Download as
Browse Code »

Commit 5772d815c11d4d5d57732206552293640af63b1e

Authored by Perry Werneck
1 parent 2971e0a7
Exists in master and in 3 other branches develop, macos, network_module

Fixing CRL download using curl.

Showing 8 changed files with 368 additions and 335 deletions   Show diff stats
lib3270.cbp
  Diff comments   View file @5772d81
... ... @@ -122,6 +122,9 @@
122 122 <Unit filename="src/core/linux/connect.c">
123 123 <Option compilerVar="CC" />
124 124 </Unit>
  125 + <Unit filename="src/core/linux/curl.c">
  126 + <Option compilerVar="CC" />
  127 + </Unit>
125 128 <Unit filename="src/core/linux/event_dispatcher.c">
126 129 <Option compilerVar="CC" />
127 130 </Unit>
... ... @@ -308,9 +311,6 @@
308 311 <Option compilerVar="CC" />
309 312 </Unit>
310 313 <Unit filename="src/ssl/crl.h" />
311   - <Unit filename="src/ssl/linux/curl.c">
312   - <Option compilerVar="CC" />
313   - </Unit>
314 314 <Unit filename="src/ssl/linux/getcrl.c">
315 315 <Option compilerVar="CC" />
316 316 </Unit>
... ... @@ -321,6 +321,9 @@
321 321 <Option compilerVar="CC" />
322 322 </Unit>
323 323 <Unit filename="src/ssl/linux/private.h" />
  324 + <Unit filename="src/ssl/linux/url.c">
  325 + <Option compilerVar="CC" />
  326 + </Unit>
324 327 <Unit filename="src/ssl/negotiate.c">
325 328 <Option compilerVar="CC" />
326 329 </Unit>
... ... @@ -333,9 +336,6 @@
333 336 <Unit filename="src/ssl/state.c">
334 337 <Option compilerVar="CC" />
335 338 </Unit>
336   - <Unit filename="src/ssl/windows/curl.c">
337   - <Option compilerVar="CC" />
338   - </Unit>
339 339 <Unit filename="src/ssl/windows/getcrl.c">
340 340 <Option compilerVar="CC" />
341 341 </Unit>
... ...
src/core/linux/curl.c 0 → 100644
  Diff comments   View file @5772d81
... ... @@ -0,0 +1,231 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + */
  29 +
  30 +#include <config.h>
  31 +
  32 +#if defined(HAVE_LIBCURL)
  33 +
  34 +#include <lib3270-internals.h>
  35 +#include <lib3270.h>
  36 +#include <lib3270/log.h>
  37 +#include <lib3270/trace.h>
  38 +#include <curl/curl.h>
  39 +
  40 +#define CRL_DATA_LENGTH 2048
  41 +
  42 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  43 +
  44 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
  45 +{
  46 + debug("%s(%p)",__FUNCTION__,*ptr);
  47 + if(*ptr)
  48 + curl_easy_cleanup(*ptr);
  49 + *ptr = NULL;
  50 +}
  51 +
  52 +typedef struct _curldata
  53 +{
  54 + size_t length;
  55 + H3270 * hSession;
  56 + char errbuf[CURL_ERROR_SIZE];
  57 + struct {
  58 + size_t length;
  59 + unsigned char * contents;
  60 + } data;
  61 +} CURLDATA;
  62 +
  63 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
  64 +{
  65 + debug("%s(%p)",__FUNCTION__,*ptr);
  66 + if(*ptr)
  67 + {
  68 + CURLDATA *cdata = *ptr;
  69 +
  70 + if(cdata->data.contents) {
  71 + lib3270_free(cdata->data.contents);
  72 + cdata->data.contents = NULL;
  73 + }
  74 + lib3270_free(cdata);
  75 + }
  76 + *ptr = NULL;
  77 +}
  78 +
  79 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
  80 +{
  81 + CURLDATA * data = (CURLDATA *) userp;
  82 +
  83 + debug("%s",__FUNCTION__);
  84 +
  85 + size_t realsize = size * nmemb;
  86 +
  87 + debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
  88 +
  89 + if((realsize + data->length) > data->data.length)
  90 + {
  91 + data->data.length += (CRL_DATA_LENGTH + realsize);
  92 + data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
  93 + memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
  94 + }
  95 +
  96 + debug("%s",__FUNCTION__);
  97 +
  98 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  99 + {
  100 + lib3270_trace_data(
  101 + data->hSession,
  102 + "Received",
  103 + (const unsigned char *) contents,
  104 + realsize
  105 + );
  106 + }
  107 +
  108 + debug("%s",__FUNCTION__);
  109 +
