annotate dpi/https.c @ 1153:efb854e7b418

proxy support for HTTPS
author corvid <corvid@lavabit.com>
date Mon, 01 Jun 2009 01:29:42 +0000
parents 7bec6cfe6b6b
children b912173aecd1
rev   line source
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
1 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
2 * Dpi for HTTPS.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
3 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
4 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
5 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
6 * W A R N I N G
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
7 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
8 * One of the important things to have in mind is about whether
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
9 * unix domain sockets (UDS) are secure for https. I mean, root can always
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
10 * snoop on sockets (regardless of permissions) so he'd be able to "see" all
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
11 * the traffic. OTOH, if someone has root access on a machine he can do
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
12 * anything, and that includes modifying the binaries, peeking-up in
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
13 * memory space, installing a key-grabber, ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
14 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
15 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
16 * Copyright 2003, 2004 Jorge Arellano Cid <jcid@dillo.org>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
17 * Copyright 2004 Garrett Kajmowicz <gkajmowi@tbaytel.net>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
18 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
19 * This program is free software; you can redistribute it and/or modify
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
20 * it under the terms of the GNU General Public License as published by
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
21 * the Free Software Foundation; either version 3 of the License, or
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
22 * (at your option) any later version.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
23 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
24 * As a special exception permission is granted to link the code of
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
25 * the https dillo plugin with the OpenSSL project's "OpenSSL"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
26 * library, and distribute the linked executables, without including
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
27 * the source code for OpenSSL in the source distribution. You must
445
92dd688aafce - Cleaned up and normalized D_SUN_LEN usage.
jcid
parents: 427
diff changeset
28 * obey the GNU General Public License, version 3, in all respects
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
29 * for all of the code used other than "OpenSSL".
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
30 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
31 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
32
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
33 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
34 * TODO: a lot of things, this is just a bare bones example.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
35 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
36 * For instance:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
37 * - Handle cookies (now that they arrive with the dpip tag, it needs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
38 * testing).
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
39 * - Certificate authentication (asking the user in case it can't be verified)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
40 * - Certificate management.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
41 * - Session caching ...
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
42 *
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
43 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
44
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
45 #include <config.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
46 #include <unistd.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
47 #include <sys/types.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
48 #include <sys/socket.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
49 #include <netinet/in.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
50 #include <netdb.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
51 #include <sys/un.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
52 #include <stdio.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
53 #include <stdlib.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
54 #include <string.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
55 #include <signal.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
56 #include <sys/wait.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
57 #include <errno.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
58 #include <sys/time.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
59 #include <sys/stat.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
60
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
61 #include "../dpip/dpip.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
62 #include "dpiutil.h"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
63
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
64 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
65 * Debugging macros
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
66 */
488
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
67 #define SILENT 1
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
68 #define _MSG(...)
488
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
69 #if SILENT
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
70 #define MSG(...)
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
71 #else
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
72 #define MSG(...) fprintf(stderr, "[https dpi]: " __VA_ARGS__)
66fda00f15d2 Set debug macro MSG var in datauri and https dpis (controlled by SILENT define)
Jorge Arellano Cid <jcid@dillo.org>
parents: 445
diff changeset
73 #endif
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
74
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
75
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
76 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
77
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
78 #include <openssl/ssl.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
79 #include <openssl/rand.h>
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
80
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
81 static int get_network_connection(char * url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
82 static int handle_certificate_problem(SSL * ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
83 static int save_certificate_home(X509 * cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
84
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
85 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
86
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
87
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
88
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
89 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
90 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
91 * Global variables
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
92 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
93 static char *root_url = NULL; /*Holds the URL we are connecting to*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
94 static SockHandler *sh;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
95
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
96
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
97 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
98
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
99 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
100 * Read the answer dpip tag for a dialog and return the number for
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
101 * the user-selected alternative.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
102 * Return: (-1: parse error, 0: window closed, 1-5 alt. number)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
103 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
104 static int dialog_get_answer_number(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
105 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
106 int response_number = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
107 char *dpip_tag, *response;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
108
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
109 /* Read the dpi command from STDIN */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
110 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
111 response = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "msg");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
112 response_number = (response) ? strtol (response, NULL, 10) : -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
113 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
114 dFree(response);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
115
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
116 return response_number;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
117 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
118
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
119
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
120 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
121 * This function does all of the work with SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
122 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
123 static void yes_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
124 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
125 /* The following variable will be set to 1 in the event of
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
126 * an error and skip any further processing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
