annotate dpi/https.c @ 4662:b171b8610400 3.0.5

Support OpenSSL 1.1.0 taken-from: pkgsrc (Ryo ONODERA) submitted-by: Jun Ebihara <jun@soum.co.jp>
author Johannes Hofmann <Johannes.Hofmann@gmx.de>
date Fri, 06 Apr 2018 09:34:31 +0200
parents 9a3cdb75e816
children
rev   line source
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
1 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
2 * Dpi for HTTPS.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
3 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
4 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
5 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
6 * W A R N I N G
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
7 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
8 * One of the important things to have in mind is about whether
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
9 * unix domain sockets (UDS) are secure for https. I mean, root can always
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
10 * snoop on sockets (regardless of permissions) so he'd be able to "see" all
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
11 * the traffic. OTOH, if someone has root access on a machine he can do
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
12 * anything, and that includes modifying the binaries, peeking-up in
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
13 * memory space, installing a key-grabber, ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
14 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
15 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
16 * Copyright 2003, 2004 Jorge Arellano Cid <jcid@dillo.org>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
17 * Copyright 2004 Garrett Kajmowicz <gkajmowi@tbaytel.net>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
18 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
19 * This program is free software; you can redistribute it and/or modify
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
20 * it under the terms of the GNU General Public License as published by
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
21 * the Free Software Foundation; either version 3 of the License, or
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
22 * (at your option) any later version.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
23 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
24 * As a special exception permission is granted to link the code of
4195
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
25 * the https dillo plugin with the OpenSSL project's OpenSSL library
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
26 * (or a modified version of that library), and distribute the linked
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
27 * executables, without including the source code for the SSL library
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
28 * in the source distribution. You must obey the GNU General Public
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
29 * License, version 3, in all respects for all of the code used other
9a3cdb75e816 handle openssl derivatives in the license permissions for the https dpi
corvid
parents: 4158
diff changeset
30 * than the SSL library.
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
31 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
32 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
33
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
34 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
35 * TODO: a lot of things, this is just a bare bones example.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
36 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
37 * For instance:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
38 * - Handle cookies (now that they arrive with the dpip tag, it needs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
39 * testing).
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
40 * - Certificate authentication (asking the user in case it can't be verified)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
41 * - Certificate management.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
42 * - Session caching ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
43 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
44 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
45
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
46 #include <config.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
47 #include <unistd.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
48 #include <sys/types.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
49 #include <sys/socket.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
50 #include <netinet/in.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
51 #include <netdb.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
52 #include <sys/un.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
53 #include <stdio.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
54 #include <stdlib.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
55 #include <string.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
56 #include <signal.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
57 #include <sys/wait.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
58 #include <errno.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
59 #include <sys/time.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
60 #include <sys/stat.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
61
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
62 #include "../dpip/dpip.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
63 #include "dpiutil.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
64
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
65 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
66 * Debugging macros
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
67 */
488
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
68 #define SILENT 1
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
69 #define _MSG(...)
488
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
70 #if SILENT
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
71 #define MSG(...)
