AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
OPT_WINSSL=$withval)
+AC_ARG_WITH(schannel,dnl
+AC_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS])
+AC_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]),
+ OPT_WINSSL=$withval)
+
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then
ssl_msg=
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
-(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or
-later with libcurl 7.60 or later. This option is supported for backward
-compatibility with other SSL engines; instead it is recommended to use Windows'
-store of root certificates (the default for WinSSL).
+(Schannel only) This option is supported for Schannel in Windows 7 or later with
+libcurl 7.60 or later. This option is supported for backward compatibility
+with other SSL engines; instead it is recommended to use Windows' store of
+root certificates (the default for Schannel).
If this option is used several times, the last one will be used.
private key. If you want to use a file from the current directory, please
precede it with "./" prefix, in order to avoid confusion with a nickname.
-(Schannel/WinSSL only) Client certificates must be specified by a path
+(Schannel only) Client certificates must be specified by a path
expression to a certificate store. (Loading PFX is not supported; you can
import it to a store first). You can use
"<store location>\\<store name>\\<thumbprint>" to refer to a certificate
Long: ssl-no-revoke
-Help: Disable cert revocation checks (WinSSL)
+Help: Disable cert revocation checks (Schannel)
Added: 7.44.0
---
-(WinSSL) This option tells curl to disable certificate revocation checks.
+(Schannel) This option tells curl to disable certificate revocation checks.
WARNING: this option loosens the SSL security, and by using this flag you ask
for exactly that.
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0)
.RE
\fIssl_version\fP is an ASCII string for the TLS library name + version
-used. If libcurl has no SSL support, this is NULL. For example "WinSSL",
+used. If libcurl has no SSL support, this is NULL. For example "Schannel",
\&"SecureTransport" or "OpenSSL/1.1.0g".
\fIssl_version_num\fP is always 0.
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
mbedtls_ssl_context *
.IP PolarSSL
ssl_context *
-.IP "Secure Channel (WinSSL)"
+.IP "Secure Channel"
CtxtHandle *
.IP "Secure Transport (DarwinSSL)"
SSLContext *
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
-(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or
-later with libcurl 7.60 or later. This option is supported for backward
-compatibility with other SSL engines; instead it is recommended to use Windows'
-store of root certificates (the default for WinSSL).
+(Schannel only) This option is supported for Schannel in Windows 7 or later
+with libcurl 7.60 or later. This option is supported for backward
+compatibility with other SSL engines; instead it is recommended to use
+Windows' store of root certificates (the default for Schannel).
The application does not have to keep the string around after setting this
option.
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
}
.fi
.SH AVAILABILITY
-This option is supported by the OpenSSL, GnuTLS, WinSSL, NSS and GSKit backends.
+This option is supported by the OpenSSL, GnuTLS, Schannel, NSS and GSKit
+backends.
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
- 7.58.1: SChannel/WinSSL
+ 7.58.1: SChannel
sha256 support:
7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
- 7.58.1: SChannel/WinSSL Windows XP SP3+
+ 7.58.1: SChannel Windows XP SP3+
Other SSL backends not supported.
.SH RETURN VALUE
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
\fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation
checks for those SSL backends where such behavior is present. \fBCurrently
-this option is only supported for WinSSL (the native Windows SSL library),
+this option is only supported for Schannel (the native Windows SSL library),
with an exception in the case of Windows' Untrusted Publishers blacklist which
it seems can't be bypassed.\fP This option may have broader support to
accommodate other SSL backends in the future.
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
want to use a file from the current directory, please precede it with "./"
prefix, in order to avoid confusion with a nickname.
