Download as
Browse Code »

Commit 63f527a79c2ba6c34191345333c8b4c0079f18b7

Authored by Perry Werneck
1 parent 5d36ae07
Exists in master and in 3 other branches develop, macos, network_module

Improving SSL trace.

Showing 2 changed files with 151 additions and 140 deletions   Show diff stats
src/lib3270/Makefile.in
  Diff comments   View file @63f527a
... ... @@ -362,6 +362,15 @@ publish-debug: \
362 362 ~/public_html/debug-$(LIBNAME)-@host_cpu@.zip \
363 363 $(BINDBG)/*
364 364  
  365 +publish-release: \
  366 + $(BINRLS)/$(LIBNAME)@DLLEXT@
  367 +
  368 + @rm -f ~/public-html/release-$(LIBNAME)-@host_cpu@.zip
  369 + @zip \
  370 + -9 -D \
  371 + ~/public_html/release-$(LIBNAME)-@host_cpu@.zip \
  372 + $(BINRLS)/*@DLLEXT@
  373 +
365 374 $(BINDBG)/$(LIBNAME)@DLLEXT@: \
366 375 $(BINDBG)/$(LIBNAME)@DLLEXT@.@PACKAGE_MAJOR_VERSION@
367 376  
... ...
src/lib3270/ssl/windows/getcrl.c
  Diff comments   View file @63f527a
... ... @@ -112,9 +112,8 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n
112 112  
113 113 unsigned char *ptr = (unsigned char *) contents;
114 114  
115   -#ifdef DEBUG
116   - lib3270_trace_data(data->hSession,"************* Received block",(const char *) contents, realsize);
117   -#endif
  115 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  116 + lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);
118 117  
119 118 for(ix = 0; ix < realsize; ix++)
120 119 {
... ... @@ -225,187 +224,190 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
225 224 // Use CURL to download the CRL
226 225 lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
227 226  
228   - // Initialize curl and curl_easy
229   - lib3270_autoptr(CURL) hCurl = curl_easy_init();
230   -
231 227 memset(crl_data,0,sizeof(CURLDATA));
232 228 crl_data->message = message;
233 229 crl_data->hSession = hSession;
234 230  
235   - debug("datablock is %p",crl_data);
  231 + // Initialize curl and curl_easy
  232 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
236 233  
237   - if(hCurl)
  234 + if(!hCurl)
238 235 {
239   - CURLcode res;
  236 + message->error = hSession->ssl.error = 0;
  237 + message->title = N_( "Security error" );
  238 + message->text = N_( "Can't initialize curl" );
  239 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  240 + return NULL;
  241 + }
240 242  
241   - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
242   - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
  243 + CURLcode res;
243 244  
244   - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
  245 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  246 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
245 247  
246   - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
247   - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
  248 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
248 249  
249   - curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
  250 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  251 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
250 252  
251   - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
252   - {
253   - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
254   - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
255   - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
256   - }
  253 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
257 254  
258   - res = curl_easy_perform(hCurl);
  255 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  256 + {
  257 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  258 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  259 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  260 + }
259 261  
260   - if(res != CURLE_OK)
261   - {
262   - message->error = hSession->ssl.error = 0;
263   - message->title = N_( "Security error" );
  262 + res = curl_easy_perform(hCurl);
264 263  
265   - if(crl_data->errbuf[0])
266   - {
267   - message->text = curl_easy_strerror(res);
268   - message->description = crl_data->errbuf;
269   - }
270   - else
271   - {
272   - message->text = N_( "Error loading CRL" );
273   - message->description = curl_easy_strerror(res);
274   - }
  264 + if(res != CURLE_OK)
  265 + {
  266 + message->error = hSession->ssl.error = 0;
  267 + message->title = N_( "Security error" );
275 268  
276   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
277   - return NULL;
  269 + if(crl_data->errbuf[0])
  270 + {
  271 + message->text = curl_easy_strerror(res);
  272 + message->description = crl_data->errbuf;
278 273 }
279   -
280   - debug("Tamanho da resposta: %u", (unsigned int) crl_data->length);
281   - debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents);
282   -
283   - char *ct = NULL;
284   - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
285   - if(res != CURLE_OK)
  274 + else
286 275 {
287   - message->error = hSession->ssl.error = 0;
288   - message->title = N_( "Security error" );
289 276 message->text = N_( "Error loading CRL" );
290   - message->description = curl_easy_strerror(res);
291   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
292   - return NULL;
  277 + message->description = curl_easy_strerror(res);
293 278 }
294 279  
295   - /*
296   - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
297   - {
298   - lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
299   - lib3270_trace_data(
300   - data->hSession,
301   - msg,
302   - (const char *) crl_data->contents,
303   - crl_data->length
304   - );
305   - }
306   - */
  280 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  281 + return NULL;
  282 + }
307 283  
308   - if(ct)
309   - {
310   - const unsigned char * data = crl_data->contents;
  284 + debug("Tamanho da resposta: %u", (unsigned int) crl_data->length);
  285 + debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents);
311 286  
312   - trace_ssl(crl_data->hSession, "Content-type: %s", ct);
  287 + char *ct = NULL;
  288 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  289 + if(res != CURLE_OK)
  290 + {
  291 + message->error = hSession->ssl.error = 0;
  292 + message->title = N_( "Security error" );
  293 + message->text = N_( "Error loading CRL" );
  294 + message->description = curl_easy_strerror(res);
  295 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  296 + return NULL;
