Download as
Browse Code »

Commit 2e323b27473104cce3d849662b7b440fd6a32ce8

Authored by Perry Werneck
1 parent 6b52ad59
Exists in master and in 3 other branches develop, macos, network_module

Splitting CRL download methods.

Showing 9 changed files with 1078 additions and 826 deletions   Show diff stats
@@ -51,6 +51,7 @@ scripts @@ -51,6 +51,7 @@ scripts
51 vgcore.* 51 vgcore.*
52 doxygen/html 52 doxygen/html
53 *.crl 53 *.crl
  54 +*.sh
54 src/include/lib3270/actions.h 55 src/include/lib3270/actions.h
55 doxygen/doxyfile 56 doxygen/doxyfile
56 win32-configure* 57 win32-configure*
@@ -266,18 +266,29 @@ @@ -266,18 +266,29 @@
266 <Unit filename="src/ssl/ctx_init.c"> 266 <Unit filename="src/ssl/ctx_init.c">
267 <Option compilerVar="CC" /> 267 <Option compilerVar="CC" />
268 </Unit> 268 </Unit>
  269 + <Unit filename="src/ssl/linux/curl.c">
  270 + <Option compilerVar="CC" />
  271 + </Unit>
269 <Unit filename="src/ssl/linux/getcrl.c"> 272 <Unit filename="src/ssl/linux/getcrl.c">
270 <Option compilerVar="CC" /> 273 <Option compilerVar="CC" />
271 </Unit> 274 </Unit>
  275 + <Unit filename="src/ssl/linux/ldap.c">
  276 + <Option compilerVar="CC" />
  277 + </Unit>
  278 + <Unit filename="src/ssl/linux/private.h" />
272 <Unit filename="src/ssl/negotiate.c"> 279 <Unit filename="src/ssl/negotiate.c">
273 <Option compilerVar="CC" /> 280 <Option compilerVar="CC" />
274 </Unit> 281 </Unit>
275 <Unit filename="src/ssl/state.c"> 282 <Unit filename="src/ssl/state.c">
276 <Option compilerVar="CC" /> 283 <Option compilerVar="CC" />
277 </Unit> 284 </Unit>
  285 + <Unit filename="src/ssl/windows/curl.c">
  286 + <Option compilerVar="CC" />
  287 + </Unit>
278 <Unit filename="src/ssl/windows/getcrl.c"> 288 <Unit filename="src/ssl/windows/getcrl.c">
279 <Option compilerVar="CC" /> 289 <Option compilerVar="CC" />
280 </Unit> 290 </Unit>
  291 + <Unit filename="src/ssl/windows/private.h" />
281 <Unit filename="src/testprogram/testprogram.c"> 292 <Unit filename="src/testprogram/testprogram.c">
282 <Option compilerVar="CC" /> 293 <Option compilerVar="CC" />
283 </Unit> 294 </Unit>
src/ssl/linux/curl.c 0 → 100644
  Diff comments   View file @2e323b2
@@ -0,0 +1,324 @@ @@ -0,0 +1,324 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +#include <config.h>
  37 +
  38 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
  39 +
  40 +#include "private.h"
  41 +#include <curl/curl.h>
  42 +
  43 +#define CRL_DATA_LENGTH 2048
  44 +
  45 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  46 +
  47 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
  48 +{
  49 + debug("%s(%p)",__FUNCTION__,*ptr);
  50 + if(*ptr)
  51 + curl_easy_cleanup(*ptr);
  52 + *ptr = NULL;
  53 +}
  54 +
  55 +typedef struct _curldata
  56 +{
  57 + size_t length;
  58 + H3270 * hSession;
  59 + SSL_ERROR_MESSAGE * message;
  60 + char errbuf[CURL_ERROR_SIZE];
  61 + struct {
  62 + size_t length;
  63 + unsigned char * contents;
  64 + } data;
  65 +} CURLDATA;
  66 +
  67 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
  68 +{
  69 + debug("%s(%p)",__FUNCTION__,*ptr);
  70 + if(*ptr)
  71 + {
  72 + CURLDATA *cdata = *ptr;
  73 +
  74 + if(cdata->data.contents) {
  75 + lib3270_free(cdata->data.contents);
  76 + cdata->data.contents = NULL;
  77 + }
  78 + lib3270_free(cdata);
  79 + }
  80 + *ptr = NULL;
  81 +}
  82 +
  83 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  84 +{
  85 + debug("%s(%p)",__FUNCTION__,*ptr);
  86 + if(*ptr)
  87 + BIO_free_all(*ptr);
  88 + *ptr = NULL;
  89 +}
  90 +
  91 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
  92 +{
  93 + CURLDATA * data = (CURLDATA *) userp;
  94 +
  95 + debug("%s",__FUNCTION__);
  96 +
  97 + size_t realsize = size * nmemb;
  98 +
  99 + debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
  100 +
  101 + if((realsize + data->length) > data->data.length)
  102 + {
  103 + data->data.length += (CRL_DATA_LENGTH + realsize);
  104 + data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
  105 + memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
  106 + }
  107 +
  108 + debug("%s",__FUNCTION__);
  109 +
  110 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  111 + {
  112 + lib3270_trace_data(
  113 + data->hSession,
  114 + "Received",
  115 + (const char *) contents,
  116 + realsize
  117 + );
  118 + }
  119 +
  120 + debug("%s",__FUNCTION__);
  121 +
  122 + memcpy(&(data->data.contents[data->length]),contents,realsize);
  123 + data->length += realsize;
  124 +
  125 + debug("%s",__FUNCTION__);
  126 +
  127 + return realsize;
  128 +}
  129 +
  130 +static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
  131 +{
  132 + const char * text = NULL;
  133 +
  134 + switch (type) {
  135 + case CURLINFO_TEXT:
  136 + lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
  137 + return 0;
  138 +
  139 + case CURLINFO_HEADER_OUT:
  140 + text = "=> Send header";
  141 + break;
  142 +
  143 + case CURLINFO_DATA_OUT:
  144 + text = "=> Send data";
  145 + break;
  146 +
  147 + case CURLINFO_SSL_DATA_OUT:
  148 + text = "=> Send SSL data";
  149 + break;
  150 +
  151 + case CURLINFO_HEADER_IN:
  152 + text = "<= Recv header";
  153 + break;
  154 +
  155 + case CURLINFO_DATA_IN:
  156 + text = "<= Recv data";
  157 + break;
  158 +
  159 + case CURLINFO_SSL_DATA_IN:
  160 + text = "<= Recv SSL data";
  161 + break;
  162 +
  163 + default:
  164 + return 0;
  165 +
  166 + }
  167 +
  168 + lib3270_trace_data(
  169 + ((CURLDATA *) userp)->hSession,
  170 + text,
  171 + data,
  172 + size
  173 + );
  174 +
  175 + return 0;
  176 +}
  177 +
  178 +LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  179 +{
  180 + X509_CRL * x509_crl = NULL;
  181 +
  182 + // Use CURL to download the CRL
  183 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  184 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
  185 +
  186 + memset(crl_data,0,sizeof(CURLDATA));
  187 + crl_data->message = message;
  188 + crl_data->hSession = hSession;
  189 + crl_data->data.length = CRL_DATA_LENGTH;
  190 + crl_data->data.contents = lib3270_malloc(crl_data->data.length);
  191 +
  192 + if(!hCurl)
  193 + {
  194 + message->title = _( "Security error" );
  195 + message->text = _( "Error loading certificate revocation list" );
  196 + message->description = _( "Can't initialize curl operation" );
  197 + return NULL;
  198 + }
  199 +
  200 + CURLcode res;
  201 +
  202 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  203 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  204 +
  205 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  206 +
  207 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  208 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  209 +
  210 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  211 +
  212 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  213 + {
  214 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  215 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  216 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  217 + }