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
72 #else
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
73 #define MSG(...) fprintf(stderr, "[https dpi]: " __VA_ARGS__)
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
74 #endif
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
75
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
76
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
77 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
78
2776
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
79 #include <openssl/err.h>
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
80 #include <openssl/rand.h>
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
81 #include <openssl/ssl.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
82
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
83 static int get_network_connection(char * url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
84 static int handle_certificate_problem(SSL * ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
85 static int save_certificate_home(X509 * cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
86
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
87 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
88
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
89
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
90
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
91 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
92 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
93 * Global variables
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
94 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
95 static char *root_url = NULL; /*Holds the URL we are connecting to*/
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
96 static Dsh *sh;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
97
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
98
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
99 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
100
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
101 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
102 * Read the answer dpip tag for a dialog and return the number for
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
103 * the user-selected alternative.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
104 * Return: (-1: parse error, 0: window closed, 1-5 alt. number)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
105 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
106 static int dialog_get_answer_number(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
107 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
108 int response_number = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
109 char *dpip_tag, *response;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
110
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
111 /* Read the dpi command from STDIN */
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
112 dpip_tag = a_Dpip_dsh_read_token(sh, 1);
1236
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
113 response = a_Dpip_get_attr(dpip_tag, "msg");
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
114 response_number = (response) ? strtol (response, NULL, 10) : -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
115 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
116 dFree(response);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
117
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
118 return response_number;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
119 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
120
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
121
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
122 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
123 * This function does all of the work with SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
124 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
125 static void yes_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
126 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
127 /* The following variable will be set to 1 in the event of
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
128 * an error and skip any further processing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
129 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
130 int exit_error = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
131 SSL_CTX * ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
132 SSL * ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
133
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
134 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL,
2181
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
135 *proxy_url = NULL, *proxy_connect = NULL, *check_cert = NULL;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
136 char buf[4096];
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
137 int ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
138 int network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
139
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
140
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
141 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
142
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
143 /*Initialize library*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
144 SSL_load_error_strings();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
145 SSL_library_init();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
146 if (RAND_status() != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
147 /*Insufficient entropy. Deal with it?*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
148 MSG("Insufficient random entropy\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
149 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
150
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
151 /*Create context and SSL object*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
152 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
153 ssl_context = SSL_CTX_new(SSLv23_client_method());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
154 if (ssl_context == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
155 MSG("Error creating SSL context\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
156 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
157 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
158 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
159
4135
e3ce3849d536 everyone's finally disabling SSL3; let's do so too
corvid
parents: 4132
diff changeset
160 /* SSL2 has been known to be insecure forever, disabling SSL3 is in response
e3ce3849d536 everyone's finally disabling SSL3; let's do so too
corvid
parents: 4132
diff changeset
161 * to POODLE, and disabling compression is in response to CRIME.
4132
57949c5f2f77 a couple of quick https improvements
corvid
parents: 2776
diff changeset
162 */
2776
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
163 if (exit_error == 0){
4135
e3ce3849d536 everyone's finally disabling SSL3; let's do so too
corvid
parents: 4132
diff changeset
164 SSL_CTX_set_options(ssl_context,
e3ce3849d536 everyone's finally disabling SSL3; let's do so too
corvid
parents: 4132
diff changeset
165 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
2776
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
166 }
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
167
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
168 /*Set directory to load certificates from*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
169 /*FIXME - provide for sysconfdir variables and such*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
170 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
171 if (SSL_CTX_load_verify_locations(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
172 ssl_context, NULL, "/etc/ssl/certs/" ) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
173 MSG("Error opening system x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
174 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
175 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
176 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
177
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
178 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
179 snprintf(buf, 4095, "%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
180 if (SSL_CTX_load_verify_locations(ssl_context, NULL, buf )==0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
181 MSG("Error opening user x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
182 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
183 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
184 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
185
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
186 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
187 ssl_connection = SSL_new(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
188 if (ssl_connection == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
189 MSG("Error creating SSL connection\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
190 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
191 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
192 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
193
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
194 if (exit_error == 0){
4132
57949c5f2f77 a couple of quick https improvements
corvid
parents: 2776
diff changeset
195 /* Don't want: eNULL, which has no encryption; aNULL, which has no
57949c5f2f77 a couple of quick https improvements
corvid
parents: 2776
diff changeset
196 * authentication; LOW, which as of 2014 use 64 or 56-bit encryption;
4158
770cbef4fd18 https rm RC4 from cipher list
corvid
parents: 4135
diff changeset
197 * EXPORT40, which uses 40-bit encryption; RC4, for which methods were
770cbef4fd18 https rm RC4 from cipher list
corvid
parents: 4135
diff changeset
198 * found in 2013 to defeat it somewhat too easily.
