On Mon, 23 Apr 2012, Salisbury, Mark wrote:
So you're saying that the SSL write method could consume all the data (and
thus return bytes written = full amount), not send all the encrypted data,
and it will be called again to write the remaining bytes?
This is good. I'm trying to follow how t
haxx.se
[mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Monday, April 23, 2012 2:49 PM
To: libcurl development
Subject: RE: SSL/TLS support using Windows SSPI Schannel API
On Mon, 23 Apr 2012, Salisbury, Mark wrote:
> If you are asked to send 100 bytes, which is translated int
On Mon, 23 Apr 2012, Salisbury, Mark wrote:
If you are asked to send 100 bytes, which is translated into 125 encrypted
bytes, but only 30 bytes (encrypted) are actually sent, how do you know how
many unencrypted bytes were sent? (how do you know what to return to the
caller for bytes written?
2012/4/23 Salisbury, Mark :
> Further clarification - I don't think you have to send ALL the data
> requested, you just have to send full chunks. If you call Encrypt(), asking
> it to encrypt 32k bytes, but it only encrypts the first 4k, you need to fully
> send that 4k.
Ok, appending to my pr
2012/4/23 Salisbury, Mark :
> I think I didn't explain my concern very well - let me try again with fewer
> words :)
>
> If you are asked to send 100 bytes, which is translated into 125 encrypted
> bytes, but only 30 bytes (encrypted) are actually sent, how do you know how
> many unencrypted byt
Mark
Sent: Monday, April 23, 2012 2:26 PM
To: libcurl development
Subject: RE: SSL/TLS support using Windows SSPI Schannel API
I think I didn't explain my concern very well - let me try again with fewer
words :)
If you are asked to send 100 bytes, which is translated into 125 encrypted
bytes
xx.se
[mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Marc Hoersken
Sent: Monday, April 23, 2012 2:18 PM
To: libcurl development
Subject: Re: SSL/TLS support using Windows SSPI Schannel API
2012/4/23 Salisbury, Mark :
> Thinking about this a little bit more, I wonder if the SSL write function
2012/4/23 Salisbury, Mark :
> Thinking about this a little bit more, I wonder if the SSL write function
> really needs to write ALL the bytes the client passes in before it returns.
> Here's why. Suppose the client passes in 100 bytes of data to write (a small
> HTTP GET request). When we use
riginal Message-
From: curl-library-boun...@cool.haxx.se
[mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Marc Hoersken
Sent: Monday, April 23, 2012 12:15 PM
To: libcurl development
Subject: Re: SSL/TLS support using Windows SSPI Schannel API
2012/4/23 Daniel Stenberg :
> On Mon, 23 A
2012/4/23 Daniel Stenberg :
> On Mon, 23 Apr 2012, Salisbury, Mark wrote:
>
> Thanks a lot for your contribution Mark. Let's combine these into something
> great!
>
Yep, I am also for combining the solutions into something great!
>
>> - write buffering implemented (though this is very easy to do)
Hello,
2012/4/23 Salisbury, Mark :
> Hello,
>
> I've not been keeping on the mailing list for the last couple of weeks; I
> tune in and I see some great news - Marc Hoersken has implemented a
> non-openssl SSL for windows. Some of the work I've been doing for my company
> for the last couple of
On Mon, 23 Apr 2012, Salisbury, Mark wrote:
Thanks a lot for your contribution Mark. Let's combine these into something
great!
- write buffering implemented (though this is very easy to do). it
continues in a loop until all bytes are written. Not sure if this is what
Daniel intended as cor
Hi Marc,
Am 23.04.2012 08:08, schrieb Marc Hoersken:
I see you add version.lib to the LIBS variable in configure.ac. But
what about the static makefiles?
https://github.com/bagder/curl/commit/9ec0b7e0c44d29eca6f45916fe5af3501168fe85
I did only fix the oversight for the configure builds; Steve cov
Hi again,
2012/4/23 Marc Hoersken
>
> Hi Guenter,
> 2012/4/22 Guenter
>>
>> Hi Marc,
>> Am 22.04.2012 23:45, schrieb Marc Hoersken:
>>
>>> But I think the warnings Steve is referring to are the ones about the
>>> functions being missing.
>>> I think this is caused by version.lib not being linked.
Hi Guenter,
2012/4/22 Guenter
> Hi Marc,
> Am 22.04.2012 23:45, schrieb Marc Hoersken:
>
> But I think the warnings Steve is referring to are the ones about the
>> functions being missing.
