From 21236b9890f37c2cf58f8b8acdf4d52f0b7c6fca Mon Sep 17 00:00:00 2001 From: Thomas Arnhold Date: Sun, 11 May 2014 04:08:04 +0200 Subject: upgrade to curl-7.36.0 CERTINFO was included upstream: commit f6c335d63f2da025a0a3efde1fe59e3bb7189b70 Author: Patrick Monnerat Date: Wed Oct 30 11:12:06 2013 +0100 NSS: support for CERTINFO feature Change-Id: I83de2fd863f9387b83b5ebcbec70cbe6df7681d4 Reviewed-on: https://gerrit.libreoffice.org/9307 Tested-by: LibreOffice gerrit bot Reviewed-by: Thomas Arnhold Tested-by: Thomas Arnhold --- .../curl/NSS-support-for-CERTINFO-feature.patch | 391 --------------------- external/curl/UnpackedTarball_curl.mk | 1 - 2 files changed, 392 deletions(-) delete mode 100644 external/curl/NSS-support-for-CERTINFO-feature.patch (limited to 'external') diff --git a/external/curl/NSS-support-for-CERTINFO-feature.patch b/external/curl/NSS-support-for-CERTINFO-feature.patch deleted file mode 100644 index 7976a08685e4..000000000000 --- a/external/curl/NSS-support-for-CERTINFO-feature.patch +++ /dev/null @@ -1,391 +0,0 @@ -From f6c335d63f2da025a0a3efde1fe59e3bb7189b70 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Wed, 30 Oct 2013 11:12:06 +0100 -Subject: [PATCH] NSS: support for CERTINFO feature - ---- - docs/libcurl/curl_easy_getinfo.3 | 6 +-- - docs/libcurl/curl_easy_setopt.3 | 5 +- - lib/hostcheck.c | 4 +- - lib/nss.c | 46 ++++++++++++++++-- - lib/url.c | 3 +- - lib/x509asn1.c | 100 +++++++++++++++++++++++++-------------- - lib/x509asn1.h | 4 +- - 7 files changed, 119 insertions(+), 49 deletions(-) - -diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3 -index 62d8ae4..db0f4d6 100644 ---- a/docs/libcurl/curl_easy_getinfo.3 -+++ b/docs/libcurl/curl_easy_getinfo.3 -@@ -5,7 +5,7 @@ - .\" * | (__| |_| | _ <| |___ - .\" * \___|\___/|_| \_\_____| - .\" * --.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. -+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. - .\" * - .\" * This software is licensed as described in the file COPYING, which - .\" * you should have received as part of this distribution. The terms -@@ -219,8 +219,8 @@ done. The struct reports how many certs it found and then you can extract info - for each of those certs by following the linked lists. The info chain is - provided in a series of data in the format "name:content" where the content is - for the specific named data. See also the certinfo.c example. NOTE: this --option is only available in libcurl built with OpenSSL support. (Added in --7.19.1) -+option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL -+support. (Added in 7.19.1) - .IP CURLINFO_CONDITION_UNMET - Pass a pointer to a long to receive the number 1 if the condition provided in - the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if -diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 -index f58c8fb..2887483 100644 ---- a/docs/libcurl/curl_easy_setopt.3 -+++ b/docs/libcurl/curl_easy_setopt.3 -@@ -2549,9 +2549,10 @@ is ignored. - - .IP CURLOPT_CERTINFO - Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With --this enabled, libcurl (if built with OpenSSL) will extract lots of information -+this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will -+extract lots of information - and data about the certificates in the certificate chain used in the SSL --connection. This data is then possible to extract after a transfer using -+connection. This data may then be retrieved after a transfer using - \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in - 7.19.1) - .IP CURLOPT_RANDOM_FILE -diff --git a/lib/hostcheck.c b/lib/hostcheck.c -index abd1fa0..4be5baa 100644 ---- a/lib/hostcheck.c -+++ b/lib/hostcheck.c -@@ -23,7 +23,7 @@ - #include "curl_setup.h" - - #if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \ -- defined(USE_GSKIT) -+ defined(USE_GSKIT) || defined(USE_NSS) - /* these backends use functions from this file */ - - #include "hostcheck.h" -@@ -94,4 +94,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) - return 0; - } - --#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */ -+#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT or NSS */ -diff --git a/lib/nss.c b/lib/nss.c -index 43576e6..2562fcf 100644 ---- a/lib/nss.c -+++ b/lib/nss.c -@@ -653,6 +653,10 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) - SSLChannelInfo channel; - SSLCipherSuiteInfo suite; - CERTCertificate *cert; -+ CERTCertificate *cert2; -+ CERTCertificate *cert3; -+ PRTime now; -+ int