  218 +
  219 + res = curl_easy_perform(hCurl);
  220 +
  221 + if(res != CURLE_OK)
  222 + {
  223 + message->error = hSession->ssl.error = 0;
  224 + message->title = _( "Security error" );
  225 +
  226 + if(crl_data->errbuf[0])
  227 + {
  228 + message->text = curl_easy_strerror(res);
  229 + message->description = crl_data->errbuf;
  230 + }
  231 + else
  232 + {
  233 + message->text = _( "Error loading certificate revocation list" );
  234 + message->description = curl_easy_strerror(res);
  235 + }
  236 +
  237 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  238 + errno = EINVAL;
  239 + return NULL;
  240 +
  241 + }
  242 +
  243 + char *ct = NULL;
  244 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  245 + if(res != CURLE_OK)
  246 + {
  247 + message->error = hSession->ssl.error = 0;
  248 + message->title = _( "Security error" );
  249 + message->text = _( "Error loading certificate revocation list" );
  250 + message->description = curl_easy_strerror(res);
  251 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  252 + errno = EINVAL;
  253 + return NULL;
  254 + }
  255 +
  256 + if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  257 + lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
  258 +
  259 + if(ct)
  260 + {
  261 + const unsigned char * data = crl_data->data.contents;
  262 +
  263 +
  264 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  265 + {
  266 + // CRL File, convert it
  267 + if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
  268 + {
  269 + message->error = hSession->ssl.error = ERR_get_error();
  270 + message->title = _( "Security error" );
  271 + message->text = _( "Can't decode certificate revocation list" );
  272 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  273 + return NULL;
  274 + }
  275 + }
  276 + else
  277 + {
  278 + message->error = hSession->ssl.error = ERR_get_error();
  279 + message->title = _( "Security error" );
  280 + message->text = _( "Got an invalid certificate revocation list from server" );
  281 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  282 + errno = EINVAL;
  283 + return NULL;
  284 + }
  285 + }
  286 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  287 + {
  288 + // It's an LDAP query, assumes a base64 data.
  289 + char * data = strstr((char *) crl_data->data.contents,":: ");
  290 + if(!data)
  291 + {
  292 + message->error = hSession->ssl.error = ERR_get_error();
  293 + message->title = _( "Security error" );
  294 + message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
  295 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);
  296 + errno = EINVAL;
  297 + return NULL;
  298 + }
  299 + data += 3;
  300 +
  301 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
  302 +
  303 + BIO * b64 = BIO_new(BIO_f_base64());
  304 + bio = BIO_push(b64, bio);
  305 +
  306 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  307 +
  308 + if(!d2i_X509_CRL_bio(bio, &x509_crl))
  309 + {
  310 + message->error = hSession->ssl.error = ERR_get_error();
  311 + message->title = _( "Security error" );
  312 + message->text = _( "Can't decode certificate revocation list got from LDAP server" );
  313 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  314 + errno = EINVAL;
  315 + return NULL;
  316 + }
  317 +
  318 + }
  319 +
  320 + return x509_crl;
  321 +
  322 +}
  323 +
  324 +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
src/ssl/linux/getcrl.c
  Diff comments   View file @2e323b2
@@ -33,33 +33,10 @@ @@ -33,33 +33,10 @@
33 * 33 *
34 */ 34 */
35 35
36 -#define CRL_DATA_LENGTH 2048  
37 -  
38 -#include <config.h> 36 +#include "private.h"
39 37
40 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) 38 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
41 39
42 -#include <openssl/ssl.h>  
43 -#include <openssl/err.h>  
44 -#include <openssl/x509_vfy.h>  
45 -#include <openssl/x509.h>  
46 -  
47 -#ifdef HAVE_LDAP  
48 - #define LDAP_DEPRECATED 1  
49 - #include <ldap.h>  
50 -#endif // HAVE_LDAP  
51 -  
52 -#ifdef HAVE_LIBCURL  
53 - #include <curl/curl.h>  
54 -#endif // HAVE_LIBCURL  
55 -  
56 -#include <lib3270-internals.h>  
57 -#include <trace_dsc.h>  
58 -#include <errno.h>  
59 -#include <lib3270.h>  
60 -#include <lib3270/trace.h>  
61 -#include <lib3270/log.h>  
62 -  
63 /*--[ Implement ]------------------------------------------------------------------------------------*/ 40 /*--[ Implement ]------------------------------------------------------------------------------------*/
64 41
65 static inline void lib3270_autoptr_cleanup_FILE(FILE **file) 42 static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
@@ -68,176 +45,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file) @@ -68,176 +45,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
68 fclose(*file); 45 fclose(*file);
69 } 46 }
70 47
71 -#ifdef HAVE_LDAP  
72 -static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message)  
73 -{  
74 - debug("%s(%p)",__FUNCTION__,*message);  
75 - if(message)  
76 - ldap_msgfree(*message);  
77 - *message = NULL;  
78 -}  
79 -  
80 -static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld)  
81 -{  
82 - debug("%s(%p)",__FUNCTION__,*ld);  
83 - if(*ld)  
84 - ldap_unbind_ext(*ld, NULL, NULL);  
85 - *ld = NULL;  
86 -}  
87 -  
88 -static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber)  
89 -{  
90 - debug("%s(%p)",__FUNCTION__,*ber);  
91 - if(*ber)  
92 - ber_free(*ber, 0);  
93 - *ber = NULL;  
94 -}  
95 -  
96 -static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)  
97 -{  
98 - debug("%s(%p)",__FUNCTION__,*ptr);  
99 - if(*ptr)  
100 - ldap_memfree(*ptr);  
101 - *ptr = NULL;  
102 -}  
103 -  
104 -#endif // HAVE_LDAP  
105 -  
106 -#ifdef HAVE_LIBCURL  
107 -static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)  
108 -{  
109 - debug("%s(%p)",__FUNCTION__,*ptr);  
110 - if(*ptr)  
111 - curl_easy_cleanup(*ptr);  
112 - *ptr = NULL;  
113 -}  
114 -  
115 -typedef struct _curldata  
116 -{  
117 - size_t length;  
118 - H3270 * hSession;  
119 - SSL_ERROR_MESSAGE * message;  
120 - char errbuf[CURL_ERROR_SIZE];  
121 - struct {  
122 - size_t length;  
123 - unsigned char * contents;  
124 - } data;  
125 -} CURLDATA;  
126 -  
127 -static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)  
128 -{  
129 - debug("%s(%p)",__FUNCTION__,*ptr);  
130 - if(*ptr)  
131 - {  
132 - CURLDATA *cdata = *ptr;  
133 -  
134 - if(cdata->data.contents) {  
135 - lib3270_free(cdata->data.contents);  
136 - cdata->data.contents = NULL;  
137 - }  
138 - lib3270_free(cdata);  
139 - }  
140 - *ptr = NULL;  
141 -}  
142 -  
143 -static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)  
144 -{  
145 - debug("%s(%p)",__FUNCTION__,*ptr);  
146 - if(*ptr)  
147 - BIO_free_all(*ptr);  
148 - *ptr = NULL;  
149 -}  
150 -  
151 -static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)  
152 -{  
153 - CURLDATA * data = (CURLDATA *) userp;  
154 -  
155 - debug("%s",__FUNCTION__);  
156 -  
157 - size_t realsize = size * nmemb;  
158 -  