  110 + memcpy(&(data->data.contents[data->length]),contents,realsize);
  111 + data->length += realsize;
  112 +
  113 + debug("%s",__FUNCTION__);
  114 +
  115 + return realsize;
  116 +}
  117 +
  118 +static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
  119 +{
  120 + const char * text = NULL;
  121 +
  122 + switch (type) {
  123 + case CURLINFO_TEXT:
  124 + lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
  125 + return 0;
  126 +
  127 + case CURLINFO_HEADER_OUT:
  128 + text = "=> Send header";
  129 + break;
  130 +
  131 + case CURLINFO_DATA_OUT:
  132 + text = "=> Send data";
  133 + break;
  134 +
  135 + case CURLINFO_SSL_DATA_OUT:
  136 + text = "=> Send SSL data";
  137 + break;
  138 +
  139 + case CURLINFO_HEADER_IN:
  140 + text = "<= Recv header";
  141 + break;
  142 +
  143 + case CURLINFO_DATA_IN:
  144 + text = "<= Recv data";
  145 + break;
  146 +
  147 + case CURLINFO_SSL_DATA_IN:
  148 + text = "<= Recv SSL data";
  149 + break;
  150 +
  151 + default:
  152 + return 0;
  153 +
  154 + }
  155 +
  156 + lib3270_trace_data(
  157 + ((CURLDATA *) userp)->hSession,
  158 + text,
  159 + (const unsigned char *) data,
  160 + size
  161 + );
  162 +
  163 + return 0;
  164 +}
  165 +
  166 +char * lib3270_get_from_url(H3270 *hSession, const char *url, size_t *length, const char **error_message)
  167 +{
  168 + lib3270_trace_event(hSession,"Getting data from %s",url);
  169 +
  170 + // Use CURL to download the CRL
  171 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  172 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
  173 +
  174 + memset(crl_data,0,sizeof(CURLDATA));
  175 + crl_data->hSession = hSession;
  176 + crl_data->data.length = CRL_DATA_LENGTH;
  177 + crl_data->data.contents = lib3270_malloc(crl_data->data.length);
  178 +
  179 + if(!hCurl)
  180 + {
  181 + *error_message= _( "Can't initialize curl operation" );
  182 + errno = EINVAL;
  183 + return NULL;
  184 + }
  185 +
  186 + CURLcode res;
  187 +
  188 + curl_easy_setopt(hCurl, CURLOPT_URL, url);
  189 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  190 +
  191 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  192 +
  193 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  194 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  195 +
  196 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  197 +
  198 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  199 + {
  200 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  201 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  202 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  203 + }
  204 +
  205 + res = curl_easy_perform(hCurl);
  206 +
  207 + if(res != CURLE_OK)
  208 + {
  209 + if(crl_data->errbuf[0])
  210 + lib3270_write_log(hSession,"curl","%s: %s",url, crl_data->errbuf);
  211 +
  212 + *error_message = curl_easy_strerror(res);
  213 +
  214 + lib3270_write_log(hSession,"curl","%s: %s",url, *error_message);
  215 + errno = EINVAL;
  216 + return NULL;
  217 +
  218 + }
  219 +
  220 + if(length)
  221 + *length = (size_t) crl_data->length;
  222 +
  223 + char * httpText = lib3270_malloc(crl_data->length+1);
  224 + memset(httpText,0,crl_data->length+1);
  225 + memcpy(httpText,crl_data->data.contents,crl_data->length);
  226 +
  227 + return httpText;
  228 +
  229 +}
  230 +
  231 +#endif // HAVE_LIBCURL
... ...
src/ssl/linux/curl.c
View file @2971e0a
... ... @@ -1,325 +0,0 @@
1   -/*
2   - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
3   - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
4   - * aplicativos mainframe. Registro no INPI sob o nome G3270.
5   - *
6   - * Copyright (C) <2008> <Banco do Brasil S.A.>
7   - *
8   - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
9   - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
10   - * Free Software Foundation.