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
199 */
4158
770cbef4fd18 https rm RC4 from cipher list
corvid
parents: 4135
diff changeset
200 SSL_CTX_set_cipher_list(ssl_context,
770cbef4fd18 https rm RC4 from cipher list
corvid
parents: 4135
diff changeset
201 "ALL:!aNULL:!eNULL:!LOW:!EXPORT40:!RC4");
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
202
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
203 /* Need to do this if we want to have the option of dealing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
204 * with self-signed certs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
205 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
206 SSL_set_verify(ssl_connection, SSL_VERIFY_NONE, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
207
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
208 /*Get the network address and command to be used*/
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
209 dpip_tag = a_Dpip_dsh_read_token(sh, 1);
1236
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
210 cmd = a_Dpip_get_attr(dpip_tag, "cmd");
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
211 proxy_url = a_Dpip_get_attr(dpip_tag, "proxy_url");
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
212 proxy_connect =
1236
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
213 a_Dpip_get_attr(dpip_tag, "proxy_connect");
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
214 url = a_Dpip_get_attr(dpip_tag, "url");
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
215 http_query = a_Dpip_get_attr(dpip_tag, "query");
2181
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
216 if (!(check_cert = a_Dpip_get_attr(dpip_tag, "check_cert"))) {
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
217 /* allow older dillo versions use this dpi */
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
218 check_cert = dStrdup("true");
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
219 }
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
220
2181
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
221 if (!cmd || !url || !http_query) {
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
222 MSG("***Value of cmd, url or http_query is NULL"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
223 " - cannot continue\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
224 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
225 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
226 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
227
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
228 if (exit_error == 0){
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
229 char *connect_url = proxy_url ? proxy_url : url;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
230
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
231 network_socket = get_network_connection(connect_url);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
232 if (network_socket<0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
233 MSG("Network socket create error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
234 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
235 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
236 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
237
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
238 if (exit_error == 0 && proxy_connect != NULL) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
239 ssize_t St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
240 const char *p = proxy_connect;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
241 int writelen = strlen(proxy_connect);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
242
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
243 while (writelen > 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
244 St = write(network_socket, p, writelen);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
245 if (St < 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
246 /* Error */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
247 if (errno != EINTR) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
248 MSG("Error writing to proxy.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
249 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
250 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
251 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
252 } else {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
253 p += St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
254 writelen -= St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
255 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
256 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
257 if (exit_error == 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
258 const size_t buflen = 200;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
259 char buf[buflen];
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
260 Dstr *reply = dStr_new("");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
261
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
262 while (1) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
263 St = read(network_socket, buf, buflen);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
264 if (St > 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
265 dStr_append_l(reply, buf, St);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
266 if (strstr(reply->str, "\r\n\r\n")) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
267 /* have whole reply header */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
268 if (reply->len >= 12 && reply->str[9] == '2') {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
269 /* e.g. "HTTP/1.1 200 Connection established[...]" */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
270 MSG("CONNECT through proxy succeeded.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
271 } else {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
272 /* TODO: send reply body to dillo */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
273 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
274 MSG("CONNECT through proxy failed.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
275 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
276 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
277 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
278 } else if (St < 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
279 if (errno != EINTR) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
280 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
281 MSG("Error reading from proxy.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
282 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
283 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
284 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
285 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
286 dStr_free(reply, 1);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
287 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
288 }
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
289
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
290 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
291 /* Configure SSL to use network file descriptor */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
292 if (SSL_set_fd(ssl_connection, network_socket) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
293 MSG("Error connecting network socket to SSL\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
294 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
295 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
296 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
297
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
298 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
299 /*Actually do SSL connection handshake*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
300 if (SSL_connect(ssl_connection) != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
301 MSG("SSL_connect failed\n");
2776
2147f3881a10 https dpi: disable SSLv2
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 2762
diff changeset
302 ERR_print_errors_fp(stderr);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
303 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
304 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
305 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
306
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
307 /*Use handle error function to decide what to do*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
308 if (exit_error == 0){
2181
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
309 if (strcmp(check_cert, "true") == 0 &&
016eebad18fe Workaround: request to only check the root URL's certificate (https).
