annotate dpi/https.c @ 0:6ee11bf9e3ea

Initial revision
author jcid
date Sun, 07 Oct 2007 00:36:34 +0200
parents
children b91990181141
rev   line source
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
1 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
2 * Dpi for HTTPS.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
3 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
4 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
5 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
6 * W A R N I N G
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
7 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
8 * One of the important things to have in mind is about whether
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
9 * unix domain sockets (UDS) are secure for https. I mean, root can always
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
10 * snoop on sockets (regardless of permissions) so he'd be able to "see" all
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
11 * the traffic. OTOH, if someone has root access on a machine he can do
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
12 * anything, and that includes modifying the binaries, peeking-up in
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
13 * memory space, installing a key-grabber, ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
14 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
15 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
16 * Copyright 2003, 2004 Jorge Arellano Cid <jcid@dillo.org>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
17 * Copyright 2004 Garrett Kajmowicz <gkajmowi@tbaytel.net>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
18 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
19 * This program is free software; you can redistribute it and/or modify
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
20 * it under the terms of the GNU General Public License as published by
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
21 * the Free Software Foundation; either version 3 of the License, or
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
22 * (at your option) any later version.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
23 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
24 * As a special exception permission is granted to link the code of
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
25 * the https dillo plugin with the OpenSSL project's "OpenSSL"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
26 * library, and distribute the linked executables, without including
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
27 * the source code for OpenSSL in the source distribution. You must
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
28 * obey the GNU General Public License, version 2, in all respects
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
29 * for all of the code used other than "OpenSSL".
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
30 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
31 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
32
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
33 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
34 * TODO: a lot of things, this is just a bare bones example.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
35 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
36 * For instance:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
37 * - Handle cookies (now that they arrive with the dpip tag, it needs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
38 * testing).
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
39 * - Certificate authentication (asking the user in case it can't be verified)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
40 * - Certificate management.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
41 * - Session caching ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
42 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
43 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
44
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
45 #include <config.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
46 #include <unistd.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
47 #include <sys/types.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
48 #include <sys/socket.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
49 #include <netinet/in.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
50 #include <netdb.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
51 #include <sys/un.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
52 #include <stdio.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
53 #include <stdlib.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
54 #include <string.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
55 #include <signal.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
56 #include <sys/wait.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
57 #include <errno.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
58 #include <sys/time.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
59 #include <sys/stat.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
60
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
61 #include "../dpip/dpip.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
62 #include "dpiutil.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
63
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
64 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
65 * Debugging macros
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
66 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
67 #define _MSG(...)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
68 #define MSG(...) printf("[https dpi]: " __VA_ARGS__)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
69
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
70
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
71
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
72 #define ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
73 /* #undef ENABLE_SSL */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
74 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
75
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
76 #include <openssl/ssl.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
77 #include <openssl/rand.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
78
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
79 static int get_network_connection(char * url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
80 static int handle_certificate_problem(SSL * ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
81 static int save_certificate_home(X509 * cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
82
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
83 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
84
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
85
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
86
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
87 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
88 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
89 * Global variables
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
90 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
91 static char *root_url = NULL; /*Holds the URL we are connecting to*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
92 static SockHandler *sh;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
93
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
94
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
95 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
96
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
97 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
98 * Read the answer dpip tag for a dialog and return the number for
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
99 * the user-selected alternative.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
100 * Return: (-1: parse error, 0: window closed, 1-5 alt. number)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
101 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
102 static int dialog_get_answer_number(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
103 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
104 int response_number = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
105 char *dpip_tag, *response;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
106
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
107 /* Read the dpi command from STDIN */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
108 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
109 response = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "msg");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
110 response_number = (response) ? strtol (response, NULL, 10) : -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
111 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
112 dFree(response);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
113
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
114 return response_number;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
115 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
116
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
117
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
118 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
119 * This function does all of the work with SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
120 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
121 static void yes_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
122 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
123 /* The following variable will be set to 1 in the event of
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
124 * an error and skip any further processing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
125 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
126 int exit_error = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
127 SSL_CTX * ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
128 SSL * ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
129
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
130 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
131 char buf[4096];
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
132 int retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
133 int network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
134
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
135
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
136 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
137
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
138 /*Initialize library*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
139 SSL_load_error_strings();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
140 SSL_library_init();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
141 if (RAND_status() != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
142 /*Insufficient entropy. Deal with it?*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
143 MSG("Insufficient random entropy\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
144 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
145
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
146 /*Create context and SSL object*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
147 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
148 ssl_context = SSL_CTX_new(SSLv23_client_method());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
149 if (ssl_context == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
150 MSG("Error creating SSL context\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
151 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
152 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
153 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
154
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
155 /*Set directory to load certificates from*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
156 /*FIXME - provide for sysconfdir variables and such*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
157 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
158 if (SSL_CTX_load_verify_locations(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
159 ssl_context, NULL, "/etc/ssl/certs/" ) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
160 MSG("Error opening system x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
161 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
162 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
163 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
164
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
165 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
166 snprintf(buf, 4095, "%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
167 if (SSL_CTX_load_verify_locations(ssl_context, NULL, buf )==0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