127 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
128 int exit_error = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
129 SSL_CTX * ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
130 SSL * ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
131
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
132 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL,
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
133 *proxy_url = NULL, *proxy_connect = NULL;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
134 char buf[4096];
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
135 int retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
136 int network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
137
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
138
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
139 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
140
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
141 /*Initialize library*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
142 SSL_load_error_strings();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
143 SSL_library_init();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
144 if (RAND_status() != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
145 /*Insufficient entropy. Deal with it?*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
146 MSG("Insufficient random entropy\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
147 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
148
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
149 /*Create context and SSL object*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
150 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
151 ssl_context = SSL_CTX_new(SSLv23_client_method());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
152 if (ssl_context == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
153 MSG("Error creating SSL context\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
154 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
155 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
156 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
157
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
158 /*Set directory to load certificates from*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
159 /*FIXME - provide for sysconfdir variables and such*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
160 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
161 if (SSL_CTX_load_verify_locations(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
162 ssl_context, NULL, "/etc/ssl/certs/" ) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
163 MSG("Error opening system x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
164 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
165 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
166 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
167
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
168 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
169 snprintf(buf, 4095, "%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
170 if (SSL_CTX_load_verify_locations(ssl_context, NULL, buf )==0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
171 MSG("Error opening user x509 certificate location\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
172 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
173 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
174 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
175
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
176 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
177 ssl_connection = SSL_new(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
178 if (ssl_connection == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
179 MSG("Error creating SSL connection\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
180 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
181 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
182 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
183
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
184 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
185 /* Need to do the following if we want to deal with all
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
186 * possible ciphers
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
187 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
188 SSL_set_cipher_list(ssl_connection, "ALL");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
189
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
190 /* Need to do this if we want to have the option of dealing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
191 * with self-signed certs
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
192 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
193 SSL_set_verify(ssl_connection, SSL_VERIFY_NONE, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
194
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
195 /*Get the network address and command to be used*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
196 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
197 cmd = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "cmd");
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
198 proxy_url = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "proxy_url");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
199 proxy_connect =
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
200 a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "proxy_connect");
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
201 url = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "url");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
202 http_query = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "query");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
203
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
204 if (cmd == NULL || url == NULL || http_query == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
205 MSG("***Value of cmd, url or http_query is NULL"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
206 " - cannot continue\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
207 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
208 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
209 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
210
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
211 if (exit_error == 0){
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
212 char *connect_url = proxy_url ? proxy_url : url;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
213
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
214 network_socket = get_network_connection(connect_url);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
215 if (network_socket<0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
216 MSG("Network socket create error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
217 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
218 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
219 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
220
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
221 if (exit_error == 0 && proxy_connect != NULL) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
222 ssize_t St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
223 const char *p = proxy_connect;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
224 int writelen = strlen(proxy_connect);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
225
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
226 while (writelen > 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
227 St = write(network_socket, p, writelen);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
228 if (St < 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
229 /* Error */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
230 if (errno != EINTR) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
231 MSG("Error writing to proxy.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
232 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
233 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
234 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
235 } else {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
236 p += St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
237 writelen -= St;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
238 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
239 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
240 if (exit_error == 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
241 const size_t buflen = 200;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
242 char buf[buflen];
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
243 Dstr *reply = dStr_new("");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
244
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
245 while (1) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
246 St = read(network_socket, buf, buflen);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
247 if (St > 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
248 dStr_append_l(reply, buf, St);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
249 if (strstr(reply->str, "\r\n\r\n")) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
250 /* have whole reply header */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
251 if (reply->len >= 12 && reply->str[9] == '2') {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
252 /* e.g. "HTTP/1.1 200 Connection established[...]" */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
253 MSG("CONNECT through proxy succeeded.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
254 } else {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
255 /* TODO: send reply body to dillo */
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
256 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
257 MSG("CONNECT through proxy failed.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
258 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
259 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
260 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