11   - *
12   - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
13   - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
14   - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
15   - * obter mais detalhes.
16   - *
17   - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
18   - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19   - * St, Fifth Floor, Boston, MA 02110-1301 USA
20   - *
21   - * Este programa está nomeado como - e possui - linhas de código.
22   - *
23   - * Contatos:
24   - *
25   - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
26   - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
27   - *
28   - *
29   - * References:
30   - *
31   - * http://www.openssl.org/docs/ssl/
32   - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
33   - *
34   - */
35   -
36   -#include <config.h>
37   -
38   -#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
39   -
40   -#include "private.h"
41   -#include <curl/curl.h>
42   -#include <lib3270/toggle.h>
43   -
44   -#define CRL_DATA_LENGTH 2048
45   -
46   -/*--[ Implement ]------------------------------------------------------------------------------------*/
47   -
48   -static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
49   -{
50   - debug("%s(%p)",__FUNCTION__,*ptr);
51   - if(*ptr)
52   - curl_easy_cleanup(*ptr);
53   - *ptr = NULL;
54   -}
55   -
56   -typedef struct _curldata
57   -{
58   - size_t length;
59   - H3270 * hSession;
60   - SSL_ERROR_MESSAGE * message;
61   - char errbuf[CURL_ERROR_SIZE];
62   - struct {
63   - size_t length;
64   - unsigned char * contents;
65   - } data;
66   -} CURLDATA;
67   -
68   -static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
69   -{
70   - debug("%s(%p)",__FUNCTION__,*ptr);
71   - if(*ptr)
72   - {
73   - CURLDATA *cdata = *ptr;
74   -
75   - if(cdata->data.contents) {
76   - lib3270_free(cdata->data.contents);
77   - cdata->data.contents = NULL;
78   - }
79   - lib3270_free(cdata);
80   - }
81   - *ptr = NULL;
82   -}
83   -
84   -static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
85   -{
86   - debug("%s(%p)",__FUNCTION__,*ptr);
87   - if(*ptr)
88   - BIO_free_all(*ptr);
89   - *ptr = NULL;
90   -}
91   -
92   -static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
93   -{
94   - CURLDATA * data = (CURLDATA *) userp;
95   -
96   - debug("%s",__FUNCTION__);
97   -
98   - size_t realsize = size * nmemb;
99   -
100   - debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
101   -
102   - if((realsize + data->length) > data->data.length)
103   - {
104   - data->data.length += (CRL_DATA_LENGTH + realsize);
105   - data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
106   - memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
107   - }
108   -
109   - debug("%s",__FUNCTION__);
110   -
111   - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
112   - {
113   - lib3270_trace_data(
114   - data->hSession,
115   - "Received",
116   - (const char *) contents,
117   - realsize
118   - );
119   - }
120   -
121   - debug("%s",__FUNCTION__);
122   -
123   - memcpy(&(data->data.contents[data->length]),contents,realsize);
124   - data->length += realsize;
125   -
126   - debug("%s",__FUNCTION__);
127   -
128   - return realsize;
129   -}
130   -
131   -static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
132   -{
133   - const char * text = NULL;
134   -
135   - switch (type) {
136   - case CURLINFO_TEXT:
137   - lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
138   - return 0;
139   -
140   - case CURLINFO_HEADER_OUT:
141   - text = "=> Send header";
142   - break;
143   -
144   - case CURLINFO_DATA_OUT:
145   - text = "=> Send data";
146   - break;
147   -
148   - case CURLINFO_SSL_DATA_OUT:
149   - text = "=> Send SSL data";
150   - break;
151   -
152   - case CURLINFO_HEADER_IN:
153   - text = "<= Recv header";
154   - break;
155   -
156   - case CURLINFO_DATA_IN:
157   - text = "<= Recv data";
158   - break;
159   -
160   - case CURLINFO_SSL_DATA_IN:
161   - text = "<= Recv SSL data";
162   - break;
163   -
164   - default:
165   - return 0;
166   -
167   - }
168   -
169   - lib3270_trace_data(
170   - ((CURLDATA *) userp)->hSession,
171   - text,
172   - data,
173   - size
174   - );
175   -
176   - return 0;
177   -}
178   -
179   -LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
180   -{
181   - X509_CRL * x509_crl = NULL;
182   -
183   - // Use CURL to download the CRL
184   - lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
185   - lib3270_autoptr(CURL) hCurl = curl_easy_init();
186   -
187   - memset(crl_data,0,sizeof(CURLDATA));
188   - crl_data->message = message;
189   - crl_data->hSession = hSession;
190   - crl_data->data.length = CRL_DATA_LENGTH;
191   - crl_data->data.contents = lib3270_malloc(crl_data->data.length);