159 - debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);  
160 -  
161 - if((realsize + data->length) > data->data.length)  
162 - {  
163 - data->data.length += (CRL_DATA_LENGTH + realsize);  
164 - data->data.contents = lib3270_realloc(data->data.contents,data->data.length);  
165 - memset(&(data->data.contents[data->length]),0,data->data.length-data->length);  
166 - }  
167 -  
168 - debug("%s",__FUNCTION__);  
169 -  
170 - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))  
171 - {  
172 - lib3270_trace_data(  
173 - data->hSession,  
174 - "Received",  
175 - (const char *) contents,  
176 - realsize  
177 - );  
178 - }  
179 -  
180 - debug("%s",__FUNCTION__);  
181 -  
182 - memcpy(&(data->data.contents[data->length]),contents,realsize);  
183 - data->length += realsize;  
184 -  
185 - debug("%s",__FUNCTION__);  
186 -  
187 - return realsize;  
188 -}  
189 -  
190 -static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)  
191 -{  
192 - const char * text = NULL;  
193 -  
194 - switch (type) {  
195 - case CURLINFO_TEXT:  
196 - lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);  
197 - return 0;  
198 -  
199 - case CURLINFO_HEADER_OUT:  
200 - text = "=> Send header";  
201 - break;  
202 -  
203 - case CURLINFO_DATA_OUT:  
204 - text = "=> Send data";  
205 - break;  
206 -  
207 - case CURLINFO_SSL_DATA_OUT:  
208 - text = "=> Send SSL data";  
209 - break;  
210 -  
211 - case CURLINFO_HEADER_IN:  
212 - text = "<= Recv header";  
213 - break;  
214 -  
215 - case CURLINFO_DATA_IN:  
216 - text = "<= Recv data";  
217 - break;  
218 -  
219 - case CURLINFO_SSL_DATA_IN:  
220 - text = "<= Recv SSL data";  
221 - break;  
222 -  
223 - default:  
224 - return 0;  
225 -  
226 - }  
227 -  
228 - lib3270_trace_data(  
229 - ((CURLDATA *) userp)->hSession,  
230 - text,  
231 - data,  
232 - size  
233 - );  
234 -  
235 - return 0;  
236 -}  
237 -  
238 -#endif // HAVE_LIBCURL  
239 -  
240 -  
241 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl) 48 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
242 { 49 {
243 X509_CRL * x509_crl = NULL; 50 X509_CRL * x509_crl = NULL;
@@ -288,148 +95,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * @@ -288,148 +95,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
288 #ifdef HAVE_LDAP 95 #ifdef HAVE_LDAP
289 else if(strncasecmp(consturl,"ldap://",7) == 0 && strlen(consturl) > 8) 96 else if(strncasecmp(consturl,"ldap://",7) == 0 && strlen(consturl) > 8)
290 { 97 {
291 - int rc;  
292 - lib3270_autoptr(char) url = strdup(consturl);  
293 - char * base = strchr(url+7,'/');  
294 - char * attrs[] = { NULL, NULL };  
295 -  
296 - if(!base)  
297 - {  
298 - message->error = hSession->ssl.error = 0;  
299 - message->title = _( "Security error" );  
300 - message->text = _( "No DN of the entry at which to start the search on the URL" );  
301 - message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );  
302 - return errno = EINVAL;  
303 - }  
304 -  
305 - *(base++) = 0;  
306 - attrs[0] = strchr(base,'?');  
307 -  
308 - if(!base)  
309 - {  
310 - message->error = hSession->ssl.error = 0;  
311 - message->title = _( "Security error" );  
312 - message->text = _( "No LDAP attribute on the URL" );  
313 - message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );  
314 - return errno = EINVAL;  
315 - }  
316 -  
317 - *(attrs[0]++) = 0;  
318 -  
319 - debug("host: \"%s\"",url);  
320 - debug("Base: \"%s\"",base);  
321 - debug("Attr: \"%s\"",attrs[0]);  
322 -  
323 - // Do LDAP Query  
324 - LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;  
325 - BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;  
326 -  
327 - rc = ldap_initialize(&ld, url);  
328 - if(rc != LDAP_SUCCESS)  
329 - {  
330 - message->error = hSession->ssl.error = 0;  
331 - message->title = _( "Security error" );  
332 - message->text = _( "Can't initialize LDAP" );  
333 - message->description = ldap_err2string(rc);  
334 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
335 - return -1;  
336 - }  
337 -  
338 - unsigned long version = LDAP_VERSION3;  
339 - rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);  
340 - if(rc != LDAP_SUCCESS) {  
341 - message->error = hSession->ssl.error = 0;  
342 - message->title = _( "Security error" );  
343 - message->text = _( "Can't set LDAP version" );  
344 - message->description = ldap_err2string(rc);  
345 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
346 - return NULL;  
347 - }  
348 -  
349 - rc = ldap_simple_bind_s(ld, "", "");  
350 - if(rc != LDAP_SUCCESS)  
351 - {  
352 - message->error = hSession->ssl.error = 0;  
353 - message->title = _( "Security error" );  
354 - message->text = _( "Can't bind to LDAP server" );  
355 - message->description = ldap_err2string(rc);  
356 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
357 - return -1;  
358 - }  
359 -  
360 - lib3270_autoptr(LDAPMessage) results = NULL;  
361 - rc = ldap_search_ext_s(  
362 - ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().  
363 - base, // Specifies the DN of the entry at which to start the search.  
364 - LDAP_SCOPE_BASE, // Specifies the scope of the search.  
365 - NULL, // Specifies a string representation of the filter to apply in the search.  
366 - (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.  
367 - 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.  
368 - NULL,  
369 - NULL,  
370 - NULL,  
371 - 0,  
372 - &results  
373 - );  
374 -  
375 - if(rc != LDAP_SUCCESS)  
376 - {  
377 - message->error = hSession->ssl.error = 0;  
378 - message->title = _( "Security error" );  
379 - message->text = _( "Can't search LDAP server" );  
380 - message->description = ldap_err2string(rc);  
381 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
382 - return NULL;  
383 - }  
384 -  
385 - char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);  
386 - if(!attr)  
387 - {  
388 - message->error = hSession->ssl.error = 0;  
389 - message->title = _( "Security error" );  
390 - message->text = _( "Can't get LDAP attribute" );  
391 - message->description = _("Search did not produce any attributes.");  
392 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
393 - errno = ENOENT;  
394 - return NULL;  
395 - }  
396 -  
397 - struct berval ** value = ldap_get_values_len(ld, results, attr);  
398 - if(!value)  
399 - {  
400 - message->error = hSession->ssl.error = 0;  
401 - message->title = _( "Security error" );  
402 - message->text = _( "Can't get LDAP attribute" );  
403 - message->description = _("Search did not produce any values.");  
404 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
405 - errno = ENOENT;  
406 - return NULL;  
407 - }  
408 -  
409 - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))  
410 - {  
411 - lib3270_trace_data(  
412 - hSession,  
413 - "CRL Data received from LDAP server",  
414 - (const char *) value[0]->bv_val,  
415 - value[0]->bv_len  
416 - );  
417 - }  
418 -  
419 - // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.  