261 } else if (St < 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
262 if (errno != EINTR) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
263 exit_error = 1;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
264 MSG("Error reading from proxy.\n");
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
265 break;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
266 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
267 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
268 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
269 dStr_free(reply, 1);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
270 }
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
271 }
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
272
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
273 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
274 /* Configure SSL to use network file descriptor */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
275 if (SSL_set_fd(ssl_connection, network_socket) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
276 MSG("Error connecting network socket to SSL\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
277 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
278 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
279 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
280
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
281 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
282 /*Actually do SSL connection handshake*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
283 if (SSL_connect(ssl_connection) != 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
284 MSG("SSL_connect failed\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
285 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
286 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
287 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
288
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
289 /*Use handle error function to decide what to do*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
290 if (exit_error == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
291 if (handle_certificate_problem(ssl_connection) < 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
292 MSG("Certificate verification error\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
293 exit_error = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
294 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
295 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
296
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
297 if (exit_error == 0) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
298 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
299
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
300 /*Send query we want*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
301 SSL_write(ssl_connection, http_query, (int)strlen(http_query));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
302
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
303 /*Analyse response from server*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
304
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
305 /*Send dpi command*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
306 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
307 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
308 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
309
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
310 /*Send remaining data*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
311
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
312 while ((retval = SSL_read(ssl_connection, buf, 4096)) > 0 ){
280
b91990181141 - Made https dpi flush after sending data (faster for dialups).
jcid
parents: 0
diff changeset
313 /* flush is good for dialup speed */
b91990181141 - Made https dpi flush after sending data (faster for dialups).
jcid
parents: 0
diff changeset
314 sock_handler_write(sh, 1, buf, (size_t)retval);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
315 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
316 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
317
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
318 /*Begin cleanup of all resources used*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
319 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
320 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
321 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
322 dFree(http_query);
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
323 dFree(proxy_url);
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
324 dFree(proxy_connect);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
325
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
326 if (network_socket != -1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
327 close(network_socket);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
328 network_socket = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
329 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
330 if (ssl_connection != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
331 SSL_free(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
332 ssl_connection = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
333 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
334 if (ssl_context != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
335 SSL_CTX_free(ssl_context);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
336 ssl_context = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
337 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
338 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
339
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
340 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
341 * The following function attempts to open up a connection to the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
342 * remote server and return the file descriptor number of the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
343 * socket. Returns -1 in the event of an error
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
344 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
345 static int get_network_connection(char * url)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
346 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
347 struct sockaddr_in address;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
348 struct hostent *hp;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
349
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
350 int s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
351 int url_offset = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
352 int portnum = 443;
1059
7bec6cfe6b6b Switched a few remaining "unsigned int" to "uint_t"
Jorge Arellano Cid <jcid@dillo.org>
parents: 928
diff changeset
353 uint_t url_look_up_length = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
354 char * url_look_up = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
355
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
356 /*Determine how much of url we chop off as unneeded*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
357 if (dStrncasecmp(url, "https://", 8) == 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
358 url_offset = 8;
1153
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
359 } else if (dStrncasecmp(url, "http://", 7) == 0) {
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
360 url_offset = 7;
efb854e7b418 proxy support for HTTPS
corvid <corvid@lavabit.com>
parents: 1059
diff changeset
361 portnum = 80;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
362 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
363
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
364 /*Find end of URL*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
365
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
366 if (strpbrk(url+url_offset, ":/") != NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
367 url_look_up_length = strpbrk(url+url_offset, ":/") - (url+url_offset);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
368 url_look_up = dStrndup(url+url_offset, url_look_up_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
369
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
370 /*Check for port number*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
371 if (strchr(url+url_offset, ':') ==
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
372 (url + url_offset + url_look_up_length)){
890
69abb432b88c s/atoi/strtol/g
Jorge Arellano Cid <jcid@dillo.org>
parents: 488
diff changeset
373 portnum = strtol(url + url_offset + url_look_up_length + 1, NULL, 10);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
374 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
375 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
376 url_look_up = url + url_offset;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
377 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
378
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
379 root_url = dStrdup(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
380 hp=gethostbyname(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
381
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
382 /*url_look_uip no longer needed, so free if neccessary*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
383 if (url_look_up_length != 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
384 dFree(url_look_up);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
385 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
386
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
387 if (hp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
388 MSG("gethostbyname() failed\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
389 return -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
390 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
391
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
392 memset(&address,0,sizeof(address));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
393 memcpy((char *)&address.sin_addr, hp->h_addr, (size_t)hp->h_length);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
394 address.sin_family=hp->h_addrtype;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
