diff -Nacr curl-7.5.orig/configure curl-7.5/configure *** curl-7.5.orig/configure Fri Nov 10 10:27:26 2000 --- curl-7.5/configure Mon Dec 4 11:09:02 2000 *************** *** 30,35 **** --- 30,38 ---- ac_help="$ac_help --with-krb4[=DIR] where to look for Kerberos4" ac_help="$ac_help + --with-krb5[=DIR] where to look for KRB5 [compiler/linker default paths] + DIR points to the KRB5 installation [/usr/local/krb5]" + ac_help="$ac_help --with-ssl[=DIR] where to look for SSL [compiler/linker default paths] DIR points to the SSL installation [/usr/local/ssl]" ac_help="$ac_help *************** *** 3222,3227 **** --- 3225,3301 ---- fi + OPT_KRB5=off + # Check whether --with-krb5 or --without-krb5 was given. + if test "${with_krb5+set}" = set; then + withval="$with_krb5" + OPT_KRB5=$withval + fi + + + if test X"$OPT_KRB5" = Xno + then + echo "configure: warning: KRB5/https support disabled" 1>&2 + else + + + echo $ac_n "checking where to look for KRB5""... $ac_c" 1>&6 + echo "configure:1704: checking where to look for KRB5" >&5 + if test X"$OPT_KRB5" = Xoff + then + echo "$ac_t""defaults (or given in environment)" 1>&6 + else + test X"$OPT_KRB5" = Xyes && OPT_KRB5=/usr/local/krb5 + LIBKRB5="-L $OPT_KRB5/lib -lgssapi_krb5 -lkrb5 -lcom_err" + LIBKRB5="$LIBKRB5 -L.. -lk5crypto -lresolv" + CPPFLAGS="$CPPFLAGS -I$OPT_KRB5/include" + echo "$ac_t""$OPT_KRB5" 1>&6 + fi + + for ac_hdr in krb5.h + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 + echo "configure:1720: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" + { (eval echo configure:1730: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" + else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" + fi + rm -f conftest* + fi + if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 + fi + done + + + fi + + OPT_SSL=off # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then *************** *** 3245,3250 **** --- 3319,3327 ---- else test X"$OPT_SSL" = Xyes && OPT_SSL=/usr/local/ssl LIBS="$LIBS -L$OPT_SSL/lib" + LIBSSL=$OPT_SSL/lib/libssl.a + LIBCRYPTO=$OPT_SSL/lib/libcrypto.a + CPPFLAGS="$CPPFLAGS -DUSE_SSLEAY -DNO_IDEA" CPPFLAGS="$CPPFLAGS -I$OPT_SSL/include/openssl -I$OPT_SSL/include" echo "$ac_t""$OPT_SSL" 1>&6 fi diff -Nacr curl-7.5.orig/configure.in curl-7.5/configure.in *** curl-7.5.orig/configure.in Fri Nov 10 09:42:06 2000 --- curl-7.5/configure.in Mon Dec 4 11:09:02 2000 *************** *** 397,403 **** AC_MSG_RESULT([defaults (or given in environment)]) else test X"$OPT_SSL" = Xyes && OPT_SSL=/usr/local/ssl ! LIBS="$LIBS -L$OPT_SSL/lib" CPPFLAGS="$CPPFLAGS -I$OPT_SSL/include/openssl -I$OPT_SSL/include" AC_MSG_RESULT([$OPT_SSL]) fi --- 397,405 ---- AC_MSG_RESULT([defaults (or given in environment)]) else test X"$OPT_SSL" = Xyes && OPT_SSL=/usr/local/ssl ! LIBS="$LIBS -L$OPT_SSL/lib -lssl" ! LIBSSLCRYPTO=$OPT_SSL/lib/libcrypto.a ! CPPFLAGS="$CPPFLAGS -DUSE_SSLEAY" CPPFLAGS="$CPPFLAGS -I$OPT_SSL/include/openssl -I$OPT_SSL/include" AC_MSG_RESULT([$OPT_SSL]) fi *************** *** 442,447 **** --- 444,494 ---- RAND_screen ) fi + + dnl ********************************************************************** + dnl Check for the presence of KRB5 libraries and headers + dnl ********************************************************************** + + dnl Default to compiler & linker defaults for KRB5 files & libraries. + OPT_KRB5=off + AC_ARG_WITH(krb5,dnl + [ --with-krb5[=DIR] where to look for KRB5 [compiler/linker default paths] + DIR points to the KRB5 installation [/usr/local/krb5]], + OPT_KRB5=$withval + ) + + if test X"$OPT_KRB5" = Xno + then + AC_MSG_WARN(KRB5 support disabled) + else + + dnl