 0, + manufactureID: 0 as *mut libc::c_char, + libraryDescription: 0 as *mut libc::c_char, + cryptoTokenDescription: 0 as *mut libc::c_char, + dbTokenDescription: 0 as *mut libc::c_char, + FIPSTokenDescription: 0 as *mut libc::c_char, + cryptoSlotDescription: 0 as *mut libc::c_char, + dbSlotDescription: 0 as *mut libc::c_char, + FIPSSlotDescription: 0 as *mut libc::c_char, + }; + let mut err: PRErrorCode = 0; + let mut err_name: *const libc::c_char = 0 as *const libc::c_char; + if !nss_context.is_null() { + return CURLE_OK; + } + memset( + &mut initparams as *mut NSSInitParameters as *mut libc::c_void, + '\u{0}' as i32, + ::std::mem::size_of::() as u64, + ); + initparams.length = ::std::mem::size_of::() as u32; + if !cert_dir.is_null() { + let mut certpath: *mut libc::c_char = + curl_maprintf(b"sql:%s\0" as *const u8 as *const libc::c_char, cert_dir); + if certpath.is_null() { + return CURLE_OUT_OF_MEMORY; + } + Curl_infof( + data, + b"Initializing NSS with certpath: %s\0" as *const u8 as *const libc::c_char, + certpath, + ); + nss_context = NSS_InitContext( + certpath, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + b"\0" as *const u8 as *const libc::c_char, + &mut initparams, + (0x1 as i32 | 0x80 as i32) as PRUint32, + ); + Curl_cfree.expect("non-null function pointer")(certpath as *mut libc::c_void); + if !nss_context.is_null() { + return CURLE_OK; + } + err = PR_GetError(); + err_name = nss_error_to_name(err); + Curl_infof( + data, + b"Unable to initialize NSS database: %d (%s)\0" as *const u8 as *const libc::c_char, + err, + err_name, + ); } Curl_infof( data, - b"Initializing NSS with certpath: %s\0" as *const u8 as *const libc::c_char, - certpath, + b"Initializing NSS with certpath: none\0" as *const u8 as *const libc::c_char, ); nss_context = NSS_InitContext( - certpath, + b"\0" as *const u8 as *const libc::c_char, b"\0" as *const u8 as *const libc::c_char, b"\0" as *const u8 as *const libc::c_char, b"\0" as *const u8 as *const libc::c_char, &mut initparams, - (0x1 as libc::c_int | 0x80 as libc::c_int) as PRUint32, + (0x1 as i32 + | 0x2 as i32 + | 0x4 as i32 + | 0x8 as i32 + | 0x10 as i32 + | 0x20 as i32 + | 0x80 as i32) as PRUint32, ); - Curl_cfree.expect("non-null function pointer")(certpath as *mut libc::c_void); if !nss_context.is_null() { return CURLE_OK; } err = PR_GetError(); err_name = nss_error_to_name(err); - Curl_infof( + Curl_failf( data, - b"Unable to initialize NSS database: %d (%s)\0" as *const u8 as *const libc::c_char, + b"Unable to initialize NSS: %d (%s)\0" as *const u8 as *const libc::c_char, err, err_name, ); + return CURLE_SSL_CACERT_BADFILE; } - Curl_infof( - data, - b"Initializing NSS with certpath: none\0" as *const u8 as *const libc::c_char, - ); - nss_context = NSS_InitContext( - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - b"\0" as *const u8 as *const libc::c_char, - &mut initparams, - (0x1 as libc::c_int - | 0x2 as libc::c_int - | 0x4 as libc::c_int - | 0x8 as libc::c_int - | 0x10 as libc::c_int - | 0x20 as libc::c_int - | 0x80 as libc::c_int) as PRUint32, - ); - if !nss_context.is_null() { - return CURLE_OK; - } - err = PR_GetError(); - err_name = nss_error_to_name(err); - Curl_failf( - data, - b"Unable to initialize NSS: %d (%s)\0" as *const u8 as *const libc::c_char, - err, - err_name, - ); - return CURLE_SSL_CACERT_BADFILE; } -unsafe extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { - let mut cert_dir: *mut libc::c_char = 0 as *mut libc::c_char; + + +/* data might be NULL */ +extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { + unsafe{ + let mut cert_dir: *mut libc::c_char = 0 as *mut libc::c_char; let mut st: stat = stat { st_dev: 0, st_ino: 0, @@ -2622,6 +2818,7 @@ unsafe extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { if initialized != 0 { return CURLE_OK; } + /* list of all CRL items we need to destroy in nss_cleanup() */ Curl_llist_init( &mut nss_crl_list, Some( @@ -2629,36 +2826,42 @@ unsafe extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { as unsafe extern "C" fn(*mut libc::c_void, *mut libc::c_void) -> (), ), ); + /* First we check if $SSL_DIR points to a valid dir */ cert_dir = getenv(b"SSL_DIR\0" as *const u8 as *const libc::c_char); if !cert_dir.is_null() { - if stat(cert_dir, &mut st) != 0 as libc::c_int - || !(st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o40000 as libc::c_int as libc::c_uint) + if stat(cert_dir, &mut st) != 0 as i32 + || !(st.st_mode & 0o170000 as u32 + == 0o40000 as u32) { cert_dir = 0 as *mut libc::c_char; } } + + /* Now we check if the default location is a valid dir */ if cert_dir.is_null() { + /* allocate an identity for our own NSPR I/O layer */ if stat( b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char, &mut st, - ) == 0 as libc::c_int - && st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o40000 as libc::c_int as libc::c_uint + ) == 0 as i32 + && st.st_mode & 0o170000 as u32 + == 0o40000 as u32 { cert_dir = b"/etc/pki/nssdb\0" as *const u8 as *const libc::c_char as *mut libc::c_char; } } - if nspr_io_identity == -(1 as libc::c_int) { + if nspr_io_identity == -(1 as i32) { nspr_io_identity = PR_GetUniqueIdentity(b"libcurl\0" as *const u8 as *const libc::c_char); - if nspr_io_identity == -(1 as libc::c_int) { + if nspr_io_identity == -(1 as i32) { return CURLE_OUT_OF_MEMORY; } + /* the default methods just call down to the lower I/O layer */ memcpy( &mut nspr_io_methods as *mut PRIOMethods as *mut libc::c_void, PR_GetDefaultIOMethods() as *const libc::c_void, - ::std::mem::size_of::() as libc::c_ulong, + ::std::mem::size_of::() as u64, ); + /* override certain methods in the table by our wrappers */ nspr_io_methods.recv = Some( nspr_io_recv as unsafe extern "C" fn( @@ -2689,26 +2892,40 @@ unsafe extern "C" fn nss_setup(mut data: *mut Curl_easy) -> CURLcode { if !any_cipher_enabled() { NSS_SetDomesticPolicy(); } - ::std::ptr::write_volatile(&mut initialized as *mut libc::c_int, 1 as libc::c_int); + ::std::ptr::write_volatile(&mut initialized as *mut i32, 1 as i32); return CURLE_OK; + } } -unsafe extern "C" fn nss_init() -> libc::c_int { - if nss_initlock.is_null() { - PR_Init( - PR_USER_THREAD, - PR_PRIORITY_NORMAL, - 0 as libc::c_int as PRUintn, - ); - nss_initlock = PR_NewLock(); - nss_crllock = PR_NewLock(); - nss_findslot_lock = PR_NewLock(); - nss_trustload_lock = PR_NewLock(); +/** + * Global SSL init + * + * @retval 0 error initializing SSL + * @retval 1 SSL initialized successfully + */ + +extern "C" fn nss_init() -> i32 { + unsafe{ + /* curl_global_init() is not thread-safe so this test is ok */ + if nss_initlock.is_null() { + PR_Init( + PR_USER_THREAD, + PR_PRIORITY_NORMAL, + 0 as PRUintn, + ); + nss_initlock = PR_NewLock(); + nss_crllock = PR_NewLock(); + nss_findslot_lock = PR_NewLock(); + nss_trustload_lock = PR_NewLock(); + } + /* We will actually initialize NSS later */ + return 1 as i32; } - return 1 as libc::c_int; } #[no_mangle] -pub unsafe extern "C" fn Curl_nss_force_init(mut data: *mut Curl_easy) -> CURLcode { - let mut result: CURLcode = CURLE_OK; +/* data might be NULL */ +pub extern "C" fn Curl_nss_force_init(mut data: *mut Curl_easy) -> CURLcode { + unsafe{ + let mut result: CURLcode = CURLE_OK; if nss_initlock.is_null() { if !data.is_null() { Curl_failf( @@ -2723,16 +2940,27 @@ pub unsafe extern "C" fn Curl_nss_force_init(mut data: *mut Curl_easy) -> CURLco result = nss_setup(data); PR_Unlock(nss_initlock); return result; + } } -unsafe extern "C" fn nss_cleanup() { - PR_Lock(nss_initlock); + +/* Global cleanup */ +extern "C" fn nss_cleanup() { + unsafe{ + /* This function isn't required to be threadsafe and this is only done + * as a safety feature. + */ + PR_Lock(nss_initlock); if initialized != 0 { + /* Free references to client certificates held in the SSL session cache. + * Omitting this hampers destruction of the security module owning + * the certificates. */ SSL_ClearSessionCache(); nss_unload_module(&mut pem_module); nss_unload_module(&mut trust_module); NSS_ShutdownContext(nss_context); nss_context = 0 as *mut NSSInitContext; } + /* destroy all CRL items */ Curl_llist_destroy(&mut nss_crl_list, 0 as *mut libc::c_void); PR_Unlock(nss_initlock); PR_DestroyLock(nss_initlock); @@ -2740,64 +2968,91 @@ unsafe extern "C" fn nss_cleanup() { PR_DestroyLock(nss_findslot_lock); PR_DestroyLock(nss_trustload_lock); nss_initlock = 0 as *mut PRLock; - ::std::ptr::write_volatile(&mut initialized as *mut libc::c_int, 0 as libc::c_int); + ::std::ptr::write_volatile(&mut initialized as *mut i32, 0 as i32); + } } -unsafe extern "C" fn nss_check_cxn(mut conn: *mut connectdata) -> libc::c_int { - let mut connssl: *mut ssl_connect_data = - &mut *((*conn).ssl).as_mut_ptr().offset(0 as libc::c_int as isize) as *mut ssl_connect_data; + + + +/* + * This function uses SSL_peek to determine connection status. + * + * Return codes: + * 1 means the connection is still in place + * 0 means the connection has been closed + * -1 means the connection status is unknown + */ +extern "C" fn nss_check_cxn(mut conn: *mut connectdata) -> i32 { + unsafe{ + let mut connssl: *mut ssl_connect_data = + &mut *((*conn).ssl).as_mut_ptr().offset(0 as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; - let mut rc: libc::c_int = 0; + let mut rc: i32 = 0; let mut buf: libc::c_char = 0; rc = PR_Recv( (*backend).nss_handle, &mut buf as *mut libc::c_char as *mut libc::c_void, - 1 as libc::c_int, - 0x2 as libc::c_int, - PR_SecondsToInterval(1 as libc::c_int as PRUint32), + 1 as i32, + 0x2 as i32, + PR_SecondsToInterval(1 as PRUint32), ); - if rc > 0 as libc::c_int { - return 1 as libc::c_int; + if rc > 0 as i32 { + return 1 as i32; /* connection still in place */ + } + if rc == 0 as i32 { + return 0 as i32;/* connection has been closed */ } - if rc == 0 as libc::c_int { - return 0 as libc::c_int; + return -(1 as i32);/* connection status unknown */ } - return -(1 as libc::c_int); } -unsafe extern "C" fn close_one(mut connssl: *mut ssl_connect_data) { - let mut backend: *mut ssl_backend_data = (*connssl).backend; +extern "C" fn close_one(mut connssl: *mut ssl_connect_data) { + unsafe{ + /* before the cleanup, check whether we are using a client certificate */ + let mut backend: *mut ssl_backend_data = (*connssl).backend; let client_cert: bool = !((*backend).client_nickname).is_null() || !((*backend).obj_clicert).is_null(); if !((*backend).nss_handle).is_null() { let mut buf: [libc::c_char; 32] = [0; 32]; + /* Maybe the server has already sent a close notify alert. + Read it to avoid an RST on the TCP connection. */ PR_Recv( (*backend).nss_handle, buf.as_mut_ptr() as *mut libc::c_void, - ::std::mem::size_of::<[libc::c_char; 32]>() as libc::c_ulong as libc::c_int, - 0 as libc::c_int, - 0 as libc::c_ulong as PRIntervalTime, + ::std::mem::size_of::<[libc::c_char; 32]>() as i32, + 0 as i32, + 0 as PRIntervalTime, ); } Curl_cfree.expect("non-null function pointer")((*backend).client_nickname as *mut libc::c_void); - let ref mut fresh13 = (*backend).client_nickname; - *fresh13 = 0 as *mut libc::c_char; + (*backend).client_nickname = 0 as *mut libc::c_char; + /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); - let ref mut fresh14 = (*backend).obj_clicert; - *fresh14 = 0 as *mut PK11GenericObject; + (*backend).obj_clicert = 0 as *mut PK11GenericObject; if !((*backend).nss_handle).is_null() { if client_cert { + /* A server might require different authentication based on the + * particular path being requested by the client. To support this + * scenario, we must ensure that a connection will never reuse the + * authentication data from a previous connection. */ SSL_InvalidateSession((*backend).nss_handle); } PR_Close((*backend).nss_handle); - let ref mut fresh15 = (*backend).nss_handle; - *fresh15 = 0 as *mut PRFileDesc; + (*backend).nss_handle = 0 as *mut PRFileDesc; + } } } -unsafe extern "C" fn nss_close( + + +/* + * This function is called when an SSL connection is closed. + */ +extern "C" fn nss_close( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, ) { - let mut connssl: *mut ssl_connect_data = + unsafe{ + let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; #[cfg(not(CURL_DISABLE_PROXY))] let mut connssl_proxy: *mut ssl_connect_data = @@ -2809,45 +3064,55 @@ unsafe extern "C" fn nss_close( #[cfg(CURL_DISABLE_PROXY)] let CURL_DISABLE_PROXY_3 = false; if !((*backend).nss_handle).is_null() || CURL_DISABLE_PROXY_3{ - (*conn).sock[sockindex as usize] = -(1 as libc::c_int); + (*conn).sock[sockindex as usize] = -(1 as i32); } #[cfg(not(CURL_DISABLE_PROXY))] if !((*backend).nss_handle).is_null() { - let ref mut fresh16 = (*(*connssl_proxy).backend).nss_handle; - *fresh16 = 0 as *mut PRFileDesc; + (*(*connssl_proxy).backend).nss_handle = 0 as *mut PRFileDesc; } #[cfg(not(CURL_DISABLE_PROXY))] close_one(connssl_proxy); close_one(connssl); + } } -unsafe extern "C" fn is_nss_error(mut err: CURLcode) -> bool { - match err as libc::c_uint { - 60 | 58 | 35 | 83 => return 1 as libc::c_int != 0, - _ => return 0 as libc::c_int != 0, - }; + +/* return true if NSS can provide error code (and possibly msg) for the + error */ +extern "C" fn is_nss_error(mut err: CURLcode) -> bool { + unsafe{ + match err as u32 { + 60 | 58 | 35 | 83 => return 1 as i32 != 0, + _ => return 0 as i32 != 0, + }; + } } -unsafe extern "C" fn is_cc_error(mut err: PRInt32) -> bool { - match err { - -12271 | -12269 | -12270 => return 1 as libc::c_int != 0, - _ => return 0 as libc::c_int != 0, - }; + +/* return true if the given error code is related to a client certificate */ +extern "C" fn is_cc_error(mut err: PRInt32) -> bool { + unsafe{ + match err { + -12271 | -12269 | -12270 => return 1 as i32 != 0, + _ => return 0 as i32 != 0, + }; + } } -unsafe extern "C" fn nss_load_ca_certificates( +extern "C" fn nss_load_ca_certificates( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, ) -> CURLcode { - #[cfg(not(CURL_DISABLE_PROXY))] - let mut cafile: *const libc::c_char = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + unsafe{ + #[cfg(not(CURL_DISABLE_PROXY))] + let mut cafile: *const libc::c_char = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.CAfile } else { @@ -2856,16 +3121,16 @@ unsafe extern "C" fn nss_load_ca_certificates( #[cfg(CURL_DISABLE_PROXY)] let mut cafile: *const libc::c_char = (*conn).ssl_config.CAfile; #[cfg(not(CURL_DISABLE_PROXY))] - let mut capath: *const libc::c_char = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + let mut capath: *const libc::c_char = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.CApath } else { @@ -2875,10 +3140,12 @@ unsafe extern "C" fn nss_load_ca_certificates( let mut capath: *const libc::c_char = (*conn).ssl_config.CApath; let mut use_trust_module: bool = false; let mut result: CURLcode = CURLE_OK; - if !cafile.is_null() && *cafile.offset(0 as libc::c_int as isize) == 0 { + + /* treat empty string as unset */ + if !cafile.is_null() && *cafile.offset(0 as isize) == 0 { cafile = 0 as *const libc::c_char; } - if !capath.is_null() && *capath.offset(0 as libc::c_int as isize) == 0 { + if !capath.is_null() && *capath.offset(0 as isize) == 0 { capath = 0 as *const libc::c_char; } Curl_infof( @@ -2899,9 +3166,12 @@ unsafe extern "C" fn nss_load_ca_certificates( b"none\0" as *const u8 as *const libc::c_char }, ); + + /* load libnssckbi.so if no other trust roots were specified */ use_trust_module = cafile.is_null() && capath.is_null(); PR_Lock(nss_trustload_lock); - if use_trust_module as libc::c_int != 0 && trust_module.is_null() { + if use_trust_module as i32 != 0 && trust_module.is_null() { + /* libnssckbi.so needed but not yet loaded --> load it! */ result = nss_load_module( &mut trust_module, trust_library, @@ -2910,17 +3180,20 @@ unsafe extern "C" fn nss_load_ca_certificates( Curl_infof( data, b"%s %s\0" as *const u8 as *const libc::c_char, - if result as libc::c_uint != 0 { + if result as u32 != 0 { b"failed to load\0" as *const u8 as *const libc::c_char } else { b"loaded\0" as *const u8 as *const libc::c_char }, trust_library, ); - if result as libc::c_uint == CURLE_FAILED_INIT as libc::c_int as libc::c_uint { + if result as u32 == CURLE_FAILED_INIT as i32 as u32 { + /* If libnssckbi.so is not available (or fails to load), one can still + use CA certificates stored in NSS database. Ignore the failure. */ result = CURLE_OK; } } else if !use_trust_module && !trust_module.is_null() { + /* libnssckbi.so not needed but already loaded --> unload it! */ Curl_infof( data, b"unloading %s\0" as *const u8 as *const libc::c_char, @@ -2933,7 +3206,7 @@ unsafe extern "C" fn nss_load_ca_certificates( result = nss_load_cert( &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), cafile, - 1 as libc::c_int, + 1 as i32, ); } if result as u64 != 0 { @@ -2966,11 +3239,11 @@ unsafe extern "C" fn nss_load_ca_certificates( }, __glibc_reserved: [0; 3], }; - if stat(capath, &mut st) == -(1 as libc::c_int) { + if stat(capath, &mut st) == -(1 as i32) { return CURLE_SSL_CACERT_BADFILE; } - if st.st_mode & 0o170000 as libc::c_int as libc::c_uint - == 0o40000 as libc::c_int as libc::c_uint + if st.st_mode & 0o170000 as u32 + == 0o40000 as u32 { let mut entry: *mut PRDirEntry = 0 as *mut PRDirEntry; let mut dir: *mut PRDir = PR_OpenDir(capath); @@ -2980,7 +3253,7 @@ unsafe extern "C" fn nss_load_ca_certificates( loop { entry = PR_ReadDir( dir, - (PR_SKIP_BOTH as libc::c_int | PR_SKIP_HIDDEN as libc::c_int) as PRDirFlags, + (PR_SKIP_BOTH as i32 | PR_SKIP_HIDDEN as i32) as PRDirFlags, ); if entry.is_null() { break; @@ -2994,13 +3267,15 @@ unsafe extern "C" fn nss_load_ca_certificates( PR_CloseDir(dir); return CURLE_OUT_OF_MEMORY; } - if CURLE_OK as libc::c_int as libc::c_uint + if CURLSHE_OK as u32 != nss_load_cert( &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize), fullpath, - 1 as libc::c_int, - ) as libc::c_uint + 1 as i32, + ) as u32 { + /* This is purposefully tolerant of errors so non-PEM files can + * be in the same directory */ Curl_infof( data, b"failed to load '%s' from CURLOPT_CAPATH\0" as *const u8 @@ -3021,132 +3296,137 @@ unsafe extern "C" fn nss_load_ca_certificates( } } return CURLE_OK; + } } -unsafe extern "C" fn nss_sslver_from_curl( +extern "C" fn nss_sslver_from_curl( mut nssver: *mut PRUint16, - mut version: libc::c_long, + mut version: i64, ) -> CURLcode { - match version { - 2 => { - *nssver = 0x2 as libc::c_int as PRUint16; - return CURLE_OK; - } - 3 => return CURLE_NOT_BUILT_IN, - 4 => { - *nssver = 0x301 as libc::c_int as PRUint16; - return CURLE_OK; - } - 5 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - _ => { - *nssver = 0x302 as libc::c_int as PRUint16; - return CURLE_OK; - } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] - _ => { - return CURLE_SSL_CONNECT_ERROR; - } + unsafe{ + match version { + 2 => { + *nssver = 0x2 as PRUint16; + return CURLE_OK; } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - // *nssver = 0x302 as libc::c_int as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] - // return CURLE_SSL_CONNECT_ERROR; - } - 6 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - _ => { - *nssver = 0x303 as libc::c_int as PRUint16; - return CURLE_OK; - } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] - _ => { - return CURLE_SSL_CONNECT_ERROR; + 3 => return CURLE_NOT_BUILT_IN, + 4 => { + *nssver = 0x301 as PRUint16; + return CURLE_OK; + } + 5 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + _ => { + *nssver = 0x302 as PRUint16; + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } } + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + // *nssver = 0x302 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_1))] + // return CURLE_SSL_CONNECT_ERROR; } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - // *nssver = 0x303 as libc::c_int as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] - // return CURLE_SSL_CONNECT_ERROR; - } - 7 => { - match () { - #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - _ => { - *nssver = 0x304 as libc::c_int as PRUint16; - return CURLE_OK; + 6 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + _ => { + *nssver = 0x303 as PRUint16; + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } } - #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] - _ => { - return CURLE_SSL_CONNECT_ERROR; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + // *nssver = 0x303 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_2))] + // return CURLE_SSL_CONNECT_ERROR; + } + 7 => { + match () { + #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + _ => { + *nssver = 0x304 as PRUint16; + return CURLE_OK; + } + #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] + _ => { + return CURLE_SSL_CONNECT_ERROR; + } } + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + // *nssver = 0x304 as i32 as PRUint16; + // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] + // return CURLE_OK; + // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] + // return CURLE_SSL_CONNECT_ERROR; } - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - // *nssver = 0x304 as libc::c_int as PRUint16; - // #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] - // return CURLE_OK; - // #[cfg(not(SSL_LIBRARY_VERSION_TLS_1_3))] - // return CURLE_SSL_CONNECT_ERROR; - } - _ => return CURLE_SSL_CONNECT_ERROR, - }; + _ => return CURLE_SSL_CONNECT_ERROR, + }; + } } -unsafe extern "C" fn nss_init_sslver( +extern "C" fn nss_init_sslver( mut sslver: *mut SSLVersionRange, mut data: *mut Curl_easy, mut conn: *mut connectdata, ) -> CURLcode { - let mut result: CURLcode = CURLE_OK; + unsafe{ + let mut result: CURLcode = CURLE_OK; #[cfg(not(CURL_DISABLE_PROXY))] - let min: libc::c_long = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + let min: i64 = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.version } else { (*conn).ssl_config.version }; #[cfg(CURL_DISABLE_PROXY)] - let min: libc::c_long = (*conn).ssl_config.version; + let min: i64 = (*conn).ssl_config.version; #[cfg(not(CURL_DISABLE_PROXY))] - let max: libc::c_long = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] == -(1 as libc::c_int) + let max: i64 = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.version_max } else { (*conn).ssl_config.version_max }; #[cfg(CURL_DISABLE_PROXY)] - let max: libc::c_long = (*conn).ssl_config.version_max; + let max: i64 = (*conn).ssl_config.version_max; let mut vrange: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; match min { 1 | 0 => { - if SSL_VersionRangeGetDefault(ssl_variant_stream, &mut vrange) as libc::c_int - != SECSuccess as libc::c_int + /* Bump our minimum TLS version if NSS has stricter requirements. */ + if SSL_VersionRangeGetDefault(ssl_variant_stream, &mut vrange) as i32 + != SECSuccess as i32 { return CURLE_SSL_CONNECT_ERROR; } - if ((*sslver).min as libc::c_int) < vrange.min as libc::c_int { + if ((*sslver).min as i32) < vrange.min as i32 { (*sslver).min = vrange.min; } } @@ -3165,7 +3445,7 @@ unsafe extern "C" fn nss_init_sslver( match max { 0 | 65536 => {} _ => { - result = nss_sslver_from_curl(&mut (*sslver).max, max >> 16 as libc::c_int); + result = nss_sslver_from_curl(&mut (*sslver).max, max >> 16 as i32); if result as u64 != 0 { Curl_failf( data, @@ -3177,52 +3457,63 @@ unsafe extern "C" fn nss_init_sslver( } } return CURLE_OK; + } } -unsafe extern "C" fn nss_fail_connect( +extern "C" fn nss_fail_connect( mut connssl: *mut ssl_connect_data, mut data: *mut Curl_easy, mut curlerr: CURLcode, ) -> CURLcode { - let mut backend: *mut ssl_backend_data = (*connssl).backend; + unsafe{ + let mut backend: *mut ssl_backend_data = (*connssl).backend; if is_nss_error(curlerr) { + /* read NSPR error code */ let mut err: PRErrorCode = PR_GetError(); if is_cc_error(err) { curlerr = CURLE_SSL_CERTPROBLEM; } + /* print the error number and error string */ Curl_infof( data, b"NSS error %d (%s)\0" as *const u8 as *const libc::c_char, err, nss_error_to_name(err), ); + /* print a human-readable message describing the error if available */ nss_print_error_message(data, err as PRUint32); } + /* cleanup on connection failure */ Curl_llist_destroy(&mut (*backend).obj_list, 0 as *mut libc::c_void); return curlerr; + } } -unsafe extern "C" fn nss_set_blocking( + +/* Switch the SSL socket into blocking or non-blocking mode. */ +extern "C" fn nss_set_blocking( mut connssl: *mut ssl_connect_data, mut data: *mut Curl_easy, mut blocking: bool, ) -> CURLcode { - let mut sock_opt: PRSocketOptionData = PRSocketOptionData { - option: PR_SockOpt_Nonblocking, - value: nss_C2RustUnnamed_5 { ip_ttl: 0 }, - }; - let mut backend: *mut ssl_backend_data = (*connssl).backend; - sock_opt.option = PR_SockOpt_Nonblocking; - sock_opt.value.non_blocking = !blocking as libc::c_int; - if PR_SetSocketOption((*backend).nss_handle, &mut sock_opt) as libc::c_int - != PR_SUCCESS as libc::c_int - { - return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); + unsafe{ + let mut sock_opt: PRSocketOptionData = PRSocketOptionData { + option: PR_SockOpt_Nonblocking, + value: nss_C2RustUnnamed_5 { ip_ttl: 0 }, + }; + let mut backend: *mut ssl_backend_data = (*connssl).backend; + sock_opt.option = PR_SockOpt_Nonblocking; + sock_opt.value.non_blocking = !blocking as i32; + if PR_SetSocketOption((*backend).nss_handle, &mut sock_opt) as i32 + != PR_SUCCESS as i32 + { + return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); + } + return CURLE_OK; } - return CURLE_OK; } // unsafe extern "C" fn nss_setup_connect( // mut data: *mut Curl_easy, // mut conn: *mut connectdata, -// mut sockindex: libc::c_int, +// mut sockindex: i32, // ) -> CURLcode { // let mut current_block: u64; // let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; @@ -3235,12 +3526,12 @@ unsafe extern "C" fn nss_set_blocking( // &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; // let mut backend: *mut ssl_backend_data = (*connssl).backend; // let mut result: CURLcode = CURLE_OK; -// let mut second_layer: bool = 0 as libc::c_int != 0; +// let mut second_layer: bool = 0 as i32 != 0; // let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; // let mut sslver: SSLVersionRange = { // let mut init = SSLVersionRangeStr { -// min: 0x301 as libc::c_int as PRUint16, -// max: 0x304 as libc::c_int as PRUint16, +// min: 0x301 as i32 as PRUint16, +// max: 0x304 as i32 as PRUint16, // }; // init // }; @@ -3271,7 +3562,7 @@ unsafe extern "C" fn nss_set_blocking( // b"PEM\0" as *const u8 as *const libc::c_char, // ); // PR_Unlock(nss_initlock); -// if result as libc::c_uint == CURLE_FAILED_INIT as libc::c_int as libc::c_uint { +// if result as u32 == CURLE_FAILED_INIT as i32 as u32 { // Curl_infof( // data, // b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" @@ -3291,78 +3582,78 @@ unsafe extern "C" fn nss_set_blocking( // model = PR_NewTCPSocket(); // if !model.is_null() { // model = SSL_ImportFD(0 as *mut PRFileDesc, model); -// if !(SSL_OptionSet(model, 1 as libc::c_int, 1 as libc::c_int) as libc::c_int -// != SECSuccess as libc::c_int) +// if !(SSL_OptionSet(model, 1 as i32, 1 as i32) as i32 +// != SECSuccess as i32) // { -// if !(SSL_OptionSet(model, 6 as libc::c_int, 0 as libc::c_int) -// as libc::c_int -// != SECSuccess as libc::c_int) +// if !(SSL_OptionSet(model, 6 as i32, 0 as i32) +// as i32 +// != SECSuccess as i32) // { -// if !(SSL_OptionSet(model, 5 as libc::c_int, 1 as libc::c_int) -// as libc::c_int -// != SECSuccess as libc::c_int) +// if !(SSL_OptionSet(model, 5 as i32, 1 as i32) +// as i32 +// != SECSuccess as i32) // { -// ssl_no_cache = if (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// ssl_no_cache = if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn).proxy_ssl[(if (*conn).sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { -// ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int +// ((*data).set.proxy_ssl.primary).sessionid() as i32 // } else { -// ((*data).set.ssl.primary).sessionid() as libc::c_int +// ((*data).set.ssl.primary).sessionid() as i32 // }) != 0 -// && (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// && (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn).proxy_ssl[(if (*conn).sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { -// ((*conn).proxy_ssl_config).verifypeer() as libc::c_int +// ((*conn).proxy_ssl_config).verifypeer() as i32 // } else { -// ((*conn).ssl_config).verifypeer() as libc::c_int +// ((*conn).ssl_config).verifypeer() as i32 // }) != 0 // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }; -// if !(SSL_OptionSet(model, 9 as libc::c_int, ssl_no_cache) -// as libc::c_int -// != SECSuccess as libc::c_int) +// if !(SSL_OptionSet(model, 9 as i32, ssl_no_cache) +// as i32 +// != SECSuccess as i32) // { -// if !(nss_init_sslver(&mut sslver, data, conn) as libc::c_uint -// != CURLE_OK as libc::c_int as libc::c_uint) +// if !(nss_init_sslver(&mut sslver, data, conn) as u32 +// != CURLE_OK as i32 as u32) // { // if !(SSL_VersionRangeGetSupported( // ssl_variant_stream, // &mut sslver_supported, // ) -// as libc::c_int -// != SECSuccess as libc::c_int) +// as i32 +// != SECSuccess as i32) // { -// if (sslver_supported.max as libc::c_int) -// < sslver.max as libc::c_int -// && sslver_supported.max as libc::c_int -// >= sslver.min as libc::c_int +// if (sslver_supported.max as i32) +// < sslver.max as i32 +// && sslver_supported.max as i32 +// >= sslver.min as i32 // { // let mut sslver_req_str: *mut libc::c_char = // 0 as *mut libc::c_char; @@ -3391,40 +3682,40 @@ unsafe extern "C" fn nss_set_blocking( // sslver.max = sslver_supported.max; // } // if !(SSL_VersionRangeSet(model, &mut sslver) -// as libc::c_int -// != SECSuccess as libc::c_int) +// as i32 +// != SECSuccess as i32) // { // ssl_cbc_random_iv = (if CURLPROXY_HTTPS -// as libc::c_int -// as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int -// as libc::c_uint +// as i32 +// as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 +// as u32 // != (*conn).proxy_ssl[(if (*conn).sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // ((*data).set.proxy_ssl).enable_beast() -// as libc::c_int +// as i32 // } else { -// ((*data).set.ssl).enable_beast() as libc::c_int +// ((*data).set.ssl).enable_beast() as i32 // } == 0) -// as libc::c_int; +// as i32; // if SSL_OptionSet( // model, -// 23 as libc::c_int, +// 23 as i32, // ssl_cbc_random_iv, // ) -// as libc::c_int -// != SECSuccess as libc::c_int +// as i32 +// != SECSuccess as i32 // { // Curl_infof( // data, @@ -3433,22 +3724,22 @@ unsafe extern "C" fn nss_set_blocking( // ssl_cbc_random_iv, // ); // } -// if !if CURLPROXY_HTTPS as libc::c_int -// as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int -// as libc::c_uint +// if !if CURLPROXY_HTTPS as i32 +// as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 +// as u32 // != (*conn).proxy_ssl[(if (*conn).sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // (*conn).proxy_ssl_config.cipher_list // } else { @@ -3459,33 +3750,33 @@ unsafe extern "C" fn nss_set_blocking( // if set_ciphers( // data, // model, -// (if CURLPROXY_HTTPS as libc::c_int -// as libc::c_uint +// (if CURLPROXY_HTTPS as i32 +// as u32 // == (*conn).http_proxy.proxytype -// as libc::c_uint +// as u32 // && ssl_connection_complete -// as libc::c_int -// as libc::c_uint +// as i32 +// as u32 // != (*conn).proxy_ssl[(if (*conn) // .sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // (*conn).proxy_ssl_config.cipher_list // } else { // (*conn).ssl_config.cipher_list // }), // ) -// as libc::c_int -// != SECSuccess as libc::c_int +// as i32 +// != SECSuccess as i32 // { // result = CURLE_SSL_CIPHER; // current_block = 8192695711153237833; @@ -3498,58 +3789,58 @@ unsafe extern "C" fn nss_set_blocking( // match current_block { // 8192695711153237833 => {} // _ => { -// if (if CURLPROXY_HTTPS as libc::c_int -// as libc::c_uint +// if (if CURLPROXY_HTTPS as i32 +// as u32 // == (*conn).http_proxy.proxytype -// as libc::c_uint +// as u32 // && ssl_connection_complete -// as libc::c_int -// as libc::c_uint +// as i32 +// as u32 // != (*conn).proxy_ssl[(if (*conn) // .sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // ((*conn).proxy_ssl_config).verifypeer() -// as libc::c_int +// as i32 // } else { // ((*conn).ssl_config).verifypeer() -// as libc::c_int +// as i32 // }) == 0 -// && (if CURLPROXY_HTTPS as libc::c_int -// as libc::c_uint +// && (if CURLPROXY_HTTPS as i32 +// as u32 // == (*conn).http_proxy.proxytype -// as libc::c_uint +// as u32 // && ssl_connection_complete -// as libc::c_int -// as libc::c_uint +// as i32 +// as u32 // != (*conn).proxy_ssl[(if (*conn) // .sock -// [1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// [1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // ((*conn).proxy_ssl_config) // .verifyhost() -// as libc::c_int +// as i32 // } else { // ((*conn).ssl_config).verifyhost() -// as libc::c_int +// as i32 // }) != 0 // { // Curl_infof( @@ -3570,25 +3861,25 @@ unsafe extern "C" fn nss_set_blocking( // ) -> SECStatus, // ), // data as *mut libc::c_void, -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { -// *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// *if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // &mut (*data).set.proxy_ssl.certverifyresult // } else { // &mut (*data).set.ssl.certverifyresult -// } = 0 as libc::c_int as libc::c_long; +// } = 0 as i32 as i64; // if !(SSL_BadCertHook( // model, // Some( @@ -3599,7 +3890,7 @@ unsafe extern "C" fn nss_set_blocking( // ) -> SECStatus, // ), // data as *mut libc::c_void, -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // if !