420 - const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;  
421 -  
422 - if(!d2i_X509_CRL(&x509_crl, &crl_data, value[0]->bv_len))  
423 - {  
424 - message->error = hSession->ssl.error = ERR_get_error();  
425 - message->title = _( "Security error" );  
426 - message->text = _( "Can't decode CRL" );  
427 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);  
428 - ldap_value_free_len(value);  
429 - return NULL;  
430 - }  
431 -  
432 - ldap_value_free_len(value); 98 + return get_crl_using_ldap(hSession, message, consturl);
433 99
434 } 100 }
435 #endif // HAVE_LDAP 101 #endif // HAVE_LDAP
@@ -437,151 +103,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * @@ -437,151 +103,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
437 { 103 {
438 #ifdef HAVE_LIBCURL 104 #ifdef HAVE_LIBCURL
439 105
440 - // Use CURL to download the CRL  
441 - lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));  
442 - lib3270_autoptr(CURL) hCurl = curl_easy_init();  
443 -  
444 - memset(crl_data,0,sizeof(CURLDATA));  
445 - crl_data->message = message;  
446 - crl_data->hSession = hSession;  
447 - crl_data->data.length = CRL_DATA_LENGTH;  
448 - crl_data->data.contents = lib3270_malloc(crl_data->data.length);  
449 -  
450 - if(hCurl)  
451 - {  
452 - CURLcode res;  
453 -  
454 - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);  
455 - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);  
456 -  
457 - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);  
458 -  
459 - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);  
460 - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);  
461 -  
462 - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");  
463 -  
464 - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))  
465 - {  
466 - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);  
467 - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);  
468 - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);  
469 - }  
470 -  
471 - res = curl_easy_perform(hCurl);  
472 -  
473 - if(res != CURLE_OK)  
474 - {  
475 - message->error = hSession->ssl.error = 0;  
476 - message->title = _( "Security error" );  
477 -  
478 - if(crl_data->errbuf[0])  
479 - {  
480 - message->text = curl_easy_strerror(res);  
481 - message->description = crl_data->errbuf;  
482 - }  
483 - else  
484 - {  
485 - message->text = _( "Error loading CRL" );  
486 - message->description = curl_easy_strerror(res);  
487 - }  
488 -  
489 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
490 - errno = EINVAL;  
491 - return NULL;  
492 -  
493 - }  
494 -  
495 - char *ct = NULL;  
496 - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);  
497 - if(res != CURLE_OK)  
498 - {  
499 - message->error = hSession->ssl.error = 0;  
500 - message->title = _( "Security error" );  
501 - message->text = _( "Error loading CRL" );  
502 - message->description = curl_easy_strerror(res);  
503 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
504 - errno = EINVAL;  
505 - return NULL;  
506 - }  
507 -  
508 - if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))  
509 - lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);  
510 -  
511 - if(ct)  
512 - {  
513 - const unsigned char * data = crl_data->data.contents;  
514 -  
515 -  
516 - if(strcasecmp(ct,"application/pkix-crl") == 0)  
517 - {  
518 - // CRL File, convert it  
519 - if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))  
520 - {  
521 - message->error = hSession->ssl.error = ERR_get_error();  
522 - message->title = _( "Security error" );  
523 - message->text = _( "Can't decode CRL" );  
524 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
525 - return NULL;  
526 - }  
527 - }  
528 - else  
529 - {  
530 - message->error = hSession->ssl.error = ERR_get_error();  
531 - message->title = _( "Security error" );  
532 - message->text = _( "Got an invalid CRL from server" );  
533 - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);  
534 - errno = EINVAL;  
535 - return NULL;  
536 - }  
537 - }  
538 - else if(strncasecmp(consturl,"ldap://",7) == 0)  
539 - {  
540 - // It's an LDAP query, assumes a base64 data.  
541 - char * data = strstr((char *) crl_data->data.contents,":: ");  
542 - if(!data)  
543 - {  
544 - message->error = hSession->ssl.error = ERR_get_error();  
545 - message->title = _( "Security error" );  
546 - message->text = _( "Got a bad formatted CRL from LDAP server" );  
547 - lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);  
548 - errno = EINVAL;  
549 - return NULL;  
550 - }  
551 - data += 3;  
552 -  
553 -#ifdef DEBUG  
554 - {  
555 - FILE *out = fopen("linux_base64.crl","w");  
556 - if(out)  
557 - {  
558 - fwrite(data,strlen(data),1,out);  
559 - fclose(out);  
560 - }  
561 -  
562 - }  
563 -#endif  
564 -  
565 - lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);  
566 -  
567 - BIO * b64 = BIO_new(BIO_f_base64());  
568 - bio = BIO_push(b64, bio);  
569 -  
570 - BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);  
571 -  
572 - if(!d2i_X509_CRL_bio(bio, &x509_crl))  
573 - {  
574 - message->error = hSession->ssl.error = ERR_get_error();  
575 - message->title = _( "Security error" );  
576 - message->text = _( "Can't decode CRL got from LDAP server" );  
577 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
578 - errno = EINVAL;  
579 - return NULL;  
580 - }  
581 -  
582 - }  
583 -  
584 - } 106 + return get_crl_using_curl(hSession, message, consturl);
585 107
586 #else 108 #else
587 // Can't get CRL. 109 // Can't get CRL.
