Download as
Browse Code »

Commit 2e323b27473104cce3d849662b7b440fd6a32ce8

Authored by Perry Werneck
1 parent 6b52ad59
Exists in master and in 3 other branches develop, macos, network_module

Splitting CRL download methods.

Showing 9 changed files with 1078 additions and 826 deletions   Show diff stats
.gitignore
  Diff comments   View file @2e323b2
... ... @@ -51,6 +51,7 @@ scripts
51 51 vgcore.*
52 52 doxygen/html
53 53 *.crl
  54 +*.sh
54 55 src/include/lib3270/actions.h
55 56 doxygen/doxyfile
56 57 win32-configure*
... ...
lib3270.cbp
  Diff comments   View file @2e323b2
... ... @@ -266,18 +266,29 @@
266 266 <Unit filename="src/ssl/ctx_init.c">
267 267 <Option compilerVar="CC" />
268 268 </Unit>
  269 + <Unit filename="src/ssl/linux/curl.c">
  270 + <Option compilerVar="CC" />
  271 + </Unit>
269 272 <Unit filename="src/ssl/linux/getcrl.c">
270 273 <Option compilerVar="CC" />
271 274 </Unit>
  275 + <Unit filename="src/ssl/linux/ldap.c">
  276 + <Option compilerVar="CC" />
  277 + </Unit>
  278 + <Unit filename="src/ssl/linux/private.h" />
272 279 <Unit filename="src/ssl/negotiate.c">
273 280 <Option compilerVar="CC" />
274 281 </Unit>
275 282 <Unit filename="src/ssl/state.c">
276 283 <Option compilerVar="CC" />
277 284 </Unit>
  285 + <Unit filename="src/ssl/windows/curl.c">
  286 + <Option compilerVar="CC" />
  287 + </Unit>
278 288 <Unit filename="src/ssl/windows/getcrl.c">
279 289 <Option compilerVar="CC" />
280 290 </Unit>
  291 + <Unit filename="src/ssl/windows/private.h" />
281 292 <Unit filename="src/testprogram/testprogram.c">
282 293 <Option compilerVar="CC" />
283 294 </Unit>
... ...
src/ssl/linux/curl.c 0 → 100644
  Diff comments   View file @2e323b2
... ... @@ -0,0 +1,324 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +#include <config.h>
  37 +
  38 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
  39 +
  40 +#include "private.h"
  41 +#include <curl/curl.h>
  42 +
  43 +#define CRL_DATA_LENGTH 2048
  44 +
  45 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  46 +
  47 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
  48 +{
  49 + debug("%s(%p)",__FUNCTION__,*ptr);
  50 + if(*ptr)
  51 + curl_easy_cleanup(*ptr);
  52 + *ptr = NULL;
  53 +}
  54 +
  55 +typedef struct _curldata
  56 +{
  57 + size_t length;
  58 + H3270 * hSession;
  59 + SSL_ERROR_MESSAGE * message;
  60 + char errbuf[CURL_ERROR_SIZE];
  61 + struct {
  62 + size_t length;
  63 + unsigned char * contents;
  64 + } data;
  65 +} CURLDATA;
  66 +
  67 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
  68 +{
  69 + debug("%s(%p)",__FUNCTION__,*ptr);
  70 + if(*ptr)
  71 + {
  72 + CURLDATA *cdata = *ptr;
  73 +
  74 + if(cdata->data.contents) {
  75 + lib3270_free(cdata->data.contents);
  76 + cdata->data.contents = NULL;
  77 + }
  78 + lib3270_free(cdata);
  79 + }
  80 + *ptr = NULL;
  81 +}
  82 +
  83 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  84 +{
  85 + debug("%s(%p)",__FUNCTION__,*ptr);
  86 + if(*ptr)
  87 + BIO_free_all(*ptr);
  88 + *ptr = NULL;
  89 +}
  90 +
  91 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
  92 +{
  93 + CURLDATA * data = (CURLDATA *) userp;
  94 +
  95 + debug("%s",__FUNCTION__);
  96 +
  97 + size_t realsize = size * nmemb;
  98 +
  99 + debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
  100 +
  101 + if((realsize + data->length) > data->data.length)
  102 + {
  103 + data->data.length += (CRL_DATA_LENGTH + realsize);
  104 + data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
  105 + memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
  106 + }
  107 +
  108 + debug("%s",__FUNCTION__);
  109 +
  110 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  111 + {
  112 + lib3270_trace_data(
  113 + data->hSession,
  114 + "Received",
  115 + (const char *) contents,
  116 + realsize
  117 + );
  118 + }
  119 +
  120 + debug("%s",__FUNCTION__);
  121 +
  122 + memcpy(&(data->data.contents[data->length]),contents,realsize);
  123 + data->length += realsize;
  124 +
  125 + debug("%s",__FUNCTION__);
  126 +
  127 + return realsize;
  128 +}
  129 +
  130 +static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
  131 +{
  132 + const char * text = NULL;
  133 +
  134 + switch (type) {
  135 + case CURLINFO_TEXT:
  136 + lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
  137 + return 0;
  138 +
  139 + case CURLINFO_HEADER_OUT:
  140 + text = "=> Send header";
  141 + break;
  142 +
  143 + case CURLINFO_DATA_OUT:
  144 + text = "=> Send data";
  145 + break;
  146 +
  147 + case CURLINFO_SSL_DATA_OUT:
  148 + text = "=> Send SSL data";
  149 + break;
  150 +
  151 + case CURLINFO_HEADER_IN:
  152 + text = "<= Recv header";
  153 + break;
  154 +
  155 + case CURLINFO_DATA_IN:
  156 + text = "<= Recv data";
  157 + break;
  158 +
  159 + case CURLINFO_SSL_DATA_IN:
  160 + text = "<= Recv SSL data";
  161 + break;
  162 +
  163 + default:
  164 + return 0;
  165 +
  166 + }
  167 +
  168 + lib3270_trace_data(
  169 + ((CURLDATA *) userp)->hSession,
  170 + text,
  171 + data,
  172 + size
  173 + );
  174 +
  175 + return 0;
  176 +}
  177 +
  178 +LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  179 +{
  180 + X509_CRL * x509_crl = NULL;
  181 +
  182 + // Use CURL to download the CRL
  183 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  184 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
  185 +
  186 + memset(crl_data,0,sizeof(CURLDATA));
  187 + crl_data->message = message;
  188 + crl_data->hSession = hSession;
  189 + crl_data->data.length = CRL_DATA_LENGTH;
  190 + crl_data->data.contents = lib3270_malloc(crl_data->data.length);
  191 +
  192 + if(!hCurl)
  193 + {
  194 + message->title = _( "Security error" );
  195 + message->text = _( "Error loading certificate revocation list" );
  196 + message->description = _( "Can't initialize curl operation" );
  197 + return NULL;
  198 + }
  199 +
  200 + CURLcode res;
  201 +
  202 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  203 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  204 +
  205 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  206 +
  207 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  208 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  209 +
  210 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  211 +
  212 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  213 + {
  214 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  215 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  216 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  217 + }
  218 +
  219 + res = curl_easy_perform(hCurl);
  220 +
  221 + if(res != CURLE_OK)
  222 + {
  223 + message->error = hSession->ssl.error = 0;
