Imported Upstream version 7.37.0

author: Alessandro Ghedini <alessandro@ghedini.me> 2014-05-21 12:49:50 +0200
committer: Alessandro Ghedini <alessandro@ghedini.me> 2014-05-21 12:49:50 +0200
commit: a87e878305851b0d8c48f5c06370ab8d0725560a (patch)
tree: 6d055277be1b91d8af0a44e9e729e68a4c8251e5 /lib/vtls/openssl.c
parent: 406f619a33e3b0e01cc04e8e77a90ee93b229602 (diff)
1 files changed, 10 insertions, 13 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0014e588..68c10678 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -538,6 +538,7 @@ int cert_stuff(struct connectdata *conn,
 
       if(!cert_done)
         return 0; /* failure! */
+      break;
 #else
       failf(data, "file type P12 for certificate not supported");
       return 0;
@@ -1430,8 +1431,9 @@ select_next_proto_cb(SSL *ssl,
   (void)ssl;
 
   if(retval == 1) {
-    infof(conn->data, "NPN, negotiated HTTP2\n");
-    conn->negnpn = NPN_HTTP2_DRAFT09;
+    infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
+          NGHTTP2_PROTO_VERSION_ID);
+    conn->negnpn = NPN_HTTP2;
   }
   else if(retval == 0) {
     infof(conn->data, "NPN, negotiated HTTP1.1\n");
@@ -1499,6 +1501,8 @@ ossl_connect_step1(struct connectdata *conn,
   /* Make funny stuff to get random input */
   Curl_ossl_seed(data);
 
+  data->set.ssl.certverifyresult = !X509_V_OK;
+
   /* check to see if we've been told to use an explicit SSL/TLS version */
 
   switch(data->set.ssl.version) {
@@ -1891,11 +1895,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
   struct SessionHandle *data = conn->data;
   int err;
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-#ifdef HAS_ALPN
-  char* neg_protocol;
-  int len = 0;
-#endif
-
   DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
              || ssl_connect_2_reading == connssl->connecting_state
              || ssl_connect_2_writing == connssl->connecting_state);
@@ -1997,13 +1996,15 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
      * negotiated
      */
     if(data->set.ssl_enable_alpn) {
+      const unsigned char* neg_protocol;
+      unsigned int len;
       SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
       if(len != 0) {
         infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
 
         if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
            memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
-             conn->negnpn = NPN_HTTP2_DRAFT09;
+             conn->negnpn = NPN_HTTP2;
         }
         else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
             neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
@@ -2119,7 +2120,7 @@ static int X509V3_ext(struct SessionHandle *data,
         sep=", ";
         j++; /* skip the newline */
       };
-      while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))
+      while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
         j++;
       if(j<(size_t)biomem->length)
         ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
@@ -2161,8 +2162,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
 
   BIO_get_mem_ptr(bio_out, &biomem);
 
-  infof(data, "%s\n", biomem->data);
-
   Curl_ssl_push_certinfo_len(data, numcert,
                              "Cert", biomem->data, biomem->length);
 
@@ -2366,8 +2365,6 @@ static CURLcode servercert(struct connectdata *conn,
     /* we've been asked to gather certificate info! */
     (void)get_cert_chain(conn, connssl);
 
-  data->set.ssl.certverifyresult = !X509_V_OK;
-
   connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
   if(!connssl->server_cert) {
     if(strict)
author	Alessandro Ghedini <alessandro@ghedini.me>	2014-05-21 12:49:50 +0200
committer	Alessandro Ghedini <alessandro@ghedini.me>	2014-05-21 12:49:50 +0200
commit	a87e878305851b0d8c48f5c06370ab8d0725560a (patch)
tree	6d055277be1b91d8af0a44e9e729e68a4c8251e5 /lib/vtls/openssl.c
parent	406f619a33e3b0e01cc04e8e77a90ee93b229602 (diff)