src/ssl/linux/ldap.c 0 → 100644
  Diff comments   View file @2e323b2
@@ -0,0 +1,228 @@ @@ -0,0 +1,228 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +#include <config.h>
  37 +
  38 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LDAP)
  39 +
  40 +#define LDAP_DEPRECATED 1
  41 +#include <ldap.h>
  42 +
  43 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  44 +
  45 +static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message)
  46 +{
  47 + debug("%s(%p)",__FUNCTION__,*message);
  48 + if(message)
  49 + ldap_msgfree(*message);
  50 + *message = NULL;
  51 +}
  52 +
  53 +static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld)
  54 +{
  55 + debug("%s(%p)",__FUNCTION__,*ld);
  56 + if(*ld)
  57 + ldap_unbind_ext(*ld, NULL, NULL);
  58 + *ld = NULL;
  59 +}
  60 +
  61 +static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber)
  62 +{
  63 + debug("%s(%p)",__FUNCTION__,*ber);
  64 + if(*ber)
  65 + ber_free(*ber, 0);
  66 + *ber = NULL;
  67 +}
  68 +
  69 +static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
  70 +{
  71 + debug("%s(%p)",__FUNCTION__,*ptr);
  72 + if(*ptr)
  73 + ldap_memfree(*ptr);
  74 + *ptr = NULL;
  75 +}
  76 +
  77 +LIB3270_INTERNAL X509_CRL * get_crl_using_ldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  78 +{
  79 + X509_CRL * x509_crl = NULL;
  80 +
  81 + int rc;
  82 + lib3270_autoptr(char) url = strdup(consturl);
  83 + char * base = strchr(url+7,'/');
  84 + char * attrs[] = { NULL, NULL };
  85 +
  86 + if(!base)
  87 + {
  88 + message->error = hSession->ssl.error = 0;
  89 + message->title = _( "Security error" );
  90 + message->text = _( "No DN of the entry at which to start the search on the URL" );
  91 + message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
  92 + return errno = EINVAL;
  93 + }
  94 +
  95 + *(base++) = 0;
  96 + attrs[0] = strchr(base,'?');
  97 +
  98 + if(!base)
  99 + {
  100 + message->error = hSession->ssl.error = 0;
  101 + message->title = _( "Security error" );
  102 + message->text = _( "No LDAP attribute on the URL" );
  103 + message->description = _( "The URL argument should be in the format ldap://[HOST]/[DN]?attribute" );
  104 + return errno = EINVAL;
  105 + }
  106 +
  107 + *(attrs[0]++) = 0;
  108 +
  109 + debug("host: \"%s\"",url);
  110 + debug("Base: \"%s\"",base);
  111 + debug("Attr: \"%s\"",attrs[0]);
  112 +
  113 + // Do LDAP Query
  114 + LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;
  115 + BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;
  116 +
  117 + rc = ldap_initialize(&ld, url);
  118 + if(rc != LDAP_SUCCESS)
  119 + {
  120 + message->error = hSession->ssl.error = 0;
  121 + message->title = _( "Security error" );
  122 + message->text = _( "Can't initialize LDAP" );
  123 + message->description = ldap_err2string(rc);
  124 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  125 + return -1;
  126 + }
  127 +
  128 + unsigned long version = LDAP_VERSION3;
  129 + rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);
  130 + if(rc != LDAP_SUCCESS) {
  131 + message->error = hSession->ssl.error = 0;
  132 + message->title = _( "Security error" );
  133 + message->text = _( "Can't set LDAP version" );
  134 + message->description = ldap_err2string(rc);
  135 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  136 + return NULL;
  137 + }
  138 +
  139 + rc = ldap_simple_bind_s(ld, "", "");
  140 + if(rc != LDAP_SUCCESS)
  141 + {
  142 + message->error = hSession->ssl.error = 0;
  143 + message->title = _( "Security error" );
  144 + message->text = _( "Can't bind to LDAP server" );
  145 + message->description = ldap_err2string(rc);
  146 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  147 + return -1;
  148 + }
  149 +
  150 + lib3270_autoptr(LDAPMessage) results = NULL;
  151 + rc = ldap_search_ext_s(
  152 + ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().
  153 + base, // Specifies the DN of the entry at which to start the search.
  154 + LDAP_SCOPE_BASE, // Specifies the scope of the search.
  155 + NULL, // Specifies a string representation of the filter to apply in the search.
  156 + (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.
  157 + 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.
  158 + NULL,
  159 + NULL,
  160 + NULL,
  161 + 0,
  162 + &results
  163 + );
  164 +
  165 + if(rc != LDAP_SUCCESS)
  166 + {
  167 + message->error = hSession->ssl.error = 0;
  168 + message->title = _( "Security error" );
  169 + message->text = _( "Can't search LDAP server" );
  170 + message->description = ldap_err2string(rc);
  171 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  172 + return NULL;
  173 + }
  174 +
  175 + char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);
  176 + if(!attr)
  177 + {
  178 + message->error = hSession->ssl.error = 0;
  179 + message->title = _( "Security error" );
  180 + message->text = _( "Can't get LDAP attribute" );
  181 + message->description = _("Search did not produce any attributes.");
  182 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  183 + errno = ENOENT;
  184 + return NULL;
  185 + }
  186 +
  187 + struct berval ** value = ldap_get_values_len(ld, results, attr);
  188 + if(!value)
  189 + {
  190 + message->error = hSession->ssl.error = 0;
  191 + message->title = _( "Security error" );
  192 + message->text = _( "Can't get LDAP attribute" );
  193 + message->description = _("Search did not produce any values.");
  194 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
  195 + errno = ENOENT;
  196 + return NULL;
  197 + }
  198 +
  199 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  200 + {
  201 + lib3270_trace_data(
  202 + hSession,
  203 + "CRL Data received from LDAP server",
  204 + (const char *) value[0]->bv_val,
  205 + value[0]->bv_len
  206 + );
  207 + }
  208 +
  209 + // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.
  210 + const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;
  211 +
  212 + if(!d2i_X509_CRL(&x509_crl, &crl_data, value[0]->bv_len))
  213 + {
  214 + message->error = hSession->ssl.error = ERR_get_error();
  215 + message->title = _( "Security error" );
  216 + message->text = _( "Can't decode certificate revocation list" );
  217 + lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);
  218 + ldap_value_free_len(value);
  219 + return NULL;
  220 + }
  221 +
  222 + ldap_value_free_len(value);
  223 +
  224 + return x509_crl;
  225 +
  226 +}
  227 +
  228 +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LDAP
src/ssl/linux/private.h 0 → 100644
  Diff comments   View file @2e323b2
@@ -0,0 +1,63 @@ @@ -0,0 +1,63 @@
  1 +/*
  2 + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como private.h e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
  27 + *
  28 + */
  29 +
  30 +#ifndef LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
  31 +
  32 + #define LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
  33 +
  34 + #include <config.h>
  35 +
  36 + #include <openssl/ssl.h>
  37 + #include <openssl/err.h>
  38 + #include <openssl/x509_vfy.h>
  39 + #include <openssl/x509.h>
  40 +
  41 + #include <lib3270-internals.h>
  42 + #include <trace_dsc.h>
  43 + #include <errno.h>
  44 + #include <lib3270.h>
  45 + #include <lib3270/trace.h>
  46 + #include <lib3270/log.h>
  47 +
  48 + #ifdef HAVE_LDAP
  49 +
  50 + /// @brief Use libldap to get CRL.
  51 + LIB3270_INTERNAL X509_CRL * get_crl_using_ldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  52 +
  53 + #endif // HAVE_LDAP
  54 +
  55 + #ifdef HAVE_LIBCURL
  56 +
  57 + /// @brief Use libcurl to get CRL.