Jorge Arellano Cid <jcid@dillo.org>
parents: 1807
diff changeset
310 handle_certificate_problem(ssl_connection) < 0){
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
311 MSG("Certificate verification error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
312 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
313 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
314 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
315
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
316 if (exit_error == 0) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
317 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
318
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
319 /*Send query we want*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
320 SSL_write(ssl_connection, http_query, (int)strlen(http_query));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
321
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
322 /*Analyse response from server*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
323
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
324 /*Send dpi command*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
325 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
326 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
327 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
328
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
329 /*Send remaining data*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
330
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
331 while ((ret = SSL_read(ssl_connection, buf, 4096)) > 0 ){
280
b91990181141 - Made https dpi flush after sending data (faster for dialups).
jcid
parents: 0
diff changeset
332 /* flush is good for dialup speed */
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
333 a_Dpip_dsh_write(sh, 1, buf, (size_t)ret);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
334 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
335 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
336
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
337 /*Begin cleanup of all resources used*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
338 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
339 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
340 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
341 dFree(http_query);
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
342 dFree(proxy_url);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
343 dFree(proxy_connect);
2189
58a4337ec8e9 fix leak in https certificate-checking workaround
corvid <corvid@lavabit.com>
parents: 2181
diff changeset
344 dFree(check_cert);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
345
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
346 if (network_socket != -1){
2762
8a508291ac35 Refactored FD close calls into a single new dClose() dlib function [p37sitdu]
Jorge Arellano Cid <jcid@dillo.org>
parents: 2653
diff changeset
347 dClose(network_socket);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
348 network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
349 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
350 if (ssl_connection != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
351 SSL_free(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
352 ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
353 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
354 if (ssl_context != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
355 SSL_CTX_free(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
356 ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
357 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
358 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
359
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
360 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
361 * The following function attempts to open up a connection to the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
362 * remote server and return the file descriptor number of the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
363 * socket. Returns -1 in the event of an error
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
364 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
365 static int get_network_connection(char * url)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
366 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
367 struct sockaddr_in address;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
368 struct hostent *hp;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
369
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
370 int s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
371 int url_offset = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
372 int portnum = 443;
1059
7bec6cfe6b6b Switched a few remaining "unsigned int" to "uint_t"
Jorge Arellano Cid <jcid@dillo.org>
parents: 928
diff changeset
373 uint_t url_look_up_length = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
374 char * url_look_up = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
375
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
376 /*Determine how much of url we chop off as unneeded*/
2332
29c53b9ebe92 locale-independent ASCII character case handling
corvid <corvid@lavabit.com>
parents: 2189
diff changeset
377 if (dStrnAsciiCasecmp(url, "https://", 8) == 0){
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
378 url_offset = 8;
2332
29c53b9ebe92 locale-independent ASCII character case handling
corvid <corvid@lavabit.com>
parents: 2189
diff changeset
379 } else if (dStrnAsciiCasecmp(url, "http://", 7) == 0) {
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
380 url_offset = 7;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
381 portnum = 80;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
382 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
383
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
384 /*Find end of URL*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
385
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
386 if (strpbrk(url+url_offset, ":/") != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
387 url_look_up_length = strpbrk(url+url_offset, ":/") - (url+url_offset);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
388 url_look_up = dStrndup(url+url_offset, url_look_up_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
389
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
390 /*Check for port number*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
391 if (strchr(url+url_offset, ':') ==
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
392 (url + url_offset + url_look_up_length)){
890
69abb432b88c s/atoi/strtol/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 488
diff changeset
393 portnum = strtol(url + url_offset + url_look_up_length + 1, NULL, 10);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
394 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
395 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
396 url_look_up = url + url_offset;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
397 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
398
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
399 root_url = dStrdup(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
400 hp=gethostbyname(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
401
1297
1b4980dcee36 spelling
corvid <corvid@lavabit.com>
parents: 1236
diff changeset
402 /*url_look_uip no longer needed, so free if necessary*/
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
403 if (url_look_up_length != 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
404 dFree(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
405 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
406
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
407 if (hp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
408 MSG("gethostbyname() failed\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
409 return -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
410 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
411
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
412 memset(&address,0,sizeof(address));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
413 memcpy((char *)&address.sin_addr, hp->h_addr, (size_t)hp->h_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
414 address.sin_family=hp->h_addrtype;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
415 address.sin_port= htons((u_short)portnum);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
416
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
417 s = socket(hp->h_addrtype, SOCK_STREAM, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
418 if (connect(s, (struct sockaddr *)&address, sizeof(address)) != 0){
2762
8a508291ac35 Refactored FD close calls into a single new dClose() dlib function [p37sitdu]
Jorge Arellano Cid <jcid@dillo.org>
parents: 2653
diff changeset
419 dClose(s);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
420 s = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
421 MSG("errno: %i\n", errno);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
422 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
423 return s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
424 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
425
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
426
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
427 /* This function is run only when the certificate cannot
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
428 * be completely trusted. This will notify the user and
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
429 * allow the user to decide what to do. It may save the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
430 * certificate to the user's .dillo directory if it is
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
431 * trusted.