(SSL_HandshakeCallback( // model, @@ -3611,31 +3902,31 @@ unsafe extern "C" fn nss_set_blocking( // ) -> (), // ), // data as *mut libc::c_void, -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // let rv: CURLcode = nss_load_ca_certificates( // data, // conn, // sockindex, // ); -// if rv as libc::c_uint -// == CURLE_SSL_CACERT_BADFILE as libc::c_int as libc::c_uint -// && (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if rv as u32 +// == CURLE_SSL_CACERT_BADFILE as i32 as u32 +// && (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { -// ((*conn).proxy_ssl_config).verifypeer() as libc::c_int +// ((*conn).proxy_ssl_config).verifypeer() as i32 // } else { -// ((*conn).ssl_config).verifypeer() as libc::c_int +// ((*conn).ssl_config).verifypeer() as i32 // }) == 0 // { // Curl_infof( @@ -3653,18 +3944,18 @@ unsafe extern "C" fn nss_set_blocking( // match current_block { // 8192695711153237833 => {} // _ => { -// if !if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.CRLfile // } else { @@ -3673,18 +3964,18 @@ unsafe extern "C" fn nss_set_blocking( // .is_null() // { // let rv_0: CURLcode = nss_load_crl( -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.CRLfile // } else { @@ -3698,18 +3989,18 @@ unsafe extern "C" fn nss_set_blocking( // Curl_infof( // data, // b" CRLfile: %s\0" as *const u8 as *const libc::c_char, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.CRLfile // } else { @@ -3724,18 +4015,18 @@ unsafe extern "C" fn nss_set_blocking( // match current_block { // 8192695711153237833 => {} // _ => { -// if !if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.primary.clientcert // } else { @@ -3745,18 +4036,18 @@ unsafe extern "C" fn nss_set_blocking( // { // let mut nickname: *mut libc::c_char = dup_nickname( // data, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.primary.clientcert // } else { @@ -3772,35 +4063,35 @@ unsafe extern "C" fn nss_set_blocking( // data, // conn, // sockindex, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.primary.clientcert // } else { // (*data).set.ssl.primary.clientcert // }, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.key // } else { @@ -3843,14 +4134,14 @@ unsafe extern "C" fn nss_set_blocking( // ) -> SECStatus, // ), // connssl as *mut libc::c_void, -// ) as libc::c_int != SECSuccess as libc::c_int +// ) as i32 != SECSuccess as i32 // { // result = CURLE_SSL_CERTPROBLEM; // } else { // if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { // nspr_io = (*(*conn).proxy_ssl[sockindex as usize].backend) // handle; -// second_layer = 1 as libc::c_int != 0; +// second_layer = 1 as i32 != 0; // current_block = 10393716428851982524; // } else { // nspr_io = PR_ImportTCPSocket(sockfd); @@ -3877,9 +4168,9 @@ unsafe extern "C" fn nss_set_blocking( // as *mut PRFilePrivate; // if PR_PushIOLayer( // nspr_io, -// -(2 as libc::c_int), +// -(2 as i32), // nspr_io_stub, -// ) as libc::c_int != PR_SUCCESS as libc::c_int +// ) as i32 != PR_SUCCESS as i32 // { // if !second_layer { // PR_Close(nspr_io); @@ -3895,18 +4186,18 @@ unsafe extern "C" fn nss_set_blocking( // } else { // PR_Close(model); // model = 0 as *mut PRFileDesc; -// if !if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.key_passwd // } else { @@ -3916,18 +4207,18 @@ unsafe extern "C" fn nss_set_blocking( // { // SSL_SetPKCS11PinArg( // (*backend).handle, -// (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.key_passwd // } else { @@ -3935,29 +4226,29 @@ unsafe extern "C" fn nss_set_blocking( // }) as *mut libc::c_void, // ); // } -// if if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// if if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { -// ((*conn).proxy_ssl_config).verifystatus() as libc::c_int +// ((*conn).proxy_ssl_config).verifystatus() as i32 // } else { -// ((*conn).ssl_config).verifystatus() as libc::c_int +// ((*conn).ssl_config).verifystatus() as i32 // } != 0 // { // if SSL_OptionSet( // (*backend).handle, -// 24 as libc::c_int, -// 1 as libc::c_int, -// ) as libc::c_int != SECSuccess as libc::c_int +// 24 as i32, +// 1 as i32, +// ) as i32 != SECSuccess as i32 // { // current_block = 8192695711153237833; // } else { @@ -3971,30 +4262,30 @@ unsafe extern "C" fn nss_set_blocking( // _ => { // if !(SSL_OptionSet( // (*backend).handle, -// 25 as libc::c_int, -// (if ((*conn).bits).tls_enable_npn() as libc::c_int != 0 { -// 1 as libc::c_int +// 25 as i32, +// (if ((*conn).bits).tls_enable_npn() as i32 != 0 { +// 1 as i32 // } else { -// 0 as libc::c_int +// 0 as i32 // }), -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // if !(SSL_OptionSet( // (*backend).handle, -// 26 as libc::c_int, -// (if ((*conn).bits).tls_enable_alpn() as libc::c_int != 0 { -// 1 as libc::c_int +// 26 as i32, +// (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { +// 1 as i32 // } else { -// 0 as libc::c_int +// 0 as i32 // }), -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // if ((*data).set.ssl).falsestart() != 0 { // if SSL_OptionSet( // (*backend).handle, -// 22 as libc::c_int, -// 1 as libc::c_int, -// ) as libc::c_int != SECSuccess as libc::c_int +// 22 as i32, +// 1 as i32, +// ) as i32 != SECSuccess as i32 // { // current_block = 8192695711153237833; // } else if SSL_SetCanFalseStartCallback( @@ -4008,7 +4299,7 @@ unsafe extern "C" fn nss_set_blocking( // ) -> SECStatus, // ), // data as *mut libc::c_void, -// ) as libc::c_int != SECSuccess as libc::c_int +// ) as i32 != SECSuccess as i32 // { // current_block = 8192695711153237833; // } else { @@ -4020,57 +4311,57 @@ unsafe extern "C" fn nss_set_blocking( // match current_block { // 8192695711153237833 => {} // _ => { -// if ((*conn).bits).tls_enable_npn() as libc::c_int != 0 -// || ((*conn).bits).tls_enable_alpn() as libc::c_int != 0 +// if ((*conn).bits).tls_enable_npn() as i32 != 0 +// || ((*conn).bits).tls_enable_alpn() as i32 != 0 // { -// let mut cur: libc::c_int = 0 as libc::c_int; -// let mut protocols: [libc::c_uchar; 128] = [0; 128]; -// if (*data).state.httpwant as libc::c_int -// >= CURL_HTTP_VERSION_2_0 as libc::c_int -// && (!(CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// let mut cur: i32 = 0 as i32; +// let mut protocols: [u8; 128] = [0; 128]; +// if (*data).state.httpwant as i32 +// >= CURL_HTTP_VERSION_2_0 as i32 +// && (!(CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint) +// .state as u32) // || ((*conn).bits).tunnel_proxy() == 0) // { // let fresh23 = cur; // cur = cur + 1; // protocols[fresh23 -// as usize] = 2 as libc::c_int as libc::c_uchar; +// as usize] = 2 as i32 as u8; // memcpy( // &mut *protocols.as_mut_ptr().offset(cur as isize) -// as *mut libc::c_uchar as *mut libc::c_void, +// as *mut u8 as *mut libc::c_void, // b"h2\0" as *const u8 as *const libc::c_char // as *const libc::c_void, -// 2 as libc::c_int as libc::c_ulong, +// 2 as i32 as u64, // ); -// cur += 2 as libc::c_int; +// cur += 2 as i32; // } // let fresh24 = cur; // cur = cur + 1; // protocols[fresh24 -// as usize] = 8 as libc::c_int as libc::c_uchar; +// as usize] = 8 as i32 as u8; // memcpy( // &mut *protocols.as_mut_ptr().offset(cur as isize) -// as *mut libc::c_uchar as *mut libc::c_void, +// as *mut u8 as *mut libc::c_void, // b"http/1.1\0" as *const u8 as *const libc::c_char // as *const libc::c_void, -// 8 as libc::c_int as libc::c_ulong, +// 8 as i32 as u64, // ); -// cur += 8 as libc::c_int; +// cur += 8 as i32; // if SSL_SetNextProtoNego( // (*backend).handle, // protocols.as_mut_ptr(), -// cur as libc::c_uint, -// ) as libc::c_int != SECSuccess as libc::c_int +// cur as u32, +// ) as i32 != SECSuccess as i32 // { // current_block = 8192695711153237833; // } else { @@ -4082,50 +4373,50 @@ unsafe extern "C" fn nss_set_blocking( // match current_block { // 8192695711153237833 => {} // _ => { -// if !(SSL_ResetHandshake((*backend).handle, 0 as libc::c_int) -// as libc::c_int != SECSuccess as libc::c_int) +// if !(SSL_ResetHandshake((*backend).handle, 0 as i32) +// as i32 != SECSuccess as i32) // { // if !(SSL_SetURL( // (*backend).handle, -// (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*conn).http_proxy.host.name // } else { // (*conn).host.name // }), -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // if !(SSL_SetSockPeerID( // (*backend).handle, -// (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint +// (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 // != (*conn) -// .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// .proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*conn).http_proxy.host.name // } else { // (*conn).host.name // }), -// ) as libc::c_int != SECSuccess as libc::c_int) +// ) as i32 != SECSuccess as i32) // { // return CURLE_OK; // } @@ -4172,12 +4463,13 @@ unsafe extern "C" fn nss_set_blocking( // } // return nss_fail_connect(connssl, data, result); // } -unsafe extern "C" fn nss_setup_connect( +extern "C" fn nss_setup_connect( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, ) -> CURLcode { - let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; + unsafe{ + let mut model: *mut PRFileDesc = 0 as *mut PRFileDesc; let mut nspr_io: *mut PRFileDesc = 0 as *mut PRFileDesc; let mut nspr_io_stub: *mut PRFileDesc = 0 as *mut PRFileDesc; let mut ssl_no_cache: PRBool = 0; @@ -4187,33 +4479,33 @@ unsafe extern "C" fn nss_setup_connect( &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut result: CURLcode = CURLE_OK; - let mut second_layer: bool = 0 as libc::c_int != 0; + let mut second_layer: bool = 0 as i32 != 0; let mut sslver_supported: SSLVersionRange = SSLVersionRange { min: 0, max: 0 }; let mut sslver: SSLVersionRange = { #[cfg(SSL_LIBRARY_VERSION_TLS_1_3)] let mut init = SSLVersionRangeStr { - min: 0x301 as libc::c_int as PRUint16, - max: 0x304 as libc::c_int as PRUint16, + min: 0x301 as PRUint16, + max: 0x304 as PRUint16, }; #[cfg(SSL_LIBRARY_VERSION_TLS_1_2)] let mut init = SSLVersionRangeStr { - min: 0x301 as libc::c_int as PRUint16, - max: 0x303 as libc::c_int as PRUint16, + min: 0x301 as PRUint16, + max: 0x303 as PRUint16, }; #[cfg(SSL_LIBRARY_VERSION_TLS_1_1)] let mut init = SSLVersionRangeStr { - min: 0x301 as libc::c_int as PRUint16, - max: 0x302 as libc::c_int as PRUint16, + min: 0x301 as PRUint16, + max: 0x302 as PRUint16, }; #[cfg(all(not(SSL_LIBRARY_VERSION_TLS_1_3), not(SSL_LIBRARY_VERSION_TLS_1_2), not(SSL_LIBRARY_VERSION_TLS_1_1)))] let mut init = SSLVersionRangeStr { - min: 0x301 as libc::c_int as PRUint16, - max: 0x301 as libc::c_int as PRUint16, + min: 0x301 as PRUint16, + max: 0x301 as PRUint16, }; init }; - let ref mut fresh17 = (*backend).data; - *fresh17 = data; + (*backend).data = data; + /* list of all NSS objects we need to destroy in nss_do_close() */ Curl_llist_init( &mut (*backend).obj_list, Some( @@ -4227,128 +4519,123 @@ unsafe extern "C" fn nss_setup_connect( 'error: loop { if result as u64 != 0 { PR_Unlock(nss_initlock); - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - PK11_SetPasswordFunc(Some( - nss_get_password - as unsafe extern "C" fn( - *mut PK11SlotInfo, - PRBool, - *mut libc::c_void, - ) -> *mut libc::c_char, - )); + PK11_SetPasswordFunc( + Some( + nss_get_password + as unsafe extern "C" fn( + *mut PK11SlotInfo, + PRBool, + *mut libc::c_void, + ) -> *mut libc::c_char, + ), + ); result = nss_load_module( &mut pem_module, pem_library, b"PEM\0" as *const u8 as *const libc::c_char, ); PR_Unlock(nss_initlock); - if result as libc::c_uint == CURLE_FAILED_INIT as libc::c_int as libc::c_uint { + if result as u32 == CURLE_FAILED_INIT as i32 as u32 { Curl_infof( - data, - b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" - as *const u8 as *const libc::c_char, - pem_library, - ); + data, + b"WARNING: failed to load NSS PEM library %s. Using OpenSSL PEM certificates will not work.\0" + as *const u8 as *const libc::c_char, + pem_library, + ); } else if result as u64 != 0 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } result = CURLE_SSL_CONNECT_ERROR; model = PR_NewTCPSocket(); if model.is_null() { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } model = SSL_ImportFD(0 as *mut PRFileDesc, model); - if SSL_OptionSet(model, 1 as libc::c_int, 1 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet(model, 1 as i32, 1 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - if SSL_OptionSet(model, 6 as libc::c_int, 0 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet(model, 6 as i32, 0 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - if SSL_OptionSet(model, 5 as libc::c_int, 1 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet(model, 5 as i32, 1 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] - let ssl_no_cache_value = if (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let ssl_no_cache_value = if (if CURLPROXY_HTTPS as i32 as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as i32 as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int + ((*data).set.proxy_ssl.primary).sessionid() as i32 } else { - ((*data).set.ssl.primary).sessionid() as libc::c_int + ((*data).set.ssl.primary).sessionid() as i32 }) != 0 - && (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + && (if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifypeer() as libc::c_int + ((*conn).proxy_ssl_config).verifypeer() as i32 } else { - ((*conn).ssl_config).verifypeer() as libc::c_int + ((*conn).ssl_config).verifypeer() as i32 }) != 0 { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }; #[cfg(CURL_DISABLE_PROXY)] let ssl_no_cache_value = if ((*data).set.ssl.primary).sessionid() - as libc::c_int != 0 - && ((*conn).ssl_config).verifypeer() as libc::c_int != 0 + as i32 != 0 + && ((*conn).ssl_config).verifypeer() as i32 != 0 { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }; + /* do not use SSL cache if disabled or we are not going to verify peer */ ssl_no_cache = ssl_no_cache_value; - if SSL_OptionSet(model, 9 as libc::c_int, ssl_no_cache) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet(model, 9 as i32, ssl_no_cache) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - if nss_init_sslver(&mut sslver, data, conn) as libc::c_uint - != CURLE_OK as libc::c_int as libc::c_uint + /* enable/disable the requested SSL version(s) */ + if nss_init_sslver(&mut sslver, data, conn) as u32 + != CURLE_OK as u32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - if SSL_VersionRangeGetSupported(ssl_variant_stream, &mut sslver_supported) as libc::c_int - != SECSuccess as libc::c_int + if SSL_VersionRangeGetSupported(ssl_variant_stream, &mut sslver_supported) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - if (sslver_supported.max as libc::c_int) < sslver.max as libc::c_int - && sslver_supported.max as libc::c_int >= sslver.min as libc::c_int + if (sslver_supported.max as i32) < sslver.max as i32 + && sslver_supported.max as i32 >= sslver.min as i32 { let mut sslver_req_str: *mut libc::c_char = 0 as *mut libc::c_char; let mut sslver_supp_str: *mut libc::c_char = 0 as *mut libc::c_char; @@ -4367,34 +4654,35 @@ unsafe extern "C" fn nss_setup_connect( Curl_cfree.expect("non-null function pointer")(sslver_supp_str as *mut libc::c_void); sslver.max = sslver_supported.max; } - if SSL_VersionRangeSet(model, &mut sslver) as libc::c_int != SECSuccess as libc::c_int { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); + if SSL_VersionRangeSet(model, &mut sslver) as i32 != SECSuccess as i32 { break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] - let ssl_cbc_random_iv_value = (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let ssl_cbc_random_iv_value = (if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*data).set.proxy_ssl).enable_beast() as libc::c_int + ((*data).set.proxy_ssl).enable_beast() as i32 } else { - ((*data).set.ssl).enable_beast() as libc::c_int - } == 0) as libc::c_int; + ((*data).set.ssl).enable_beast() as i32 + } == 0) as i32; #[cfg(CURL_DISABLE_PROXY)] let ssl_cbc_random_iv_value = (((*data).set.ssl).enable_beast() == 0) - as libc::c_int; + as i32; ssl_cbc_random_iv = ssl_cbc_random_iv_value; #[cfg(SSL_CBC_RANDOM_IV)] - if SSL_OptionSet(model, 23 as libc::c_int, ssl_cbc_random_iv) as libc::c_int - != SECSuccess as libc::c_int + /* unless the user explicitly asks to allow the protocol vulnerability, we + use the work-around */ + if SSL_OptionSet(model, 23 as i32, ssl_cbc_random_iv) as i32 + != SECSuccess as i32 { Curl_infof( data, @@ -4405,17 +4693,17 @@ unsafe extern "C" fn nss_setup_connect( } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_cipher_list = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_CONN_CONFIG_cipher_list = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as i32 as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.cipher_list } else { @@ -4429,8 +4717,8 @@ unsafe extern "C" fn nss_setup_connect( data, model, SSL_CONN_CONFIG_cipher_list, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { result = CURLE_SSL_CIPHER; // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); @@ -4438,41 +4726,41 @@ unsafe extern "C" fn nss_setup_connect( } } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifypeer() as libc::c_int + ((*conn).proxy_ssl_config).verifypeer() as i32 } else { - ((*conn).ssl_config).verifypeer() as libc::c_int + ((*conn).ssl_config).verifypeer() as i32 }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifypeer = ((*conn).ssl_config).verifypeer(); #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifyhost = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_CONN_CONFIG_verifyhost = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifyhost() as libc::c_int + ((*conn).proxy_ssl_config).verifyhost() as i32 } else { - ((*conn).ssl_config).verifyhost() as libc::c_int + ((*conn).ssl_config).verifyhost() as i32 }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifyhost = ((*conn).ssl_config).verifyhost(); @@ -4486,7 +4774,8 @@ unsafe extern "C" fn nss_setup_connect( b"warning: ignoring value of ssl.verifyhost\0" as *const u8 as *const libc::c_char, ); } - +/* bypass the default SSL_AuthCertificate() hook in case we do not want to + * verify peer */ if SSL_AuthCertificateHook( model, Some( @@ -4499,37 +4788,36 @@ unsafe extern "C" fn nss_setup_connect( ) -> SECStatus, ), data as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] if true { - *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + *if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { &mut (*data).set.proxy_ssl.certverifyresult } else { &mut (*data).set.ssl.certverifyresult - } = 0 as libc::c_int as libc::c_long; + } = 0 as i64; } #[cfg(CURL_DISABLE_PROXY)] if true { (*data) .set .ssl - .certverifyresult = 0 as libc::c_int as libc::c_long; + .certverifyresult = 0 as i64; } if SSL_BadCertHook( model, @@ -4538,10 +4826,9 @@ unsafe extern "C" fn nss_setup_connect( as unsafe extern "C" fn(*mut libc::c_void, *mut PRFileDesc) -> SECStatus, ), data as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } if SSL_HandshakeCallback( @@ -4550,14 +4837,13 @@ unsafe extern "C" fn nss_setup_connect( HandshakeCallback as unsafe extern "C" fn(*mut PRFileDesc, *mut libc::c_void) -> (), ), data as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } let rv: CURLcode = nss_load_ca_certificates(data, conn, sockindex); - if rv as libc::c_uint == CURLE_SSL_CACERT_BADFILE as libc::c_int as libc::c_uint + if rv as u32 == CURLE_SSL_CACERT_BADFILE as u32 && (SSL_CONN_CONFIG_verifypeer) == 0 { Curl_infof( @@ -4566,21 +4852,20 @@ unsafe extern "C" fn nss_setup_connect( ); } else if rv as u64 != 0 { result = rv; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_CRLfile = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_SET_OPTION_CRLfile = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.CRLfile } else { @@ -4593,7 +4878,6 @@ unsafe extern "C" fn nss_setup_connect( let rv_0: CURLcode = nss_load_crl(SSL_SET_OPTION_CRLfile); if rv_0 as u64 != 0 { result = rv_0; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } Curl_infof( @@ -4604,17 +4888,17 @@ unsafe extern "C" fn nss_setup_connect( } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_primary_clientcert = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_SET_OPTION_primary_clientcert = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.primary.clientcert } else { @@ -4623,17 +4907,17 @@ unsafe extern "C" fn nss_setup_connect( #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_primary_clientcert = (*data).set.ssl.primary.clientcert; #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_key = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_SET_OPTION_key = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.key } else { @@ -4648,8 +4932,7 @@ unsafe extern "C" fn nss_setup_connect( SSL_SET_OPTION_primary_clientcert, ); if !nickname.is_null() { - let ref mut fresh18 = (*backend).obj_clicert; - *fresh18 = 0 as *mut PK11GenericObject; + (*backend).obj_clicert = 0 as *mut PK11GenericObject; } else { let mut rv_1: CURLcode = cert_stuff( data, @@ -4660,15 +4943,12 @@ unsafe extern "C" fn nss_setup_connect( ); if rv_1 as u64 != 0 { result = rv_1; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } - let ref mut fresh19 = (*backend).client_nickname; - *fresh19 = nickname; + (*backend).client_nickname = nickname; } else { - let ref mut fresh20 = (*backend).client_nickname; - *fresh20 = 0 as *mut libc::c_char; + (*backend).client_nickname = 0 as *mut libc::c_char; } #[cfg(not(CURL_DISABLE_PROXY))] if SSL_GetClientAuthDataHook( @@ -4684,22 +4964,20 @@ unsafe extern "C" fn nss_setup_connect( ) -> SECStatus, ), connssl as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { result = CURLE_SSL_CERTPROBLEM; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { nspr_io = (*(*conn).proxy_ssl[sockindex as usize].backend).nss_handle; - second_layer = 1 as libc::c_int != 0; + second_layer = 1 as i32 != 0; } else { nspr_io = PR_ImportTCPSocket(sockfd); if nspr_io.is_null() { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } @@ -4718,16 +4996,14 @@ unsafe extern "C" fn nss_setup_connect( ) -> SECStatus, ), connssl as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { result = CURLE_SSL_CERTPROBLEM; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; }else { nspr_io = PR_ImportTCPSocket(sockfd); if nspr_io.is_null() { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } @@ -4738,44 +5014,39 @@ unsafe extern "C" fn nss_setup_connect( if !second_layer { PR_Close(nspr_io); } - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - let ref mut fresh21 = (*nspr_io_stub).secret; - *fresh21 = connssl as *mut libc::c_void as *mut PRFilePrivate; - if PR_PushIOLayer(nspr_io, -(2 as libc::c_int), nspr_io_stub) as libc::c_int - != PR_SUCCESS as libc::c_int + (*nspr_io_stub).secret = connssl as *mut libc::c_void as *mut PRFilePrivate; + if PR_PushIOLayer(nspr_io, -(2 as i32), nspr_io_stub) as i32 + != PR_SUCCESS as i32 { if !second_layer { PR_Close(nspr_io); } PR_Close(nspr_io_stub); - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } - let ref mut fresh22 = (*backend).nss_handle; - *fresh22 = SSL_ImportFD(model, nspr_io); + (*backend).nss_handle = SSL_ImportFD(model, nspr_io); if ((*backend).nss_handle).is_null() { if !second_layer { PR_Close(nspr_io); } - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } PR_Close(model); model = 0 as *mut PRFileDesc; #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_key_passwd = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_SET_OPTION_key_passwd = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.key_passwd } else { @@ -4791,69 +5062,65 @@ unsafe extern "C" fn nss_setup_connect( ); } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - ((*conn).proxy_ssl_config).verifystatus() as libc::c_int + ((*conn).proxy_ssl_config).verifystatus() as i32 } else { - ((*conn).ssl_config).verifystatus() as libc::c_int + ((*conn).ssl_config).verifystatus() as i32 }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifystatus = ((*conn).ssl_config).verifystatus(); #[cfg(SSL_ENABLE_OCSP_STAPLING)] if SSL_CONN_CONFIG_verifystatus != 0 { - if SSL_OptionSet((*backend).nss_handle, 24 as libc::c_int, 1 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet((*backend).nss_handle, 24 as i32, 1 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } #[cfg(SSL_ENABLE_NPN)] if SSL_OptionSet( (*backend).nss_handle, - 25 as libc::c_int, - (if ((*conn).bits).tls_enable_npn() as libc::c_int != 0 { - 1 as libc::c_int + 25 as i32, + (if ((*conn).bits).tls_enable_npn() as i32 != 0 { + 1 as i32 } else { - 0 as libc::c_int + 0 as i32 }), - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(SSL_ENABLE_ALPN)] if SSL_OptionSet( (*backend).nss_handle, - 26 as libc::c_int, - (if ((*conn).bits).tls_enable_alpn() as libc::c_int != 0 { - 1 as libc::c_int + 26 as i32, + (if ((*conn).bits).tls_enable_alpn() as i32 != 0 { + 1 as i32 } else { - 0 as libc::c_int + 0 as i32 }), - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } if ((*data).set.ssl).falsestart() != 0 { - if SSL_OptionSet((*backend).nss_handle, 22 as libc::c_int, 1 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_OptionSet((*backend).nss_handle, 22 as i32, 1 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } if SSL_SetCanFalseStartCallback( @@ -4867,90 +5134,85 @@ unsafe extern "C" fn nss_setup_connect( ) -> SECStatus, ), data as *mut libc::c_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } #[cfg(any(SSL_ENABLE_NPN, SSL_ENABLE_ALPN))] - if ((*conn).bits).tls_enable_npn() as libc::c_int != 0 - || ((*conn).bits).tls_enable_alpn() as libc::c_int != 0 + if ((*conn).bits).tls_enable_npn() as i32 != 0 + || ((*conn).bits).tls_enable_alpn() as i32 != 0 { - let mut cur: libc::c_int = 0 as libc::c_int; - let mut protocols: [libc::c_uchar; 128] = [0; 128]; + let mut cur: i32 = 0 as i32; + let mut protocols: [u8; 128] = [0; 128]; #[cfg(USE_HTTP2)] if true{ #[cfg(not(CURL_DISABLE_PROXY))] - let CURL_DISABLE_PROXY_1 = (!(CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let CURL_DISABLE_PROXY_1 = (!(CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint) + .state as u32) || ((*conn).bits).tunnel_proxy() == 0); #[cfg(CURL_DISABLE_PROXY)] let CURL_DISABLE_PROXY_1 = true; - if (*data).state.httpwant as libc::c_int >= CURL_HTTP_VERSION_2_0 as libc::c_int + if (*data).state.httpwant as i32 >= CURL_HTTP_VERSION_2_0 as i32 && CURL_DISABLE_PROXY_1 { - let fresh23 = cur; cur = cur + 1; - protocols[fresh23 as usize] = 2 as libc::c_int as libc::c_uchar; + protocols[cur as usize] = 2 as u8; memcpy( - &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut libc::c_uchar + &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 as *mut libc::c_void, b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, - 2 as libc::c_int as libc::c_ulong, + 2 as u64, ); - cur += 2 as libc::c_int; + cur += 2 as i32; } } - let fresh24 = cur; cur = cur + 1; - protocols[fresh24 as usize] = 8 as libc::c_int as libc::c_uchar; + protocols[cur as usize] = 8 as u8; memcpy( - &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut libc::c_uchar + &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut u8 as *mut libc::c_void, b"http/1.1\0" as *const u8 as *const libc::c_char as *const libc::c_void, - 8 as libc::c_int as libc::c_ulong, + 8 as u64, ); - cur += 8 as libc::c_int; + cur += 8 as i32; if SSL_SetNextProtoNego( (*backend).nss_handle, protocols.as_mut_ptr(), - cur as libc::c_uint, - ) as libc::c_int - != SECSuccess as libc::c_int + cur as u32, + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } } - if SSL_ResetHandshake((*backend).nss_handle, 0 as libc::c_int) as libc::c_int - != SECSuccess as libc::c_int + if SSL_ResetHandshake((*backend).nss_handle, 0 as i32) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_HOST_NAME_void = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + let SSL_HOST_NAME_void = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 + != (*conn).proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).http_proxy.host.name } else { @@ -4961,19 +5223,17 @@ unsafe extern "C" fn nss_setup_connect( if SSL_SetURL( (*backend).nss_handle, SSL_HOST_NAME_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } if SSL_SetSockPeerID( (*backend).nss_handle, SSL_HOST_NAME_void, - ) as libc::c_int - != SECSuccess as libc::c_int + ) as i32 + != SECSuccess as i32 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } return CURLE_OK; @@ -4983,12 +5243,13 @@ unsafe extern "C" fn nss_setup_connect( PR_Close(model); } return nss_fail_connect(connssl, data, result); + } } // unsafe extern "C" fn nss_do_connect( // mut data: *mut Curl_easy, // mut conn: *mut connectdata, -// mut sockindex: libc::c_int, +// mut sockindex: i32, // ) -> CURLcode { // let mut current_block: u64; // let mut connssl: *mut ssl_connect_data = @@ -4996,8 +5257,8 @@ unsafe extern "C" fn nss_setup_connect( // let mut backend: *mut ssl_backend_data = (*connssl).backend; // let mut result: CURLcode = CURLE_SSL_CONNECT_ERROR; // let mut timeout: PRUint32 = 0; -// let time_left: timediff_t = Curl_timeleft(data, 0 as *mut curltime, 1 as libc::c_int != 0); -// if time_left < 0 as libc::c_int as libc::c_long { +// let time_left: timediff_t = Curl_timeleft(data, 0 as *mut curltime, 1 as i32 != 0); +// if time_left < 0 as i32 as i64 { // Curl_failf( // data, // b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, @@ -5005,46 +5266,46 @@ unsafe extern "C" fn nss_setup_connect( // result = CURLE_OPERATION_TIMEDOUT; // } else { // timeout = PR_MillisecondsToInterval(time_left as PRUint32); -// if SSL_ForceHandshakeWithTimeout((*backend).handle, timeout) as libc::c_int -// != SECSuccess as libc::c_int +// if SSL_ForceHandshakeWithTimeout((*backend).handle, timeout) as i32 +// != SECSuccess as i32 // { -// if PR_GetError() as libc::c_long == -(5998 as libc::c_long) { +// if PR_GetError() as i64 == -(5998 as i64) { // return CURLE_AGAIN; // } else { -// if (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint -// != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.certverifyresult // } else { // (*data).set.ssl.certverifyresult -// }) == SSL_ERROR_BAD_CERT_DOMAIN as libc::c_int as libc::c_long +// }) == SSL_ERROR_BAD_CERT_DOMAIN as i32 as i64 // { // result = CURLE_PEER_FAILED_VERIFICATION; -// } else if (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint -// != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// } else if (if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*data).set.proxy_ssl.certverifyresult // } else { // (*data).set.ssl.certverifyresult -// }) != 0 as libc::c_int as libc::c_long +// }) != 0 as i32 as i64 // { // result = CURLE_PEER_FAILED_VERIFICATION; // } @@ -5052,17 +5313,17 @@ unsafe extern "C" fn nss_setup_connect( // } else { // result = display_conn_info(data, (*backend).handle); // if !(result as u64 != 0) { -// if !if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint -// != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// if !if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*conn).proxy_ssl_config.issuercert // } else { @@ -5073,17 +5334,17 @@ unsafe extern "C" fn nss_setup_connect( // let mut ret: SECStatus = SECFailure; // let mut nickname: *mut libc::c_char = dup_nickname( // data, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint -// != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) as usize] -// .state as libc::c_uint +// .state as u32 // { // (*conn).proxy_ssl_config.issuercert // } else { @@ -5096,7 +5357,7 @@ unsafe extern "C" fn nss_setup_connect( // nickname as *mut libc::c_void, // ); // } -// if SECFailure as libc::c_int == ret as libc::c_int { +// if SECFailure as i32 == ret as i32 { // Curl_infof( // data, // b"SSL certificate issuer check failed\0" as *const u8 @@ -5120,25 +5381,25 @@ unsafe extern "C" fn nss_setup_connect( // _ => { // result = cmp_peer_pubkey( // connssl, -// if CURLPROXY_HTTPS as libc::c_int as libc::c_uint -// == (*conn).http_proxy.proxytype as libc::c_uint -// && ssl_connection_complete as libc::c_int as libc::c_uint -// != (*conn).proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] -// == -(1 as libc::c_int) +// if CURLPROXY_HTTPS as i32 as u32 +// == (*conn).http_proxy.proxytype as u32 +// && ssl_connection_complete as i32 as u32 +// != (*conn).proxy_ssl[(if (*conn).sock[1 as i32 as usize] +// == -(1 as i32) // { -// 0 as libc::c_int +// 0 as i32 // } else { -// 1 as libc::c_int +// 1 as i32 // }) // as usize] // .state -// as libc::c_uint +// as u32 // { // (*data).set.str_0 -// [STRING_SSL_PINNEDPUBLICKEY_PROXY as libc::c_int as usize] +// [STRING_SSL_PINNEDPUBLICKEY_PROXY as i32 as usize] // } else { // (*data).set.str_0 -// [STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize] +// [STRING_SSL_PINNEDPUBLICKEY as i32 as usize] // }, // ); // if !