168 MSG("Error opening user x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
169 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
170 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
171 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
172
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
173 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
174 ssl_connection = SSL_new(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
175 if (ssl_connection == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
176 MSG("Error creating SSL connection\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
177 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
178 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
179 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
180
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
181 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
182 /* Need to do the following if we want to deal with all
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
183 * possible ciphers
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
184 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
185 SSL_set_cipher_list(ssl_connection, "ALL");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
186
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
187 /* Need to do this if we want to have the option of dealing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
188 * with self-signed certs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
189 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
190 SSL_set_verify(ssl_connection, SSL_VERIFY_NONE, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
191
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
192 /*Get the network address and command to be used*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
193 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
194 cmd = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "cmd");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
195 url = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "url");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
196 http_query = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "query");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
197
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
198 if (cmd == NULL || url == NULL || http_query == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
199 MSG("***Value of cmd, url or http_query is NULL"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
200 " - cannot continue\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
201 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
202 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
203 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
204
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
205 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
206 network_socket = get_network_connection(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
207 if (network_socket<0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
208 MSG("Network socket create error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
209 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
210 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
211 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
212
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
213
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
214 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
215 /* Configure SSL to use network file descriptor */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
216 if (SSL_set_fd(ssl_connection, network_socket) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
217 MSG("Error connecting network socket to SSL\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
218 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
219 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
220 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
221
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
222 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
223 /*Actually do SSL connection handshake*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
224 if (SSL_connect(ssl_connection) != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
225 MSG("SSL_connect failed\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
226 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
227 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
228 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
229
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
230 /*Use handle error function to decide what to do*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
231 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
232 if (handle_certificate_problem(ssl_connection) < 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
233 MSG("Certificate verification error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
234 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
235 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
236 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
237
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
238 if (exit_error == 0) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
239 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
240
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
241 /*Send query we want*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
242 SSL_write(ssl_connection, http_query, (int)strlen(http_query));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
243
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
244 /*Analyse response from server*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
245
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
246 /*Send dpi command*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
247 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
248 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
249 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
250
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
251 /*Send remaining data*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
252
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
253 while ((retval = SSL_read(ssl_connection, buf, 4096)) > 0 ){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
254 sock_handler_write(sh, 0, buf, (size_t)retval);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
255 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
256 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
257
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
258 /*Begin cleanup of all resources used*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
259 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
260 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
261 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
262 dFree(http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
263
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
264 if (network_socket != -1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
265 close(network_socket);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
266 network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
267 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
268 if (ssl_connection != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
269 SSL_free(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
270 ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
271 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
272 if (ssl_context != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
273 SSL_CTX_free(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
274 ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
275 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
276 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
277
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
278 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
279 * The following function attempts to open up a connection to the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
280 * remote server and return the file descriptor number of the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
281 * socket. Returns -1 in the event of an error
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
282 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
283 static int get_network_connection(char * url)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
284 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
285 struct sockaddr_in address;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
286 struct hostent *hp;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
287
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
288 int s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
289 int url_offset = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
290 int portnum = 443;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
291 unsigned int url_look_up_length = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
292 char * url_look_up = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
293
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
294 /*Determine how much of url we chop off as unneeded*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
295 if (dStrncasecmp(url, "https://", 8) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
296 url_offset = 8;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
297 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
298
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
299 /*Find end of URL*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
300
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
301 if (strpbrk(url+url_offset, ":/") != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
302 url_look_up_length = strpbrk(url+url_offset, ":/") - (url+url_offset);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
303 url_look_up = dStrndup(url+url_offset, url_look_up_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
304
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
305 /*Check for port number*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
306 if (strchr(url+url_offset, ':') ==
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
307 (url + url_offset + url_look_up_length)){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
308 portnum = atoi(url + url_offset + url_look_up_length + 1);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
309 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
310 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
311 url_look_up = url + url_offset;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
312 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
313
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
314 root_url = dStrdup(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
315 hp=gethostbyname(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
316
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
317 /*url_look_uip no longer needed, so free if neccessary*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
318 if (url_look_up_length != 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
319 dFree(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
320 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
321
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
322 if (hp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
323 MSG("gethostbyname() failed\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
324 return -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
325 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
326
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
327 memset(&address,0,sizeof(address));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
328 memcpy((char *)&address.sin_addr, hp->h_addr, (size_t)hp->h_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
329 address.sin_family=hp->h_addrtype;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
330 address.sin_port= htons((u_short)portnum);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
331
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
332 s = socket(hp->h_addrtype, SOCK_STREAM, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
333 if (connect(s, (struct sockaddr *)&address, sizeof(address)) != 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
334 close(s);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
335 s = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
336 MSG("errno: %i\n", errno);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
337 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
338 return s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
339 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
340
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
341
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
342 /* This function is run only when the certificate cannot
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
343 * be completely trusted. This will notify the user and
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