>> I think this is caused by version.lib not being linked. So there seems
>> to be something wrong with the
Hi Guys,
>>> I can fix the problems with parameters 3 and 4 by putting the
>>> appropriate cast (LPVOID * and unsigned int * respectively) but why
>>> is the warning generated for parameter 2?
>>
>> I've no idea - not looked at code nor prototypes ...
>> but may I suggest same to you what I alre
Hi Marc,
Am 22.04.2012 23:45, schrieb Marc Hoersken:
But I think the warnings Steve is referring to are the ones about the
functions being missing.
I think this is caused by version.lib not being linked. So there seems
to be something wrong with the buildscripts.
hmm, so does this mean that once
Hi,
2012/4/22 Guenter :
> Hi Steve,
> Am 22.04.2012 22:24, schrieb Steve Holme:
>
>> Thank you. I've fixed the un-used variable and am a little stuck with
>> VerQueryValue().
>>
>> I'm not sure if I'm being a little dizzy tonight or not but...
>>
>> I can fix the problems with parameters 3 and 4 b
Hi Steve,
Am 22.04.2012 22:24, schrieb Steve Holme:
Thank you. I've fixed the un-used variable and am a little stuck with
VerQueryValue().
I'm not sure if I'm being a little dizzy tonight or not but...
I can fix the problems with parameters 3 and 4 by putting the appropriate
cast (LPVOID * and
Hi Guenter,
>Am 22.04.2012 21:13, schrieb Guenter:
>>> Am 22.04.2012 21:05, schrieb Guenter:
>>> one for ya ;-) :
>>> http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob15
>> just fixed this one:
>> http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob1
>> 4 more warnings remain wh
Am 22.04.2012 21:13, schrieb Guenter:
Am 22.04.2012 21:05, schrieb Guenter:
one for ya ;-) :
http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob15
just fixed this one:
http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob1
4 more warnings remain which your commit added ... :-)
Am 22.04.2012 21:05, schrieb Guenter:
one for ya ;-) :
http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob15
just fixed this one:
http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob1
4 more warnings remain which your commit added ... :-)
Gün.
---
Am 22.04.2012 21:13, schrieb Guenter:
4 more warnings remain which your commit added ... :-)
http://curl.haxx.se/dev/log.cgi?id=20120422184552-26795#prob2
Gün.
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiqu
Am 22.04.2012 20:18, schrieb Steve Holme:
I've just pushed the changes - sorry for the delay here... I was 1) Making
sure I had the makefiles right as I don't use them and 2) Trying to decide
on better error codes to use when parts of the Curl_sspi_version() function
fail but couldn't so I just w
Hi Marc,
On Sat, 21 Apr 2012, Marc Hoersken wrote:
> > I see you posted some more patches this evening, are you and Daniel
> > trying to push these or did you want me to push my change first?
>
> we are not pushing yet, just continuing development and cleanup at the
> moment.
I've just pushed t
On Sat, 21 Apr 2012, Marc Hoersken wrote:
The patches need to be applied in the following order:
...
Please inform me if that doesn't work.
Thanks, that worked fine! The little flaw with this method is that these
patches aren't made with git format-patch so I can't just 'git am' them into
2012/4/21 Steve Holme :
> Hi Marc,
>
> On Sat, 21 Apr 2012, Marc Hoersken wrote:
>
>> > I can push this myself but obviously it would break the work you have
>> > already done Marc and you would need to rebase.
>>
>> Just push your changes and I will merge them with mine. That's no
>> problem for m
Hi Marc,
On Sat, 21 Apr 2012, Marc Hoersken wrote:
> > I can push this myself but obviously it would break the work you have
> > already done Marc and you would need to rebase.
>
> Just push your changes and I will merge them with mine. That's no
> problem for me. ;-)
I see you posted some more
2012/4/21 Daniel Stenberg :
> On Sat, 21 Apr 2012, Marc Hoersken wrote:
>
>> Attached you will find the corresponding single patches and a patch
>> series.
>
>
> Thanks. This series seem to depend on one or more other patches. Can you
> specify exactly which?
The patches need to be applied in the
On Sat, 21 Apr 2012, Marc Hoersken wrote:
Attached you will find the corresponding single patches and a patch series.
Thanks. This series seem to depend on one or more other patches. Can you
specify exactly which?
--
/ daniel.haxx.se
---
2012/4/16 Marc Hoersken :
>> Then over to some pure style nits:
>>
>> 3 - we always put the first brace when declaring functions on column 0
>>
>>
>> 4 - I spotted a case of 'char* name' while we always use 'char *name'
>
>
> Ok, will fix those.
