github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Move warn logic into SocketCore 

Also fiddle a bit with the WinTLS implementation, forcing "strong"
crypto only for > SSLv3.
pull/314/head
Nils Maier 2014-12-13 08:08:47 +01:00
parent c5c38bf3a4
commit 3c8704178a
13 changed files with 193 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/AppleTLSSession.cc
View File

@ -43,7 +43,6 @@
#include "LogFactory.h" #include "LogFactory.h"
#include "a2functional.h" #include "a2functional.h"
#include "fmt.h" #include "fmt.h"
#include "message.h"
#define ioErr -36 #define ioErr -36
#define paramErr -50 #define paramErr -50
@ -380,6 +379,8 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
case TLS_PROTO_TLS12: case TLS_PROTO_TLS12:
(void)SSLSetProtocolVersionMin(sslCtx_, kTLSProtocol12); (void)SSLSetProtocolVersionMin(sslCtx_, kTLSProtocol12);
break; break;
default:
break;
} }
#else #else
(void)SSLSetProtocolVersionEnabled(sslCtx_, kSSLProtocolAll, false); (void)SSLSetProtocolVersionEnabled(sslCtx_, kSSLProtocolAll, false);
@ -395,6 +396,8 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
// fall through // fall through
case TLS_PROTO_TLS12: case TLS_PROTO_TLS12:
(void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true); (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true);
default:
break;
} }
#endif #endif
@ -696,6 +699,7 @@ OSStatus AppleTLSSession::sockRead(void* data, size_t* len)
} }
int AppleTLSSession::tlsConnect(const std::string& hostname, int AppleTLSSession::tlsConnect(const std::string& hostname,
TLSVersion& version,
std::string& handshakeErr) std::string& handshakeErr)
{ {
if (state_ != st_initialized) { if (state_ != st_initialized) {
@ -714,7 +718,7 @@ int AppleTLSSession::tlsConnect(const std::string& hostname,
return TLS_ERR_WOULDBLOCK; return TLS_ERR_WOULDBLOCK;
case errSSLServerAuthCompleted: case errSSLServerAuthCompleted:
return tlsConnect(hostname, handshakeErr); return tlsConnect(hostname, version, handshakeErr);
default: default:
handshakeErr = getLastErrorString(); handshakeErr = getLastErrorString();
@ -732,25 +736,32 @@ int AppleTLSSession::tlsConnect(const std::string& hostname,
hostname.c_str(), hostname.c_str(),
protoToString(proto), protoToString(proto),
suiteToString(suite).c_str())); suiteToString(suite).c_str()));
switch (proto) { switch (proto) {
case kSSLProtocol2: case kSSLProtocol3:
case kSSLProtocol3: { version = TLS_PROTO_SSL3;
std::string protoAndSuite = protoToString(proto); break;
protoAndSuite += " " + suiteToString(suite); case kTLSProtocol1:
A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, protoAndSuite.c_str())); version = TLS_PROTO_TLS10;
break;
case kTLSProtocol11:
version = TLS_PROTO_TLS11;
break;
case kTLSProtocol12:
version = TLS_PROTO_TLS12;
break; break;
}
default: default:
version = TLS_PROTO_NONE;
break; break;
} }
return TLS_ERR_OK; return TLS_ERR_OK;
} }
int AppleTLSSession::tlsAccept() int AppleTLSSession::tlsAccept(TLSVersion& version)
{ {
std::string hostname, err; std::string hostname, err;
return tlsConnect(hostname, err); return tlsConnect(hostname, version, err);
} }
std::string AppleTLSSession::getLastErrorString() std::string AppleTLSSession::getLastErrorString()

3
src/AppleTLSSession.h
View File

@ -96,12 +96,13 @@ public:
// When returning TLS_ERR_ERROR, provide certificate validation error // When returning TLS_ERR_ERROR, provide certificate validation error
// in |handshakeErr|. // in |handshakeErr|.
virtual int tlsConnect(const std::string& hostname, virtual int tlsConnect(const std::string& hostname,
TLSVersion& version,
std::string& handshakeErr) CXX11_OVERRIDE; std::string& handshakeErr) CXX11_OVERRIDE;
// Performs server side handshake. This function returns TLS_ERR_OK // Performs server side handshake. This function returns TLS_ERR_OK
// if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport // if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport
// blocks, or TLS_ERR_ERROR. // blocks, or TLS_ERR_ERROR.
virtual int tlsAccept() CXX11_OVERRIDE; virtual int tlsAccept(TLSVersion& version) CXX11_OVERRIDE;
// Returns last error string // Returns last error string
virtual std::string getLastErrorString() CXX11_OVERRIDE; virtual std::string getLastErrorString() CXX11_OVERRIDE;