i; - - if(SSL_GetChannelInfo(sock, &channel, sizeof channel) == - SECSuccess && channel.length == sizeof channel && -@@ -663,11 +667,45 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) - } - } - -- infof(conn->data, "Server certificate:\n"); -- - cert = SSL_PeerCertificate(sock); -- display_cert_info(conn->data, cert); -- CERT_DestroyCertificate(cert); -+ -+ if(cert) { -+ infof(conn->data, "Server certificate:\n"); -+ -+ if(!conn->data->set.ssl.certinfo) { -+ display_cert_info(conn->data, cert); -+ CERT_DestroyCertificate(cert); -+ } -+ else { -+ /* Count certificates in chain. */ -+ now = PR_Now(); -+ i = 1; -+ if(!cert->isRoot) { -+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); -+ while(cert2) { -+ i++; -+ if(cert2->isRoot) { -+ CERT_DestroyCertificate(cert2); -+ break; -+ } -+ cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA); -+ CERT_DestroyCertificate(cert2); -+ cert2 = cert3; -+ } -+ } -+ Curl_ssl_init_certinfo(conn->data, i); -+ for(i = 0; cert; cert = cert2) { -+ Curl_extract_certinfo(conn, i++, cert->derCert.data, -+ cert->derCert.data + cert->derCert.len); -+ if(cert->isRoot) { -+ CERT_DestroyCertificate(cert); -+ break; -+ } -+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); -+ CERT_DestroyCertificate(cert); -+ } -+ } -+ } - - return; - } -diff --git a/lib/url.c b/lib/url.c -index e86fbc2..03c7607 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -1926,7 +1926,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, - data->set.ssl.fsslctxp = va_arg(param, void *); - break; - #endif --#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) || \ -+ defined(USE_NSS) - case CURLOPT_CERTINFO: - data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE; - break; -diff --git a/lib/x509asn1.c b/lib/x509asn1.c -index 94b89b2..d6aa045 100644 ---- a/lib/x509asn1.c -+++ b/lib/x509asn1.c -@@ -22,7 +22,7 @@ - - #include "curl_setup.h" - --#if defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) - - #include - #include "urldata.h" -@@ -803,7 +803,7 @@ static const char * dumpAlgo(curl_asn1Element * param, - return OID2str(oid.beg, oid.end, TRUE); - } - --static void do_pubkey_field(struct SessionHandle *data, int certnum, -+static void do_pubkey_field(struct SessionHandle * data, int certnum, - const char * label, curl_asn1Element * elem) - { - const char * output; -@@ -812,8 +812,10 @@ static void do_pubkey_field(struct SessionHandle *data, int certnum, - - output = Curl_ASN1tostr(elem, 0); - if(output) { -- Curl_ssl_push_certinfo(data, certnum, label, output); -- infof(data, " %s: %s\n", label, output); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, label, output); -+ if(!certnum) -+ infof(data, " %s: %s\n", label, output); - free((char *) output); - } - } -@@ -845,11 +847,14 @@ static void do_pubkey(struct SessionHandle * data, int certnum, - len--; - if(len > 32) - elem.beg = q; /* Strip leading zero bytes. */ -- infof(data, " RSA Public Key (%lu bits)\n", len); -- q = curl_maprintf("%lu", len); -- if(q) { -- Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q); -- free((char *) q); -+ if(!certnum) -+ infof(data, " RSA Public Key (%lu bits)\n", len); -+ if(data->set.ssl.certinfo) { -+ q = curl_maprintf("%lu", len); -+ if(q) { -+ Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q); -+ free((char *) q); -+ } - } - /* Generate coefficients. */ - do_pubkey_field(data, certnum, "rsa(n)", &elem); -@@ -896,6 +901,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - size_t i; - size_t j; - -+ if(!data->set.ssl.certinfo) -+ if(certnum) -+ return CURLE_OK; -+ - /* Prepare the certificate information for curl_easy_getinfo(). */ - - /* Extract the certificate ASN.1 elements. */ -@@ -905,35 +914,44 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - ccp = Curl_DNtostr(&cert.subject); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Subject", ccp); -- infof(data, "%2d Subject: %s\n", certnum, ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Subject", ccp); -+ if(!certnum) -+ infof(data, "%2d Subject: %s\n", certnum, ccp); - free((char *) ccp); - - /* Issuer. */ - ccp = Curl_DNtostr(&cert.issuer); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp); -- infof(data, " Issuer: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp); -+ if(!certnum) -+ infof(data, " Issuer: %s\n", ccp); - free((char *) ccp); - - /* Version (always fits in less than 32 bits). */ - version = 0; - for(ccp = cert.version.beg; ccp < cert.version.end; ccp++) - version = (version << 8) | *(const unsigned char *) ccp; -- ccp = curl_maprintf("%lx", version); -- if(!ccp) -- return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Version", ccp); -- free((char *) ccp); -- infof(data, " Version: %lu (0x%lx)\n", version + 1, version); -+ if(data->set.ssl.certinfo) { -+ ccp = curl_maprintf("%lx", version); -+ if(!ccp) -+ return CURLE_OUT_OF_MEMORY; -+ Curl_ssl_push_certinfo(data, certnum, "Version", ccp); -+ free((char *) ccp); -+ } -+ if(!certnum) -+ infof(data, " Version: %lu (0x%lx)\n", version + 1, version); - - /* Serial number. */ - ccp = Curl_ASN1tostr(&cert.serialNumber, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp); -- infof(data, " Serial Number: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp); -+ if(!certnum) -+ infof(data, " Serial Number: %s\n", ccp); - free((char *) ccp); - - /* Signature algorithm .*/ -@@ -941,24 +959,30 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - cert.signatureAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp); -- infof(data, " Signature Algorithm: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp); -+ if(!certnum) -+ infof(data, " Signature Algorithm: %s\n", ccp); - free((char *) ccp); - - /* Start Date. */ - ccp = Curl_ASN1tostr(&cert.notBefore, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp); -- infof(data, " Start Date: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp); -+ if(!certnum) -+ infof(data, " Start Date: %s\n", ccp); - free((char *) ccp); - - /* Expire Date. */ - ccp = Curl_ASN1tostr(&cert.notAfter, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp); -- infof(data, " Expire Date: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp); -+ if(!certnum) -+ infof(data, " Expire Date: %s\n", ccp); - free((char *) ccp); - - /* Public Key Algorithm. */ -@@ -966,8 +990,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - cert.subjectPublicKeyAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp); -- infof(data, " Public Key Algorithm: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp); -+ if(!certnum) -+ infof(data, " Public Key Algorithm: %s\n", ccp); - do_pubkey(data, certnum, ccp, ¶m, &cert.subjectPublicKey); - free((char *) ccp); - -@@ -977,8 +1003,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - ccp = Curl_ASN1tostr(&cert.signature, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Signature", ccp); -- infof(data, " Signature: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Signature", ccp); -+ if(!certnum) -+ infof(data, " Signature: %s\n", ccp); - free((char *) ccp); - - /* Generate PEM certificate. */ -@@ -987,7 +1015,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - &cp1, &cl1); - if(cc != CURLE_OK) - return cc; -- /* Compute the number of charaters in final certificate string. Format is: -+ /* Compute the number of characters in final certificate string. Format is: - -----BEGIN CERTIFICATE-----\n - \n - . -@@ -1008,8 +1036,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - i += copySubstring(cp2 + i, "-----END CERTIFICATE-----"); - cp2[i] = '\0'; - free(cp1); -- Curl_ssl_push_certinfo(data, certnum, "Cert", cp2); -- infof(data, "%s\n", cp2); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Cert", cp2); -+ if(!certnum) -+ infof(data, "%s\n", cp2); - free(cp2); - return CURLE_OK; - } -@@ -1148,4 +1178,4 @@ CURLcode Curl_verifyhost(struct connectdata * conn, - return CURLE_PEER_FAILED_VERIFICATION; - } - --#endif /* USE_QSOSSL or USE_GSKIT */ -+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ -diff --git a/lib/x509asn1.h b/lib/x509asn1.h -index 2276b5b..1741d6d 100644 ---- a/lib/x509asn1.h -+++ b/lib/x509asn1.h -@@ -25,7 +25,7 @@ - - #include "curl_setup.h" - --#if defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) - - #include "urldata.h" - -@@ -125,5 +125,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum, - CURLcode Curl_verifyhost(struct connectdata * conn, - const char * beg, const char * end); - --#endif /* USE_QSOSSL or USE_GSKIT */ -+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ - #endif /* HEADER_CURL_X509ASN1_H */ --- -1.8.4.2 - diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index f6542e5217f8..2e4d4cc1283c 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc-schannel.patch.1 \ external/curl/curl-7.26.0_mingw.patch \ external/curl/curl-7.26.0_win-proxy.patch \ - external/curl/NSS-support-for-CERTINFO-feature.patch \ )) ifeq ($(OS),ANDROID) -- cgit