344 * allow the user to decide what to do. It may save the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
345 * certificate to the user's .dillo directory if it is
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
346 * trusted.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
347 * Return value: -1 on abort, 0 or higher on continue
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
348 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
349 static int handle_certificate_problem(SSL * ssl_connection)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
350 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
351 int response_number;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
352 int retval = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
353 long st;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
354 char *cn, *cn_end;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
355 char buf[4096], *d_cmd, *msg;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
356
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
357 X509 * remote_cert;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
358
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
359 remote_cert = SSL_get_peer_certificate(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
360 if (remote_cert == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
361 /*Inform user that remote system cannot be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
362 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
363 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
364 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
365 "The remote system is NOT presenting a certificate.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
366 "This site CAN NOT be trusted. Sending data is NOT SAFE.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
367 "What do I do?",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
368 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
369 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
370 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
371
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
372 /*Read the user's response*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
373 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
374
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
375 /*Abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
376 if (response_number == 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
377 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
378 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
379
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
380 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
381 /*Figure out if (and why) the remote system can't be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
382 st = SSL_get_verify_result(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
383 switch (st) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
384 case X509_V_OK: /*Everything is Kosher*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
385 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
386 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
387 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
388 /*Either self signed and untrusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
389 /*Extract CN from certificate name information*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
390 cn = strstr(remote_cert->name, "/CN=") + 4;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
391 if (cn == NULL)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
392 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
393
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
394 if ((cn_end = strstr(cn, "/")) == NULL )
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
395 cn_end = cn + strlen(cn);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
396
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
397 strncpy(buf, cn, (size_t) (cn_end - cn));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
398
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
399 /*Add terminating NULL*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
400 buf[cn_end - cn] = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
401
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
402 msg = dStrconcat("The remote certificate is self-signed and "
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
403 "untrusted.\nFor address: ", buf, NULL);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
404 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
405 "cmd=%s msg=%s alt1=%s alt2=%s alt3=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
406 "dialog", msg, "Continue", "Cancel", "Trust Certificate");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
407 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
408 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
409 dFree(msg);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
410
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
411 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
412 switch (response_number){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
413 case 1:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
414 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
415 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
416 case 2:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
417 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
418 case 3:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
419 /*Save certificate to a file here and recheck the chain*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
420 /*Potential security problems because we are writing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
421 *to the filesystem*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
422 save_certificate_home(remote_cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
423 retval = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
424 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
425 default:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
426 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
427 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
428 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
429 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
430 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
431 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
432 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
433 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
434 "The issuer for the remote certificate cannot be found\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
435 "The authenticity of the remote certificate cannot be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
436 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
437 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
438 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
439
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
440 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
441 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
442 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
443 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
444 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
445
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
446 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
447 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
448 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
449 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
450 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
451 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
452 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
453 "The remote certificate signature could not be read\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
454 "or is invalid and should not be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
455 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
456 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
457 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
458
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
459 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
460 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
461 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
462 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
463 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
464 case X509_V_ERR_CERT_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
465 case X509_V_ERR_CRL_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
466 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
467 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
468 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
469 "Part of the remote certificate is not yet valid\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
470 "Certificates usually have a range of dates over which\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
471 "they are to be considered valid, and the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
472 "presented has a starting validity after today's date\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
473 "You should be cautious about using this site",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
474 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
475 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
476 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
477
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
478 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
479 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
480 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
481 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
482 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
483 case X509_V_ERR_CERT_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
484 case X509_V_ERR_CRL_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
485 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
486 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
487 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
488 "The remote certificate has expired. The certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
489 "wasn't designed to last this long. You should avoid \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
490 "this site.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
491 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
492 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
493 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
494 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
495 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
496 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
497 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
498 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
499 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
500 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
501 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
502 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
503 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
504 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
505 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
506 "There was an error in the certificate presented.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
507 "Some of the certificate data was improperly formatted\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
508 "making it impossible to determine if the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
509 "is valid. You should not trust this certificate.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
510 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
511 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
512 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
513 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
514 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
515 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
516 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
517 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
518 case X509_V_ERR_INVALID_CA:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
519 case X509_V_ERR_INVALID_PURPOSE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
520 case X509_V_ERR_CERT_UNTRUSTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
521 case X509_V_ERR_CERT_REJECTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
522 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
523 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
524 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
525 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
526 "One of the certificates in the chain is being used\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
527 "incorrectly (possibly due to configuration problems\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