>
I have fixed these and pushed the changes to githu
Am 16.04.2012 22:59, schrieb Daniel Stenberg:
> On Mon, 16 Apr 2012, Marc Hoersken wrote:
>
>>> 5 - On many places in the code you use the hardcoded numers 4096 and
>>> 2048.
>>>Why those numbers? And why not use defined names for them?
>>
>> There is basically no reason for these specific numb
Am 16.04.2012 22:59, schrieb Steve Holme:
> Anyway I had a go at trying to get the version information for sspi into the
> main version string this evening and here is the result:
>
> curl 7.25.1-DEV (x86_64-pc-win32) libcurl/7.25.1-DEV sspi/6.1.7601.17725
> Protocols: dict file ftp gopher http i
Hi All,
On Mon, Apr 16, 2012 Steve Holme wrote:
> > 2012/4/15 Steve Holme :
> > >
> > > As a minor point I was wondering whether curl's version information
> > > should output the following instead:
> >
> > That's probably a good idea, but it requires changes to parts of
> > libcurl which I ha
On Mon, 16 Apr 2012, Marc Hoersken wrote:
5 - On many places in the code you use the hardcoded numers 4096 and 2048.
Why those numbers? And why not use defined names for them?
There is basically no reason for these specific numbers. 4096 is the initial
read buffer size and 2048 is the incr
On Mon, 16 Apr 2012, Marc Hoersken wrote:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Yes, but that does not mean that libcurl, as a general purpose URL
library, needs to do it.
It doesn't! libcurl doesn't send any user-agent field by default, it is set
by the cu
Hi Marc,
Am 16.04.2012 12:38, schrieb Marc Hoersken:
Yes, but that does not mean that libcurl, as a general purpose URL
library, needs to do it. I think that is something the application
developer needs to decide and not we. I don't think libcurl should
automatically give away too much informatio
2012/4/16 Steve Holme
> > We may also need to think about a privacy issue here, because
> > the first line is actually used as the HTTP user-agent and now
> > reveals the Windows version. The first two numbers of the SSPI
> > DLL version indicate the Windows NT version number, in this case
> > NT
Hi All,
On Mon, Apr 16, 2012 Marc Hoersken wrote:
> 2012/4/15 Steve Holme :
> >
> > As a minor point I was wondering whether curl's version
> > information should output the following instead:
>
> That's probably a good idea, but it requires changes to parts of
> libcurl which I haven't seen yet
2012/4/15 Steve Holme :
> Hi Guys,
>
> On Sat, Apr 14, 201 Marc Hoersken wrote:
>
>> Inside curl_schannel.c the string is appended to "Schannel-", so that
>> a complete version string looks like this:
>>
>> D:\Dev\curl>src\curl -V
>> curl 7.25.1-DEV (i386-pc-win32) libcurl/7.25.1-DEV
>> Schannel-SS
Hi Daniel,
2012/4/16 Daniel Stenberg
>
> On Sat, 14 Apr 2012, Marc Hoersken wrote:
>
>> I would really like to see those changes make it into libcurl. Maybe more
>> testing is required and therefore I also ask you people to test it. Once you
>> also consider it stable, it can be merged into lib
On Sat, 14 Apr 2012, Marc Hoersken wrote:
I would really like to see those changes make it into libcurl. Maybe more
testing is required and therefore I also ask you people to test it. Once you
also consider it stable, it can be merged into libcurl, even though there
are some long-term TODOs op
Hi
On 14 April 2012 08:54, Marc Hoersken wrote:
[...]
> Guenter recommended attaching a patch itself and this is what I do
> now, so that you can test the current version. But once it is going to
> be merged into libcurl, I would really like to see my development
> branch on github, including its
Hi Guys,
On Sat, Apr 14, 201 Marc Hoersken wrote:
> Inside curl_schannel.c the string is appended to "Schannel-", so that
> a complete version string looks like this:
>
> D:\Dev\curl>src\curl -V
> curl 7.25.1-DEV (i386-pc-win32) libcurl/7.25.1-DEV
> Schannel-SSPI/6.1.7601.17725
> Protocols: dic
Hello again,
I am still thinking about the version number being displayed. First of
all, I just pushed two changes to my repo:
commit af0ac5297ef1d9f44504b2e3613456cbb08ce5c8
Author: Marc Hoersken
Date: Sun Apr 15 08:57:51 2012 +0200
curl_sspi.c: Fallback to security function table versio
2012/4/14 Dan Fandrich :
> On Sat, Apr 14, 2012 at 10:45:52PM +0200, Guenter wrote:
>> >"Marc Hoersken" wrote:
>> >Agreed, merge into the official repo. I find it good.
>> /me too!