59
src/LibgnutlsTLSSession.cc
View File

@ -39,9 +39,39 @@
#include "TLSContext.h" #include "TLSContext.h"
#include "util.h" #include "util.h"
#include "SocketCore.h" #include "SocketCore.h"
#include "LogFactory.h"
#include "fmt.h" namespace {
#include "message.h" using namespace aria2;
TLSVersion getProtocolFromSession(gnutls_session_t& session) {
auto proto = gnutls_protocol_get_version(session);
switch(proto) {
case GNUTLS_SSL3:
return TLS_PROTO_SSL3;
#ifdef GNUTLS_TLS1_0
case GNUTLS_TLS1_0:
return TLS_PROTO_TLS10;
#endif // GNUTLS_TLS1_0
#ifdef GNUTLS_TLS1_1
case GNUTLS_TLS1_1:
return TLS_PROTO_TLS11;
break;
#endif // GNUTLS_TLS1_1
#ifdef GNUTLS_TLS1_2
case GNUTLS_TLS1_2:
return TLS_PROTO_TLS12;
break;
#endif // GNUTLS_TLS1_2
default:
return TLS_PROTO_NONE;
break;
}
}
} // namespace
namespace aria2 { namespace aria2 {
@ -200,7 +230,8 @@ ssize_t GnuTLSSession::readData(void* data, size_t len)
} }
int GnuTLSSession::tlsConnect(const std::string& hostname, int GnuTLSSession::tlsConnect(const std::string& hostname,
std::string& handshakeErr) TLSVersion& version,
std::string& handshakeErr)
{ {
handshakeErr = ""; handshakeErr = "";
for(;;) { for(;;) {
@ -300,32 +331,18 @@ int GnuTLSSession::tlsConnect(const std::string& hostname,
return TLS_ERR_ERROR; return TLS_ERR_ERROR;
} }
} }
auto proto = gnutls_protocol_get_version(sslSession_);
switch(proto) {
case GNUTLS_SSL3: {
std::string protoAndSuite = gnutls_protocol_get_name(proto);
protoAndSuite += " ";
protoAndSuite += gnutls_cipher_suite_get_name(
gnutls_kx_get(sslSession_),
gnutls_cipher_get(sslSession_),
gnutls_mac_get(sslSession_)
);
A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, protoAndSuite.c_str()));
break;
}
default: version = getProtocolFromSession(sslSession_);
break;
}
return TLS_ERR_OK; return TLS_ERR_OK;
} }
int GnuTLSSession::tlsAccept() int GnuTLSSession::tlsAccept(TLSVersion& version)
{ {
for(;;) { for(;;) {
rv_ = gnutls_handshake(sslSession_); rv_ = gnutls_handshake(sslSession_);
if(rv_ == GNUTLS_E_SUCCESS) { if(rv_ == GNUTLS_E_SUCCESS) {
version = getProtocolFromSession(sslSession_);
return TLS_ERR_OK; return TLS_ERR_OK;
} }
if(rv_ == GNUTLS_E_AGAIN || rv_ == GNUTLS_E_INTERRUPTED) { if(rv_ == GNUTLS_E_AGAIN || rv_ == GNUTLS_E_INTERRUPTED) {

5
src/LibgnutlsTLSSession.h
View File

@ -56,8 +56,9 @@ public:
virtual ssize_t writeData(const void* data, size_t len) CXX11_OVERRIDE; virtual ssize_t writeData(const void* data, size_t len) CXX11_OVERRIDE;
virtual ssize_t readData(void* data, size_t len) CXX11_OVERRIDE; virtual ssize_t readData(void* data, size_t len) CXX11_OVERRIDE;
virtual int tlsConnect virtual int tlsConnect
(const std::string& hostname, std::string& handshakeErr) CXX11_OVERRIDE; (const std::string& hostname, TLSVersion& version, std::string& handshakeErr)
virtual int tlsAccept() CXX11_OVERRIDE; CXX11_OVERRIDE;
virtual int tlsAccept(TLSVersion& version) CXX11_OVERRIDE;
virtual std::string getLastErrorString() CXX11_OVERRIDE; virtual std::string getLastErrorString() CXX11_OVERRIDE;
private: private:
gnutls_session_t sslSession_; gnutls_session_t sslSession_;