  224 + message->title = _( "Security error" );
  225 +
  226 + if(crl_data->errbuf[0])
  227 + {
  228 + message->text = curl_easy_strerror(res);
  229 + message->description = crl_data->errbuf;
  230 + }
  231 + else
  232 + {
  233 + message->text = _( "Error loading certificate revocation list" );
  234 + message->description = curl_easy_strerror(res);
  235 + }
  236 +
  237 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  238 + errno = EINVAL;
  239 + return NULL;
  240 +
  241 + }
  242 +
  243 + char *ct = NULL;
  244 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  245 + if(res != CURLE_OK)
  246 + {
  247 + message->error = hSession->ssl.error = 0;
  248 + message->title = _( "Security error" );
  249 + message->text = _( "Error loading certificate revocation list" );
  250 + message->description = curl_easy_strerror(res);
  251 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  252 + errno = EINVAL;
  253 + return NULL;
  254 + }
  255 +
  256 + if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  257 + lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
  258 +
  259 + if(ct)
  260 + {
  261 + const unsigned char * data = crl_data->data.contents;
  262 +
  263 +
  264 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  265 + {
  266 + // CRL File, convert it
  267 + if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
  268 + {
  269 + message->error = hSession->ssl.error = ERR_get_error();
  270 + message->title = _( "Security error" );
  271 + message->text = _( "Can't decode certificate revocation list" );
  272 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  273 + return NULL;
  274 + }
  275 + }
  276 + else
  277 + {
  278 + message->error = hSession->ssl.error = ERR_get_error();
  279 + message->title = _( "Security error" );
  280 + message->text = _( "Got an invalid certificate revocation list from server" );
  281 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  282 + errno = EINVAL;
  283 + return NULL;
  284 + }
  285 + }
  286 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  287 + {
  288 + // It's an LDAP query, assumes a base64 data.
  289 + char * data = strstr((char *) crl_data->data.contents,":: ");
  290 + if(!data)
  291 + {
  292 + message->error = hSession->ssl.error = ERR_get_error();
  293 + message->title = _( "Security error" );
  294 + message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
  295 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);
  296 + errno = EINVAL;
  297 + return NULL;
  298 + }
  299 + data += 3;
  300 +
  301 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
  302 +
  303 + BIO * b64 = BIO_new(BIO_f_base64());
  304 + bio = BIO_push(b64, bio);
  305 +
  306 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  307 +
  308 + if(!d2i_X509_CRL_bio(bio, &x509_crl))
  309 + {
  310 + message->error = hSession->ssl.error = ERR_get_error();
  311 + message->title = _( "Security error" );
  312 + message->text = _( "Can't decode certificate revocation list got from LDAP server" );
  313 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  314 + errno = EINVAL;
  315 + return NULL;
  316 + }
  317 +
  318 + }
  319 +
  320 + return x509_crl;
  321 +
  322 +}
  323 +
  324 +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
... ...
src/ssl/linux/getcrl.c
  Diff comments   View file @2e323b2
... ... @@ -33,33 +33,10 @@
33 33 *
34 34 */
35 35  
36   -#define CRL_DATA_LENGTH 2048
37   -
38   -#include <config.h>
  36 +#include "private.h"
39 37  
40 38 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
41 39  
42   -#include <openssl/ssl.h>
43   -#include <openssl/err.h>
44   -#include <openssl/x509_vfy.h>
45   -#include <openssl/x509.h>
46   -
47   -#ifdef HAVE_LDAP
48   - #define LDAP_DEPRECATED 1
49   - #include <ldap.h>
50   -#endif // HAVE_LDAP
51   -
52   -#ifdef HAVE_LIBCURL
53   - #include <curl/curl.h>
54   -#endif // HAVE_LIBCURL
55   -
56   -#include <lib3270-internals.h>
57   -#include <trace_dsc.h>
58   -#include <errno.h>
59   -#include <lib3270.h>
60   -#include <lib3270/trace.h>
61   -#include <lib3270/log.h>
62   -
63 40 /*--[ Implement ]------------------------------------------------------------------------------------*/
64 41  
65 42 static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
... ... @@ -68,176 +45,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
68 45 fclose(*file);
69 46 }
70 47  
71   -#ifdef HAVE_LDAP
72   -static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message)
73   -{
74   - debug("%s(%p)",__FUNCTION__,*message);
75   - if(message)
76   - ldap_msgfree(*message);
77   - *message = NULL;
78   -}
79   -
80   -static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld)
81   -{
82   - debug("%s(%p)",__FUNCTION__,*ld);
83   - if(*ld)
84   - ldap_unbind_ext(*ld, NULL, NULL);
85   - *ld = NULL;
86   -}
87   -
88   -static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber)
89   -{
90   - debug("%s(%p)",__FUNCTION__,*ber);
91   - if(*ber)
92   - ber_free(*ber, 0);
93   - *ber = NULL;
94   -}
95   -
96   -static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
97   -{
98   - debug("%s(%p)",__FUNCTION__,*ptr);
99   - if(*ptr)
100   - ldap_memfree(*ptr);
101   - *ptr = NULL;
102   -}
103   -
104   -#endif // HAVE_LDAP
105   -
106   -#ifdef HAVE_LIBCURL
107   -static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
108   -{
109   - debug("%s(%p)",__FUNCTION__,*ptr);
110   - if(*ptr)
111   - curl_easy_cleanup(*ptr);
112   - *ptr = NULL;
113   -}
114   -
115   -typedef struct _curldata
116   -{
117   - size_t length;
118   - H3270 * hSession;
119   - SSL_ERROR_MESSAGE * message;
120   - char errbuf[CURL_ERROR_SIZE];
121   - struct {
122   - size_t length;
123   - unsigned char * contents;
124   - } data;
125   -} CURLDATA;
126   -
127   -static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
128   -{
129   - debug("%s(%p)",__FUNCTION__,*ptr);
130   - if(*ptr)
131   - {
132   - CURLDATA *cdata = *ptr;
133   -
134   - if(cdata->data.contents) {
135   - lib3270_free(cdata->data.contents);
136   - cdata->data.contents = NULL;
137   - }
138   - lib3270_free(cdata);
139   - }
140   - *ptr = NULL;
141   -}
142   -
143   -static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
144   -{
145   - debug("%s(%p)",__FUNCTION__,*ptr);
146   - if(*ptr)
147   - BIO_free_all(*ptr);
148   - *ptr = NULL;
149   -}
150   -
151   -static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
152   -{
153   - CURLDATA * data = (CURLDATA *) userp;
154   -
155   - debug("%s",__FUNCTION__);
156   -
157   - size_t realsize = size * nmemb;
158   -
159   - debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