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
432 *
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
433 * TODO: Rearrange this to get rid of redundancy.
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
434 *
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
435 * Return value: -1 on abort, 0 or higher on continue
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
436 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
437 static int handle_certificate_problem(SSL * ssl_connection)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
438 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
439 int response_number;
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
440 int ret = -1;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
441 long st;
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
442 char *cn;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
443 char buf[4096], *d_cmd, *msg;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
444
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
445 X509 * remote_cert;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
446
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
447 remote_cert = SSL_get_peer_certificate(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
448 if (remote_cert == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
449 /*Inform user that remote system cannot be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
450 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
451 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
452 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
453 "Dillo HTTPS: No certificate!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
454 "The remote system is NOT presenting a certificate.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
455 "This site CAN NOT be trusted. Sending data is NOT SAFE.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
456 "What do I do?",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
457 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
458 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
459 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
460
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
461 /*Read the user's response*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
462 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
463
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
464 /*Abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
465 if (response_number == 1){
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
466 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
467 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
468
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
469 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
470 /*Figure out if (and why) the remote system can't be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
471 st = SSL_get_verify_result(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
472 switch (st) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
473 case X509_V_OK: /*Everything is Kosher*/
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
474 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
475 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
476 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
477 /*Either self signed and untrusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
478 /*Extract CN from certificate name information*/
4662
b171b8610400 Support OpenSSL 1.1.0
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 4195
diff changeset
479 #if OPENSSL_VERSION_NUMBER < 0x10100000L
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
480 if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
4662
b171b8610400 Support OpenSSL 1.1.0
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 4195
diff changeset
481 #else
b171b8610400 Support OpenSSL 1.1.0
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 4195
diff changeset
482 if ((cn = strstr(X509_get_subject_name(remote_cert), "/CN=")) == NULL) {
b171b8610400 Support OpenSSL 1.1.0
Johannes Hofmann <Johannes.Hofmann@gmx.de>
parents: 4195
diff changeset
483 #endif
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
484 strcpy(buf, "(no CN given)");
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
485 } else {
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
486 char *cn_end;
1686
523350565889 Fix segfault with https and self-signed certs
corvid <corvid@lavabit.com>
parents: 1398
diff changeset
487
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
488 cn += 4;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
489
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
490 if ((cn_end = strstr(cn, "/")) == NULL )
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
491 cn_end = cn + strlen(cn);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
492
1687
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
493 strncpy(buf, cn, (size_t) (cn_end - cn));
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
494 buf[cn_end - cn] = '\0';
93753d2303cd Show the self-signed cert warning dialog even when no CN given.