192   -
193   - if(!hCurl)
194   - {
195   - message->title = _( "Security error" );
196   - message->text = _( "Error loading certificate revocation list" );
197   - message->description = _( "Can't initialize curl operation" );
198   - return NULL;
199   - }
200   -
201   - CURLcode res;
202   -
203   - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
204   - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
205   -
206   - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
207   -
208   - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
209   - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
210   -
211   - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
212   -
213   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
214   - {
215   - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
216   - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
217   - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
218   - }
219   -
220   - res = curl_easy_perform(hCurl);
221   -
222   - if(res != CURLE_OK)
223   - {
224   - message->error = hSession->ssl.error = 0;
225   - message->title = _( "Security error" );
226   -
227   - if(crl_data->errbuf[0])
228   - {
229   - message->text = curl_easy_strerror(res);
230   - message->description = crl_data->errbuf;
231   - }
232   - else
233   - {
234   - message->text = _( "Error loading certificate revocation list" );
235   - message->description = curl_easy_strerror(res);
236   - }
237   -
238   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
239   - errno = EINVAL;
240   - return NULL;
241   -
242   - }
243   -
244   - char *ct = NULL;
245   - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
246   - if(res != CURLE_OK)
247   - {
248   - message->error = hSession->ssl.error = 0;
249   - message->title = _( "Security error" );
250   - message->text = _( "Error loading certificate revocation list" );
251   - message->description = curl_easy_strerror(res);
252   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
253   - errno = EINVAL;
254   - return NULL;
255   - }
256   -
257   - if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
258   - lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
259   -
260   - if(ct)
261   - {
262   - const unsigned char * data = crl_data->data.contents;
263   -
264   -
265   - if(strcasecmp(ct,"application/pkix-crl") == 0)
266   - {
267   - // CRL File, convert it
268   - if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
269   - {
270   - message->error = hSession->ssl.error = ERR_get_error();
271   - message->title = _( "Security error" );
272   - message->text = _( "Can't decode certificate revocation list" );
273   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
274   - return NULL;
275   - }
276   - }
277   - else
278   - {
279   - message->error = hSession->ssl.error = ERR_get_error();
280   - message->title = _( "Security error" );
281   - message->text = _( "Got an invalid certificate revocation list from server" );
282   - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
283   - errno = EINVAL;
284   - return NULL;
285   - }
286   - }
287   - else if(strncasecmp(consturl,"ldap://",7) == 0)
288   - {
289   - // It's an LDAP query, assumes a base64 data.
290   - char * data = strstr((char *) crl_data->data.contents,":: ");
291   - if(!data)
292   - {
293   - message->error = hSession->ssl.error = ERR_get_error();
294   - message->title = _( "Security error" );
295   - message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
296   - lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);
297   - errno = EINVAL;
298   - return NULL;
299   - }
300   - data += 3;
301   -
302   - lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
303   -
304   - BIO * b64 = BIO_new(BIO_f_base64());
305   - bio = BIO_push(b64, bio);
306   -
307   - BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
308   -
309   - if(!d2i_X509_CRL_bio(bio, &x509_crl))
310   - {
311   - message->error = hSession->ssl.error = ERR_get_error();
312   - message->title = _( "Security error" );
313   - message->text = _( "Can't decode certificate revocation list got from LDAP server" );
314   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
315   - errno = EINVAL;
316   - return NULL;
317   - }
318   -
319   - }
320   -
321   - return x509_crl;
322   -
323   -}
324   -
325   -#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
src/ssl/linux/getcrl.c
  Diff comments   View file @5772d81
... ... @@ -101,7 +101,7 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
101 101 {
102 102 #ifdef HAVE_LIBCURL
103 103  
104   - return get_crl_using_curl(hSession, message, consturl);
  104 + return get_crl_using_url(hSession, message, consturl);
105 105  
106 106 #else
107 107 // Can't get CRL.