59
src/LibsslTLSSession.cc
View File

@ -157,7 +157,7 @@ ssize_t OpenSSLTLSSession::readData(void* data, size_t len)
return ret; return ret;
} }
int OpenSSLTLSSession::handshake() int OpenSSLTLSSession::handshake(TLSVersion& version)
{ {
ERR_clear_error(); ERR_clear_error();
if(tlsContext_->getSide() == TLS_CLIENT) { if(tlsContext_->getSide() == TLS_CLIENT) {
@ -181,15 +181,45 @@ int OpenSSLTLSSession::handshake()
return TLS_ERR_ERROR; return TLS_ERR_ERROR;
} }
} }
switch(SSL_version(ssl_)) {
case SSL3_VERSION:
version = TLS_PROTO_SSL3;
break;
#ifdef TLS1_VERSION
case TLS1_VERSION:
version = TLS_PROTO_TLS10;
break;
#endif // TLS1_VERSION
#ifdef TLS1_1_VERSION
case TLS1_1_VERSION:
version = TLS_PROTO_TLS11;
break;
#endif // TLS1_1_VERSION
#ifdef TLS1_2_VERSION
case TLS1_2_VERSION:
version = TLS_PROTO_TLS12;
break;
#endif // TLS1_2_VERSION
default:
version = TLS_PROTO_NONE;
break;
}
return TLS_ERR_OK; return TLS_ERR_OK;
} }
int OpenSSLTLSSession::tlsConnect(const std::string& hostname, int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
std::string& handshakeErr) TLSVersion& version,
std::string& handshakeErr)
{ {
handshakeErr = ""; handshakeErr = "";
int ret; int ret;
ret = handshake(); ret = handshake(version);
if(ret != TLS_ERR_OK) { if(ret != TLS_ERR_OK) {
return ret; return ret;
} }
@ -268,31 +298,12 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
} }
} }
switch(SSL_version(ssl_)) {
case SSL3_VERSION:
case SSL2_VERSION: {
std::string protoAndSuite = "Unknown";
auto cipher = SSL_get_current_cipher(ssl_);
if(cipher) {
auto buf = make_unique<char[]>(256);
auto cipherstr = SSL_CIPHER_description(cipher, buf.get(), 256);
if(cipherstr) {
protoAndSuite = cipherstr;
}
}
A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, protoAndSuite.c_str()));
break;
}
default:
break;
}
return TLS_ERR_OK; return TLS_ERR_OK;
} }
int OpenSSLTLSSession::tlsAccept() int OpenSSLTLSSession::tlsAccept(TLSVersion& version)
{ {
return handshake(); return handshake(version);
} }
std::string OpenSSLTLSSession::getLastErrorString() std::string OpenSSLTLSSession::getLastErrorString()

7
src/LibsslTLSSession.h
View File

@ -56,11 +56,12 @@ public:
virtual ssize_t writeData(const void* data, size_t len) CXX11_OVERRIDE; virtual ssize_t writeData(const void* data, size_t len) CXX11_OVERRIDE;
virtual ssize_t readData(void* data, size_t len) CXX11_OVERRIDE; virtual ssize_t readData(void* data, size_t len) CXX11_OVERRIDE;
virtual int tlsConnect virtual int tlsConnect
(const std::string& hostname, std::string& handshakeErr) CXX11_OVERRIDE; (const std::string& hostname, TLSVersion& version, std::string& handshakeErr)
virtual int tlsAccept() CXX11_OVERRIDE; CXX11_OVERRIDE;
virtual int tlsAccept(TLSVersion& version) CXX11_OVERRIDE;
virtual std::string getLastErrorString() CXX11_OVERRIDE; virtual std::string getLastErrorString() CXX11_OVERRIDE;
private: private:
int handshake(); int handshake(TLSVersion& version);
SSL* ssl_; SSL* ssl_;
OpenSSLTLSContext* tlsContext_; OpenSSLTLSContext* tlsContext_;
// Last error code from openSSL library functions // Last error code from openSSL library functions