(result as u64 != 0) { @@ -5151,12 +5412,13 @@ unsafe extern "C" fn nss_setup_connect( // } // return nss_fail_connect(connssl, data, result); // } -unsafe extern "C" fn nss_do_connect( +extern "C" fn nss_do_connect( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, ) -> CURLcode { - let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl) + unsafe{ + let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl) .as_mut_ptr() .offset(sockindex as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; @@ -5165,32 +5427,31 @@ unsafe extern "C" fn nss_do_connect( let time_left: timediff_t = Curl_timeleft( data, 0 as *mut curltime, - 1 as libc::c_int != 0, + 1 as i32 != 0, ); 'error: loop { - if time_left < 0 as libc::c_int as libc::c_long { + if time_left < 0 as i64 { Curl_failf( data, b"timed out before SSL handshake\0" as *const u8 as *const libc::c_char, ); result = CURLE_OPERATION_TIMEDOUT; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } timeout = PR_MillisecondsToInterval(time_left as PRUint32); #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_SET_OPTION_certverifyresult = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint + let SSL_SET_OPTION_certverifyresult = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + .proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*data).set.proxy_ssl.certverifyresult } else { @@ -5198,42 +5459,40 @@ unsafe extern "C" fn nss_do_connect( }; #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_certverifyresult = (*data).set.ssl.certverifyresult; - if SSL_ForceHandshakeWithTimeout((*backend).nss_handle, timeout) as libc::c_int - != SECSuccess as libc::c_int + if SSL_ForceHandshakeWithTimeout((*backend).nss_handle, timeout) as i32 + != SECSuccess as i32 { - if PR_GetError() as libc::c_long == -(5998 as libc::c_long) { + if PR_GetError() as i64 == -(5998 as i64) { return CURLE_AGAIN } else { - if SSL_SET_OPTION_certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN as libc::c_int as libc::c_long + if SSL_SET_OPTION_certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN as i64 { result = CURLE_PEER_FAILED_VERIFICATION; - } else if SSL_SET_OPTION_certverifyresult != 0 as libc::c_int as libc::c_long + } else if SSL_SET_OPTION_certverifyresult != 0 as i64 { result = CURLE_PEER_FAILED_VERIFICATION; } } - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } result = display_conn_info(data, (*backend).nss_handle); if result as u64 != 0 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_issuercert = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint + let SSL_CONN_CONFIG_issuercert = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + .proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { (*conn).proxy_ssl_config.issuercert } else { @@ -5253,14 +5512,13 @@ unsafe extern "C" fn nss_do_connect( Curl_cfree .expect("non-null function pointer")(nickname as *mut libc::c_void); } - if SECFailure as libc::c_int == ret as libc::c_int { + if SECFailure as i32 == ret as i32 { Curl_infof( data, b"SSL certificate issuer check failed\0" as *const u8 as *const libc::c_char, ); result = CURLE_SSL_ISSUER_ERROR; - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } else { Curl_infof( @@ -5270,56 +5528,58 @@ unsafe extern "C" fn nss_do_connect( } } #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_PINNED_PUB_KEY_void = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint + let SSL_PINNED_PUB_KEY_void = if CURLPROXY_HTTPS as u32 + == (*conn).http_proxy.proxytype as u32 + && ssl_connection_complete as u32 != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) + .proxy_ssl[(if (*conn).sock[1 as usize] + == -(1 as i32) { - 0 as libc::c_int + 0 as i32 } else { - 1 as libc::c_int + 1 as i32 }) as usize] - .state as libc::c_uint + .state as u32 { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as libc::c_int as usize] + (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as usize] } else { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize] + (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as usize] }; #[cfg(CURL_DISABLE_PROXY)] let SSL_PINNED_PUB_KEY_void = (*data) .set - .str_0[STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize]; + .str_0[STRING_SSL_PINNEDPUBLICKEY as usize]; result = cmp_peer_pubkey( connssl, SSL_PINNED_PUB_KEY_void, ); if result as u64 != 0 { - // curl_mprintf(b"error\0" as *const u8 as *const libc::c_char); break 'error; } return CURLE_OK; } return nss_fail_connect(connssl, data, result); + } } -unsafe extern "C" fn nss_connect_common( +extern "C" fn nss_connect_common( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, mut done: *mut bool, ) -> CURLcode { - let mut connssl: *mut ssl_connect_data = + unsafe{ + let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; let blocking: bool = done.is_null(); let mut result: CURLcode = CURLE_OK; - if (*connssl).state as libc::c_uint == ssl_connection_complete as libc::c_int as libc::c_uint { + if (*connssl).state as u32 == ssl_connection_complete as u32 { if !blocking { - *done = 1 as libc::c_int != 0; + *done = 1 as i32 != 0; } return CURLE_OK; } - if (*connssl).connecting_state as libc::c_uint == ssl_connect_1 as libc::c_int as libc::c_uint { + /* ssl_connect_done is never used outside, go back to the initial state */ + if (*connssl).connecting_state as u32 == ssl_connect_1 as u32 { result = nss_setup_connect(data, conn, sockindex); if result as u64 != 0 { return result; @@ -5332,7 +5592,7 @@ unsafe extern "C" fn nss_connect_common( } result = nss_do_connect(data, conn, sockindex); 's_96: { - match result as libc::c_uint { + match result as u32 { 0 => { break 's_96; } @@ -5346,107 +5606,117 @@ unsafe extern "C" fn nss_connect_common( return result; } if blocking { - result = nss_set_blocking(connssl, data, 0 as libc::c_int != 0); + result = nss_set_blocking(connssl, data, 0 as i32 != 0); if result as u64 != 0 { return result; } } else { - *done = 1 as libc::c_int != 0; + *done = 1 as i32 != 0; } (*connssl).state = ssl_connection_complete; - let ref mut fresh25 = (*conn).recv[sockindex as usize]; - *fresh25 = Some(nss_recv as Curl_recv); - let ref mut fresh26 = (*conn).send[sockindex as usize]; - *fresh26 = Some(nss_send as Curl_send); + (*conn).recv[sockindex as usize] = Some(nss_recv as Curl_recv); + (*conn).send[sockindex as usize] = Some(nss_send as Curl_send); (*connssl).connecting_state = ssl_connect_1; return CURLE_OK; + } } -unsafe extern "C" fn nss_connect( +extern "C" fn nss_connect( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, ) -> CURLcode { - return nss_connect_common(data, conn, sockindex, 0 as *mut bool); + unsafe{ + return nss_connect_common(data, conn, sockindex, 0 as *mut bool); + } } -unsafe extern "C" fn nss_connect_nonblocking( +extern "C" fn nss_connect_nonblocking( mut data: *mut Curl_easy, mut conn: *mut connectdata, - mut sockindex: libc::c_int, + mut sockindex: i32, mut done: *mut bool, ) -> CURLcode { - return nss_connect_common(data, conn, sockindex, done); + unsafe{ + return nss_connect_common(data, conn, sockindex, done); + } } -unsafe extern "C" fn nss_send( +extern "C" fn nss_send( mut data: *mut Curl_easy, - mut sockindex: libc::c_int, + mut sockindex: i32, mut mem: *const libc::c_void, mut len: size_t, mut curlcode: *mut CURLcode, ) -> ssize_t { - let mut conn: *mut connectdata = (*data).conn; + unsafe{ + let mut conn: *mut connectdata = (*data).conn; let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut rc: ssize_t = 0; - let ref mut fresh27 = (*backend).data; - *fresh27 = data; + (*backend).data = data; rc = PR_Send( (*backend).nss_handle, mem, - len as libc::c_int, - 0 as libc::c_int, - 0 as libc::c_ulong as PRIntervalTime, - ) as ssize_t; - if rc < 0 as libc::c_int as libc::c_long { + len as i32, + 0 as i32, + 0 as PRIntervalTime, + ) as ssize_t;/* The SelectClientCert() hook uses this for infof() and failf() but the + handle stored in nss_setup_connect() could have already been freed. */ + if rc < 0 as i64 { let mut err: PRInt32 = PR_GetError(); - if err as libc::c_long == -(5998 as libc::c_long) { + if err as i64 == -(5998 as i64) { *curlcode = CURLE_AGAIN; } else { + /* print the error number and error string */ let mut err_name: *const libc::c_char = nss_error_to_name(err); Curl_infof( data, b"SSL write: error %d (%s)\0" as *const u8 as *const libc::c_char, err, err_name, - ); + );/* print a human-readable message describing the error if available */ nss_print_error_message(data, err as PRUint32); - *curlcode = (if is_cc_error(err) as libc::c_int != 0 { - CURLE_SSL_CERTPROBLEM as libc::c_int + *curlcode = (if is_cc_error(err) as i32 != 0 { + CURLE_SSL_CERTPROBLEM as i32 } else { - CURLE_SEND_ERROR as libc::c_int + CURLE_SEND_ERROR as i32 }) as CURLcode; } - return -(1 as libc::c_int) as ssize_t; + return -(1 as i32) as ssize_t; + } + return rc;/* number of bytes */ } - return rc; } -unsafe extern "C" fn nss_recv( - mut data: *mut Curl_easy, - mut sockindex: libc::c_int, - mut buf: *mut libc::c_char, - mut buffersize: size_t, +extern "C" fn nss_recv( + mut data: *mut Curl_easy, /* transfer */ + mut sockindex: i32,/* socketindex */ + mut buf: *mut libc::c_char, /* store read data here */ + mut buffersize: size_t, /* max amount to read */ mut curlcode: *mut CURLcode, ) -> ssize_t { - let mut conn: *mut connectdata = (*data).conn; + unsafe{ + let mut conn: *mut connectdata = (*data).conn; let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl).as_mut_ptr().offset(sockindex as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut nread: ssize_t = 0; - let ref mut fresh28 = (*backend).data; - *fresh28 = data; + (*backend).data = data; + /* The SelectClientCert() hook uses this for infof() and failf() but the + handle stored in nss_setup_connect() could have already been freed. */ nread = PR_Recv( (*backend).nss_handle, buf as *mut libc::c_void, - buffersize as libc::c_int, - 0 as libc::c_int, - 0 as libc::c_ulong as PRIntervalTime, + buffersize as i32, + 0 as i32, + 0 as PRIntervalTime, ) as ssize_t; - if nread < 0 as libc::c_int as libc::c_long { + if nread < 0 as i64 { + /* failed SSL read */ let mut err: PRInt32 = PR_GetError(); - if err as libc::c_long == -(5998 as libc::c_long) { + if err as i64 == -(5998 as i64) { *curlcode = CURLE_AGAIN; } else { + /* print the error number and error string */ let mut err_name: *const libc::c_char = nss_error_to_name(err); Curl_infof( data, @@ -5454,76 +5724,99 @@ unsafe extern "C" fn nss_recv( err, err_name, ); + /* print a human-readable message describing the error if available */ nss_print_error_message(data, err as PRUint32); - *curlcode = (if is_cc_error(err) as libc::c_int != 0 { - CURLE_SSL_CERTPROBLEM as libc::c_int + *curlcode = (if is_cc_error(err) as i32 != 0 { + CURLE_SSL_CERTPROBLEM as i32 } else { - CURLE_RECV_ERROR as libc::c_int + CURLE_RECV_ERROR as i32 }) as CURLcode; } - return -(1 as libc::c_int) as ssize_t; + return -(1 as i32) as ssize_t; } return nread; + } } -unsafe extern "C" fn nss_version(mut buffer: *mut libc::c_char, mut size: size_t) -> size_t { - return curl_msnprintf( - buffer, - size, - b"NSS/%s\0" as *const u8 as *const libc::c_char, - NSS_GetVersion(), - ) as size_t; +extern "C" fn nss_version(mut buffer: *mut libc::c_char, mut size: size_t) -> size_t { + unsafe{ + return curl_msnprintf( + buffer, + size, + b"NSS/%s\0" as *const u8 as *const libc::c_char, + NSS_GetVersion(), + ) as size_t; + } } -unsafe extern "C" fn Curl_nss_seed(mut data: *mut Curl_easy) -> libc::c_int { - return (Curl_nss_force_init(data) as u64 != 0) as libc::c_int; + +/* data might be NULL */ +extern "C" fn Curl_nss_seed(mut data: *mut Curl_easy) -> i32 { + unsafe{ + /* make sure that NSS is initialized */ + return (Curl_nss_force_init(data) as u64 != 0) as i32; + } } -unsafe extern "C" fn nss_random( + +/* data might be NULL */ +extern "C" fn nss_random( mut data: *mut Curl_easy, - mut entropy: *mut libc::c_uchar, + mut entropy: *mut u8, mut length: size_t, ) -> CURLcode { - Curl_nss_seed(data); - if SECSuccess as libc::c_int - != PK11_GenerateRandom(entropy, curlx_uztosi(length)) as libc::c_int - { - return CURLE_FAILED_INIT; + unsafe{ + Curl_nss_seed(data);/* Initiate the seed if not already done */ + + if SECSuccess as i32 + != PK11_GenerateRandom(entropy, curlx_uztosi(length)) as i32 + { + /* signal a failure */ + return CURLE_FAILED_INIT; + } + return CURLE_OK; } - return CURLE_OK; } -unsafe extern "C" fn nss_sha256sum( - mut tmp: *const libc::c_uchar, +extern "C" fn nss_sha256sum( + mut tmp: *const u8, /* input */ mut tmplen: size_t, - mut sha256sum: *mut libc::c_uchar, + mut sha256sum: *mut u8,/* output */ mut sha256len: size_t, ) -> CURLcode { - let mut SHA256pw: *mut PK11Context = PK11_CreateDigestContext(SEC_OID_SHA256); - let mut SHA256out: libc::c_uint = 0; + unsafe{ + let mut SHA256pw: *mut PK11Context = PK11_CreateDigestContext(SEC_OID_SHA256); + let mut SHA256out: u32 = 0; if SHA256pw.is_null() { return CURLE_NOT_BUILT_IN; } PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen)); PK11_DigestFinal(SHA256pw, sha256sum, &mut SHA256out, curlx_uztoui(sha256len)); - PK11_DestroyContext(SHA256pw, 1 as libc::c_int); + PK11_DestroyContext(SHA256pw, 1 as i32); return CURLE_OK; + } } -unsafe extern "C" fn nss_cert_status_request() -> bool { - #[cfg(SSL_ENABLE_OCSP_STAPLING)] - return 1 as libc::c_int != 0; +extern "C" fn nss_cert_status_request() -> bool { + unsafe{ + #[cfg(SSL_ENABLE_OCSP_STAPLING)] + return 1 as i32 != 0; #[cfg(not(SSL_ENABLE_OCSP_STAPLING))] - return 0 as libc::c_int != 0; + return 0 as i32 != 0; + } } -unsafe extern "C" fn nss_false_start() -> bool { - // #[cfg(NSSVERNUM >= 0x030f04)] - return 1 as libc::c_int != 0; +extern "C" fn nss_false_start() -> bool { + unsafe{ + // #[cfg(NSSVERNUM >= 0x030f04)] + return 1 as i32 != 0;/* 3.15.4 */ + } } -unsafe extern "C" fn nss_get_internals( +extern "C" fn nss_get_internals( mut connssl: *mut ssl_connect_data, mut info: CURLINFO, ) -> *mut libc::c_void { - let mut backend: *mut ssl_backend_data = (*connssl).backend; + unsafe{ + let mut backend: *mut ssl_backend_data = (*connssl).backend; return (*backend).nss_handle as *mut libc::c_void; + } } #[no_mangle] -pub static mut Curl_ssl_nss: Curl_ssl = unsafe { +pub static mut Curl_ssl_nss: Curl_ssl = { { let mut init = Curl_ssl { info: { @@ -5533,30 +5826,30 @@ pub static mut Curl_ssl_nss: Curl_ssl = unsafe { }; init }, - supports: ((1 as libc::c_int) << 0 as libc::c_int - | (1 as libc::c_int) << 1 as libc::c_int - | (1 as libc::c_int) << 2 as libc::c_int - | (1 as libc::c_int) << 4 as libc::c_int) as libc::c_uint, - sizeof_ssl_backend_data: ::std::mem::size_of::() as libc::c_ulong, - init: Some(nss_init as unsafe extern "C" fn() -> libc::c_int), + supports: ((1 as i32) << 0 as i32 + | (1 as i32) << 1 as i32 + | (1 as i32) << 2 as i32 + | (1 as i32) << 4 as i32) as u32, + sizeof_ssl_backend_data: ::std::mem::size_of::() as u64, + init: Some(nss_init as unsafe extern "C" fn() -> i32), cleanup: Some(nss_cleanup as unsafe extern "C" fn() -> ()), version: Some(nss_version as unsafe extern "C" fn(*mut libc::c_char, size_t) -> size_t), - check_cxn: Some(nss_check_cxn as unsafe extern "C" fn(*mut connectdata) -> libc::c_int), + check_cxn: Some(nss_check_cxn as unsafe extern "C" fn(*mut connectdata) -> i32), shut_down: Some( Curl_none_shutdown as unsafe extern "C" fn( *mut Curl_easy, *mut connectdata, - libc::c_int, - ) -> libc::c_int, + i32, + ) -> i32, ), data_pending: Some( Curl_none_data_pending - as unsafe extern "C" fn(*const connectdata, libc::c_int) -> bool, + as unsafe extern "C" fn(*const connectdata, i32) -> bool, ), random: Some( nss_random - as unsafe extern "C" fn(*mut Curl_easy, *mut libc::c_uchar, size_t) -> CURLcode, + as unsafe extern "C" fn(*mut Curl_easy, *mut u8, size_t) -> CURLcode, ), cert_status_request: Some(nss_cert_status_request as unsafe extern "C" fn() -> bool), connect_blocking: Some( @@ -5564,7 +5857,7 @@ pub static mut Curl_ssl_nss: Curl_ssl = unsafe { as unsafe extern "C" fn( *mut Curl_easy, *mut connectdata, - libc::c_int, + i32, ) -> CURLcode, ), connect_nonblocking: Some( @@ -5572,13 +5865,13 @@ pub static mut Curl_ssl_nss: Curl_ssl = unsafe { as unsafe extern "C" fn( *mut Curl_easy, *mut connectdata, - libc::c_int, + i32, *mut bool, ) -> CURLcode, ), getsock: Some( Curl_ssl_getsock - as unsafe extern "C" fn(*mut connectdata, *mut curl_socket_t) -> libc::c_int, + as unsafe extern "C" fn(*mut connectdata, *mut curl_socket_t) -> i32, ), get_internals: Some( nss_get_internals @@ -5586,7 +5879,7 @@ pub static mut Curl_ssl_nss: Curl_ssl = unsafe { ), close_one: Some( nss_close - as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, libc::c_int) -> (), + as unsafe extern "C" fn(*mut Curl_easy, *mut connectdata, i32) -> (), ), close_all: Some(Curl_none_close_all as unsafe extern "C" fn(*mut Curl_easy) -> ()), session_free: Some( @@ -5606,9 +5899,9 @@ pub static mut Curl_ssl_nss: Curl_ssl = unsafe { sha256sum: Some( nss_sha256sum as unsafe extern "C" fn( - *const libc::c_uchar, + *const u8, size_t, - *mut libc::c_uchar, + *mut u8, size_t, ) -> CURLcode, ), diff --git a/rust/rust_project/src/vtls/openssl.rs b/rust/rust_project/src/vtls/openssl.rs index 415af759640e97df4aec95ad50d9296dca3655aa..13949d301b86b8f8f4e886e9350811aff6186f33 100644 --- a/rust/rust_project/src/vtls/openssl.rs +++ b/rust/rust_project/src/vtls/openssl.rs @@ -213,6 +213,19 @@ unsafe extern "C" fn passwd_callback( mut encrypting: libc::c_int, mut global_passwd: *mut libc::c_void, ) -> libc::c_int { + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if 0 as libc::c_int == encrypting {} else { + __assert_fail( + b"0 == encrypting\0" as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 416 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 46], + &[libc::c_char; 46], + >(b"int passwd_callback(char *, int, int, void *)\0")) + .as_ptr(), + ); + } if encrypting == 0 { let mut klen: libc::c_int = curlx_uztosi( strlen(global_passwd as *mut libc::c_char), @@ -686,91 +699,91 @@ unsafe extern "C" fn cert_stuff( // DONE - 804 42 => { #[cfg(all(USE_OPENSSL_ENGINE, ENGINE_CTRL_GET_CMD_FROM_NAME))] - if ((*data).state.engine).is_null() { - if is_pkcs11_uri(cert_file) { - if ossl_set_engine( - data, - b"pkcs11\0" as *const u8 as *const libc::c_char, - ) as libc::c_uint != CURLE_OK as libc::c_int as libc::c_uint - { - return 0 as libc::c_int; - } - } - } - #[cfg(all(USE_OPENSSL_ENGINE, ENGINE_CTRL_GET_CMD_FROM_NAME))] - if !