-(Schannel/WinSSL only) Client certificates must be specified by a path
-expression to a certificate store. (Loading PFX is not supported; you can
-import it to a store first). You can use
-"<store location>\\<store name>\\<thumbprint>" to refer to a certificate
-in the system certificates store, for example,
+(Schannel only) Client certificates must be specified by a path expression to
+a certificate store. (Loading PFX is not supported; you can import it to a
+store first). You can use "<store location>\\<store name>\\<thumbprint>" to
+refer to a certificate in the system certificates store, for example,
"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
usually a SHA-1 hex string which you can see in certificate details. Following
store locations are supported: CurrentUser, LocalMachine, CurrentService,
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
\fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation
checks for those SSL backends where such behavior is present. \fBCurrently this
-option is only supported for WinSSL (the native Windows SSL library), with an
+option is only supported for Schannel (the native Windows SSL library), with an
exception in the case of Windows' Untrusted Publishers blacklist which it seems
can't be bypassed.\fP This option may have broader support to accommodate other
SSL backends in the future.
/* Set the default CA cert bundle/path detected/specified at build time.
*
- * If Schannel (WinSSL) is the selected SSL backend then these locations
- * are ignored. We allow setting CA location for schannel only when
- * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ * If Schannel is the selected SSL backend then these locations are
+ * ignored. We allow setting CA location for schannel only when explicitly
+ * specified by the user via CURLOPT_CAINFO / --cacert.
*/
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
#if defined(CURL_CA_BUNDLE)
VERSION_LESS_THAN_EQUAL)) {
/* Schannel in Windows XP (OS version 5.1) uses legacy handshakes and
algorithms that may not be supported by all servers. */
- infof(data, "schannel: WinSSL version is old and may not be able to "
+ infof(data, "schannel: Windows version is old and may not be able to "
"connect to some servers due to lack of SNI, algorithms, etc.\n");
}
static size_t Curl_schannel_version(char *buffer, size_t size)
{
- size = msnprintf(buffer, size, "WinSSL");
+ size = msnprintf(buffer, size, "Schannel");
return size;
}
}
static void Curl_schannel_checksum(const unsigned char *input,
- size_t inputlen,
- unsigned char *checksum,
- size_t checksumlen,
- DWORD provType,
- const unsigned int algId)
+ size_t inputlen,
+ unsigned char *checksum,
+ size_t checksumlen,
+ DWORD provType,
+ const unsigned int algId)
{
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
unsigned char *md5sum,
size_t md5len)
{
- Curl_schannel_checksum(input, inputlen, md5sum, md5len,
- PROV_RSA_FULL, CALG_MD5);
- return CURLE_OK;
+ Curl_schannel_checksum(input, inputlen, md5sum, md5len,
+ PROV_RSA_FULL, CALG_MD5);
+ return CURLE_OK;
}
static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
unsigned char *sha256sum,
size_t sha256len)
{
- Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
- PROV_RSA_AES, CALG_SHA_256);
- return CURLE_OK;
+ Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
+ PROV_RSA_AES, CALG_SHA_256);
+ return CURLE_OK;
}
static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
/* Search and set cert file only if libcurl supports SSL.
*
- * If Schannel (WinSSL) is the selected SSL backend then these locations
- * are ignored. We allow setting CA location for schannel only when
- * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ * If Schannel is the selected SSL backend then these locations are
+ * ignored. We allow setting CA location for schannel only when explicitly
+ * specified by the user via CURLOPT_CAINFO / --cacert.
*/
if((curlinfo->features & CURL_VERSION_SSL) &&
backend != CURLSSLBACKEND_SCHANNEL) {
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
{" --ssl-allow-beast",
"Allow security flaw to improve interop"},
{" --ssl-no-revoke",
- "Disable cert revocation checks (WinSSL)"},
+ "Disable cert revocation checks (Schannel)"},
{" --ssl-reqd",
"Require SSL/TLS"},
{"-2, --sslv2",
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* no environment-specified filename is found then check for CA bundle
* default filename curl-ca-bundle.crt in the user's PATH.
*
- * If Schannel (WinSSL) is the selected SSL backend then these locations
- * are ignored. We allow setting CA location for schannel only when
- * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ * If Schannel is the selected SSL backend then these locations are
+ * ignored. We allow setting CA location for schannel only when explicitly
+ * specified by the user via CURLOPT_CAINFO / --cacert.
*/
if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {
char *env;
projects / curl / commitdiff