17
src/SocketCore.cc
View File

@ -830,6 +830,7 @@ bool SocketCore::tlsConnect(const std::string& hostname)
bool SocketCore::tlsHandshake(TLSContext* tlsctx, const std::string& hostname) bool SocketCore::tlsHandshake(TLSContext* tlsctx, const std::string& hostname)
{ {
TLSVersion ver = TLS_PROTO_NONE;
int rv = 0; int rv = 0;
std::string handshakeError; std::string handshakeError;
wantRead_ = false; wantRead_ = false;
@ -860,9 +861,9 @@ bool SocketCore::tlsHandshake(TLSContext* tlsctx, const std::string& hostname)
// Fall through // Fall through
case A2_TLS_HANDSHAKING: case A2_TLS_HANDSHAKING:
if(tlsctx->getSide() == TLS_CLIENT) { if(tlsctx->getSide() == TLS_CLIENT) {
rv = tlsSession_->tlsConnect(hostname, handshakeError); rv = tlsSession_->tlsConnect(hostname, ver, handshakeError);
} else { } else {
rv = tlsSession_->tlsAccept(); rv = tlsSession_->tlsAccept(ver);
} }
if(rv == TLS_ERR_OK) { if(rv == TLS_ERR_OK) {
secure_ = A2_TLS_CONNECTED; secure_ = A2_TLS_CONNECTED;
@ -883,6 +884,18 @@ bool SocketCore::tlsHandshake(TLSContext* tlsctx, const std::string& hostname)
default: default:
break; break;
} }
switch(ver) {
case TLS_PROTO_NONE:
A2_LOG_WARN(MSG_WARN_UNKNOWN_TLS_CONNECTION);
break;
case TLS_PROTO_SSL3:
A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, "SSLv3"));
break;
default:
break;
}
return true; return true;
} }

1
src/TLSContext.h
View File

@ -47,6 +47,7 @@ enum TLSSessionSide {
}; };
enum TLSVersion { enum TLSVersion {
TLS_PROTO_NONE,
TLS_PROTO_SSL3, TLS_PROTO_SSL3,
TLS_PROTO_TLS10, TLS_PROTO_TLS10,
TLS_PROTO_TLS11, TLS_PROTO_TLS11,

5
src/TLSSession.h
View File

@ -99,12 +99,13 @@ public:
// if the underlying transport blocks, or TLS_ERR_ERROR. // if the underlying transport blocks, or TLS_ERR_ERROR.
// When returning TLS_ERR_ERROR, provide certificate validation error // When returning TLS_ERR_ERROR, provide certificate validation error
// in |handshakeErr|. // in |handshakeErr|.
virtual int tlsConnect(const std::string& hostname, std::string& handshakeErr) = 0; virtual int tlsConnect(const std::string& hostname, TLSVersion& version,
std::string& handshakeErr) = 0;
// Performs server side handshake. This function returns TLS_ERR_OK // Performs server side handshake. This function returns TLS_ERR_OK
// if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport // if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport
// blocks, or TLS_ERR_ERROR. // blocks, or TLS_ERR_ERROR.
virtual int tlsAccept() = 0; virtual int tlsAccept(TLSVersion& version) = 0;
// Returns last error string // Returns last error string
virtual std::string getLastErrorString() = 0; virtual std::string getLastErrorString() = 0;