395 address.sin_port= htons((u_short)portnum);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
396
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
397 s = socket(hp->h_addrtype, SOCK_STREAM, 0);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
398 if (connect(s, (struct sockaddr *)&address, sizeof(address)) != 0){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
399 close(s);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
400 s = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
401 MSG("errno: %i\n", errno);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
402 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
403 return s;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
404 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
405
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
406
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
407 /* This function is run only when the certificate cannot
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
408 * be completely trusted. This will notify the user and
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
409 * allow the user to decide what to do. It may save the
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
410 * certificate to the user's .dillo directory if it is
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
411 * trusted.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
412 * Return value: -1 on abort, 0 or higher on continue
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
413 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
414 static int handle_certificate_problem(SSL * ssl_connection)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
415 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
416 int response_number;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
417 int retval = -1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
418 long st;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
419 char *cn, *cn_end;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
420 char buf[4096], *d_cmd, *msg;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
421
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
422 X509 * remote_cert;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
423
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
424 remote_cert = SSL_get_peer_certificate(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
425 if (remote_cert == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
426 /*Inform user that remote system cannot be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
427 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
428 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
429 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
430 "The remote system is NOT presenting a certificate.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
431 "This site CAN NOT be trusted. Sending data is NOT SAFE.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
432 "What do I do?",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
433 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
434 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
435 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
436
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
437 /*Read the user's response*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
438 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
439
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
440 /*Abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
441 if (response_number == 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
442 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
443 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
444
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
445 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
446 /*Figure out if (and why) the remote system can't be trusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
447 st = SSL_get_verify_result(ssl_connection);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
448 switch (st) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
449 case X509_V_OK: /*Everything is Kosher*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
450 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
451 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
452 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
453 /*Either self signed and untrusted*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
454 /*Extract CN from certificate name information*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
455 cn = strstr(remote_cert->name, "/CN=") + 4;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
456 if (cn == NULL)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
457 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
458
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
459 if ((cn_end = strstr(cn, "/")) == NULL )
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
460 cn_end = cn + strlen(cn);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
461
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
462 strncpy(buf, cn, (size_t) (cn_end - cn));
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
463
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
464 /*Add terminating NULL*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
465 buf[cn_end - cn] = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
466
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
467 msg = dStrconcat("The remote certificate is self-signed and "
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
468 "untrusted.\nFor address: ", buf, NULL);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
469 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
470 "cmd=%s msg=%s alt1=%s alt2=%s alt3=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
471 "dialog", msg, "Continue", "Cancel", "Trust Certificate");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
472 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
473 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
474 dFree(msg);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
475
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
476 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
477 switch (response_number){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
478 case 1:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
479 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
480 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
481 case 2:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
482 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
483 case 3:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
484 /*Save certificate to a file here and recheck the chain*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
485 /*Potential security problems because we are writing
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
486 *to the filesystem*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
487 save_certificate_home(remote_cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
488 retval = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
489 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
490 default:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
491 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
492 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
493 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
494 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
495 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
496 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
497 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
498 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
499 "The issuer for the remote certificate cannot be found\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
500 "The authenticity of the remote certificate cannot be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
501 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
502 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
503 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
504
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
505 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
506 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
507 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
508 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
509 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
510
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
511 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
512 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
513 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
514 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
515 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
516 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
517 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
518 "The remote certificate signature could not be read\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
519 "or is invalid and should not be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
520 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
521 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
522 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
523
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
524 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
525 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
526 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
527 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
528 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
529 case X509_V_ERR_CERT_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
530 case X509_V_ERR_CRL_NOT_YET_VALID:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
531 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
532 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
533 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
534 "Part of the remote certificate is not yet valid\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
535 "Certificates usually have a range of dates over which\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
536 "they are to be considered valid, and the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