... ...
src/ssl/linux/private.h
  Diff comments   View file @5772d81
... ... @@ -55,7 +55,7 @@
55 55 #ifdef HAVE_LIBCURL
56 56  
57 57 /// @brief Use libcurl to get CRL.
58   - LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  58 + LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
59 59  
60 60 #endif // HAVE_LIBCURL
61 61  
... ...
src/ssl/linux/url.c 0 → 100644
  Diff comments   View file @5772d81
... ... @@ -0,0 +1,127 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +#include <config.h>
  37 +
  38 +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
  39 +
  40 +#include "private.h"
  41 +#include <curl/curl.h>
  42 +#include <lib3270/toggle.h>
  43 +
  44 +#define CRL_DATA_LENGTH 2048
  45 +
  46 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  47 +
  48 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
  49 +{
  50 + debug("%s(%p)",__FUNCTION__,*ptr);
  51 + if(*ptr)
  52 + BIO_free_all(*ptr);
  53 + *ptr = NULL;
  54 +}
  55 +
  56 +LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
  57 +{
  58 + X509_CRL * x509_crl = NULL;
  59 +
  60 + size_t szText = 0;
  61 + lib3270_autoptr(char) httpText = lib3270_get_from_url(hSession, consturl, &szText, &message->description);
  62 +
  63 + if(!httpText)
  64 + {
  65 + message->title = _( "Security error" );
  66 + message->text = _( "Error loading certificate revocation list" );
  67 + return NULL;
  68 + }
  69 +
  70 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  71 + lib3270_trace_data(hSession,"CRL Data",(const unsigned char *) httpText, (unsigned int) szText);
  72 +
  73 + if(strncasecmp(consturl,"ldap://",7) == 0)
  74 + {
  75 + // It's an LDAP query, assumes a base64 data.
  76 + char * data = strstr((char *) httpText,":: ");
  77 + if(!data)
  78 + {
  79 + message->error = hSession->ssl.error = ERR_get_error();
  80 + message->title = _( "Security error" );
  81 + message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
  82 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n", consturl, httpText);
  83 + errno = EINVAL;
  84 + return NULL;
  85 + }
  86 + data += 3;
  87 +
  88 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(httpText,-1);
  89 +
  90 + BIO * b64 = BIO_new(BIO_f_base64());
  91 + bio = BIO_push(b64, bio);
  92 +
  93 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  94 +
  95 + if(!d2i_X509_CRL_bio(bio, &x509_crl))
  96 + {
  97 + message->error = hSession->ssl.error = ERR_get_error();
  98 + message->title = _( "Security error" );
  99 + message->text = _( "Can't decode certificate revocation list got from LDAP server" );
  100 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  101 + errno = EINVAL;
  102 + return NULL;
  103 + }
  104 +
  105 + }
  106 + else
  107 + {
  108 + // CRL File, convert it
  109 + // Copy the pointer because d2i_X509_CRL changes the value!!!
  110 + const unsigned char *crl_data = (const unsigned char *) httpText;
  111 +
  112 + if(!d2i_X509_CRL(&x509_crl, &crl_data, szText))
  113 + {
  114 + message->error = hSession->ssl.error = ERR_get_error();
  115 + message->title = _( "Security error" );
  116 + message->text = _( "Can't decode certificate revocation list" );
  117 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  118 + return NULL;
  119 + }
  120 +
  121 + }
  122 +
  123 + return x509_crl;
  124 +
  125 +}
  126 +
  127 +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
... ...
src/ssl/windows/getcrl.c
  Diff comments   View file @5772d81
... ... @@ -107,7 +107,7 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
107 107 {
108 108 #ifdef HAVE_LIBCURL
109 109  
110   - return get_crl_using_curl(hSession, message, consturl);
  110 + return get_crl_using_url(hSession, message, consturl);
111 111  
112 112 #else
113 113 // Can't get CRL.
... ...
src/ssl/windows/private.h
  Diff comments   View file @5772d81
... ... @@ -53,7 +53,7 @@
53 53 #include <curl/curl.h>
54 54  
55 55 /// @brief Use libcurl to get CRL.
56   - LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
  56 + LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
57 57  
58 58 #endif // HAVE_LIBCURL
59 59  
... ...