51
src/WinTLSContext.cc
View File

@ -61,6 +61,9 @@
#define SCH_USE_STRONG_CRYPTO 0x00400000 #define SCH_USE_STRONG_CRYPTO 0x00400000
#endif #endif
#define WEAK_CIPHER_BITS 56
#define STRONG_CIPHER_BITS 128
namespace aria2 { namespace aria2 {
WinTLSContext::WinTLSContext(TLSSessionSide side, TLSVersion ver) WinTLSContext::WinTLSContext(TLSSessionSide side, TLSVersion ver)
@ -82,6 +85,9 @@ WinTLSContext::WinTLSContext(TLSSessionSide side, TLSVersion ver)
// fall through // fall through
case TLS_PROTO_TLS12: case TLS_PROTO_TLS12:
credentials_.grbitEnabledProtocols |= SP_PROT_TLS1_2_CLIENT; credentials_.grbitEnabledProtocols |= SP_PROT_TLS1_2_CLIENT;
// fall through
default:
break;
} }
} }
else { else {
@ -97,9 +103,23 @@ WinTLSContext::WinTLSContext(TLSSessionSide side, TLSVersion ver)
// fall through // fall through
case TLS_PROTO_TLS12: case TLS_PROTO_TLS12:
credentials_.grbitEnabledProtocols |= SP_PROT_TLS1_2_SERVER; credentials_.grbitEnabledProtocols |= SP_PROT_TLS1_2_SERVER;
// fall through
default:
break;
} }
} }
credentials_.dwMinimumCipherStrength = 128; // bit
switch (ver) {
case TLS_PROTO_SSL3:
// User explicitly wanted SSLv3 and therefore weak ciphers.
credentials_.dwMinimumCipherStrength = WEAK_CIPHER_BITS;
break;
default:
// Strong protocol versions: Use a minimum strength, which might be later
// refined using SCH_USE_STRONG_CRYPTO in the flags.
credentials_.dwMinimumCipherStrength = STRONG_CIPHER_BITS;
}
setVerifyPeer(side_ == TLS_CLIENT); setVerifyPeer(side_ == TLS_CLIENT);
} }
@ -126,19 +146,30 @@ void WinTLSContext::setVerifyPeer(bool verify)
{ {
cred_.reset(); cred_.reset();
// Never automatically push any client or server certs. We'll do cert setup
// ourselves.
credentials_.dwFlags = SCH_CRED_NO_DEFAULT_CREDS;
if (credentials_.dwMinimumCipherStrength > WEAK_CIPHER_BITS) {
// Enable strong crypto if we already set a minimum cipher streams.
// This might actually require evem stronger algorithms, which is a good
// thing.
credentials_.dwFlags |= SCH_USE_STRONG_CRYPTO;
}
if (side_ != TLS_CLIENT || !verify) { if (side_ != TLS_CLIENT || !verify) {
credentials_.dwFlags = SCH_CRED_NO_DEFAULT_CREDS | // No verfication for servers and if user explicitly requested it
SCH_CRED_MANUAL_CRED_VALIDATION | credentials_.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION |
SCH_CRED_IGNORE_NO_REVOCATION_CHECK | SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_IGNORE_REVOCATION_OFFLINE |
SCH_CRED_NO_SERVERNAME_CHECK | SCH_USE_STRONG_CRYPTO; SCH_CRED_NO_SERVERNAME_CHECK;
return; return;
} }
credentials_.dwFlags = // Verify other side's cert chain.
SCH_CRED_NO_DEFAULT_CREDS | SCH_CRED_AUTO_CRED_VALIDATION | credentials_.dwFlags |= SCH_CRED_AUTO_CRED_VALIDATION |
SCH_CRED_REVOCATION_CHECK_CHAIN | SCH_CRED_IGNORE_NO_REVOCATION_CHECK | SCH_CRED_REVOCATION_CHECK_CHAIN |
SCH_USE_STRONG_CRYPTO; SCH_CRED_IGNORE_NO_REVOCATION_CHECK;
} }
CredHandle* WinTLSContext::getCredHandle() CredHandle* WinTLSContext::getCredHandle()

39
src/WinTLSSession.cc
View File

@ -283,7 +283,8 @@ ssize_t WinTLSSession::writeData(const void* data, size_t len)
state_ == st_handshake_read) { state_ == st_handshake_read) {
// Renegotiating // Renegotiating
std::string hn, err; std::string hn, err;
auto connect = tlsConnect(hn, err); TLSVersion ver;
auto connect = tlsConnect(hn, ver, err);
if (connect != TLS_ERR_OK) { if (connect != TLS_ERR_OK) {
return connect; return connect;
} }
@ -479,7 +480,8 @@ ssize_t WinTLSSession::readData(void* data, size_t len)
state_ == st_handshake_read) { state_ == st_handshake_read) {
// Renegotiating // Renegotiating
std::string hn, err; std::string hn, err;
auto connect = tlsConnect(hn, err); TLSVersion ver;
auto connect = tlsConnect(hn, ver, err);
if (connect != TLS_ERR_OK) { if (connect != TLS_ERR_OK) {
return connect; return connect;
} }
@ -559,7 +561,8 @@ ssize_t WinTLSSession::readData(void* data, size_t len)
state_ = st_initialized; state_ = st_initialized;
A2_LOG_INFO("WinTLS: Renegotiate"); A2_LOG_INFO("WinTLS: Renegotiate");
std::string hn, err; std::string hn, err;
auto connect = tlsConnect(hn, err); TLSVersion ver;
auto connect = tlsConnect(hn, ver, err);
if (connect == TLS_ERR_WOULDBLOCK) { if (connect == TLS_ERR_WOULDBLOCK) {
break; break;
} }
@ -590,6 +593,7 @@ ssize_t WinTLSSession::readData(void* data, size_t len)
} }
int WinTLSSession::tlsConnect(const std::string& hostname, int WinTLSSession::tlsConnect(const std::string& hostname,
TLSVersion& version,
std::string& handshakeErr) std::string& handshakeErr)
{ {
// Handshaking will require sending multiple read/write exchanges until the // Handshaking will require sending multiple read/write exchanges until the
@ -819,28 +823,29 @@ restart:
} }
// Fall through // Fall through
case st_handshake_done: { case st_handshake_done:
// All ready now :D // All ready now :D
state_ = st_connected; state_ = st_connected;
A2_LOG_INFO( A2_LOG_INFO(
fmt("WinTLS: connected with: %s", getCipherSuite(&handle_).c_str())); fmt("WinTLS: connected with: %s", getCipherSuite(&handle_).c_str()));
auto proto = getProtocolVersion(&handle_); switch (getProtocolVersion(&handle_)) {
if (proto < 0x301) {
std::string protoAndSuite;
switch (proto) {
case 0x300: case 0x300:
protoAndSuite = "SSLv3"; version = TLS_PROTO_SSL3;
break;
case 0x301:
version = TLS_PROTO_TLS10;
break;
case 0x302:
version = TLS_PROTO_TLS11;
break;
case 0x303:
version = TLS_PROTO_TLS12;
break; break;
default: default:
protoAndSuite = "Unknown"; version = TLS_PROTO_NONE;
break; break;
}
protoAndSuite += " " + getCipherSuite(&handle_);
A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, protoAndSuite.c_str()));
} }
return TLS_ERR_OK; return TLS_ERR_OK;
}
} }
@ -849,10 +854,10 @@ restart:
return TLS_ERR_ERROR; return TLS_ERR_ERROR;
} }
int WinTLSSession::tlsAccept() int WinTLSSession::tlsAccept(TLSVersion& version)
{ {
std::string host, err; std::string host, err;
return tlsConnect(host, err); return tlsConnect(host, version, err);
} }
std::string WinTLSSession::getLastErrorString() std::string WinTLSSession::getLastErrorString()