corvid <corvid@lavabit.com>
parents: 1686
diff changeset
495 }
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
496 msg = dStrconcat("The remote certificate is self-signed and "
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
497 "untrusted.\nFor address: ", buf, NULL);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
498 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
499 "cmd=%s title=%s msg=%s alt1=%s alt2=%s alt3=%s",
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
500 "dialog",
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
501 "Dillo HTTPS: Untrusted certificate!", msg,
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
502 "Continue", "Cancel", "Save Certificate");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
503 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
504 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
505 dFree(msg);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
506
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
507 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
508 switch (response_number){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
509 case 1:
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
510 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
511 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
512 case 2:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
513 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
514 case 3:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
515 /*Save certificate to a file here and recheck the chain*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
516 /*Potential security problems because we are writing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
517 *to the filesystem*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
518 save_certificate_home(remote_cert);
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
519 ret = 1;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
520 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
521 default:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
522 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
523 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
524 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
525 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
526 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
527 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
528 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
529 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
530 "Dillo HTTPS: Missing certificate issuer!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
531 "The issuer for the remote certificate cannot be found\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
532 "The authenticity of the remote certificate cannot be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
533 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
534 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
535 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
536
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
537 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
538 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
539 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
540 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
541 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
542
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
543 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
544 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
545 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
546 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
547 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
548 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
549 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
550 "Dillo HTTPS: Invalid certificate!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
551 "The remote certificate signature could not be read\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
552 "or is invalid and should not be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
553 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
554 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
555 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
556
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
557 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
558 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
559 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
560 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
561 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
562 case X509_V_ERR_CERT_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
563 case X509_V_ERR_CRL_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
564 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
565 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
566 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
567 "Dillo HTTPS: Certificate not yet valid!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
568 "Part of the remote certificate is not yet valid\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
569 "Certificates usually have a range of dates over which\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
570 "they are to be considered valid, and the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
571 "presented has a starting validity after today's date\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
572 "You should be cautious about using this site",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
573 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
574 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
575 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
576
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
577 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
578 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
579 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
580 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
581 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
582 case X509_V_ERR_CERT_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
583 case X509_V_ERR_CRL_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
584 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
585 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
586 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
587 "Dillo HTTPS: Expired certificate!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
588 "The remote certificate has expired. The certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
589 "wasn't designed to last this long. You should avoid \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
590 "this site.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
591 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
592 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
593 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
594 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
595 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
596 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
597 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
598 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
599 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
600 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
601 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
602 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
603 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
604 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
605 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
606 "Dillo HTTPS: Certificate error!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
607 "There was an error in the certificate presented.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
608 "Some of the certificate data was improperly formatted\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
609 "making it impossible to determine if the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
610 "is valid. You should not trust this certificate.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
611 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
612 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
613 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
614 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
615 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
616 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
617 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
618 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
619 case X509_V_ERR_INVALID_CA:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
620 case X509_V_ERR_INVALID_PURPOSE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
621 case X509_V_ERR_CERT_UNTRUSTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
622 case X509_V_ERR_CERT_REJECTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
623 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
624 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
625 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
626 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
627 "Dillo HTTPS: Certificate chain error!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
628 "One of the certificates in the chain is being used\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
629 "incorrectly (possibly due to configuration problems\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