160   -
161   - if((realsize + data->length) > data->data.length)
162   - {
163   - data->data.length += (CRL_DATA_LENGTH + realsize);
164   - data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
165   - memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
166   - }
167   -
168   - debug("%s",__FUNCTION__);
169   -
170   - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
171   - {
172   - lib3270_trace_data(
173   - data->hSession,
174   - "Received",
175   - (const char *) contents,
176   - realsize
177   - );
178   - }
179   -
180   - debug("%s",__FUNCTION__);
181   -
182   - memcpy(&(data->data.contents[data->length]),contents,realsize);
183   - data->length += realsize;
184   -
185   - debug("%s",__FUNCTION__);
186   -
187   - return realsize;
188   -}
189   -
190   -static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
191   -{
192   - const char * text = NULL;
193   -
194   - switch (type) {
195   - case CURLINFO_TEXT:
196   - lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
197   - return 0;
198   -
199   - case CURLINFO_HEADER_OUT:
200   - text = "=> Send header";
201   - break;
202   -
203   - case CURLINFO_DATA_OUT:
204   - text = "=> Send data";
205   - break;
206   -
207   - case CURLINFO_SSL_DATA_OUT:
208   - text = "=> Send SSL data";
209   - break;
210   -
211   - case CURLINFO_HEADER_IN:
212   - text = "<= Recv header";
213   - break;
214   -
215   - case CURLINFO_DATA_IN:
216   - text = "<= Recv data";
217   - break;
218   -
219   - case CURLINFO_SSL_DATA_IN:
220   - text = "<= Recv SSL data";
221   - break;
222   -
223   - default:
224   - return 0;
225   -
226   - }
227   -
228   - lib3270_trace_data(
229   - ((CURLDATA *) userp)->hSession,
230   - text,
231   - data,
232   - size
233   - );
234   -
235   - return 0;
236   -}
237   -
238   -#endif // HAVE_LIBCURL
239   -
240   -
241 48 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
242 49 {
243 50 X509_CRL * x509_crl = NULL;
... ... @@ -288,148 +95,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
288 95 #ifdef HAVE_LDAP
289 96 else if(strncasecmp(consturl,"ldap://",7) == 0 && strlen(consturl) > 8)
290 97 {
291   - int rc;
292   - lib3270_autoptr(char) url = strdup(consturl);
293   - char * base = strchr(url+7,'/');
294   - char * attrs[] = { NULL, NULL };
295   -
296   - if(!base)
297   - {
298   - message->error = hSession->ssl.error = 0;
299   - message->title = _( "Security error" );
300   - message->text = _( "No DN of the entry at which to start the search on the URL" );
301   - message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
302   - return errno = EINVAL;
303   - }
304   -
305   - *(base++) = 0;
306   - attrs[0] = strchr(base,'?');
307   -
308   - if(!base)
309   - {
310   - message->error = hSession->ssl.error = 0;
311   - message->title = _( "Security error" );
312   - message->text = _( "No LDAP attribute on the URL" );
313   - message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
314   - return errno = EINVAL;
315   - }
316   -
317   - *(attrs[0]++) = 0;
318   -
319   - debug("host: \"%s\"",url);
320   - debug("Base: \"%s\"",base);
321   - debug("Attr: \"%s\"",attrs[0]);
322   -
323   - // Do LDAP Query
324   - LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;
325   - BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;
326   -
327   - rc = ldap_initialize(&ld, url);
328   - if(rc != LDAP_SUCCESS)
329   - {
330   - message->error = hSession->ssl.error = 0;
331   - message->title = _( "Security error" );
332   - message->text = _( "Can't initialize LDAP" );
333   - message->description = ldap_err2string(rc);
334   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
335   - return -1;
336   - }
337   -
338   - unsigned long version = LDAP_VERSION3;
339   - rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);
340   - if(rc != LDAP_SUCCESS) {
341   - message->error = hSession->ssl.error = 0;
342   - message->title = _( "Security error" );
343   - message->text = _( "Can't set LDAP version" );
344   - message->description = ldap_err2string(rc);
345   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
346   - return NULL;
347   - }
348   -
349   - rc = ldap_simple_bind_s(ld, "", "");
350   - if(rc != LDAP_SUCCESS)
351   - {
352   - message->error = hSession->ssl.error = 0;
353   - message->title = _( "Security error" );
354   - message->text = _( "Can't bind to LDAP server" );
355   - message->description = ldap_err2string(rc);
356   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
357   - return -1;
358   - }
359   -
360   - lib3270_autoptr(LDAPMessage) results = NULL;
361   - rc = ldap_search_ext_s(
362   - ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().
363   - base, // Specifies the DN of the entry at which to start the search.
364   - LDAP_SCOPE_BASE, // Specifies the scope of the search.
365   - NULL, // Specifies a string representation of the filter to apply in the search.
366   - (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.
367   - 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.
368   - NULL,
369   - NULL,
370   - NULL,
371   - 0,
372   - &results
373   - );
374   -
375   - if(rc != LDAP_SUCCESS)
376   - {
377   - message->error = hSession->ssl.error = 0;
378   - message->title = _( "Security error" );
379   - message->text = _( "Can't search LDAP server" );
380   - message->description = ldap_err2string(rc);
381   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
382   - return NULL;
383   - }
384   -
385   - char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);
386   - if(!attr)
387   - {
388   - message->error = hSession->ssl.error = 0;
389   - message->title = _( "Security error" );
390   - message->text = _( "Can't get LDAP attribute" );
391   - message->description = _("Search did not produce any attributes.");
392   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
393   - errno = ENOENT;
394   - return NULL;
395   - }
396   -
397   - struct berval ** value = ldap_get_values_len(ld, results, attr);
398   - if(!value)
399   - {
400   - message->error = hSession->ssl.error = 0;
401   - message->title = _( "Security error" );
402   - message->text = _( "Can't get LDAP attribute" );
403   - message->description = _("Search did not produce any values.");
404   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
405   - errno = ENOENT;
406   - return NULL;
407   - }
408   -
409   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
410   - {
411   - lib3270_trace_data(
412   - hSession,
413   - "CRL Data received from LDAP server",
414   - (const char *) value[0]->bv_val,
415   - value[0]->bv_len
416   - );
417   - }
418   -
419   - // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.