3
src/WinTLSSession.h
View File

@ -176,12 +176,13 @@ public:
// When returning TLS_ERR_ERROR, provide certificate validation error // When returning TLS_ERR_ERROR, provide certificate validation error
// in |handshakeErr|. // in |handshakeErr|.
virtual int tlsConnect(const std::string& hostname, virtual int tlsConnect(const std::string& hostname,
TLSVersion& version,
std::string& handshakeErr) CXX11_OVERRIDE; std::string& handshakeErr) CXX11_OVERRIDE;
// Performs server side handshake. This function returns TLS_ERR_OK // Performs server side handshake. This function returns TLS_ERR_OK
// if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport // if it succeeds, or TLS_ERR_WOULDBLOCK if the underlying transport
// blocks, or TLS_ERR_ERROR. // blocks, or TLS_ERR_ERROR.
virtual int tlsAccept() CXX11_OVERRIDE; virtual int tlsAccept(TLSVersion& version) CXX11_OVERRIDE;
// Returns last error string // Returns last error string
virtual std::string getLastErrorString() CXX11_OVERRIDE; virtual std::string getLastErrorString() CXX11_OVERRIDE;

9
src/message.h
View File

@ -183,10 +183,13 @@
#define MSG_WARN_NO_CA_CERT \ #define MSG_WARN_NO_CA_CERT \
_("You may encounter the certificate verification error with HTTPS server." \ _("You may encounter the certificate verification error with HTTPS server." \
" See --ca-certificate and --check-certificate option.") " See --ca-certificate and --check-certificate option.")
#define MSG_WARN_UNKNOWN_TLS_CONNECTION \
_("aria2c had to connect to the other side using an unknown TLS protocol. " \
"The integrity and confidentiality of the connection might be compromised.")
#define MSG_WARN_OLD_TLS_CONNECTION \ #define MSG_WARN_OLD_TLS_CONNECTION \
_("aria2c had to connect to the server using an old and vulnerable cipher" \ _("aria2c had to connect to the other side using an old and vulnerable TLS" \
" suite. The integrity and confidentiality of the connection might be" \ " protocol. The integrity and confidentiality of the connection might be" \
" compromised.\nProtocol and cipher suite: %s") " compromised.\nProtocol: %s")
#define MSG_SHOW_FILES _("Printing the contents of file '%s'...") #define MSG_SHOW_FILES _("Printing the contents of file '%s'...")
#define MSG_NOT_TORRENT_METALINK _("This file is neither Torrent nor Metalink" \ #define MSG_NOT_TORRENT_METALINK _("This file is neither Torrent nor Metalink" \
" file. Skipping.") " file. Skipping.")