Check for & handle argument to --with-krb5. + + AC_MSG_CHECKING(where to look for KRB5) + if test X"$OPT_KRB5" = Xoff + then + AC_MSG_RESULT([defaults (or given in environment)]) + else + test X"$OPT_KRB5" = Xyes && OPT_KRB5=/usr/local/krb5 + if test -r "$OPT_KRB5/lib/libcrypto.a" + then + ln -s $OPT_KRB5/lib/libcrypto.a libk5crypto.a + fi + LIBKRB5="-L $OPT_KRB5/lib -lgssapi_krb5 -lkrb5 -lcom_err" + LIBKRB5="$LIBKRB5 -L.. -lk5crypto" # save -lresolve for suns + EXTRA_LIBS="$EXTRA_LIBS $LIBKRB5" + AC_CHECK_LIB(resolv, res_search, EXTRA_LIBS="$EXTRA_LIBS -lresolv") + CPPFLAGS="$CPPFLAGS -I$OPT_KRB5/include" + AC_MSG_RESULT([$OPT_KRB5]) + fi + + dnl Check for KRB5 headers + AC_CHECK_HEADERS(krb5.h) + + fi + + AC_SUBST(EXTRA_LIBS) + dnl ********************************************************************** dnl Check for the presence of ZLIB libraries and headers diff -Nacr curl-7.5.orig/lib/highlevel.c curl-7.5/lib/highlevel.c *** curl-7.5.orig/lib/highlevel.c Tue Nov 28 04:41:01 2000 --- curl-7.5/lib/highlevel.c Mon Dec 4 11:09:02 2000 *************** *** 157,162 **** --- 157,167 ---- char *buf; int maxfd; + /* 20000707 VRS needed for renegotiating to KRB5-* ciphers */ + #ifdef USE_SSLEAY + BIO *bio = NULL; + #endif /* USE_SSLEAY */ + if(!conn || (conn->handle != STRUCT_CONNECT)) return CURLE_BAD_FUNCTION_ARGUMENT; *************** *** 246,251 **** --- 251,267 ---- /* if we receive 0 or less here, the server closed the connection and we bail out from this! */ + /* 20000707 VRS ... or not! + ** We should keepon keepin'on if renegotiating to KRB5-* ciphers + ** See also s3_pkt.c ~line 900 comments on renegotation and blocking + */ + #ifdef USE_SSLEAY + else if (data->ssl.handle->rwstate == SSL_READING && + (bio = SSL_get_rbio(data->ssl.handle)) && + BIO_should_read(bio) && BIO_should_retry(bio)) { + keepon &= KEEP_READ; /* no-op. avoid break in next else if */ + } + #endif /* USE_SSLEAY */ else if (0 >= (signed int) nread) { keepon &= ~KEEP_READ; break; diff -Nacr curl-7.5.orig/lib/ssluse.c curl-7.5/lib/ssluse.c *** curl-7.5.orig/lib/ssluse.c Mon Nov 6 17:52:26 2000 --- curl-7.5/lib/ssluse.c Mon Dec 4 11:09:02 2000 *************** *** 240,245 **** --- 240,250 ---- /* Lets make an SSL structure */ data->ssl.handle = SSL_new (data->ssl.ctx); SSL_set_connect_state (data->ssl.handle); + #ifndef NO_KRB5 + if (data->ssl.handle && data->ssl.handle->kssl_ctx) { + kssl_ctx_setstring(data->ssl.handle->kssl_ctx,KSSL_SERVER,data->hostname); + } + #endif /* NO_KRB5 */ data->ssl.server_cert = 0x0; *************** *** 263,268 **** --- 268,277 ---- * attack */ + #ifndef NO_KRB5 + if (strstr(SSL_get_cipher(data->ssl.handle), "KRB5") == NULL) { + #endif /* NO_KRB5 */ + data->ssl.server_cert = SSL_get_peer_certificate (data->ssl.handle); if(!data->ssl.server_cert) { failf(data, "SSL: couldn't get peer certificate!"); *************** *** 299,304 **** --- 308,316 ---- data->ssl.certverifyresult=0; X509_free(data->ssl.server_cert); + #ifndef NO_KRB5 + } + #endif /* NO_KRB5 */ #else /* USE_SSLEAY */ /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */ (void) data; diff -Nacr curl-7.5.orig/src/Makefile.am curl-7.5/src/Makefile.am *** curl-7.5.orig/src/Makefile.am Thu Nov 30 03:08:49 2000 --- curl-7.5/src/Makefile.am Mon Dec 4 11:09:02 2000 *************** *** 32,34 **** --- 32,39 ---- hugehelp.c: $(README) $(MANPAGE) mkhelp.pl rm -f hugehelp.c $(NROFF) -man $(MANPAGE) | $(PERL) $(MKHELP) $(README) > hugehelp.c + + # 20001019 VRS added $EXTRA_LIBS + curl: $(curl_OBJECTS) $(curl_DEPENDENCIES) + @rm -f curl + $(LINK) $(curl_LDFLAGS) $(curl_OBJECTS) $(curl_LDADD) $(LIBS) $(EXTRA_LIBS)