537 "presented has a starting validity after today's date\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
538 "You should be cautious about using this site",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
539 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
540 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
541 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
542
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
543 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
544 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
545 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
546 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
547 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
548 case X509_V_ERR_CERT_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
549 case X509_V_ERR_CRL_HAS_EXPIRED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
550 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
551 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
552 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
553 "The remote certificate has expired. The certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
554 "wasn't designed to last this long. You should avoid \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
555 "this site.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
556 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
557 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
558 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
559 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
560 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
561 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
562 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
563 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
564 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
565 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
566 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
567 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
568 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
569 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
570 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
571 "There was an error in the certificate presented.\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
572 "Some of the certificate data was improperly formatted\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
573 "making it impossible to determine if the certificate\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
574 "is valid. You should not trust this certificate.",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
575 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
576 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
577 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
578 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
579 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
580 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
581 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
582 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
583 case X509_V_ERR_INVALID_CA:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
584 case X509_V_ERR_INVALID_PURPOSE:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
585 case X509_V_ERR_CERT_UNTRUSTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
586 case X509_V_ERR_CERT_REJECTED:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
587 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
588 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
589 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
590 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
591 "One of the certificates in the chain is being used\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
592 "incorrectly (possibly due to configuration problems\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
593 "with the remote system. The connection should not\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
594 "be trusted",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
595 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
596 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
597 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
598 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
599 if (response_number == 1) {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
600 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
601 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
602 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
603 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
604 case X509_V_ERR_AKID_SKID_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
605 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
606 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
607 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
608 "dialog",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
609 "Some of the information presented by the remote system\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
610 "does not match other information presented\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
611 "This may be an attempt to evesdrop on communications",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
612 "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
613 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
614 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
615 default: /*Need to add more options later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
616 snprintf(buf, 80,
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
617 "The remote certificate cannot be verified (code %ld)", st);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
618 d_cmd = a_Dpip_build_cmd(
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
619 "cmd=%s msg=%s alt1=%s alt2=%s",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
620 "dialog", buf, "Continue", "Cancel");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
621 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
622 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
623 response_number = dialog_get_answer_number();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
624 /*abort on anything but "Continue"*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
625 if (response_number == 1){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
626 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
627 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
628 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
629 X509_free(remote_cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
630 remote_cert = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
631 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
632
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
633 return retval;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
634 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
635
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
636 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
637 * Save certificate with a hashed filename.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
638 * Return: 0 on success, 1 on failure.
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
639 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
640 static int save_certificate_home(X509 * cert)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
641 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
642 char buf[4096];
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
643
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
644 FILE * fp = NULL;
1059
7bec6cfe6b6b Switched a few remaining "unsigned int" to "uint_t"
Jorge Arellano Cid <jcid@dillo.org>
parents: 928
diff changeset
645 uint_t i = 0;
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
646 int retval = 1;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
647
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
648 /*Attempt to create .dillo/certs blindly - check later*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
649 snprintf(buf,4096,"%s/.dillo/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
650 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
651 snprintf(buf,4096,"%s/.dillo/certs/", dGethomedir());
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
652 mkdir(buf, 01777);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
653
928
7771cf243ca6 's/if(/if (/g' 's/for(/for (/g' 's/while(/while (/g', and indentation.
Jorge Arellano Cid <jcid@dillo.org>
parents: 890
diff changeset
654 do {
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
655 snprintf(buf, 4096, "%s/.dillo/certs/%lx.%u",
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
656 dGethomedir(), X509_subject_name_hash(cert), i);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
657
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
658 fp=fopen(buf, "r");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
659 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
660 /*File name doesn't exist so we can use it safely*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
661 fp=fopen(buf, "w");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
662 if (fp == NULL){
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
663 MSG("Unable to open cert save file in home dir\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
664 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
665 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
666 PEM_write_X509(fp, cert);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
667 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
668 MSG("Wrote certificate\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
669 retval = 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
670 break;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
671 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
672 } else {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
673 fclose(fp);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
674 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
675 i++;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
676 /*Don't loop too many times - just give up*/
928
7771cf243ca6 's/if(/if (/g' 's/for(/for (/g' 's/while(/while (/g', and indentation.