  297 + }
313 298  
314   - if(strcasecmp(ct,"application/pkix-crl") == 0)
315   - {
316   - // CRL File, convert it
317   - if(!d2i_X509_CRL(&crl, &data, crl_data->length))
318   - {
319   - message->error = hSession->ssl.error = ERR_get_error();
320   - message->title = N_( "Security error" );
321   - message->text = N_( "Got an invalid CRL from server" );
322   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
323   - return NULL;
324   - }
325   - }
326   - else
  299 + /*
  300 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  301 + {
  302 + lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
  303 + lib3270_trace_data(
  304 + data->hSession,
  305 + msg,
  306 + (const char *) crl_data->contents,
  307 + crl_data->length
  308 + );
  309 + }
  310 + */
  311 +
  312 + if(ct)
  313 + {
  314 + const unsigned char * data = crl_data->contents;
  315 +
  316 + trace_ssl(crl_data->hSession, "Content-type: %s", ct);
  317 +
  318 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  319 + {
  320 + // CRL File, convert it
  321 + if(!d2i_X509_CRL(&crl, &data, crl_data->length))
327 322 {
328 323 message->error = hSession->ssl.error = ERR_get_error();
329 324 message->title = N_( "Security error" );
330 325 message->text = N_( "Got an invalid CRL from server" );
331   - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  326 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
332 327 return NULL;
333 328 }
334 329 }
335   - else if(strncasecmp(consturl,"ldap://",7) == 0)
  330 + else
336 331 {
337   - // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.
338   - char * attr = strchr(consturl,'?');
339   - if(!attr)
340   - {
341   - message->error = hSession->ssl.error = 0;
342   - message->title = N_( "Security error" );
343   - message->text = N_( "No attribute in LDAP search URL" );
344   - return NULL;
345   - }
346   -
347   - attr++;
  332 + message->error = hSession->ssl.error = ERR_get_error();
  333 + message->title = N_( "Security error" );
  334 + message->text = N_( "Got an invalid CRL from server" );
  335 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  336 + return NULL;
  337 + }
  338 + }
  339 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  340 + {
  341 + // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.
  342 + char * attr = strchr(consturl,'?');
  343 + if(!attr)
  344 + {
  345 + message->error = hSession->ssl.error = 0;
  346 + message->title = N_( "Security error" );
  347 + message->text = N_( "No attribute in LDAP search URL" );
  348 + return NULL;
  349 + }
348 350  
349   - //
350   - // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to
351   - // base64, because of this I've to extract the BER directly.
352   - //
353   - // This is an ugly solution, I know!
354   - //
  351 + attr++;
355 352  
356   - lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
357   - trace_ssl(crl_data->hSession, text);
  353 + //
  354 + // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to
  355 + // base64, because of this I've to extract the BER directly.
  356 + //
  357 + // This is an ugly solution, I know!
  358 + //
358 359  
359   - lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
360   - char *ptr = strstr((char *) crl_data->contents, key);
  360 + lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
  361 + trace_ssl(crl_data->hSession, text);
361 362  
362   - debug("key=\"%s\" ptr=%p",key,ptr)
  363 + lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
  364 + char *ptr = strstr((char *) crl_data->contents, key);
363 365  
364   - if(!ptr)
365   - {
366   - message->error = hSession->ssl.error = 0;
367   - message->title = N_( "Security error" );
368   - message->text = N_( "Can't find attribute in LDAP response" );
369   - return NULL;
370   - }
  366 + debug("key=\"%s\" ptr=%p",key,ptr)
371 367  
372   - ptr += strlen(key);
373   - size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));
374   - size_t ix;
  368 + if(!ptr)
  369 + {
  370 + message->error = hSession->ssl.error = 0;
  371 + message->title = N_( "Security error" );
  372 + message->text = N_( "Can't find attribute in LDAP response" );
  373 + return NULL;
  374 + }
375 375  
376   - for(ix = 0; ix < (length-1); ix++)
377   - {
378   - if(ptr[ix] == '\n' && ptr[ix+1] == '\n')
379   - break;
380   - }
  376 + ptr += strlen(key);
  377 + size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));
  378 + size_t ix;
381 379  
382   - debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix);
  380 + for(ix = 0; ix < (length-1); ix++)
  381 + {
  382 + if(ptr[ix] == '\n' && ptr[ix+1] == '\n')
  383 + break;
  384 + }
383 385  
384   - if(ix >= length)
385   - {
386   - message->error = hSession->ssl.error = 0;
387   - message->title = N_( "Security error" );
388   - message->text = N_( "Can't find attribute end in LDAP response" );
389   - return NULL;
390   - }
  386 + debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix);
391 387  
392   - length = ix;
  388 + if(ix >= length)
  389 + {
  390 + message->error = hSession->ssl.error = 0;
  391 + message->title = N_( "Security error" );
  392 + message->text = N_( "Can't find attribute end in LDAP response" );
  393 + return NULL;
  394 + }
393 395  
394   - lib3270_trace_data(
395   - hSession,
396   - "CRL Data received from LDAP server",
397   - (const char *) ptr,
398   - length
399   - );
  396 + length = ix;
400 397  
401   - if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))
402   - {
403   - message->error = hSession->ssl.error = ERR_get_error();
404   - message->title = N_( "Security error" );
405   - message->text = N_( "Can't get CRL from LDAP Search" );
406   - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
407   - }
  398 + lib3270_trace_data(
  399 + hSession,
  400 + "CRL Data received from LDAP server",
  401 + (const char *) ptr,
  402 + length
  403 + );
408 404  
  405 + if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))
  406 + {
  407 + message->error = hSession->ssl.error = ERR_get_error();
  408 + message->title = N_( "Security error" );
  409 + message->text = N_( "Can't get CRL from LDAP Search" );
  410 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
409 411 }
410 412  
411 413 }
... ...