  58 + LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  59 +
  60 + #endif // HAVE_LIBCURL
  61 +
  62 +
  63 +#endif // !LIB3270_LINUX_SSL_PRIVATE_H_INCLUDED
src/ssl/windows/curl.c 0 → 100644
  Diff comments   View file @2e323b2
@@ -0,0 +1,381 @@ @@ -0,0 +1,381 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + * References:
  29 + *
  30 + * http://www.openssl.org/docs/ssl/
  31 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  32 + *
  33 + */
  34 +
  35 +#include <config.h>
  36 +
  37 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
  38 +
  39 +#include "private.h"
  40 +#include <curl/curl.h>
  41 +
  42 +#define CRL_DATA_LENGTH 2048
  43 +
  44 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  45 +
  46 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
  47 +{
  48 + debug("%s(%p)",__FUNCTION__,*ptr);
  49 + if(*ptr)
  50 + curl_easy_cleanup(*ptr);
  51 + *ptr = NULL;
  52 +}
  53 +
  54 +typedef struct _curldata
  55 +{
  56 + size_t length;
  57 + H3270 * hSession;
  58 + SSL_ERROR_MESSAGE * message;
  59 + char errbuf[CURL_ERROR_SIZE];
  60 + struct {
  61 + size_t length;
  62 + unsigned char * contents;
  63 + } data;
  64 +} CURLDATA;
  65 +
  66 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
  67 +{
  68 + debug("%s(%p)",__FUNCTION__,*ptr);
  69 + if(*ptr)
  70 + {
  71 + CURLDATA *cdata = *ptr;
  72 +
  73 + if(cdata->data.contents) {
  74 + lib3270_free(cdata->data.contents);
  75 + cdata->data.contents = NULL;
  76 + }
  77 + lib3270_free(cdata);
  78 + }
  79 + *ptr = NULL;
  80 +}
  81 +
  82 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  83 +{
  84 + debug("%s(%p)",__FUNCTION__,*ptr);
  85 + if(*ptr)
  86 + BIO_free_all(*ptr);
  87 + *ptr = NULL;
  88 +}
  89 +
  90 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
  91 +{
  92 + CURLDATA * data = (CURLDATA *) userp;
  93 +
  94 + size_t realsize = size * nmemb;
  95 + size_t ix;
  96 +
  97 + debug("Received %u bytes (datablock is %p)", (unsigned int) realsize, data);
  98 +
  99 + unsigned char *ptr = (unsigned char *) contents;
  100 +
  101 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  102 + lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);
  103 +
  104 + if((realsize + data->length) > data->data.length)
  105 + {
  106 + data->data.length += (CRL_DATA_LENGTH + realsize);
  107 + data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
  108 +
  109 + for(ix = data->length; ix < data->data.length; ix++)
  110 + {
  111 + data->data.contents[ix] = 0;
  112 + }
  113 +
  114 + }
  115 +
  116 + for(ix = 0; ix < realsize; ix++)
  117 + {
  118 + data->data.contents[data->length++] = *(ptr++);
  119 + }
  120 +
  121 + return realsize;
  122 +}
  123 +
  124 +static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
  125 +{
  126 + const char * text = NULL;
  127 +
  128 + switch (type) {
  129 + case CURLINFO_TEXT:
  130 + lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
  131 + return 0;
  132 +
  133 + case CURLINFO_HEADER_OUT:
  134 + text = "=> Send header";
  135 + break;
  136 +
  137 + case CURLINFO_DATA_OUT:
  138 + text = "=> Send data";
  139 + break;
  140 +
  141 + case CURLINFO_SSL_DATA_OUT:
  142 + text = "=> Send SSL data";
  143 + break;
  144 +
  145 + case CURLINFO_HEADER_IN:
  146 + text = "<= Recv header";
  147 + break;
  148 +
  149 + case CURLINFO_DATA_IN:
  150 + text = "<= Recv data";
  151 + break;
  152 +
  153 + case CURLINFO_SSL_DATA_IN:
  154 + text = "<= Recv SSL data";
  155 + break;
  156 +
  157 + default:
  158 + return 0;
  159 +
  160 + }
  161 +
  162 + lib3270_trace_data(
  163 + ((CURLDATA *) userp)->hSession,
  164 + text,
  165 + data,
  166 + size
  167 + );
  168 +
  169 + return 0;
  170 +}
  171 +
  172 +X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  173 +{
  174 + X509_CRL * x509_crl = NULL;
  175 +
  176 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  177 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
  178 +
  179 + memset(crl_data,0,sizeof(CURLDATA));
  180 + crl_data->message = message;
  181 + crl_data->hSession = hSession;
  182 + crl_data->data.length = CRL_DATA_LENGTH;
  183 + crl_data->data.contents = lib3270_malloc(crl_data->data.length);
  184 +
  185 + if(!hCurl)
  186 + {
  187 + message->title = _( "Security error" );
  188 + message->text = _( "Error loading certificate revocation list" );
  189 + message->description = _( "Can't initialize curl operation" );
  190 + return NULL;
  191 + }
  192 +
  193 + CURLcode res;
  194 +
  195 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  196 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  197 +
  198 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  199 +
  200 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  201 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  202 +
  203 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  204 +
  205 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  206 + {
  207 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  208 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  209 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  210 + }
  211 +
  212 + res = curl_easy_perform(hCurl);
  213 +
  214 + if(res != CURLE_OK)
  215 + {
  216 + message->error = hSession->ssl.error = 0;
  217 + message->title = _( "Security error" );
  218 +
  219 + if(crl_data->errbuf[0])
  220 + {
  221 + message->text = curl_easy_strerror(res);
  222 + message->description = crl_data->errbuf;
  223 + }
  224 + else
  225 + {
  226 + message->text = _( "Error loading certificate revocation list" );
  227 + message->description = curl_easy_strerror(res);
  228 + }
  229 +
  230 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  231 + errno = EINVAL;
  232 + return NULL;
  233 +
  234 + }
  235 +
  236 + char *ct = NULL;
  237 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  238 + if(res != CURLE_OK)
  239 + {
  240 + message->error = hSession->ssl.error = 0;
  241 + message->title = _( "Security error" );
  242 + message->text = _( "Error loading certificate revocation list" );
  243 + message->description = curl_easy_strerror(res);
  244 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  245 + errno = EINVAL;
  246 + return NULL;
  247 + }
  248 +
  249 + if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  250 + lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
  251 +
  252 + if(ct)
  253 + {
  254 + const unsigned char * data = crl_data->data.contents;
  255 +
  256 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  257 + {
  258 + // CRL File, convert it
  259 + if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
  260 + {
  261 + message->error = hSession->ssl.error = ERR_get_error();
  262 + message->title = _( "Security error" );
  263 + message->text = _( "Can't decode certificate revocation list" );
  264 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  265 + return NULL;
  266 + }
  267 + }
  268 + else
  269 + {
  270 + message->error = hSession->ssl.error = ERR_get_error();
  271 + message->title = _( "Security error" );
  272 + message->text = _( "Got an invalid certificate revocation list from server" );
  273 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  274 + errno = EINVAL;
  275 + return NULL;
  276 + }
  277 + }
  278 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  279 + {
  280 + //
  281 + // curl's LDAP query on windows returns diferently. Working with it.