>> Daniel, do you agree? And if so can you please merge?
>
> Will the patch cause it to be used by default on Windows
On Sat, Apr 14, 2012 at 10:45:52PM +0200, Guenter wrote:
> >"Marc Hoersken" wrote:
> >Agreed, merge into the official repo. I find it good.
> /me too!
> Daniel, do you agree? And if so can you please merge?
Will the patch cause it to be used by default on Windows? It sounds like
it's not quite ma
Hi Daniel,
Am 14.04.2012 12:53, schrieb Gisle Vanem:
"Marc Hoersken" wrote:
I would really like to see those changes make it into libcurl. Maybe
more testing is required and therefore I also ask you people to test
it. Once you also consider it stable, it can be merged into libcurl,
even though
Hi Marc,
Am 14.04.2012 15:08, schrieb Marc Hoersken:
Yes, that's a good idea. I added a new function called
Curl_sspi_version to curl_sspi.[ch] to the product version of the
loaded DLL. This is based upon version.lib, which is available since
Windows 2000 Professional or Windows 2000 Server.
Ins
"Marc Hoersken" wrote:
functionality of SSL/TLS encryption behind the API. This is the whole
purpose of the general SSPI API and provider approach. It might be
hard to get some information out of it.
I think I see. I've played a little at enumerating and getting the
version of the security pa
2012/4/14 Gisle Vanem :
> "Marc Hoersken" wrote:
>
>> Therefore I consider those things something which I or others can add
>> later on, because until these options are implemented in libcurl,
>> Windows will choose the best available cipher from the registry and
>> use certificates from the Windo
"Marc Hoersken" wrote:
Therefore I consider those things something which I or others can add
later on, because until these options are implemented in libcurl,
Windows will choose the best available cipher from the registry and
use certificates from the Windows Certification Store.
Speaking of
Hi Marc,
> Is it okay for you if I re-factor the existing SSPI code in curl_sspi.[ch]
> and socks_sspi.c? I wanted to re-use some code and moved
> general error message handling code from socks_sspi.c to
> curl_sspi.c and added function signatures to curl_sspi.h.
I've been reading your posts with
Hello again,
I hope the repeating messages are not annoying anyone. Just want to
keep you up-to-date and this time ask a specific question:
Is it okay for you if I re-factor the existing SSPI code in
curl_sspi.[ch] and socks_sspi.c? I wanted to re-use some code and
moved general error message han
Hello everyone,
I just updated the schannel branch on github again.
The following things have been implemented since my last email:
- SSL/TLS session handling
- SSL/TLS re-negotiation
The remaining TODOs are now reduced to:
- implement write buffering
- implement SSL/TLS shutdown
- implement cl
2012/4/10 Gisle Vanem
> "Marc Hörsken" wrote:
>
> I thought it was working for you, sorry for the misunderstanding.
>>
>
> I though so too, but was mistaken.
Ah, okay.
> So, how exactly are you trying to build it? If you still want to do it.
>>
>
> I got the 'mback2k-curl-curl-7_25_0-67-**
"Marc Hörsken" wrote:
I thought it was working for you, sorry for the misunderstanding.
I though so too, but was mistaken.
So, how exactly are you trying to build it? If you still want to do it.
I got the 'mback2k-curl-curl-7_25_0-67-g306621b.zip' from git here:
https://github.com/mback2
2012/4/9 Gisle Vanem
> "Marc Hörsken" wrote:
>
> Yes, that is basically the whole purpose of this. Schannel is a
>> replacement for other SSL/TLS implementations, like OpenSSL.
>> I am currently building it using the previously mentioned Makefile.vc in
>> winbuild/ and can successfully do HTTPS
"Marc Hörsken" wrote:
Yes, that is basically the whole purpose of this. Schannel is a
replacement for other SSL/TLS implementations, like OpenSSL.
I am currently building it using the previously mentioned Makefile.vc in
winbuild/ and can successfully do HTTPS without OpenSSL.
Can you please t
2012/4/9 Gisle Vanem
> "Marc Hörsken" wrote:
>
> this weekend I took the time to create a new SSL/TLS module für libcurl.
>> It
>> is now possible to use the Windows SSPI Schannel API for SSL and TLS
>> connections.
>>
>
> I looked at briefly. I even built with your code easily w/o knowing
> an
"Marc Hörsken" wrote:
this weekend I took the time to create a new SSL/TLS module für libcurl. It
is now possible to use the Windows SSPI Schannel API for SSL and TLS
connections.
I looked at briefly. I even built with your code easily w/o knowing anything
about SSPI. No problems building it.
61 matches
Mail list logo