Jorge Arellano Cid <jcid@dillo.org>
parents: 890
diff changeset
677 } while (i < 1024);
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
678
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
679 return retval;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
680 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
681
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
682
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
683
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
684 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
685
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
686
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
687 /*
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
688 * Call this function to display an error message if SSL support
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
689 * isn't available for some reason
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
690 */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
691 static void no_ssl_support(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
692 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
693 char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
694 char *d_cmd;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
695
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
696 /* Read the dpi command from STDIN */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
697 dpip_tag = sock_handler_read(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
698
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
699 MSG("{In https.filter.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
700 MSG("no_ssl_support version\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
701
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
702 cmd = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "cmd");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
703 url = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "url");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
704 http_query = a_Dpip_get_attr(dpip_tag, strlen(dpip_tag), "query");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
705
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
706 MSG("{ cmd: %s}\n", cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
707 MSG("{ url: %s}\n", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
708 MSG("{ http_query:\n%s}\n", http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
709
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
710 MSG("{ sending dpip cmd...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
711
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
712 d_cmd = a_Dpip_build_cmd("cmd=%s url=%s", "start_send_page", url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
713 sock_handler_write_str(sh, 1, d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
714 dFree(d_cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
715
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
716 MSG("{ dpip cmd sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
717
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
718 MSG("{ sending HTML...}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
719
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
720 sock_handler_printf(sh, 1,
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
721 "Content-type: text/html\n\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
722 "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>\n"
427
jcid
parents: 424
diff changeset
723 "<html><head><title>SSL support is disabled</title></head>\n"
jcid
parents: 424
diff changeset
724 "<body>\n"
jcid
parents: 424
diff changeset
725 "<p>\n"
jcid
parents: 424
diff changeset
726 " The https dpi was unable to send\n"
jcid
parents: 424
diff changeset
727 " the following HTTP query:\n"
jcid
parents: 424
diff changeset
728 " <blockquote><pre>%s</pre></blockquote>\n"
jcid
parents: 424
diff changeset
729 " because Dillo's prototype plugin for https support"
jcid
parents: 424
diff changeset
730 " is disabled.\n\n"
jcid
parents: 424
diff changeset
731 "<p>\n"
jcid
parents: 424
diff changeset
732 " If you want to test this <b>alpha</b> support code,\n"
jcid
parents: 424
diff changeset
733 " just reconfigure with <code>--enable-ssl</code>,\n"
jcid
parents: 424
diff changeset
734 " recompile and reinstall.\n\n"
jcid
parents: 424
diff changeset
735 " (Beware that this https support is very limited now)\n\n"
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
736 " To use https and SSL, you must have \n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
737 " the OpenSSL development libraries installed. Check your\n"
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
738 " O/S distribution provider, or check out\n"
427
jcid
parents: 424
diff changeset
739 " <a href=\"http://www.openssl.org\">www.openssl.org</a>.\n\n"
jcid
parents: 424
diff changeset
740 "</p>\n\n"
jcid
parents: 424
diff changeset
741 "</body></html>\n",
0
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
742 http_query
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
743 );
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
744 MSG("{ HTML content sent.}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
745
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
746 dFree(cmd);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
747 dFree(url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
748 dFree(http_query);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
749 dFree(dpip_tag);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
750
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
751 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
752
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
753 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
754
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
755 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
756
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
757
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
758 /*---------------------------------------------------------------------------*/
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
759 int main(void)
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
760 {
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
761 /* Initialize the SockHandler for this filter dpi */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
762 sh = sock_handler_new(STDIN_FILENO, STDOUT_FILENO, 8*1024);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
763
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
764 #ifdef ENABLE_SSL
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
765 yes_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
766 #else
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
767 no_ssl_support();
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
768 #endif
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
769
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
770 /* Finish the SockHandler */
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
771 sock_handler_close(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
772 sock_handler_free(sh);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
773
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
774 dFree(root_url);
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
775
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
776 MSG("{ exiting https.dpi}\n");
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
777
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
778 return 0;
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
779 }
6ee11bf9e3ea Initial revision
jcid
parents:
diff changeset
780