((*data).state.engine).is_null() { - let mut cmd_name: *const libc::c_char = b"LOAD_CERT_CTRL\0" - as *const u8 as *const libc::c_char; - let mut params: C2RustUnnamed_13 = C2RustUnnamed_13 { - cert_id: 0 as *const libc::c_char, - cert: 0 as *mut X509, - }; - params.cert_id = cert_file; - params.cert = 0 as *mut X509; - if ENGINE_ctrl( - (*data).state.engine as *mut ENGINE, - 13 as libc::c_int, - 0 as libc::c_int as libc::c_long, - cmd_name as *mut libc::c_void, - None, - ) == 0 - { - Curl_failf( - data, - b"ssl engine does not support loading certificates\0" - as *const u8 as *const libc::c_char, - ); - return 0 as libc::c_int; - } - if ENGINE_ctrl_cmd( - (*data).state.engine as *mut ENGINE, - cmd_name, - 0 as libc::c_int as libc::c_long, - &mut params as *mut C2RustUnnamed_13 as *mut libc::c_void, - None, - 1 as libc::c_int, - ) == 0 + if ((*data).state.engine).is_null() { + if is_pkcs11_uri(cert_file) { + if ossl_set_engine( + data, + b"pkcs11\0" as *const u8 as *const libc::c_char, + ) as libc::c_uint != CURLE_OK as libc::c_int as libc::c_uint { - Curl_failf( - data, - b"ssl engine cannot load client cert with id '%s' [%s]\0" - as *const u8 as *const libc::c_char, - cert_file, - ossl_strerror( - ERR_get_error(), - error_buffer.as_mut_ptr(), - ::std::mem::size_of::<[libc::c_char; 256]>() - as libc::c_ulong, - ), - ); - return 0 as libc::c_int; - } - if (params.cert).is_null() { - Curl_failf( - data, - b"ssl engine didn't initialized the certificate properly.\0" - as *const u8 as *const libc::c_char, - ); - return 0 as libc::c_int; - } - if SSL_CTX_use_certificate(ctx, params.cert) != 1 as libc::c_int { - Curl_failf( - data, - b"unable to set client certificate\0" as *const u8 - as *const libc::c_char, - ); - X509_free(params.cert); return 0 as libc::c_int; } - X509_free(params.cert); - } else { + } + } + #[cfg(all(USE_OPENSSL_ENGINE, ENGINE_CTRL_GET_CMD_FROM_NAME))] + if !((*data).state.engine).is_null() { + let mut cmd_name: *const libc::c_char = b"LOAD_CERT_CTRL\0" + as *const u8 as *const libc::c_char; + let mut params: openssl_C2RustUnnamed_13 = openssl_C2RustUnnamed_13 { + cert_id: 0 as *const libc::c_char, + cert: 0 as *mut X509, + }; + params.cert_id = cert_file; + params.cert = 0 as *mut X509; + if ENGINE_ctrl( + (*data).state.engine as *mut ENGINE, + 13 as libc::c_int, + 0 as libc::c_int as libc::c_long, + cmd_name as *mut libc::c_void, + None, + ) == 0 + { + Curl_failf( + data, + b"ssl engine does not support loading certificates\0" + as *const u8 as *const libc::c_char, + ); + return 0 as libc::c_int; + } + if ENGINE_ctrl_cmd( + (*data).state.engine as *mut ENGINE, + cmd_name, + 0 as libc::c_int as libc::c_long, + &mut params as *mut openssl_C2RustUnnamed_13 as *mut libc::c_void, + None, + 1 as libc::c_int, + ) == 0 + { + Curl_failf( + data, + b"ssl engine cannot load client cert with id '%s' [%s]\0" + as *const u8 as *const libc::c_char, + cert_file, + ossl_strerror( + ERR_get_error(), + error_buffer.as_mut_ptr(), + ::std::mem::size_of::<[libc::c_char; 256]>() + as libc::c_ulong, + ), + ); + return 0 as libc::c_int; + } + if (params.cert).is_null() { + Curl_failf( + data, + b"ssl engine didn't initialized the certificate properly.\0" + as *const u8 as *const libc::c_char, + ); + return 0 as libc::c_int; + } + if SSL_CTX_use_certificate(ctx, params.cert) != 1 as libc::c_int { Curl_failf( data, - b"crypto engine not set, can't load certificate\0" as *const u8 + b"unable to set client certificate\0" as *const u8 as *const libc::c_char, ); + X509_free(params.cert); return 0 as libc::c_int; } + X509_free(params.cert); + } else { + Curl_failf( + data, + b"crypto engine not set, can't load certificate\0" as *const u8 + as *const libc::c_char, + ); + return 0 as libc::c_int; + } #[cfg(any(not(USE_OPENSSL_ENGINE), not(ENGINE_CTRL_GET_CMD_FROM_NAME)))] Curl_failf( data, @@ -779,7 +792,7 @@ unsafe extern "C" fn cert_stuff( ); #[cfg(any(not(USE_OPENSSL_ENGINE), not(ENGINE_CTRL_GET_CMD_FROM_NAME)))] return 0 as libc::c_int; - } + } 43 => { let mut cert_bio: *mut BIO = 0 as *mut BIO; let mut p12: *mut PKCS12 = 0 as *mut PKCS12; @@ -990,88 +1003,88 @@ unsafe extern "C" fn cert_stuff( match () { #[cfg(USE_OPENSSL_ENGINE)] _ => { - let mut priv_key: *mut EVP_PKEY = 0 as *mut EVP_PKEY; - if ((*data).state.engine).is_null() { - if is_pkcs11_uri(key_file) { - if ossl_set_engine( - data, - b"pkcs11\0" as *const u8 as *const libc::c_char, - ) as libc::c_uint != CURLE_OK as libc::c_int as libc::c_uint - { - return 0 as libc::c_int; - } - } - } - if !((*data).state.engine).is_null() { - let mut ui_method: *mut UI_METHOD = UI_create_method( - b"curl user interface\0" as *const u8 as *const libc::c_char - as *mut libc::c_char, - ); - if ui_method.is_null() { - Curl_failf( - data, - b"unable do create OpenSSL user-interface method\0" - as *const u8 as *const libc::c_char, - ); - return 0 as libc::c_int; - } - UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL())); - UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL())); - UI_method_set_reader( - ui_method, - Some( - ssl_ui_reader - as unsafe extern "C" fn( - *mut UI, - *mut UI_STRING, - ) -> libc::c_int, - ), - ); - UI_method_set_writer( - ui_method, - Some( - ssl_ui_writer - as unsafe extern "C" fn( - *mut UI, - *mut UI_STRING, - ) -> libc::c_int, - ), - ); - priv_key = ENGINE_load_private_key( - (*data).state.engine as *mut ENGINE, - key_file, - ui_method, - key_passwd as *mut libc::c_void, - ); - UI_destroy_method(ui_method); - if priv_key.is_null() { - Curl_failf( - data, - b"failed to load private key from crypto engine\0" - as *const u8 as *const libc::c_char, - ); - return 0 as libc::c_int; - } - if SSL_CTX_use_PrivateKey(ctx, priv_key) != 1 as libc::c_int { - Curl_failf( - data, - b"unable to set private key\0" as *const u8 - as *const libc::c_char, - ); - EVP_PKEY_free(priv_key); - return 0 as libc::c_int; - } - EVP_PKEY_free(priv_key); - } else { - Curl_failf( - data, - b"crypto engine not set, can't load private key\0" as *const u8 - as *const libc::c_char, - ); + let mut priv_key: *mut EVP_PKEY = 0 as *mut EVP_PKEY; + if ((*data).state.engine).is_null() { + if is_pkcs11_uri(key_file) { + if ossl_set_engine( + data, + b"pkcs11\0" as *const u8 as *const libc::c_char, + ) as libc::c_uint != CURLE_OK as libc::c_int as libc::c_uint + { return 0 as libc::c_int; } - current_block_141 = 14358540534591340610; } + } + if !((*data).state.engine).is_null() { + let mut ui_method: *mut UI_METHOD = UI_create_method( + b"curl user interface\0" as *const u8 as *const libc::c_char + as *mut libc::c_char, + ); + if ui_method.is_null() { + Curl_failf( + data, + b"unable do create OpenSSL user-interface method\0" + as *const u8 as *const libc::c_char, + ); + return 0 as libc::c_int; + } + UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL())); + UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL())); + UI_method_set_reader( + ui_method, + Some( + ssl_ui_reader + as unsafe extern "C" fn( + *mut UI, + *mut UI_STRING, + ) -> libc::c_int, + ), + ); + UI_method_set_writer( + ui_method, + Some( + ssl_ui_writer + as unsafe extern "C" fn( + *mut UI, + *mut UI_STRING, + ) -> libc::c_int, + ), + ); + priv_key = ENGINE_load_private_key( + (*data).state.engine as *mut ENGINE, + key_file, + ui_method, + key_passwd as *mut libc::c_void, + ); + UI_destroy_method(ui_method); + if priv_key.is_null() { + Curl_failf( + data, + b"failed to load private key from crypto engine\0" + as *const u8 as *const libc::c_char, + ); + return 0 as libc::c_int; + } + if SSL_CTX_use_PrivateKey(ctx, priv_key) != 1 as libc::c_int { + Curl_failf( + data, + b"unable to set private key\0" as *const u8 + as *const libc::c_char, + ); + EVP_PKEY_free(priv_key); + return 0 as libc::c_int; + } + EVP_PKEY_free(priv_key); + } else { + Curl_failf( + data, + b"crypto engine not set, can't load private key\0" as *const u8 + as *const libc::c_char, + ); + return 0 as libc::c_int; + } + current_block_141 = 14358540534591340610; + } #[cfg(not(USE_OPENSSL_ENGINE))] _ => { Curl_failf( @@ -1335,11 +1348,13 @@ unsafe extern "C" fn ossl_check_cxn(mut conn: *mut connectdata) -> libc::c_int { let mut buf: libc::c_char = 0; #[cfg(MSG_PEEK)] let mut nread: ssize_t = recv( - (*conn).sock[0 as libc::c_int as usize], - &mut buf as *mut libc::c_char as *mut libc::c_void, - 1 as libc::c_int as size_t, - MSG_PEEK as libc::c_int, - ); + (*conn).sock[0 as libc::c_int as usize], + &mut buf as *mut libc::c_char as *mut libc::c_void, + 1 as libc::c_int as size_t, + MSG_PEEK as libc::c_int, + 1268 as libc::c_int, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + ); #[cfg(MSG_PEEK)] if nread == 0 as libc::c_int as libc::c_long { return 0 as libc::c_int; @@ -1392,41 +1407,41 @@ unsafe extern "C" fn ossl_set_engine( mut engine: *const libc::c_char, ) -> CURLcode { if cfg!(USE_OPENSSL_ENGINE){ - let mut e: *mut ENGINE = 0 as *mut ENGINE; - e = ENGINE_by_id(engine); - if e.is_null() { - Curl_failf( - data, - b"SSL Engine '%s' not found\0" as *const u8 as *const libc::c_char, - engine, - ); - return CURLE_SSL_ENGINE_NOTFOUND; - } - if !((*data).state.engine).is_null() { - ENGINE_finish((*data).state.engine as *mut ENGINE); - ENGINE_free((*data).state.engine as *mut ENGINE); - let ref mut fresh0 = (*data).state.engine; - *fresh0 = 0 as *mut libc::c_void; - } - if ENGINE_init(e) == 0 { - let mut buf: [libc::c_char; 256] = [0; 256]; - ENGINE_free(e); - Curl_failf( - data, - b"Failed to initialise SSL Engine '%s': %s\0" as *const u8 - as *const libc::c_char, - engine, - ossl_strerror( - ERR_get_error(), - buf.as_mut_ptr(), - ::std::mem::size_of::<[libc::c_char; 256]>() as libc::c_ulong, - ), - ); - return CURLE_SSL_ENGINE_INITFAILED; - } - let ref mut fresh1 = (*data).state.engine; - *fresh1 = e as *mut libc::c_void; - return CURLE_OK; + let mut e: *mut ENGINE = 0 as *mut ENGINE; + e = ENGINE_by_id(engine); + if e.is_null() { + Curl_failf( + data, + b"SSL Engine '%s' not found\0" as *const u8 as *const libc::c_char, + engine, + ); + return CURLE_SSL_ENGINE_NOTFOUND; + } + if !((*data).state.engine).is_null() { + ENGINE_finish((*data).state.engine as *mut ENGINE); + ENGINE_free((*data).state.engine as *mut ENGINE); + let ref mut fresh0 = (*data).state.engine; + *fresh0 = 0 as *mut libc::c_void; + } + if ENGINE_init(e) == 0 { + let mut buf: [libc::c_char; 256] = [0; 256]; + ENGINE_free(e); + Curl_failf( + data, + b"Failed to initialise SSL Engine '%s': %s\0" as *const u8 + as *const libc::c_char, + engine, + ossl_strerror( + ERR_get_error(), + buf.as_mut_ptr(), + ::std::mem::size_of::<[libc::c_char; 256]>() as libc::c_ulong, + ), + ); + return CURLE_SSL_ENGINE_INITFAILED; + } + let ref mut fresh1 = (*data).state.engine; + *fresh1 = e as *mut libc::c_void; + return CURLE_OK; }else{ Curl_infof( data, @@ -1437,45 +1452,45 @@ unsafe extern "C" fn ossl_set_engine( } unsafe extern "C" fn ossl_set_engine_default(mut data: *mut Curl_easy) -> CURLcode { if cfg!(USE_OPENSSL_ENGINE){ - if !((*data).state.engine).is_null() { - if ENGINE_set_default( - (*data).state.engine as *mut ENGINE, - 0xffff as libc::c_int as libc::c_uint, - ) > 0 as libc::c_int - { - Curl_infof( - data, - b"set default crypto engine '%s'\0" as *const u8 as *const libc::c_char, - ENGINE_get_id((*data).state.engine as *const ENGINE), - ); - } else { - Curl_failf( - data, - b"set default crypto engine '%s' failed\0" as *const u8 - as *const libc::c_char, - ENGINE_get_id((*data).state.engine as *const ENGINE), - ); - return CURLE_SSL_ENGINE_SETFAILED; - } + if !((*data).state.engine).is_null() { + if ENGINE_set_default( + (*data).state.engine as *mut ENGINE, + 0xffff as libc::c_int as libc::c_uint, + ) > 0 as libc::c_int + { + Curl_infof( + data, + b"set default crypto engine '%s'\0" as *const u8 as *const libc::c_char, + ENGINE_get_id((*data).state.engine as *const ENGINE), + ); + } else { + Curl_failf( + data, + b"set default crypto engine '%s' failed\0" as *const u8 + as *const libc::c_char, + ENGINE_get_id((*data).state.engine as *const ENGINE), + ); + return CURLE_SSL_ENGINE_SETFAILED; } } + } return CURLE_OK; } unsafe extern "C" fn ossl_engines_list(mut data: *mut Curl_easy) -> *mut curl_slist { let mut list: *mut curl_slist = 0 as *mut curl_slist; if cfg!(USE_OPENSSL_ENGINE){ - let mut beg: *mut curl_slist = 0 as *mut curl_slist; - let mut e: *mut ENGINE = 0 as *mut ENGINE; - e = ENGINE_get_first(); - while !e.is_null() { - beg = curl_slist_append(list, ENGINE_get_id(e)); - if beg.is_null() { - curl_slist_free_all(list); - return 0 as *mut curl_slist; - } - list = beg; - e = ENGINE_get_next(e); + let mut beg: *mut curl_slist = 0 as *mut curl_slist; + let mut e: *mut ENGINE = 0 as *mut ENGINE; + e = ENGINE_get_first(); + while !e.is_null() { + beg = curl_slist_append(list, ENGINE_get_id(e)); + if beg.is_null() { + curl_slist_free_all(list); + return 0 as *mut curl_slist; } + list = beg; + e = ENGINE_get_next(e); + } } return list; } @@ -1627,32 +1642,32 @@ unsafe extern "C" fn ossl_shutdown( } if ((*data).set).verbose() != 0 { if cfg!(HAVE_SSL_GET_SHUTDOWN){ - match SSL_get_shutdown((*backend).handle) { - 1 => { - Curl_infof( - data, - b"SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\0" as *const u8 - as *const libc::c_char, - ); - } - 2 => { - Curl_infof( - data, - b"SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\0" - as *const u8 as *const libc::c_char, - ); - } - 3 => { - Curl_infof( - data, - b"SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|SSL_RECEIVED__SHUTDOWN\0" - as *const u8 as *const libc::c_char, - ); - } - _ => {} + match SSL_get_shutdown((*backend).handle) { + 1 => { + Curl_infof( + data, + b"SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\0" as *const u8 + as *const libc::c_char, + ); } - } + 2 => { + Curl_infof( + data, + b"SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\0" + as *const u8 as *const libc::c_char, + ); + } + 3 => { + Curl_infof( + data, + b"SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|SSL_RECEIVED__SHUTDOWN\0" + as *const u8 as *const libc::c_char, + ); + } + _ => {} + } } + } SSL_free((*backend).handle); let ref mut fresh6 = (*backend).handle; *fresh6 = 0 as *mut SSL; @@ -1830,9 +1845,9 @@ unsafe extern "C" fn verifyhost( 7 => { #[cfg(ENABLE_IPV6)] let ENABLE_IPV6_a = memcmp( - altptr as *const libc::c_void, - &mut addr as *mut in6_addr as *const libc::c_void, - altlen, + altptr as *const libc::c_void, + &mut addr as *mut in6_addr as *const libc::c_void, + altlen, ) == 0; #[cfg(not(ENABLE_IPV6))] let ENABLE_IPV6_a = memcmp( @@ -2510,23 +2525,23 @@ unsafe extern "C" fn set_ssl_version_min_max( } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_version_max = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*conn).proxy_ssl_config.version_max - } else { - (*conn).ssl_config.version_max - }; - #[cfg(CURL_DISABLE_PROXY)] + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*conn).proxy_ssl_config.version_max + } else { + (*conn).ssl_config.version_max + }; + #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_version_max = (*conn).ssl_config.version_max; curl_ssl_version_max = SSL_CONN_CONFIG_version_max; @@ -2611,21 +2626,21 @@ unsafe extern "C" fn ossl_new_session_cb( } != 0; #[cfg(not(CURL_DISABLE_PROXY))] let SSL_SET_OPTION_primary_sessionid = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int - } else { - ((*data).set.ssl.primary).sessionid() as libc::c_int + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int + } else { + ((*data).set.ssl.primary).sessionid() as libc::c_int }; #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_primary_sessionid = ((*data).set.ssl.primary).sessionid(); @@ -3208,6 +3223,24 @@ unsafe extern "C" fn ossl_connect_step1( let mut error_buffer: [libc::c_char; 256] = [0; 256]; let mut backend: *mut ssl_backend_data = (*connssl).backend; let mut imported_native_ca: bool = 0 as libc::c_int != 0; + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ssl_connect_1 as libc::c_int as libc::c_uint + == (*connssl).connecting_state as libc::c_uint + {} else { + __assert_fail( + b"ssl_connect_1 == connssl->connecting_state\0" as *const u8 + as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 2628 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step1(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } result = ossl_seed(data); if result as u64 != 0 { return result; @@ -3238,6 +3271,21 @@ unsafe extern "C" fn ossl_connect_step1( return CURLE_SSL_CONNECT_ERROR; } } + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ((*backend).ctx).is_null() {} else { + __assert_fail( + b"!backend->ctx\0" as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 2665 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step1(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } let ref mut fresh8 = (*backend).ctx; *fresh8 = SSL_CTX_new(req_method); if ((*backend).ctx).is_null() { @@ -3363,38 +3411,38 @@ unsafe extern "C" fn ossl_connect_step1( if cfg!