420   - const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;
421   -
422   - if(!d2i_X509_CRL(&x509_crl, &crl_data, value[0]->bv_len))
423   - {
424   - message->error = hSession->ssl.error = ERR_get_error();
425   - message->title = _( "Security error" );
426   - message->text = _( "Can't decode CRL" );
427   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);
428   - ldap_value_free_len(value);
429   - return NULL;
430   - }
431   -
432   - ldap_value_free_len(value);
  98 + return get_crl_using_ldap(hSession, message, consturl);
433 99  
434 100 }
435 101 #endif // HAVE_LDAP
... ... @@ -437,151 +103,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
437 103 {
438 104 #ifdef HAVE_LIBCURL
439 105  
440   - // Use CURL to download the CRL
441   - lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
442   - lib3270_autoptr(CURL) hCurl = curl_easy_init();
443   -
444   - memset(crl_data,0,sizeof(CURLDATA));
445   - crl_data->message = message;
446   - crl_data->hSession = hSession;
447   - crl_data->data.length = CRL_DATA_LENGTH;
448   - crl_data->data.contents = lib3270_malloc(crl_data->data.length);
449   -
450   - if(hCurl)
451   - {
452   - CURLcode res;
453   -
454   - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
455   - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
456   -
457   - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
458   -
459   - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
460   - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
461   -
462   - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
463   -
464   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
465   - {
466   - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
467   - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
468   - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
469   - }
470   -
471   - res = curl_easy_perform(hCurl);
472   -
473   - if(res != CURLE_OK)
474   - {
475   - message->error = hSession->ssl.error = 0;
476   - message->title = _( "Security error" );
477   -
478   - if(crl_data->errbuf[0])
479   - {
480   - message->text = curl_easy_strerror(res);
481   - message->description = crl_data->errbuf;
482   - }
483   - else
484   - {
485   - message->text = _( "Error loading CRL" );
486   - message->description = curl_easy_strerror(res);
487   - }
488   -
489   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
490   - errno = EINVAL;
491   - return NULL;
492   -
493   - }
494   -
495   - char *ct = NULL;
496   - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
497   - if(res != CURLE_OK)
498   - {
499   - message->error = hSession->ssl.error = 0;
500   - message->title = _( "Security error" );
501   - message->text = _( "Error loading CRL" );
502   - message->description = curl_easy_strerror(res);
503   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
504   - errno = EINVAL;
505   - return NULL;
506   - }
507   -
508   - if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
509   - lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
510   -
511   - if(ct)
512   - {
513   - const unsigned char * data = crl_data->data.contents;
514   -
515   -
516   - if(strcasecmp(ct,"application/pkix-crl") == 0)
517   - {
518   - // CRL File, convert it
519   - if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
520   - {
521   - message->error = hSession->ssl.error = ERR_get_error();
522   - message->title = _( "Security error" );
523   - message->text = _( "Can't decode CRL" );
524   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
525   - return NULL;
526   - }
527   - }
528   - else
529   - {
530   - message->error = hSession->ssl.error = ERR_get_error();
531   - message->title = _( "Security error" );
532   - message->text = _( "Got an invalid CRL from server" );
533   - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
534   - errno = EINVAL;
535   - return NULL;
536   - }
537   - }
538   - else if(strncasecmp(consturl,"ldap://",7) == 0)
539   - {
540   - // It's an LDAP query, assumes a base64 data.
541   - char * data = strstr((char *) crl_data->data.contents,":: ");
542   - if(!data)
543   - {
544   - message->error = hSession->ssl.error = ERR_get_error();
545   - message->title = _( "Security error" );
546   - message->text = _( "Got a bad formatted CRL from LDAP server" );
547   - lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);
548   - errno = EINVAL;
549   - return NULL;
550   - }
551   - data += 3;
552   -
553   -#ifdef DEBUG
554   - {
555   - FILE *out = fopen("linux_base64.crl","w");
556   - if(out)
557   - {
558   - fwrite(data,strlen(data),1,out);
559   - fclose(out);
560   - }
561   -
562   - }
563   -#endif
564   -
565   - lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
566   -
567   - BIO * b64 = BIO_new(BIO_f_base64());
568   - bio = BIO_push(b64, bio);
569   -
570   - BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
571   -
572   - if(!d2i_X509_CRL_bio(bio, &x509_crl))
573   - {
574   - message->error = hSession->ssl.error = ERR_get_error();
575   - message->title = _( "Security error" );
576   - message->text = _( "Can't decode CRL got from LDAP server" );
577   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
578   - errno = EINVAL;
579   - return NULL;
580   - }
581   -
582   - }
583   -
584   - }
  106 + return get_crl_using_curl(hSession, message, consturl);
585 107  
586 108 #else
587 109 // Can't get CRL.
... ...
src/ssl/linux/ldap.c 0 → 100644
  Diff comments   View file @2e323b2
... ... @@ -0,0 +1,228 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +#include <config.h>
  37 +
  38 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LDAP)
  39 +
  40 +#define LDAP_DEPRECATED 1
  41 +#include <ldap.h>
  42 +
  43 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  44 +
  45 +static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message)
  46 +{
  47 + debug("%s(%p)",__FUNCTION__,*message);
  48 + if(message)
  49 + ldap_msgfree(*message);
  50 + *message = NULL;
  51 +}
  52 +
  53 +static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld)
  54 +{
  55 + debug("%s(%p)",__FUNCTION__,*ld);
  56 + if(*ld)
  57 + ldap_unbind_ext(*ld, NULL, NULL);
  58 + *ld = NULL;
  59 +}
  60 +
  61 +static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber)
  62 +{
  63 + debug("%s(%p)",__FUNCTION__,*ber);
  64 + if(*ber)
  65 + ber_free(*ber, 0);
  66 + *ber = NULL;
  67 +}
  68 +
  69 +static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
  70 +{
  71 + debug("%s(%p)",__FUNCTION__,*ptr);
  72 + if(*ptr)
  73 + ldap_memfree(*ptr);
  74 + *ptr = NULL;
  75 +}
  76 +
  77 +LIB3270_INTERNAL X509_CRL * get_crl_using_ldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  78 +{
  79 + X509_CRL * x509_crl = NULL;
  80 +
  81 + int rc;
  82 + lib3270_autoptr(char) url = strdup(consturl);
  83 + char * base = strchr(url+7,'/');
  84 + char * attrs[] = { NULL, NULL };
  85 +
  86 + if(!base)
  87 + {
  88 + message->error = hSession->ssl.error = 0;
  89 + message->title = _( "Security error" );
  90 + message->text = _( "No DN of the entry at which to start the search on the URL" );
  91 + message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
  92 + return errno = EINVAL;
  93 + }
  94 +
  95 + *(base++) = 0;
  96 + attrs[0] = strchr(base,'?');
  97 +
  98 + if(!base)
  99 + {
  100 + message->error = hSession->ssl.error = 0;
  101 + message->title = _( "Security error" );
  102 + message->text = _( "No LDAP attribute on the URL" );
  103 + message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
  104 + return errno = EINVAL;
  105 + }
  106 +
  107 + *(attrs[0]++) = 0;
  108 +
  109 + debug("host: \"%s\"",url);
  110 + debug("Base: \"%s\"",base);
  111 + debug("Attr: \"%s\"",attrs[0]);
  112 +
  113 + // Do LDAP Query
  114 + LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;
  115 + BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;
  116 +
  117 + rc = ldap_initialize(&ld, url);
  118 + if(rc != LDAP_SUCCESS)
  119 + {
  120 + message->error = hSession->ssl.error = 0;
  121 + message->title = _( "Security error" );
  122 + message->text = _( "Can't initialize LDAP" );
  123 + message->description = ldap_err2string(rc);
  124 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  125 + return -1;
  126 + }
  127 +
  128 + unsigned long version = LDAP_VERSION3;
  129 + rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);
  130 + if(rc != LDAP_SUCCESS) {
  131 + message->error = hSession->ssl.error = 0;
  132 + message->title = _( "Security error" );
  133 + message->text = _( "Can't set LDAP version" );
  134 + message->description = ldap_err2string(rc);
  135 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  136 + return NULL;
  137 + }
  138 +
  139 + rc = ldap_simple_bind_s(ld, "", "");
  140 + if(rc != LDAP_SUCCESS)
  141 + {
  142 + message->error = hSession->ssl.error = 0;
  143 + message->title = _( "Security error" );
  144 + message->text = _( "Can't bind to LDAP server" );
  145 + message->description = ldap_err2string(rc);
  146 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  147 + return -1;
  148 + }
  149 +
  150 + lib3270_autoptr(LDAPMessage) results = NULL;
  151 + rc = ldap_search_ext_s(
  152 + ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().