630 "with the remote system. The connection should not\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
631 "be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
632 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
633 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
634 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
635 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
636 if (response_number == 1) {
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
637 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
638 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
639 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
640 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
641 case X509_V_ERR_AKID_SKID_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
642 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
643 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
644 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
645 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
646 "Dillo HTTPS: Certificate mismatch!",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
647 "Some of the information presented by the remote system\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
648 "does not match other information presented\n"
1688
d13576c96a71 spelling
corvid <corvid@lavabit.com>
parents: 1687
diff changeset
649 "This may be an attempt to eavesdrop on communications",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
650 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
651 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
652 dFree(d_cmd);
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
653 response_number = dialog_get_answer_number();
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
654 if (response_number == 1) {
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
655 ret = 0;
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
656 }
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
657 break;
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
658 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
659 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
660 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
661 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
662 "Dillo HTTPS: Self signed certificate!",
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
663 "Self signed certificate in certificate chain. The certificate "
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
664 "chain could be built up using the untrusted certificates but the "
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
665 "root could not be found locally.",
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
666 "Continue", "Cancel");
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
667 a_Dpip_dsh_write_str(sh, 1, d_cmd);
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
668 dFree(d_cmd);
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
669 response_number = dialog_get_answer_number();
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
670 if (response_number == 1) {
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
671 ret = 0;
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
672 }
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
673 break;
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
674 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
675 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
676 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
677 "dialog",
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
678 "Dillo HTTPS: Missing issuer certificate!",
1807
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
679 "Unable to get local issuer certificate. The issuer certificate "
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
680 "of an untrusted certificate cannot be found.",
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
681 "Continue", "Cancel");
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
682 a_Dpip_dsh_write_str(sh, 1, d_cmd);
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
683 dFree(d_cmd);
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
684 response_number = dialog_get_answer_number();
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
685 if (response_number == 1) {
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
686 ret = 0;
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
687 }
58c7f6c80d2f https dpi: error strings for certificate error code 19 and 20
corvid <corvid@lavabit.com>
parents: 1689
diff changeset
688 break;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
689 default: /*Need to add more options later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
690 snprintf(buf, 80,
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
691 "The remote certificate cannot be verified (code %ld)", st);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
692 d_cmd = a_Dpip_build_cmd(
2653
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
693 "cmd=%s title=%s msg=%s alt1=%s alt2=%s",
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
694 "dialog",
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
695 "Dillo HTTPS: Unverifiable certificate!", buf,
888aae0bc1e4 Use titles with dpip dialogs.
Jeremy Henty <onepoint@starurchin.org>
parents: 2332
diff changeset
696 "Continue", "Cancel");
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
697 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
698 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
699 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
700 /*abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
701 if (response_number == 1){
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
702 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
703 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
704 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
705 X509_free(remote_cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
706 remote_cert = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
707 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
708
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
709 return ret;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
710 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
711
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
712 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
713 * Save certificate with a hashed filename.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
714 * Return: 0 on success, 1 on failure.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
715 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
716 static int save_certificate_home(X509 * cert)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
717 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
718 char buf[4096];
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
719
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
720 FILE * fp = NULL;
1059
7bec6cfe6b6b Switched a few remaining "unsigned int" to "uint_t"
Jorge Arellano Cid <jcid@dillo.org>
parents: 928
diff changeset
721 uint_t i = 0;
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
722 int ret = 1;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
723
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
724 /*Attempt to create .dillo/certs blindly - check later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
725 snprintf(buf,4096,"%s/.dillo/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
726 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
727 snprintf(buf,4096,"%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
728 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
729
928
7771cf243ca6 's/if(/if (/g' 's/for(/for (/g' 's/while(/while (/g', and indentation.
Jorge Arellano Cid <jcid@dillo.org>
parents: 890
diff changeset
730 do {
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
731 snprintf(buf, 4096, "%s/.dillo/certs/%lx.%u",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
732 dGethomedir(), X509_subject_name_hash(cert), i);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
733
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
734 fp=fopen(buf, "r");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
735 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
736 /*File name doesn't exist so we can use it safely*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
737 fp=fopen(buf, "w");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
738 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
739 MSG("Unable to open cert save file in home dir\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
740 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
741 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
742 PEM_write_X509(fp, cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
743 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
744 MSG("Wrote certificate\n");
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
745 ret = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
746 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
747 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
748 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
749 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
750 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
751 i++;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
752 /*Don't loop too many times - just give up*/
928
7771cf243ca6 's/if(/if (/g' 's/for(/for (/g' 's/while(/while (/g', and indentation.