(USE_HTTP2){ #[cfg(not(CURL_DISABLE_PROXY))] let CURL_DISABLE_PROXY_flag_1 = (!(CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] .state as libc::c_uint) || ((*conn).bits).tunnel_proxy() == 0); #[cfg(CURL_DISABLE_PROXY)] let CURL_DISABLE_PROXY_flag_1 = true; if (*data).state.httpwant as libc::c_int >= CURL_HTTP_VERSION_2_0 as libc::c_int && CURL_DISABLE_PROXY_flag_1 - { - let fresh10 = cur; - cur = cur + 1; - protocols[fresh10 as usize] = 2 as libc::c_int as libc::c_uchar; - memcpy( - &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut libc::c_uchar - as *mut libc::c_void, - b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, - 2 as libc::c_int as libc::c_ulong, - ); - cur += 2 as libc::c_int; - Curl_infof( - data, - b"ALPN, offering %s\0" as *const u8 as *const libc::c_char, - b"h2\0" as *const u8 as *const libc::c_char, - ); - } + { + let fresh10 = cur; + cur = cur + 1; + protocols[fresh10 as usize] = 2 as libc::c_int as libc::c_uchar; + memcpy( + &mut *protocols.as_mut_ptr().offset(cur as isize) as *mut libc::c_uchar + as *mut libc::c_void, + b"h2\0" as *const u8 as *const libc::c_char as *const libc::c_void, + 2 as libc::c_int as libc::c_ulong, + ); + cur += 2 as libc::c_int; + Curl_infof( + data, + b"ALPN, offering %s\0" as *const u8 as *const libc::c_char, + b"h2\0" as *const u8 as *const libc::c_char, + ); + } } let fresh11 = cur; cur = cur + 1; @@ -3428,79 +3476,79 @@ unsafe extern "C" fn ossl_connect_step1( if !ssl_cert.is_null() || !ssl_cert_blob.is_null() || !ssl_cert_type.is_null() { #[cfg(not(CURL_DISABLE_PROXY))] let cert_stuff_flag = cert_stuff( - data, - (*backend).ctx, - ssl_cert, - ssl_cert_blob, - ssl_cert_type, - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*data).set.proxy_ssl.key - } else { - (*data).set.ssl.key - }), - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*data).set.proxy_ssl.key_blob - } else { - (*data).set.ssl.key_blob - }), - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*data).set.proxy_ssl.key_type - } else { - (*data).set.ssl.key_type - }), - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*data).set.proxy_ssl.key_passwd - } else { - (*data).set.ssl.key_passwd - }), + data, + (*backend).ctx, + ssl_cert, + ssl_cert_blob, + ssl_cert_type, + (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*data).set.proxy_ssl.key + } else { + (*data).set.ssl.key + }), + (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*data).set.proxy_ssl.key_blob + } else { + (*data).set.ssl.key_blob + }), + (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*data).set.proxy_ssl.key_type + } else { + (*data).set.ssl.key_type + }), + (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*data).set.proxy_ssl.key_passwd + } else { + (*data).set.ssl.key_passwd + }), ); #[cfg(CURL_DISABLE_PROXY)] let cert_stuff_flag = cert_stuff( @@ -3526,22 +3574,22 @@ unsafe extern "C" fn ossl_connect_step1( #[cfg(not(CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_cipher_list = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*conn).proxy_ssl_config.cipher_list - } else { - (*conn).ssl_config.cipher_list - }; + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*conn).proxy_ssl_config.cipher_list + } else { + (*conn).ssl_config.cipher_list + }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_cipher_list = (*conn).ssl_config.cipher_list; ciphers = SSL_CONN_CONFIG_cipher_list; @@ -3747,7 +3795,7 @@ unsafe extern "C" fn ossl_connect_step1( as *const libc::c_char, ); return CURLE_SSL_CIPHER; - } + } } #[cfg(CURL_DISABLE_PROXY)] if ((*conn).ssl_config.cipher_list).is_null() { @@ -4170,7 +4218,7 @@ unsafe extern "C" fn ossl_connect_step1( 2 as libc::c_int, hostname, &mut addr as *mut in_addr as *mut libc::c_void, - ) && sni as libc::c_int != 0 + ) && sni as libc::c_int != 0 { let mut nlen: size_t = strlen(hostname); if nlen as libc::c_long >= (*data).set.buffer_size { @@ -4313,7 +4361,66 @@ unsafe extern "C" fn ossl_connect_step1( ); } Curl_ssl_sessionid_unlock(data); - if SSL_set_fd((*backend).handle, sockfd) == 0 { + if ((*conn).proxy_ssl[sockindex as usize]).use_0() != 0 { + let bio: *mut BIO = BIO_new(BIO_f_ssl()); + let mut handle: *mut SSL = (*(*conn).proxy_ssl[sockindex as usize].backend) + .handle; + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ssl_connection_complete as libc::c_int as libc::c_uint + == (*conn).proxy_ssl[sockindex as usize].state as libc::c_uint + {} else { + __assert_fail( + b"ssl_connection_complete == conn->proxy_ssl[sockindex].state\0" + as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 3264 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step1(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if !handle.is_null() {} else { + __assert_fail( + b"handle != ((void*)0)\0" as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 3265 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step1(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if !bio.is_null() {} else { + __assert_fail( + b"bio != ((void*)0)\0" as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 3266 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step1(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } + BIO_ctrl( + bio, + 109 as libc::c_int, + 0 as libc::c_int as libc::c_long, + handle as *mut libc::c_char as *mut libc::c_void, + ); + SSL_set_bio((*backend).handle, bio, bio); + } else if SSL_set_fd((*backend).handle, sockfd) == 0 { Curl_failf( data, b"SSL: SSL_set_fd failed: %s\0" as *const u8 as *const libc::c_char, @@ -4342,6 +4449,28 @@ unsafe extern "C" fn ossl_connect_step2( .as_mut_ptr() .offset(sockindex as isize) as *mut ssl_connect_data; let mut backend: *mut ssl_backend_data = (*connssl).backend; + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ssl_connect_2 as libc::c_int as libc::c_uint + == (*connssl).connecting_state as libc::c_uint + || ssl_connect_2_reading as libc::c_int as libc::c_uint + == (*connssl).connecting_state as libc::c_uint + || ssl_connect_2_writing as libc::c_int as libc::c_uint + == (*connssl).connecting_state as libc::c_uint + {} else { + __assert_fail( + b"ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state\0" + as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 3292 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step2(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } ERR_clear_error(); err = SSL_connect((*backend).handle); // TODO @@ -4390,23 +4519,23 @@ unsafe extern "C" fn ossl_connect_step2( if lerr != 0 as libc::c_int as libc::c_long { #[cfg(not(CURL_DISABLE_PROXY))] if true { - *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - &mut (*data).set.proxy_ssl.certverifyresult - } else { - &mut (*data).set.ssl.certverifyresult - } = lerr; + *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + &mut (*data).set.proxy_ssl.certverifyresult + } else { + &mut (*data).set.ssl.certverifyresult + } = lerr; } #[cfg(CURL_DISABLE_PROXY)] if true { @@ -4842,13 +4971,46 @@ unsafe extern "C" fn get_cert_chain( ) as libc::c_int; if cfg!(all(HAVE_X509_GET0_SIGNATURE, HAVE_X509_GET0_EXTENSIONS)){ - let mut sigalg: *const X509_ALGOR = 0 as *const X509_ALGOR; - let mut xpubkey: *mut X509_PUBKEY = 0 as *mut X509_PUBKEY; - let mut pubkeyoid: *mut ASN1_OBJECT = 0 as *mut ASN1_OBJECT; - X509_get0_signature(&mut psig, &mut sigalg, x); - if !sigalg.is_null() { - i2a_ASN1_OBJECT(mem, (*sigalg).algorithm); - let mut info_len_3: libc::c_long = BIO_ctrl( + let mut sigalg: *const X509_ALGOR = 0 as *const X509_ALGOR; + let mut xpubkey: *mut X509_PUBKEY = 0 as *mut X509_PUBKEY; + let mut pubkeyoid: *mut ASN1_OBJECT = 0 as *mut ASN1_OBJECT; + X509_get0_signature(&mut psig, &mut sigalg, x); + if !sigalg.is_null() { + i2a_ASN1_OBJECT(mem, (*sigalg).algorithm); + let mut info_len_3: libc::c_long = BIO_ctrl( + mem, + 3 as libc::c_int, + 0 as libc::c_int as libc::c_long, + &mut ptr as *mut *mut libc::c_char as *mut libc::c_char + as *mut libc::c_void, + ); + Curl_ssl_push_certinfo_len( + data, + i, + b"Signature Algorithm\0" as *const u8 as *const libc::c_char, + ptr, + info_len_3 as size_t, + ); + 1 as libc::c_int + != BIO_ctrl( + mem, + 1 as libc::c_int, + 0 as libc::c_int as libc::c_long, + 0 as *mut libc::c_void, + ) as libc::c_int; + } + xpubkey = X509_get_X509_PUBKEY(x); + if !xpubkey.is_null() { + X509_PUBKEY_get0_param( + &mut pubkeyoid, + 0 as *mut *const libc::c_uchar, + 0 as *mut libc::c_int, + 0 as *mut *mut X509_ALGOR, + xpubkey, + ); + if !pubkeyoid.is_null() { + i2a_ASN1_OBJECT(mem, pubkeyoid); + let mut info_len_4: libc::c_long = BIO_ctrl( mem, 3 as libc::c_int, 0 as libc::c_int as libc::c_long, @@ -4858,9 +5020,9 @@ unsafe extern "C" fn get_cert_chain( Curl_ssl_push_certinfo_len( data, i, - b"Signature Algorithm\0" as *const u8 as *const libc::c_char, + b"Public Key Algorithm\0" as *const u8 as *const libc::c_char, ptr, - info_len_3 as size_t, + info_len_4 as size_t, ); 1 as libc::c_int != BIO_ctrl( @@ -4870,41 +5032,8 @@ unsafe extern "C" fn get_cert_chain( 0 as *mut libc::c_void, ) as libc::c_int; } - xpubkey = X509_get_X509_PUBKEY(x); - if !xpubkey.is_null() { - X509_PUBKEY_get0_param( - &mut pubkeyoid, - 0 as *mut *const libc::c_uchar, - 0 as *mut libc::c_int, - 0 as *mut *mut X509_ALGOR, - xpubkey, - ); - if !pubkeyoid.is_null() { - i2a_ASN1_OBJECT(mem, pubkeyoid); - let mut info_len_4: libc::c_long = BIO_ctrl( - mem, - 3 as libc::c_int, - 0 as libc::c_int as libc::c_long, - &mut ptr as *mut *mut libc::c_char as *mut libc::c_char - as *mut libc::c_void, - ); - Curl_ssl_push_certinfo_len( - data, - i, - b"Public Key Algorithm\0" as *const u8 as *const libc::c_char, - ptr, - info_len_4 as size_t, - ); - 1 as libc::c_int - != BIO_ctrl( - mem, - 1 as libc::c_int, - 0 as libc::c_int as libc::c_long, - 0 as *mut libc::c_void, - ) as libc::c_int; - } - } - X509V3_ext(data, i, X509_get0_extensions(x)); + } + X509V3_ext(data, i, X509_get0_extensions(x)); }else{ // before OpenSSL 1.0.2 } @@ -4962,7 +5091,7 @@ unsafe extern "C" fn get_cert_chain( match () { #[cfg(HAVE_OPAQUE_EVP_PKEY)] _ => { - pktype = EVP_PKEY_id(pubkey); + pktype = EVP_PKEY_id(pubkey); } #[cfg(not(HAVE_OPAQUE_EVP_PKEY))] _ => { @@ -4981,52 +5110,52 @@ unsafe extern "C" fn get_cert_chain( // #[cfg(not(HAVE_OPAQUE_EVP_PKEY))] #[cfg(HAVE_OPAQUE_RSA_DSA_DH)] if true { - let mut n: *const BIGNUM = 0 as *const BIGNUM; - let mut e: *const BIGNUM = 0 as *const BIGNUM; - RSA_get0_key(rsa, &mut n, &mut e, 0 as *mut *const BIGNUM); - BIO_printf( - mem, - b"%d\0" as *const u8 as *const libc::c_char, - BN_num_bits(n), - ); - let mut info_len_7: libc::c_long = BIO_ctrl( + let mut n: *const BIGNUM = 0 as *const BIGNUM; + let mut e: *const BIGNUM = 0 as *const BIGNUM; + RSA_get0_key(rsa, &mut n, &mut e, 0 as *mut *const BIGNUM); + BIO_printf( + mem, + b"%d\0" as *const u8 as *const libc::c_char, + BN_num_bits(n), + ); + let mut info_len_7: libc::c_long = BIO_ctrl( + mem, + 3 as libc::c_int, + 0 as libc::c_int as libc::c_long, + &mut ptr as *mut *mut libc::c_char as *mut libc::c_char + as *mut libc::c_void, + ); + Curl_ssl_push_certinfo_len( + data, + i, + b"RSA Public Key\0" as *const u8 as *const libc::c_char, + ptr, + info_len_7 as size_t, + ); + 1 as libc::c_int + != BIO_ctrl( mem, - 3 as libc::c_int, + 1 as libc::c_int, 0 as libc::c_int as libc::c_long, - &mut ptr as *mut *mut libc::c_char as *mut libc::c_char - as *mut libc::c_void, - ); - Curl_ssl_push_certinfo_len( - data, - i, - b"RSA Public Key\0" as *const u8 as *const libc::c_char, - ptr, - info_len_7 as size_t, - ); - 1 as libc::c_int - != BIO_ctrl( - mem, - 1 as libc::c_int, - 0 as libc::c_int as libc::c_long, - 0 as *mut libc::c_void, - ) as libc::c_int; - pubkey_show( - data, - mem, - i, - b"rsa\0" as *const u8 as *const libc::c_char, - b"n\0" as *const u8 as *const libc::c_char, - n, - ); - pubkey_show( - data, - mem, - i, - b"rsa\0" as *const u8 as *const libc::c_char, - b"e\0" as *const u8 as *const libc::c_char, - e, - ); - } + 0 as *mut libc::c_void, + ) as libc::c_int; + pubkey_show( + data, + mem, + i, + b"rsa\0" as *const u8 as *const libc::c_char, + b"n\0" as *const u8 as *const libc::c_char, + n, + ); + pubkey_show( + data, + mem, + i, + b"rsa\0" as *const u8 as *const libc::c_char, + b"e\0" as *const u8 as *const libc::c_char, + e, + ); + } #[cfg(not(HAVE_OPAQUE_RSA_DSA_DH))] if true { // TODO - 3678 @@ -5040,45 +5169,45 @@ unsafe extern "C" fn get_cert_chain( // #[cfg(not(HAVE_OPAQUE_EVP_PKEY))] #[cfg(HAVE_OPAQUE_RSA_DSA_DH)] if true { - let mut p: *const BIGNUM = 0 as *const BIGNUM; - let mut q: *const BIGNUM = 0 as *const BIGNUM; - let mut g: *const BIGNUM = 0 as *const BIGNUM; - let mut pub_key: *const BIGNUM = 0 as *const BIGNUM; - DSA_get0_pqg(dsa, &mut p, &mut q, &mut g); - DSA_get0_key(dsa, &mut pub_key, 0 as *mut *const BIGNUM); - pubkey_show( - data, - mem, - i, - b"dsa\0" as *const u8 as *const libc::c_char, - b"p\0" as *const u8 as *const libc::c_char, - p, - ); - pubkey_show( - data, - mem, - i, - b"dsa\0" as *const u8 as *const libc::c_char, - b"q\0" as *const u8 as *const libc::c_char, - q, - ); - pubkey_show( - data, - mem, - i, - b"dsa\0" as *const u8 as *const libc::c_char, - b"g\0" as *const u8 as *const libc::c_char, - g, - ); - pubkey_show( - data, - mem, - i, - b"dsa\0" as *const u8 as *const libc::c_char, - b"pub_key\0" as *const u8 as *const libc::c_char, - pub_key, - ); - } + let mut p: *const BIGNUM = 0 as *const BIGNUM; + let mut q: *const BIGNUM = 0 as *const BIGNUM; + let mut g: *const BIGNUM = 0 as *const BIGNUM; + let mut pub_key: *const BIGNUM = 0 as *const BIGNUM; + DSA_get0_pqg(dsa, &mut p, &mut q, &mut g); + DSA_get0_key(dsa, &mut pub_key, 0 as *mut *const BIGNUM); + pubkey_show( + data, + mem, + i, + b"dsa\0" as *const u8 as *const libc::c_char, + b"p\0" as *const u8 as *const libc::c_char, + p, + ); + pubkey_show( + data, + mem, + i, + b"dsa\0" as *const u8 as *const libc::c_char, + b"q\0" as *const u8 as *const libc::c_char, + q, + ); + pubkey_show( + data, + mem, + i, + b"dsa\0" as *const u8 as *const libc::c_char, + b"g\0" as *const u8 as *const libc::c_char, + g, + ); + pubkey_show( + data, + mem, + i, + b"dsa\0" as *const u8 as *const libc::c_char, + b"pub_key\0" as *const u8 as *const libc::c_char, + pub_key, + ); + } #[cfg(not(HAVE_OPAQUE_RSA_DSA_DH))] if true { // cfg!(not(HAVE_OPAQUE_RSA_DSA_DH)) @@ -5092,45 +5221,45 @@ unsafe extern "C" fn get_cert_chain( // #[cfg(not(HAVE_OPAQUE_EVP_PKEY))] #[cfg(HAVE_OPAQUE_RSA_DSA_DH)] if true { - let mut p_0: *const BIGNUM = 0 as *const BIGNUM; - let mut q_0: *const BIGNUM = 0 as *const BIGNUM; - let mut g_0: *const BIGNUM = 0 as *const BIGNUM; - let mut pub_key_0: *const BIGNUM = 0 as *const BIGNUM; - DH_get0_pqg(dh, &mut p_0, &mut q_0, &mut g_0); - DH_get0_key(dh, &mut pub_key_0, 0 as *mut *const BIGNUM); - pubkey_show( - data, - mem, - i, - b"dh\0" as *const u8 as *const libc::c_char, - b"p\0" as *const u8 as *const libc::c_char, - p_0, - ); - pubkey_show( - data, - mem, - i, - b"dh\0" as *const u8 as *const libc::c_char, - b"q\0" as *const u8 as *const libc::c_char, - q_0, - ); - pubkey_show( - data, - mem, - i, - b"dh\0" as *const u8 as *const libc::c_char, - b"g\0" as *const u8 as *const libc::c_char, - g_0, - ); - pubkey_show( - data, - mem, - i, - b"dh\0" as *const u8 as *const libc::c_char, - b"pub_key\0" as *const u8 as *const libc::c_char, - pub_key_0, - ); - } + let mut p_0: *const BIGNUM = 0 as *const BIGNUM; + let mut q_0: *const BIGNUM = 0 as *const BIGNUM; + let mut g_0: *const BIGNUM = 0 as *const BIGNUM; + let mut pub_key_0: *const BIGNUM = 0 as *const BIGNUM; + DH_get0_pqg(dh, &mut p_0, &mut q_0, &mut g_0); + DH_get0_key(dh, &mut pub_key_0, 0 as *mut *const BIGNUM); + pubkey_show( + data, + mem, + i, + b"dh\0" as *const u8 as *const libc::c_char, + b"p\0" as *const u8 as *const libc::c_char, + p_0, + ); + pubkey_show( + data, + mem, + i, + b"dh\0" as *const u8 as *const libc::c_char, + b"q\0" as *const u8 as *const libc::c_char, + q_0, + ); + pubkey_show( + data, + mem, + i, + b"dh\0" as *const u8 as *const libc::c_char, + b"g\0" as *const u8 as *const libc::c_char, + g_0, + ); + pubkey_show( + data, + mem, + i, + b"dh\0" as *const u8 as *const libc::c_char, + b"pub_key\0" as *const u8 as *const libc::c_char, + pub_key_0, + ); + } // TODO #[cfg(not(HAVE_OPAQUE_EVP_PKEY))] if true{ @@ -5218,8 +5347,22 @@ unsafe extern "C" fn pkp_pin_peer_pubkey( } len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), 0 as *mut *mut libc::c_uchar); if !