  153 + base, // Specifies the DN of the entry at which to start the search.
  154 + LDAP_SCOPE_BASE, // Specifies the scope of the search.
  155 + NULL, // Specifies a string representation of the filter to apply in the search.
  156 + (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.
  157 + 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.
  158 + NULL,
  159 + NULL,
  160 + NULL,
  161 + 0,
  162 + &results
  163 + );
  164 +
  165 + if(rc != LDAP_SUCCESS)
  166 + {
  167 + message->error = hSession->ssl.error = 0;
  168 + message->title = _( "Security error" );
  169 + message->text = _( "Can't search LDAP server" );
  170 + message->description = ldap_err2string(rc);
  171 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  172 + return NULL;
  173 + }
  174 +
  175 + char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);
  176 + if(!attr)
  177 + {
  178 + message->error = hSession->ssl.error = 0;
  179 + message->title = _( "Security error" );
  180 + message->text = _( "Can't get LDAP attribute" );
  181 + message->description = _("Search did not produce any attributes.");
  182 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  183 + errno = ENOENT;
  184 + return NULL;
  185 + }
  186 +
  187 + struct berval ** value = ldap_get_values_len(ld, results, attr);
  188 + if(!value)
  189 + {
  190 + message->error = hSession->ssl.error = 0;
  191 + message->title = _( "Security error" );
  192 + message->text = _( "Can't get LDAP attribute" );
  193 + message->description = _("Search did not produce any values.");
  194 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  195 + errno = ENOENT;
  196 + return NULL;
  197 + }
  198 +
  199 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  200 + {
  201 + lib3270_trace_data(
  202 + hSession,
  203 + "CRL Data received from LDAP server",
  204 + (const char *) value[0]->bv_val,
  205 + value[0]->bv_len
  206 + );
  207 + }
  208 +
  209 + // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.
  210 + const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;
  211 +
  212 + if(!d2i_X509_CRL(&x509_crl, &crl_data, value[0]->bv_len))
  213 + {
  214 + message->error = hSession->ssl.error = ERR_get_error();
  215 + message->title = _( "Security error" );
  216 + message->text = _( "Can't decode certificate revocation list" );
  217 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);
  218 + ldap_value_free_len(value);
  219 + return NULL;
  220 + }
  221 +
  222 + ldap_value_free_len(value);
  223 +
  224 + return x509_crl;
  225 +
  226 +}
  227 +
  228 +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LDAP
... ...
src/ssl/linux/private.h 0 → 100644
  Diff comments   View file @2e323b2
... ... @@ -0,0 +1,63 @@
  1 +/*
  2 + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como private.h e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
  27 + *
  28 + */
  29 +
  30 +#ifndef LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
  31 +
  32 + #define LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
  33 +
  34 + #include <config.h>
  35 +
  36 + #include <openssl/ssl.h>
  37 + #include <openssl/err.h>
  38 + #include <openssl/x509_vfy.h>
  39 + #include <openssl/x509.h>
  40 +
  41 + #include <lib3270-internals.h>
  42 + #include <trace_dsc.h>
  43 + #include <errno.h>
  44 + #include <lib3270.h>
  45 + #include <lib3270/trace.h>
  46 + #include <lib3270/log.h>
  47 +
  48 + #ifdef HAVE_LDAP
  49 +
  50 + /// @brief Use libldap to get CRL.
  51 + LIB3270_INTERNAL X509_CRL * get_crl_using_ldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  52 +
  53 + #endif // HAVE_LDAP
  54 +
  55 + #ifdef HAVE_LIBCURL
  56 +
  57 + /// @brief Use libcurl to get CRL.
  58 + LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  59 +
  60 + #endif // HAVE_LIBCURL
  61 +
  62 +
  63 +#endif // !LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
... ...