  282 + //
  283 +#ifdef DEBUG
  284 + {
  285 + FILE *out = fopen("downloaded.crl","w");
  286 + if(out)
  287 + {
  288 + fwrite(crl_data->data.contents,crl_data->length,1,out);
  289 + fclose(out);
  290 + }
  291 +
  292 + }
  293 +#endif
  294 +
  295 + char * attr = strchr(consturl,'?');
  296 + if(!attr)
  297 + {
  298 + message->error = hSession->ssl.error = 0;
  299 + message->title = _( "Security error" );
  300 + message->text = _( "No attribute in LDAP search URL" );
  301 + errno = ENOENT;
  302 + return NULL;
  303 + }
  304 +
  305 + attr++;
  306 +
  307 + lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
  308 + trace_ssl(crl_data->hSession, text);
  309 +
  310 + lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
  311 +
  312 +
  313 +// char *ptr = strcasestr((char *) crl_data->data.contents, key);
  314 +
  315 + size_t ix;
  316 + unsigned char *from = NULL;
  317 + size_t keylength = strlen(key);
  318 + for(ix = 0; ix < (crl_data->length - keylength); ix++)
  319 + {
  320 + if(!strncasecmp( (char *) (crl_data->data.contents+ix),key,keylength))
  321 + {
  322 + from = crl_data->data.contents+ix;
  323 + break;
  324 + }
  325 + }
  326 +
  327 + debug("strstr(%s): %p", key, from);
  328 +
  329 + if(!from)
  330 + {
  331 + message->error = hSession->ssl.error = 0;
  332 + message->title = _( "Security error" );
  333 + message->text = _( "Can't find certificate revocation list in LDAP response" );
  334 + errno = ENOENT;
  335 + return NULL;
  336 + }
  337 +
  338 + from += strlen(key);
  339 + size_t length = crl_data->length - (from - crl_data->data.contents);
  340 +
  341 + static const char terminator[] = { 0x0a, 0x0a, 0x09 };
  342 + unsigned char *to = from+length;
  343 +
  344 + for(ix = 0; ix < (length - sizeof(terminator)); ix++)
  345 + {
  346 + if(!memcmp(from+ix,terminator,sizeof(terminator)))
  347 + {
  348 + to = from+ix;
  349 + break;
  350 + }
  351 + }
  352 +
  353 + length = to - from;
  354 +
  355 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  356 + {
  357 + lib3270_trace_data(
  358 + hSession,
  359 + "CRL Data received from LDAP server",
  360 + (const char *) from,
  361 + length
  362 + );
  363 + }
  364 +
  365 + if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &from, length))
  366 + {
  367 + message->error = hSession->ssl.error = ERR_get_error();
  368 + message->title = _( "Security error" );
  369 + message->text = _( "Can't decode certificate revocation list got from LDAP Search" );
  370 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  371 + errno = EINVAL;
  372 + return NULL;
  373 + }
  374 +
  375 + }
  376 +
  377 + return x509_crl;
  378 +
  379 +}
  380 +
  381 +#endif // defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
src/ssl/windows/getcrl.c
  Diff comments   View file @2e323b2
@@ -33,31 +33,15 @@ @@ -33,31 +33,15 @@
33 * 33 *
34 */ 34 */
35 35
36 -#define CRL_DATA_LENGTH 2048  
37 -  
38 #include <config.h> 36 #include <config.h>
39 37
40 -#include <winsock2.h>  
41 -#include <windows.h>  
42 -#include <winldap.h>  
43 -  
44 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) 38 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
45 39
46 -#include <openssl/ssl.h>  
47 -#include <openssl/err.h>  
48 -#include <openssl/x509_vfy.h>  
49 -#include <openssl/x509.h> 40 +#include "private.h"
50 41
51 -#ifdef HAVE_LIBCURL  
52 - #include <curl/curl.h>  
53 -#endif // HAVE_LIBCURL 42 +#define CRL_DATA_LENGTH 2048
54 43
55 -#include <lib3270-internals.h>  
56 -#include <trace_dsc.h>  
57 -#include <errno.h>  
58 -#include <lib3270.h>  
59 -#include <lib3270/trace.h>  
60 -#include <lib3270/log.h> 44 +// #include <winldap.h>
61 45
62 /*--[ Implement ]------------------------------------------------------------------------------------*/ 46 /*--[ Implement ]------------------------------------------------------------------------------------*/
63 47
@@ -67,136 +51,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file) @@ -67,136 +51,6 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
67 fclose(*file); 51 fclose(*file);
68 } 52 }
69 53
70 -#ifdef HAVE_LIBCURL  
71 -static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)  
72 -{  
73 - debug("%s(%p)",__FUNCTION__,*ptr);  
74 - if(*ptr)  
75 - curl_easy_cleanup(*ptr);  
76 - *ptr = NULL;  
77 -}  
78 -  
79 -typedef struct _curldata  
80 -{  
81 - size_t length;  
82 - H3270 * hSession;  
83 - SSL_ERROR_MESSAGE * message;  
84 - char errbuf[CURL_ERROR_SIZE];  
85 - struct {  
86 - size_t length;  
87 - unsigned char * contents;  
88 - } data;  
89 -} CURLDATA;  
90 -  
91 -static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)  
92 -{  
93 - debug("%s(%p)",__FUNCTION__,*ptr);  
94 - if(*ptr)  
95 - {  
96 - CURLDATA *cdata = *ptr;  
97 -  
98 - if(cdata->data.contents) {  
99 - lib3270_free(cdata->data.contents);  
100 - cdata->data.contents = NULL;  
101 - }  
102 - lib3270_free(cdata);  
103 - }  
104 - *ptr = NULL;  
105 -}  
106 -  
107 -static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)  
108 -{  
109 - debug("%s(%p)",__FUNCTION__,*ptr);  
110 - if(*ptr)  
111 - BIO_free_all(*ptr);  
112 - *ptr = NULL;  
113 -}  
114 -  
115 -static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)  
116 -{  
117 - CURLDATA * data = (CURLDATA *) userp;  
118 -  
119 - size_t realsize = size * nmemb;  
120 - size_t ix;  
121 -  
122 - debug("Received %u bytes (datablock is %p)", (unsigned int) realsize, data);  
123 -  
124 - unsigned char *ptr = (unsigned char *) contents;  
125 -  
126 - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))  
127 - lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);  
128 -  
129 - if((realsize + data->length) > data->data.length)  
130 - {  
131 - data->data.length += (CRL_DATA_LENGTH + realsize);  
132 - data->data.contents = lib3270_realloc(data->data.contents,data->data.length);  
133 -  
134 - for(ix = data->length; ix < data->data.length; ix++)  
135 - {  
136 - data->data.contents[ix] = 0;  
137 - }  
138 -  
139 - }  
140 -  
141 - for(ix = 0; ix < realsize; ix++)  
142 - {  
143 - data->data.contents[data->length++] = *(ptr++);  
144 - }  
145 -  
146 - return realsize;  
147 -}  
148 -  
149 -static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)  
150 -{  
151 - const char * text = NULL;  
152 -  
153 - switch (type) {  
154 - case CURLINFO_TEXT:  
155 - lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);  
156 - return 0;  
157 -  
158 - case CURLINFO_HEADER_OUT:  
159 - text = "=> Send header";  
160 - break;  
161 -  
162 - case CURLINFO_DATA_OUT:  
163 - text = "=> Send data";  
164 - break;  
165 -  
166 - case CURLINFO_SSL_DATA_OUT:  
167 - text = "=> Send SSL data";  
168 - break;  
169 -  
170 - case CURLINFO_HEADER_IN:  
171 - text = "<= Recv header";  
172 - break;  
173 -  
174 - case CURLINFO_DATA_IN:  
175 - text = "<= Recv data";  
176 - break;  
177 -  
178 - case CURLINFO_SSL_DATA_IN:  
179 - text = "<= Recv SSL data";  
180 - break;  
181 -  
182 - default:  
183 - return 0;  
184 -  
185 - }  
186 -  
187 - lib3270_trace_data(  
188 - ((CURLDATA *) userp)->hSession,  
189 - text,  
190 - data,  
191 - size  
192 - );  
193 -  
194 - return 0;  
195 -}  
196 -  
197 -#endif // HAVE_LIBCURL  
198 -  
199 -  
200 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl) 54 LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
201 { 55 {
202 X509_CRL * x509_crl = NULL; 56 X509_CRL * x509_crl = NULL;