(len1 < 1 as libc::c_int) { - temp = Curl_cmalloc.expect("non-null function pointer")(len1 as size_t) - as *mut libc::c_uchar; + match () { + #[cfg(not(CURLDEBUG))] + _ => { + temp = Curl_cmalloc.expect("non-null function pointer")(len1 as size_t) + as *mut libc::c_uchar; + } + #[cfg(CURLDEBUG)] + _ => { + temp = curl_dbg_malloc( + len1 as size_t, + 3798 as libc::c_int, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + ) as *mut libc::c_uchar; + } + } + buff1 = temp; if !buff1.is_null() { len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &mut temp); @@ -5231,7 +5374,15 @@ unsafe extern "C" fn pkp_pin_peer_pubkey( } } if !buff1.is_null() { + #[cfg(not(CURLDEBUG))] Curl_cfree.expect("non-null function pointer")(buff1 as *mut libc::c_void); + + #[cfg(CURLDEBUG)] + curl_dbg_free( + buff1 as *mut libc::c_void, + 3820 as libc::c_int, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + ); } return result; } @@ -5275,21 +5426,21 @@ unsafe extern "C" fn servercert( } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_IS_PROXY_void = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - b"Proxy\0" as *const u8 as *const libc::c_char - } else { - b"Server\0" as *const u8 as *const libc::c_char + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + b"Proxy\0" as *const u8 as *const libc::c_char + } else { + b"Server\0" as *const u8 as *const libc::c_char }; #[cfg(CURL_DISABLE_PROXY)] let SSL_IS_PROXY_void = if 0 as libc::c_int != 0 { @@ -5318,66 +5469,66 @@ unsafe extern "C" fn servercert( ); // DONE - 3869 if cfg!(not(CURL_DISABLE_VERBOSE_STRINGS)){ - let mut len: libc::c_long = 0; - ASN1_TIME_print(mem, X509_get0_notBefore((*backend).server_cert)); - len = BIO_ctrl( - mem, - 3 as libc::c_int, - 0 as libc::c_int as libc::c_long, - &mut ptr as *mut *const libc::c_char as *mut *mut libc::c_char - as *mut libc::c_char as *mut libc::c_void, - ); - Curl_infof( - data, - b" start date: %.*s\0" as *const u8 as *const libc::c_char, - len as libc::c_int, - ptr, - ); - BIO_ctrl( - mem, - 1 as libc::c_int, - 0 as libc::c_int as libc::c_long, - 0 as *mut libc::c_void, - ); - ASN1_TIME_print(mem, X509_get0_notAfter((*backend).server_cert)); - len = BIO_ctrl( - mem, - 3 as libc::c_int, - 0 as libc::c_int as libc::c_long, - &mut ptr as *mut *const libc::c_char as *mut *mut libc::c_char - as *mut libc::c_char as *mut libc::c_void, - ); - Curl_infof( - data, - b" expire date: %.*s\0" as *const u8 as *const libc::c_char, - len as libc::c_int, - ptr, - ); - BIO_ctrl( - mem, - 1 as libc::c_int, - 0 as libc::c_int as libc::c_long, - 0 as *mut libc::c_void, - ); - BIO_free(mem); + let mut len: libc::c_long = 0; + ASN1_TIME_print(mem, X509_get0_notBefore((*backend).server_cert)); + len = BIO_ctrl( + mem, + 3 as libc::c_int, + 0 as libc::c_int as libc::c_long, + &mut ptr as *mut *const libc::c_char as *mut *mut libc::c_char + as *mut libc::c_char as *mut libc::c_void, + ); + Curl_infof( + data, + b" start date: %.*s\0" as *const u8 as *const libc::c_char, + len as libc::c_int, + ptr, + ); + BIO_ctrl( + mem, + 1 as libc::c_int, + 0 as libc::c_int as libc::c_long, + 0 as *mut libc::c_void, + ); + ASN1_TIME_print(mem, X509_get0_notAfter((*backend).server_cert)); + len = BIO_ctrl( + mem, + 3 as libc::c_int, + 0 as libc::c_int as libc::c_long, + &mut ptr as *mut *const libc::c_char as *mut *mut libc::c_char + as *mut libc::c_char as *mut libc::c_void, + ); + Curl_infof( + data, + b" expire date: %.*s\0" as *const u8 as *const libc::c_char, + len as libc::c_int, + ptr, + ); + BIO_ctrl( + mem, + 1 as libc::c_int, + 0 as libc::c_int as libc::c_long, + 0 as *mut libc::c_void, + ); + BIO_free(mem); } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_verifyhost = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*conn).proxy_ssl_config).verifyhost() as libc::c_int - } else { - ((*conn).ssl_config).verifyhost() as libc::c_int + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*conn).proxy_ssl_config).verifyhost() as libc::c_int + } else { + ((*conn).ssl_config).verifyhost() as libc::c_int } != 0; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifyhost = ((*conn).ssl_config).verifyhost() != 0; @@ -5413,42 +5564,42 @@ unsafe extern "C" fn servercert( ); #[cfg(not(CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_issuercert = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*conn).proxy_ssl_config.issuercert - } else { - (*conn).ssl_config.issuercert + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*conn).proxy_ssl_config.issuercert + } else { + (*conn).ssl_config.issuercert }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_issuercert = (*conn).ssl_config.issuercert; #[cfg(not(CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_issuercert_blob = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*conn).proxy_ssl_config.issuercert_blob - } else { - (*conn).ssl_config.issuercert_blob + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*conn).proxy_ssl_config.issuercert_blob + } else { + (*conn).ssl_config.issuercert_blob }; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_issuercert_blob = (*conn).ssl_config.issuercert_blob; @@ -5551,7 +5702,31 @@ unsafe extern "C" fn servercert( lerr = SSL_get_verify_result((*backend).handle); #[cfg(not(CURL_DISABLE_PROXY))] if true{ - *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + *if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + &mut (*data).set.proxy_ssl.certverifyresult + } else { + &mut (*data).set.ssl.certverifyresult + } = lerr; + } + #[cfg(CURL_DISABLE_PROXY)] + if true { + (*data).set.ssl.certverifyresult = lerr; + } + if lerr != 0 as libc::c_int as libc::c_long { + #[cfg(not(CURL_DISABLE_PROXY))] + let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint == (*conn).http_proxy.proxytype as libc::c_uint && ssl_connection_complete as libc::c_int as libc::c_uint != (*conn) @@ -5564,33 +5739,9 @@ unsafe extern "C" fn servercert( }) as usize] .state as libc::c_uint { - &mut (*data).set.proxy_ssl.certverifyresult + ((*conn).proxy_ssl_config).verifypeer() as libc::c_int } else { - &mut (*data).set.ssl.certverifyresult - } = lerr; - } - #[cfg(CURL_DISABLE_PROXY)] - if true { - (*data).set.ssl.certverifyresult = lerr; - } - if lerr != 0 as libc::c_int as libc::c_long { - #[cfg(not(CURL_DISABLE_PROXY))] - let SSL_CONN_CONFIG_verifypeer = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*conn).proxy_ssl_config).verifypeer() as libc::c_int - } else { - ((*conn).ssl_config).verifypeer() as libc::c_int + ((*conn).ssl_config).verifypeer() as libc::c_int } != 0 ; #[cfg(CURL_DISABLE_PROXY)] let SSL_CONN_CONFIG_verifypeer = ((*conn).ssl_config).verifystatus() != 0; @@ -5624,21 +5775,21 @@ unsafe extern "C" fn servercert( // DONE - 3986 #[cfg(all(not(OPENSSL_NO_TLSEXT), not(OPENSSL_NO_OCSP), not(CURL_DISABLE_PROXY)))] let SSL_CONN_CONFIG_verifystatus = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*conn).proxy_ssl_config).verifystatus() as libc::c_int - } else { - ((*conn).ssl_config).verifystatus() as libc::c_int + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*conn).proxy_ssl_config).verifystatus() as libc::c_int + } else { + ((*conn).ssl_config).verifystatus() as libc::c_int } != 0; #[cfg(all(not(OPENSSL_NO_TLSEXT), not(OPENSSL_NO_OCSP), CURL_DISABLE_PROXY))] let SSL_CONN_CONFIG_verifystatus = ((*conn).ssl_config).verifystatus() != 0; @@ -5657,22 +5808,22 @@ unsafe extern "C" fn servercert( } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_PINNED_PUB_KEY_void = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as libc::c_int as usize] - } else { - (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize] - }; + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY_PROXY as libc::c_int as usize] + } else { + (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize] + }; #[cfg(CURL_DISABLE_PROXY)] let SSL_PINNED_PUB_KEY_void = (*data).set.str_0[STRING_SSL_PINNEDPUBLICKEY as libc::c_int as usize]; ptr = SSL_PINNED_PUB_KEY_void; @@ -5702,47 +5853,64 @@ unsafe extern "C" fn ossl_connect_step3( let mut connssl: *mut ssl_connect_data = &mut *((*conn).ssl) .as_mut_ptr() .offset(sockindex as isize) as *mut ssl_connect_data; - + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if ssl_connect_3 as libc::c_int as libc::c_uint + == (*connssl).connecting_state as libc::c_uint + {} else { + __assert_fail( + b"ssl_connect_3 == connssl->connecting_state\0" as *const u8 + as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 4022 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 75], + &[libc::c_char; 75], + >( + b"CURLcode ossl_connect_step3(struct Curl_easy *, struct connectdata *, int)\0", + )) + .as_ptr(), + ); + } #[cfg(not(CURL_DISABLE_PROXY))] let servercert_value_result = servercert( - data, - conn, - connssl, - (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*conn).proxy_ssl_config).verifypeer() as libc::c_int - } else { - ((*conn).ssl_config).verifypeer() as libc::c_int - }) != 0 - || (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*conn).proxy_ssl_config).verifyhost() as libc::c_int - } else { - ((*conn).ssl_config).verifyhost() as libc::c_int - }) != 0, - ); + data, + conn, + connssl, + (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*conn).proxy_ssl_config).verifypeer() as libc::c_int + } else { + ((*conn).ssl_config).verifypeer() as libc::c_int + }) != 0 + || (if CURLPROXY_HTTPS as libc::c_int as libc::c_uint + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*conn).proxy_ssl_config).verifyhost() as libc::c_int + } else { + ((*conn).ssl_config).verifyhost() as libc::c_int + }) != 0, + ); #[cfg(CURL_DISABLE_PROXY)] let servercert_value_result = servercert( data, @@ -5929,6 +6097,19 @@ unsafe extern "C" fn ossl_connect( if result as u64 != 0 { return result; } + #[cfg(all(DEBUGBUILD, HAVE_ASSERT_H))] + if done {} else { + __assert_fail( + b"done\0" as *const u8 as *const libc::c_char, + b"vtls/openssl.c\0" as *const u8 as *const libc::c_char, + 4170 as libc::c_int as libc::c_uint, + (*::std::mem::transmute::< + &[u8; 69], + &[libc::c_char; 69], + >(b"CURLcode ossl_connect(struct Curl_easy *, struct connectdata *, int)\0")) + .as_ptr(), + ); + } return CURLE_OK; } #[cfg(USE_OPENSSL)] @@ -6116,7 +6297,15 @@ unsafe extern "C" fn ossl_recv( 0 => {} 6 => { if num == 0 as libc::c_int { + #[cfg(not(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS))))] Curl_conncontrol(conn, 1 as libc::c_int); + + #[cfg(all(DEBUGBUILD, not(CURL_DISABLE_VERBOSE_STRINGS)))] + Curl_conncontrol( + conn, + 1 as libc::c_int, + b"TLS close_notify\0" as *const u8 as *const libc::c_char, + ); } } 2 | 3 => { @@ -6159,13 +6348,44 @@ unsafe extern "C" fn ossl_recv( ); *curlcode = CURLE_RECV_ERROR; return -(1 as libc::c_int) as ssize_t; - // TODO debug相关的条件编译,应该不加 + + #[cfg(DEBUGBUILD)] + { + if err == 5 as libc::c_int { + let mut sockerr_0: libc::c_int = *__errno_location(); + if sockerr_0 != 0 { + Curl_strerror( + sockerr_0, + error_buffer.as_mut_ptr(), + ::std::mem::size_of::<[libc::c_char; 256]>() as libc::c_ulong, + ); + } else { + curl_msnprintf( + error_buffer.as_mut_ptr(), + ::std::mem::size_of::<[libc::c_char; 256]>() + as libc::c_ulong, + b"Connection closed abruptly\0" as *const u8 + as *const libc::c_char, + ); + } + Curl_failf( + data, + b"OpenSSL SSL_read: %s, errno %d (Fatal because this is a curl debug build)\0" + as *const u8 as *const libc::c_char, + error_buffer.as_mut_ptr(), + sockerr_0, + ); + *curlcode = CURLE_RECV_ERROR; + return -(1 as libc::c_int) as ssize_t; + } + } } } } } return nread; } + #[cfg(USE_OPENSSL)] unsafe extern "C" fn ossl_version( mut buffer: *mut libc::c_char, @@ -6211,40 +6431,41 @@ unsafe extern "C" fn ossl_version( // */ // } //else{ - let mut sub: [libc::c_char; 3] = [0; 3]; - let mut ssleay_value: libc::c_ulong = 0; + let mut sub: [libc::c_char; 3] = [0; 3]; + let mut ssleay_value: libc::c_ulong = 0; sub[2 as libc::c_int as usize] = '\0' as i32 as libc::c_char; sub[1 as libc::c_int as usize] = '\0' as i32 as libc::c_char; - ssleay_value = OpenSSL_version_num(); - if ssleay_value < 0x906000 as libc::c_int as libc::c_ulong { - ssleay_value = 0x1010106f as libc::c_long as libc::c_ulong; + ssleay_value = OpenSSL_version_num(); + if ssleay_value < 0x906000 as libc::c_int as libc::c_ulong { + ssleay_value = 0x1010106f as libc::c_long as libc::c_ulong; sub[0 as libc::c_int as usize] = '\0' as i32 as libc::c_char; - } else if ssleay_value & 0xff0 as libc::c_int as libc::c_ulong != 0 { - let mut minor_ver: libc::c_int = (ssleay_value >> 4 as libc::c_int - & 0xff as libc::c_int as libc::c_ulong) as libc::c_int; - if minor_ver > 26 as libc::c_int { - sub[1 as libc::c_int - as usize] = ((minor_ver - 1 as libc::c_int) % 26 as libc::c_int - + 'a' as i32 + 1 as libc::c_int) as libc::c_char; - sub[0 as libc::c_int as usize] = 'z' as i32 as libc::c_char; - } else { - sub[0 as libc::c_int - as usize] = (minor_ver + 'a' as i32 - 1 as libc::c_int) as libc::c_char; - } + } else if ssleay_value & 0xff0 as libc::c_int as libc::c_ulong != 0 { + let mut minor_ver: libc::c_int = (ssleay_value >> 4 as libc::c_int + & 0xff as libc::c_int as libc::c_ulong) as libc::c_int; + if minor_ver > 26 as libc::c_int { + sub[1 as libc::c_int + as usize] = ((minor_ver - 1 as libc::c_int) % 26 as libc::c_int + + 'a' as i32 + 1 as libc::c_int) as libc::c_char; + sub[0 as libc::c_int as usize] = 'z' as i32 as libc::c_char; } else { - sub[0 as libc::c_int as usize] = '\0' as i32 as libc::c_char; + sub[0 as libc::c_int + as usize] = (minor_ver + 'a' as i32 - 1 as libc::c_int) as libc::c_char; } + } else { + sub[0 as libc::c_int as usize] = '\0' as i32 as libc::c_char; + } #[cfg(not(OPENSSL_FIPS))] - return curl_msnprintf( - buffer, - size, - b"%s/%lx.%lx.%lx%s\0" as *const u8 as *const libc::c_char, - b"OpenSSL\0" as *const u8 as *const libc::c_char, - ssleay_value >> 28 as libc::c_int & 0xf as libc::c_int as libc::c_ulong, - ssleay_value >> 20 as libc::c_int & 0xff as libc::c_int as libc::c_ulong, - ssleay_value >> 12 as libc::c_int & 0xff as libc::c_int as libc::c_ulong, - sub.as_mut_ptr(), - ) as size_t; + return curl_msnprintf( + buffer, + size, + b"%s/%lx.%lx.%lx%s\0" as *const u8 as *const libc::c_char, + b"OpenSSL\0" as *const u8 as *const libc::c_char, + ssleay_value >> 28 as libc::c_int & 0xf as libc::c_int as libc::c_ulong, + ssleay_value >> 20 as libc::c_int & 0xff as libc::c_int as libc::c_ulong, + ssleay_value >> 12 as libc::c_int & 0xff as libc::c_int as libc::c_ulong, + sub.as_mut_ptr(), + ) as size_t; + #[cfg(OPENSSL_FIPS)] return curl_msnprintf( buffer, @@ -6303,7 +6524,7 @@ unsafe extern "C" fn ossl_sha256sum( unsafe extern "C" fn ossl_cert_status_request() -> bool { // TODO - 4475 if cfg!(all(not(OPENSSL_NO_TLSEXT), not(OPENSSL_NO_OCSP))){ - return 1 as libc::c_int != 0; + return 1 as libc::c_int != 0; }else{ return 0 as libc::c_int != 0; } @@ -6337,21 +6558,21 @@ unsafe extern "C" fn ossl_associate_connection( } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_SET_OPTION_primary_sessionid = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int - } else { - ((*data).set.ssl.primary).sessionid() as libc::c_int + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int + } else { + ((*data).set.ssl.primary).sessionid() as libc::c_int } != 0 ; #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_primary_sessionid = ((*data).set.ssl.primary).sessionid() != 0; @@ -6419,21 +6640,21 @@ unsafe extern "C" fn ossl_disassociate_connection( } #[cfg(not(CURL_DISABLE_PROXY))] let SSL_SET_OPTION_primary_sessionid = if CURLPROXY_HTTPS as libc::c_int as libc::c_uint - == (*conn).http_proxy.proxytype as libc::c_uint - && ssl_connection_complete as libc::c_int as libc::c_uint - != (*conn) - .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] - == -(1 as libc::c_int) - { - 0 as libc::c_int - } else { - 1 as libc::c_int - }) as usize] - .state as libc::c_uint - { - ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int - } else { - ((*data).set.ssl.primary).sessionid() as libc::c_int + == (*conn).http_proxy.proxytype as libc::c_uint + && ssl_connection_complete as libc::c_int as libc::c_uint + != (*conn) + .proxy_ssl[(if (*conn).sock[1 as libc::c_int as usize] + == -(1 as libc::c_int) + { + 0 as libc::c_int + } else { + 1 as libc::c_int + }) as usize] + .state as libc::c_uint + { + ((*data).set.proxy_ssl.primary).sessionid() as libc::c_int + } else { + ((*data).set.ssl.primary).sessionid() as libc::c_int } != 0; #[cfg(CURL_DISABLE_PROXY)] let SSL_SET_OPTION_primary_sessionid = ((*data).set.ssl.primary).sessionid() != 0;