src/ssl/windows/curl.c 0 → 100644
  Diff comments   View file @2e323b2
... ... @@ -0,0 +1,381 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + * References:
  29 + *
  30 + * http://www.openssl.org/docs/ssl/
  31 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  32 + *
  33 + */
  34 +
  35 +#include <config.h>
  36 +
  37 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
  38 +
  39 +#include "private.h"
  40 +#include <curl/curl.h>
  41 +
  42 +#define CRL_DATA_LENGTH 2048
  43 +
  44 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  45 +
  46 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
  47 +{
  48 + debug("%s(%p)",__FUNCTION__,*ptr);
  49 + if(*ptr)
  50 + curl_easy_cleanup(*ptr);
  51 + *ptr = NULL;
  52 +}
  53 +
  54 +typedef struct _curldata
  55 +{
  56 + size_t length;
  57 + H3270 * hSession;
  58 + SSL_ERROR_MESSAGE * message;
  59 + char errbuf[CURL_ERROR_SIZE];
  60 + struct {
  61 + size_t length;
  62 + unsigned char * contents;
  63 + } data;
  64 +} CURLDATA;
  65 +
  66 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
  67 +{
  68 + debug("%s(%p)",__FUNCTION__,*ptr);
  69 + if(*ptr)
  70 + {
  71 + CURLDATA *cdata = *ptr;
  72 +
  73 + if(cdata->data.contents) {
  74 + lib3270_free(cdata->data.contents);
  75 + cdata->data.contents = NULL;
  76 + }
  77 + lib3270_free(cdata);
  78 + }
  79 + *ptr = NULL;
  80 +}
  81 +
  82 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  83 +{
  84 + debug("%s(%p)",__FUNCTION__,*ptr);
  85 + if(*ptr)
  86 + BIO_free_all(*ptr);
  87 + *ptr = NULL;
  88 +}
  89 +
  90 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
  91 +{
  92 + CURLDATA * data = (CURLDATA *) userp;
  93 +
  94 + size_t realsize = size * nmemb;
  95 + size_t ix;
  96 +
  97 + debug("Received %u bytes (datablock is %p)", (unsigned int) realsize, data);
  98 +
  99 + unsigned char *ptr = (unsigned char *) contents;
  100 +
  101 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  102 + lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);
  103 +
  104 + if((realsize + data->length) > data->data.length)
  105 + {
  106 + data->data.length += (CRL_DATA_LENGTH + realsize);
  107 + data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
  108 +
  109 + for(ix = data->length; ix < data->data.length; ix++)
  110 + {
  111 + data->data.contents[ix] = 0;
  112 + }
  113 +
  114 + }
  115 +
  116 + for(ix = 0; ix < realsize; ix++)
  117 + {
  118 + data->data.contents[data->length++] = *(ptr++);
  119 + }
  120 +
  121 + return realsize;
  122 +}
  123 +
  124 +static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
  125 +{
  126 + const char * text = NULL;
  127 +
  128 + switch (type) {
  129 + case CURLINFO_TEXT:
  130 + lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
  131 + return 0;
  132 +
  133 + case CURLINFO_HEADER_OUT:
  134 + text = "=> Send header";
  135 + break;
  136 +
  137 + case CURLINFO_DATA_OUT:
  138 + text = "=> Send data";
  139 + break;
  140 +
  141 + case CURLINFO_SSL_DATA_OUT:
  142 + text = "=> Send SSL data";
  143 + break;
  144 +
  145 + case CURLINFO_HEADER_IN:
  146 + text = "<= Recv header";
  147 + break;
  148 +
  149 + case CURLINFO_DATA_IN:
  150 + text = "<= Recv data";
  151 + break;
  152 +
  153 + case CURLINFO_SSL_DATA_IN:
  154 + text = "<= Recv SSL data";
  155 + break;
  156 +
  157 + default:
  158 + return 0;
  159 +
  160 + }
  161 +
  162 + lib3270_trace_data(
  163 + ((CURLDATA *) userp)->hSession,
  164 + text,
  165 + data,
  166 + size
  167 + );
  168 +
  169 + return 0;
  170 +}
  171 +
  172 +X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  173 +{
  174 + X509_CRL * x509_crl = NULL;
  175 +
  176 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  177 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
  178 +
  179 + memset(crl_data,0,sizeof(CURLDATA));
  180 + crl_data->message = message;
  181 + crl_data->hSession = hSession;
  182 + crl_data->data.length = CRL_DATA_LENGTH;
  183 + crl_data->data.contents = lib3270_malloc(crl_data->data.length);
  184 +
  185 + if(!hCurl)
  186 + {
  187 + message->title = _( "Security error" );
  188 + message->text = _( "Error loading certificate revocation list" );
  189 + message->description = _( "Can't initialize curl operation" );
  190 + return NULL;
  191 + }
  192 +
  193 + CURLcode res;
  194 +
  195 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  196 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  197 +
  198 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  199 +
  200 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  201 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  202 +
  203 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  204 +
  205 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  206 + {
  207 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  208 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  209 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  210 + }
  211 +
  212 + res = curl_easy_perform(hCurl);
  213 +
  214 + if(res != CURLE_OK)
  215 + {
  216 + message->error = hSession->ssl.error = 0;
  217 + message->title = _( "Security error" );
  218 +
  219 + if(crl_data->errbuf[0])
  220 + {
  221 + message->text = curl_easy_strerror(res);
  222 + message->description = crl_data->errbuf;
  223 + }
  224 + else
  225 + {
  226 + message->text = _( "Error loading certificate revocation list" );
  227 + message->description = curl_easy_strerror(res);
  228 + }
  229 +
  230 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  231 + errno = EINVAL;
  232 + return NULL;
  233 +
  234 + }
  235 +
  236 + char *ct = NULL;
  237 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  238 + if(res != CURLE_OK)
  239 + {
  240 + message->error = hSession->ssl.error = 0;
  241 + message->title = _( "Security error" );
  242 + message->text = _( "Error loading certificate revocation list" );
  243 + message->description = curl_easy_strerror(res);
  244 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  245 + errno = EINVAL;
  246 + return NULL;
  247 + }
  248 +
  249 + if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  250 + lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
  251 +
  252 + if(ct)
  253 + {
  254 + const unsigned char * data = crl_data->data.contents;
  255 +
  256 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  257 + {
  258 + // CRL File, convert it
  259 + if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
  260 + {
  261 + message->error = hSession->ssl.error = ERR_get_error();
  262 + message->title = _( "Security error" );
  263 + message->text = _( "Can't decode certificate revocation list" );
  264 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  265 + return NULL;
  266 + }
  267 + }
  268 + else
  269 + {
  270 + message->error = hSession->ssl.error = ERR_get_error();
  271 + message->title = _( "Security error" );
  272 + message->text = _( "Got an invalid certificate revocation list from server" );
  273 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  274 + errno = EINVAL;
  275 + return NULL;
  276 + }
  277 + }
  278 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  279 + {
  280 + //
  281 + // curl's LDAP query on windows returns diferently. Working with it.