Jorge Arellano Cid <jcid@dillo.org>
parents: 890
diff changeset
753 } while (i < 1024);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
754
1386
8f6d5a94ac0e s/retval/ret/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 1297
diff changeset
755 return ret;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
756 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
757
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
758
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
759
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
760 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
761
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
762
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
763 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
764 * Call this function to display an error message if SSL support
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
765 * isn't available for some reason
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
766 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
767 static void no_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
768 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
769 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
770 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
771
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
772 /* Read the dpi command from STDIN */
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
773 dpip_tag = a_Dpip_dsh_read_token(sh, 1);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
774
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
775 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
776 MSG("no_ssl_support version\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
777
1236
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
778 cmd = a_Dpip_get_attr(dpip_tag, "cmd");
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
779 url = a_Dpip_get_attr(dpip_tag, "url");
b912173aecd1 Added a_Dpip_get_attr_l() to DPIP's API
Jorge Arellano Cid <jcid@dillo.org>
parents: 1153
diff changeset
780 http_query = a_Dpip_get_attr(dpip_tag, "query");
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
781
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
782 MSG("{ cmd: %s}\n", cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
783 MSG("{ url: %s}\n", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
784 MSG("{ http_query:\n%s}\n", http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
785
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
786 MSG("{ sending dpip cmd...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
787
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
788 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
789 a_Dpip_dsh_write_str(sh, 1, d_cmd);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
790 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
791
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
792 MSG("{ dpip cmd sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
793
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
794 MSG("{ sending HTML...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
795
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
796 a_Dpip_dsh_printf(sh, 1,
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
797 "Content-type: text/html\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
798 "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>\n"
427
jcid
parents: 424
diff changeset
799 "<html><head><title>SSL support is disabled</title></head>\n"
jcid
parents: 424
diff changeset
800 "<body>\n"
jcid
parents: 424
diff changeset
801 "<p>\n"
jcid
parents: 424
diff changeset
802 " The https dpi was unable to send\n"
jcid
parents: 424
diff changeset
803 " the following HTTP query:\n"
jcid
parents: 424
diff changeset
804 " <blockquote><pre>%s</pre></blockquote>\n"
jcid
parents: 424
diff changeset
805 " because Dillo's prototype plugin for https support"
jcid
parents: 424
diff changeset
806 " is disabled.\n\n"
jcid
parents: 424
diff changeset
807 "<p>\n"
jcid
parents: 424
diff changeset
808 " If you want to test this <b>alpha</b> support code,\n"
jcid
parents: 424
diff changeset
809 " just reconfigure with <code>--enable-ssl</code>,\n"
jcid
parents: 424
diff changeset
810 " recompile and reinstall.\n\n"
jcid
parents: 424
diff changeset
811 " (Beware that this https support is very limited now)\n\n"
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
812 " To use https and SSL, you must have \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
813 " the OpenSSL development libraries installed. Check your\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
814 " O/S distribution provider, or check out\n"
427
jcid
parents: 424
diff changeset
815 " <a href=\"http://www.openssl.org\">www.openssl.org</a>.\n\n"
jcid
parents: 424
diff changeset
816 "</p>\n\n"
jcid
parents: 424
diff changeset
817 "</body></html>\n",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
818 http_query
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
819 );
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
820 MSG("{ HTML content sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
821
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
822 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
823 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
824 dFree(http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
825 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
826
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
827 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
828
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
829 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
830
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
831 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
832
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
833
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
834 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
835 int main(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
836 {
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
837 char *dpip_tag;
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
838
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
839 /* Initialize the SockHandler for this filter dpi */
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
840 sh = a_Dpip_dsh_new(STDIN_FILENO, STDOUT_FILENO, 8*1024);
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
841
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
842 /* Authenticate our client... */
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
843 if (!(dpip_tag = a_Dpip_dsh_read_token(sh, 1)) ||
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
844 a_Dpip_check_auth(dpip_tag) < 0) {
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
845 MSG("can't authenticate request: %s\n", dStrerror(errno));
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
846 a_Dpip_dsh_close(sh);
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
847 return 1;
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
848 }
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
849 dFree(dpip_tag);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
850
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
851 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
852 yes_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
853 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
854 no_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
855 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
856
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
857 /* Finish the SockHandler */
1398
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
858 a_Dpip_dsh_close(sh);
b0aec637cdc0 https dpi: convert to dsh API (with auth)
Jorge Arellano Cid <jcid@dillo.org>
parents: 1386
diff changeset
859 a_Dpip_dsh_free(sh);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
860
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
861 dFree(root_url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
862
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
863 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
864
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
865 return 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
866 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
867