528 "with the remote system. The connection should not\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
529 "be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
530 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
531 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
532 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
533 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
534 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
535 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
536 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
537 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
538 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
539 case X509_V_ERR_AKID_SKID_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
540 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
541 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
542 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
543 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
544 "Some of the information presented by the remote system\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
545 "does not match other information presented\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
546 "This may be an attempt to evesdrop on communications",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
547 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
548 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
549 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
550 default: /*Need to add more options later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
551 snprintf(buf, 80,
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
552 "The remote certificate cannot be verified (code %ld)", st);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
553 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
554 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
555 "dialog", buf, "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
556 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
557 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
558 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
559 /*abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
560 if (response_number == 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
561 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
562 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
563 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
564 X509_free(remote_cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
565 remote_cert = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
566 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
567
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
568 return retval;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
569 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
570
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
571 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
572 * Save certificate with a hashed filename.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
573 * Return: 0 on success, 1 on failure.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
574 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
575 static int save_certificate_home(X509 * cert)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
576 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
577 char buf[4096];
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
578
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
579 FILE * fp = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
580 unsigned int i = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
581 int retval = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
582
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
583 /*Attempt to create .dillo/certs blindly - check later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
584 snprintf(buf,4096,"%s/.dillo/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
585 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
586 snprintf(buf,4096,"%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
587 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
588
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
589 do{
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
590 snprintf(buf, 4096, "%s/.dillo/certs/%lx.%u",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
591 dGethomedir(), X509_subject_name_hash(cert), i);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
592
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
593 fp=fopen(buf, "r");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
594 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
595 /*File name doesn't exist so we can use it safely*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
596 fp=fopen(buf, "w");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
597 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
598 MSG("Unable to open cert save file in home dir\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
599 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
600 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
601 PEM_write_X509(fp, cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
602 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
603 MSG("Wrote certificate\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
604 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
605 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
606 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
607 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
608 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
609 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
610 i++;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
611 /*Don't loop too many times - just give up*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
612 } while( i < 1024 );
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
613
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
614 return retval;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
615 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
616
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
617
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
618
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
619 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
620
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
621
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
622 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
623 * Call this function to display an error message if SSL support
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
624 * isn't available for some reason
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
625 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
626 static void no_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
627 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
628 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
629 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
630
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
631 /* Read the dpi command from STDIN */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
632 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
633
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
634 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
635 MSG("no_ssl_support version\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
636
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
637 cmd = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "cmd");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
638 url = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "url");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
639 http_query = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "query");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
640
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
641 MSG("{ cmd: %s}\n", cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
642 MSG("{ url: %s}\n", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
643 MSG("{ http_query:\n%s}\n", http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
644
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
645 MSG("{ sending dpip cmd...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
646
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
647 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
648 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
649 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
650
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
651 MSG("{ dpip cmd sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
652
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
653 MSG("{ sending HTML...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
654
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
655 sock_handler_printf(sh, 1,
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
656 "Content-type: text/html\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
657 "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
658 "<html><body><pre>\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
659 "<b>Hi!\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
660 " This is the https dpi that just got a request to send\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
661 " the following HTTP query:\n{</b>\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
662 "<code>%s</code>\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
663 "<b>}</b>\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
664 " <b>*** Dillo's prototype plugin for https support"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
665 " is disabled now ***</b>\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
666 " If you want to test this <b>alpha</b> support code, just remove\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
667 " line 65 from https.c, recompile and reinstall.\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
668 " (beware that this https support is very limited now)\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
669 " To use https and SSL, you must have \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
670 " the OpenSSL development libraries installed. Check your\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
671 " O/S distribution provider, or check out\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
672 " <a href=\"http://www.openssl.org\">www.openssl.org</a>\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
673 " --\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
674 "</pre></body></html>\n",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
675 http_query
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
676 );
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
677 MSG("{ HTML content sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
678
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
679 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
680 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
681 dFree(http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
682 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
683
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
684 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
685
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
686 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
687
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
688 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
689
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
690
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
691 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
692 int main(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
693 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
694 /* Initialize the SockHandler for this filter dpi */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
695 sh = sock_handler_new(STDIN_FILENO, STDOUT_FILENO, 8*1024);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
696
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
697 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
698 yes_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
699 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
700 no_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
701 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
702
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
703 /* Finish the SockHandler */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
704 sock_handler_close(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
705 sock_handler_free(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
706
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
707 dFree(root_url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
708
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
709 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
710
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
711 return 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
712 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
713