  282 + //
  283 +#ifdef DEBUG
  284 + {
  285 + FILE *out = fopen("downloaded.crl","w");
  286 + if(out)
  287 + {
  288 + fwrite(crl_data->data.contents,crl_data->length,1,out);
  289 + fclose(out);
  290 + }
  291 +
  292 + }
  293 +#endif
  294 +
  295 + char * attr = strchr(consturl,'?');
  296 + if(!attr)
  297 + {
  298 + message->error = hSession->ssl.error = 0;
  299 + message->title = _( "Security error" );
  300 + message->text = _( "No attribute in LDAP search URL" );
  301 + errno = ENOENT;
  302 + return NULL;
  303 + }
  304 +
  305 + attr++;
  306 +
  307 + lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
  308 + trace_ssl(crl_data->hSession, text);
  309 +
  310 + lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
  311 +
  312 +
  313 +// char *ptr = strcasestr((char *) crl_data->data.contents, key);
  314 +
  315 + size_t ix;
  316 + unsigned char *from = NULL;
  317 + size_t keylength = strlen(key);
  318 + for(ix = 0; ix < (crl_data->length - keylength); ix++)
  319 + {
  320 + if(!strncasecmp( (char *) (crl_data->data.contents+ix),key,keylength))
  321 + {
  322 + from = crl_data->data.contents+ix;
  323 + break;
  324 + }
  325 + }
  326 +
  327 + debug("strstr(%s): %p", key, from);
  328 +
  329 + if(!from)
  330 + {
  331 + message->error = hSession->ssl.error = 0;
  332 + message->title = _( "Security error" );
  333 + message->text = _( "Can't find certificate revocation list in LDAP response" );
  334 + errno = ENOENT;
  335 + return NULL;
  336 + }
  337 +
  338 + from += strlen(key);
  339 + size_t length = crl_data->length - (from - crl_data->data.contents);
  340 +
  341 + static const char terminator[] = { 0x0a, 0x0a, 0x09 };
  342 + unsigned char *to = from+length;
  343 +
  344 + for(ix = 0; ix < (length - sizeof(terminator)); ix++)
  345 + {
  346 + if(!memcmp(from+ix,terminator,sizeof(terminator)))
  347 + {
  348 + to = from+ix;
  349 + break;
  350 + }
  351 + }
  352 +
  353 + length = to - from;
  354 +
  355 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  356 + {
  357 + lib3270_trace_data(
  358 + hSession,
  359 + "CRL Data received from LDAP server",
  360 + (const char *) from,
  361 + length
  362 + );
  363 + }
  364 +
  365 + if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &from, length))
  366 + {
  367 + message->error = hSession->ssl.error = ERR_get_error();
  368 + message->title = _( "Security error" );
  369 + message->text = _( "Can't decode certificate revocation list got from LDAP Search" );
  370 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  371 + errno = EINVAL;
  372 + return NULL;
  373 + }
  374 +
  375 + }
  376 +
  377 + return x509_crl;
  378 +
  379 +}
  380 +
  381 +#endif // defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
... ...
src/ssl/windows/getcrl.c
  Diff comments   View file @2e323b2
... ... @@ -33,31 +33,15 @@
33 33 *
34 34 */
35 35  
36   -#define CRL_DATA_LENGTH 2048
37   -
38 36 #include <config.h>
39 37  
40   -#include <winsock2.h>
41   -#include <windows.h>
42   -#include <winldap.h>
43   -
44 38 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
45 39  
46   -#include <openssl/ssl.h>
47   -#include <openssl/err.h>
48   -#include <openssl/x509_vfy.h>
49   -#include <openssl/x509.h>
  40 +#include "private.h"
50 41  
51   -#ifdef HAVE_LIBCURL
52   - #include <curl/curl.h>
53   -#endif // HAVE_LIBCURL
  42 +#define CRL_DATA_LENGTH 2048
54 43  
55   -#include <lib3270-internals.h>
56   -#include <trace_dsc.h>
57   -#include <errno.h>
58   -#include <lib3270.h>
59   -#include <lib3270/trace.h>
60   -#include <lib3270/log.h>
  44 +// #include <winldap.h>
61 45  
62 46 /*--[ Implement ]------------------------------------------------------------------------------------*/
63 47  
... ... @@ -67,136 +51,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
67 51 fclose(*file);
68 52 }
69 53  
70   -#ifdef HAVE_LIBCURL
71   -static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
72   -{
73   - debug("%s(%p)",__FUNCTION__,*ptr);
74   - if(*ptr)
75   - curl_easy_cleanup(*ptr);
76   - *ptr = NULL;
77   -}
78   -
79   -typedef struct _curldata
80   -{
81   - size_t length;
82   - H3270 * hSession;
83   - SSL_ERROR_MESSAGE * message;
84   - char errbuf[CURL_ERROR_SIZE];
85   - struct {
86   - size_t length;
87   - unsigned char * contents;
88   - } data;
89   -} CURLDATA;
90   -
91   -static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
92   -{
93   - debug("%s(%p)",__FUNCTION__,*ptr);
94   - if(*ptr)
95   - {
96   - CURLDATA *cdata = *ptr;
97   -
98   - if(cdata->data.contents) {
99   - lib3270_free(cdata->data.contents);
100   - cdata->data.contents = NULL;
101   - }
102   - lib3270_free(cdata);
103   - }
104   - *ptr = NULL;
105   -}
106   -
107   -static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
108   -{
109   - debug("%s(%p)",__FUNCTION__,*ptr);
110   - if(*ptr)
111   - BIO_free_all(*ptr);
112   - *ptr = NULL;
113   -}
114   -
115   -static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
116   -{
117   - CURLDATA * data = (CURLDATA *) userp;
118   -
119   - size_t realsize = size * nmemb;
120   - size_t ix;
121   -
122   - debug("Received %u bytes (datablock is %p)", (unsigned int) realsize, data);
123   -
124   - unsigned char *ptr = (unsigned char *) contents;
125   -
126   - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
127   - lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);
128   -
129   - if((realsize + data->length) > data->data.length)
130   - {
131   - data->data.length += (CRL_DATA_LENGTH + realsize);
132   - data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
133   -
134   - for(ix = data->length; ix < data->data.length; ix++)
135   - {
136   - data->data.contents[ix] = 0;
137   - }
138   -
139   - }
140   -
141   - for(ix = 0; ix < realsize; ix++)
142   - {
143   - data->data.contents[data->length++] = *(ptr++);
144   - }
145   -
146   - return realsize;
147   -}
148   -
149   -static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
150   -{
151   - const char * text = NULL;
152   -
153   - switch (type) {
154   - case CURLINFO_TEXT:
155   - lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
156   - return 0;
157   -
158   - case CURLINFO_HEADER_OUT:
159   - text = "=> Send header";
160   - break;
161   -
162   - case CURLINFO_DATA_OUT:
163   - text = "=> Send data";
164   - break;
165   -
166   - case CURLINFO_SSL_DATA_OUT:
167   - text = "=> Send SSL data";
168   - break;
169   -
170   - case CURLINFO_HEADER_IN:
171   - text = "<= Recv header";
172   - break;
173   -
174   - case CURLINFO_DATA_IN:
175   - text = "<= Recv data";
176   - break;
177   -
178   - case CURLINFO_SSL_DATA_IN:
179   - text = "<= Recv SSL data";
180   - break;
181   -
182   - default:
183   - return 0;
184   -
185   - }
186   -
187   - lib3270_trace_data(
188   - ((CURLDATA *) userp)->hSession,
189   - text,
190   - data,
191   - size
192   - );
193   -
194   - return 0;
195   -}
196   -
197   -#endif // HAVE_LIBCURL
198   -
199   -
200 54 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
201 55 {
202 56 X509_CRL * x509_crl = NULL;
... ... @@ -248,202 +102,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
248 102 {
249 103 #ifdef HAVE_LIBCURL
250 104  
251   - // Use CURL to download the CRL