@@ -248,202 +102,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * @@ -248,202 +102,7 @@ LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE *
248 { 102 {
249 #ifdef HAVE_LIBCURL 103 #ifdef HAVE_LIBCURL
250 104
251 - // Use CURL to download the CRL  
252 - lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));  
253 - lib3270_autoptr(CURL) hCurl = curl_easy_init();  
254 -  
255 - memset(crl_data,0,sizeof(CURLDATA));  
256 - crl_data->message = message;  
257 - crl_data->hSession = hSession;  
258 - crl_data->data.length = CRL_DATA_LENGTH;  
259 - crl_data->data.contents = lib3270_malloc(crl_data->data.length);  
260 -  
261 - if(hCurl)  
262 - {  
263 - CURLcode res;  
264 -  
265 - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);  
266 - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);  
267 -  
268 - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);  
269 -  
270 - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);  
271 - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);  
272 -  
273 - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");  
274 -  
275 - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))  
276 - {  
277 - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);  
278 - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);  
279 - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);  
280 - }  
281 -  
282 - res = curl_easy_perform(hCurl);  
283 -  
284 - if(res != CURLE_OK)  
285 - {  
286 - message->error = hSession->ssl.error = 0;  
287 - message->title = _( "Security error" );  
288 -  
289 - if(crl_data->errbuf[0])  
290 - {  
291 - message->text = curl_easy_strerror(res);  
292 - message->description = crl_data->errbuf;  
293 - }  
294 - else  
295 - {  
296 - message->text = _( "Error loading CRL" );  
297 - message->description = curl_easy_strerror(res);  
298 - }  
299 -  
300 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
301 - errno = EINVAL;  
302 - return NULL;  
303 -  
304 - }  
305 -  
306 - char *ct = NULL;  
307 - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);  
308 - if(res != CURLE_OK)  
309 - {  
310 - message->error = hSession->ssl.error = 0;  
311 - message->title = _( "Security error" );  
312 - message->text = _( "Error loading CRL" );  
313 - message->description = curl_easy_strerror(res);  
314 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
315 - errno = EINVAL;  
316 - return NULL;  
317 - }  
318 -  
319 - if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))  
320 - lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);  
321 -  
322 - if(ct)  
323 - {  
324 - const unsigned char * data = crl_data->data.contents;  
325 -  
326 - if(strcasecmp(ct,"application/pkix-crl") == 0)  
327 - {  
328 - // CRL File, convert it  
329 - if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))  
330 - {  
331 - message->error = hSession->ssl.error = ERR_get_error();  
332 - message->title = _( "Security error" );  
333 - message->text = _( "Can't decode CRL" );  
334 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
335 - return NULL;  
336 - }  
337 - }  
338 - else  
339 - {  
340 - message->error = hSession->ssl.error = ERR_get_error();  
341 - message->title = _( "Security error" );  
342 - message->text = _( "Got an invalid CRL from server" );  
343 - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);  
344 - errno = EINVAL;  
345 - return NULL;  
346 - }  
347 - }  
348 - else if(strncasecmp(consturl,"ldap://",7) == 0)  
349 - {  
350 - //  
351 - // curl's LDAP query on windows returns diferently. Working with it.  
352 - //  
353 -#ifdef DEBUG  
354 - {  
355 - FILE *out = fopen("downloaded.crl","w");  
356 - if(out)  
357 - {  
358 - fwrite(crl_data->data.contents,crl_data->length,1,out);  
359 - fclose(out);  
360 - }  
361 -  
362 - }  
363 -#endif  
364 -  
365 - char * attr = strchr(consturl,'?');  
366 - if(!attr)  
367 - {  
368 - message->error = hSession->ssl.error = 0;  
369 - message->title = _( "Security error" );  
370 - message->text = _( "No attribute in LDAP search URL" );  
371 - errno = ENOENT;  
372 - return NULL;  
373 - }  
374 -  
375 - attr++;  
376 -  
377 - lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);  
378 - trace_ssl(crl_data->hSession, text);  
379 -  
380 - lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);  
381 -  
382 -  
383 -// char *ptr = strcasestr((char *) crl_data->data.contents, key);  
384 -  
385 - size_t ix;  
386 - unsigned char *from = NULL;  
387 - size_t keylength = strlen(key);  
388 - for(ix = 0; ix < (crl_data->length - keylength); ix++)  
389 - {  
390 - if(!strncasecmp( (char *) (crl_data->data.contents+ix),key,keylength))  
391 - {  
392 - from = crl_data->data.contents+ix;  
393 - break;  
394 - }  
395 - }  
396 -  
397 - debug("strstr(%s): %p", key, from);  
398 -  
399 - if(!from)  
400 - {  
401 - message->error = hSession->ssl.error = 0;  
402 - message->title = _( "Security error" );  
403 - message->text = _( "Can't find attribute in LDAP response" );  
404 - errno = ENOENT;  
405 - return NULL;  
406 - }  
407 -  
408 - from += strlen(key);  
409 - size_t length = crl_data->length - (from - crl_data->data.contents);  
410 -  
411 - static const char terminator[] = { 0x0a, 0x0a, 0x09 };  
412 - unsigned char *to = from+length;  
413 -  
414 - for(ix = 0; ix < (length - sizeof(terminator)); ix++)  
415 - {  
416 - if(!memcmp(from+ix,terminator,sizeof(terminator)))  
417 - {  
418 - to = from+ix;  
419 - break;  
420 - }  
421 - }  
422 -  
423 - length = to - from;  
424 -  
425 - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))  
426 - {  
427 - lib3270_trace_data(  
428 - hSession,  
429 - "CRL Data received from LDAP server",  
430 - (const char *) from,  
431 - length  
432 - );  
433 - }  
434 -  
435 - if(!d2i_X509_CRL(&x509_crl, (const unsigned char **) &from, length))  
436 - {  
437 - message->error = hSession->ssl.error = ERR_get_error();  
438 - message->title = _( "Security error" );  
439 - message->text = _( "Can't decode CRL got from LDAP Search" );  
440 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
441 - errno = EINVAL;  
442 - return NULL;  
443 - }  
444 -  
445 - }  
446 - } 105 + return get_crl_using_curl(hSession, message, consturl);
447 106
448 #else 107 #else
449 // Can't get CRL. 108 // Can't get CRL.
src/ssl/windows/private.h 0 → 100644
  Diff comments   View file @2e323b2
@@ -0,0 +1,63 @@ @@ -0,0 +1,63 @@
  1 +/*
  2 + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como private.h e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
  27 + *
  28 + */
  29 +
  30 +#ifndef LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED
  31 +
  32 + #define LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED
  33 +
  34 + #include <config.h>
  35 +
  36 + #include <winsock2.h>
  37 + #include <windows.h>
  38 +
  39 + #include <openssl/ssl.h>
  40 + #include <openssl/err.h>
  41 + #include <openssl/x509_vfy.h>
  42 + #include <openssl/x509.h>
  43 +
  44 + #include <lib3270-internals.h>
  45 + #include <trace_dsc.h>
  46 + #include <errno.h>
  47 + #include <lib3270.h>
  48 + #include <lib3270/trace.h>
  49 + #include <lib3270/log.h>
  50 +
  51 + #ifdef HAVE_LIBCURL
  52 +
  53 + #include <curl/curl.h>
  54 +
  55 + /// @brief Use libcurl to get CRL.
  56 + LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  57 +
  58 + #endif // HAVE_LIBCURL
  59 +
  60 + // LIB3270_INTERNAL X509_CRL * get_crl_using_winldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  61 +
  62 +
  63 +#endif // !LIB3270_WIN32_SSL_PRIVATE_H_INCLUDED