252   - lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
253   - lib3270_autoptr(CURL) hCurl = curl_easy_init();
254   -
255   - memset(crl_data,0,sizeof(CURLDATA));
256   - crl_data->message = message;
257   - crl_data->hSession = hSession;
258   - crl_data->data.length = CRL_DATA_LENGTH;
259   - crl_data->data.contents = lib3270_malloc(crl_data->data.length);
260   -
261   - if(hCurl)
262   - {
263   - CURLcode res;
264   -
265   - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
266   - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
267   -
268   - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
269   -
270   - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
271   - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
272   -
273   - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
274   -
275   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
276   - {
277   - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
278   - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
279   - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
280   - }
281   -
282   - res = curl_easy_perform(hCurl);
283   -
284   - if(res != CURLE_OK)
285   - {
286   - message->error = hSession->ssl.error = 0;
287   - message->title = _( "Security error" );
288   -
289   - if(crl_data->errbuf[0])
290   - {
291   - message->text = curl_easy_strerror(res);
292   - message->description = crl_data->errbuf;
293   - }
294   - else
295   - {
296   - message->text = _( "Error loading CRL" );
297   - message->description = curl_easy_strerror(res);
298   - }
299   -
300   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
301   - errno = EINVAL;
302   - return NULL;
303   -
304   - }
305   -
306   - char *ct = NULL;
307   - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
308   - if(res != CURLE_OK)
309   - {
310   - message->error = hSession->ssl.error = 0;
311   - message->title = _( "Security error" );
312   - message->text = _( "Error loading CRL" );
313   - message->description = curl_easy_strerror(res);
314   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
315   - errno = EINVAL;
316   - return NULL;
317   - }
318   -
319   - if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
320   - lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
321   -
322   - if(ct)
323   - {
324   - const unsigned char * data = crl_data->data.contents;
325   -
326   - if(strcasecmp(ct,"application/pkix-crl") == 0)
327   - {
328   - // CRL File, convert it
329   - if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
330   - {
331   - message->error = hSession->ssl.error = ERR_get_error();
332   - message->title = _( "Security error" );
333   - message->text = _( "Can't decode CRL" );
334   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
335   - return NULL;
336   - }
337   - }
338   - else
339   - {
340   - message->error = hSession->ssl.error = ERR_get_error();
341   - message->title = _( "Security error" );
342   - message->text = _( "Got an invalid CRL from server" );
343   - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
344   - errno = EINVAL;
345   - return NULL;
346   - }
347   - }
348   - else if(strncasecmp(consturl,"ldap://",7) == 0)
349   - {
350   - //
351   - // curl's LDAP query on windows returns diferently. Working with it.
352   - //
353   -#ifdef DEBUG
354   - {
355   - FILE *out = fopen("downloaded.crl","w");
356   - if(out)
357   - {
358   - fwrite(crl_data->data.contents,crl_data->length,1,out);
359   - fclose(out);
360   - }
361   -
362   - }
363   -#endif
364   -
365   - char * attr = strchr(consturl,'?');
366   - if(!attr)
367   - {
368   - message->error = hSession->ssl.error = 0;
369   - message->title = _( "Security error" );
370   - message->text = _( "No attribute in LDAP search URL" );
371   - errno = ENOENT;
372   - return NULL;
373   - }
374   -
375   - attr++;
376   -
377   - lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
378   - trace_ssl(crl_data->hSession, text);
379   -
380   - lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
381   -
382   -
383   -// char *ptr = strcasestr((char *) crl_data->data.contents, key);
384   -
385   - size_t ix;
386   - unsigned char *from = NULL;
387   - size_t keylength = strlen(key);
388   - for(ix = 0; ix < (crl_data->length - keylength); ix++)
389   - {
390   - if(!strncasecmp( (char *) (crl_data->data.contents+ix),key,keylength))
391   - {
392   - from = crl_data->data.contents+ix;
393   - break;
394   - }
395   - }
396   -
397   - debug("strstr(%s): %p", key, from);
398   -
399   - if(!from)
400   - {
401   - message->error = hSession->ssl.error = 0;
402   - message->title = _( "Security error" );
403   - message->text = _( "Can't find attribute in LDAP response" );
404   - errno = ENOENT;
405   - return NULL;
406   - }
407   -
408   - from += strlen(key);
409   - size_t length = crl_data->length - (from - crl_data->data.contents);
410   -
411   - static const char terminator[] = { 0x0a, 0x0a, 0x09 };
412   - unsigned char *to = from+length;
413   -
414   - for(ix = 0; ix < (length - sizeof(terminator)); ix++)
415   - {
416   - if(!memcmp(from+ix,terminator,sizeof(terminator)))
417   - {
418   - to = from+ix;
419   - break;
420   - }
421   - }
422   -
423   - length = to - from;
424   -
425   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
426   - {
427   - lib3270_trace_data(
428   - hSession,
429   - "CRL Data received from LDAP server",
430   - (const char *) from,
431   - length
432   - );
433   - }
434   -
435   - if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &from, length))
436   - {
437   - message->error = hSession->ssl.error = ERR_get_error();
438   - message->title = _( "Security error" );
439   - message->text = _( "Can't decode CRL got from LDAP Search" );
440   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
441   - errno = EINVAL;
442   - return NULL;
443   - }
444   -
445   - }
446   - }
  105 + return get_crl_using_curl(hSession, message, consturl);
447 106  
448 107 #else
449 108 // Can't get CRL.
... ...
src/ssl/windows/private.h 0 → 100644
  Diff comments   View file @2e323b2
... ... @@ -0,0 +1,63 @@
  1 +/*
  2 + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como private.h e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
  27 + *
  28 + */
  29 +
  30 +#ifndef LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED
  31 +
  32 + #define LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED
  33 +
  34 + #include <config.h>
  35 +
  36 + #include <winsock2.h>
  37 + #include <windows.h>
  38 +
  39 + #include <openssl/ssl.h>
  40 + #include <openssl/err.h>
  41 + #include <openssl/x509_vfy.h>
  42 + #include <openssl/x509.h>
  43 +
  44 + #include <lib3270-internals.h>
  45 + #include <trace_dsc.h>
  46 + #include <errno.h>
  47 + #include <lib3270.h>
  48 + #include <lib3270/trace.h>
  49 + #include <lib3270/log.h>
  50 +
  51 + #ifdef HAVE_LIBCURL
  52 +
  53 + #include <curl/curl.h>
  54 +
  55 + /// @brief Use libcurl to get CRL.
  56 + LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  57 +
  58 + #endif // HAVE_LIBCURL
  59 +
  60 + // LIB3270_INTERNAL X509_CRL * get_crl_using_winldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  61 +
  62 +
  63 +#endif // !LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED
... ...