Commit 63f527a79c2ba6c34191345333c8b4c0079f18b7
1 parent
5d36ae07
Exists in
master
and in
3 other branches
Improving SSL trace.
Showing
2 changed files
with
151 additions
and
140 deletions
Show diff stats
src/lib3270/Makefile.in
... | ... | @@ -362,6 +362,15 @@ publish-debug: \ |
362 | 362 | ~/public_html/debug-$(LIBNAME)-@host_cpu@.zip \ |
363 | 363 | $(BINDBG)/* |
364 | 364 | |
365 | +publish-release: \ | |
366 | + $(BINRLS)/$(LIBNAME)@DLLEXT@ | |
367 | + | |
368 | + @rm -f ~/public-html/release-$(LIBNAME)-@host_cpu@.zip | |
369 | + @zip \ | |
370 | + -9 -D \ | |
371 | + ~/public_html/release-$(LIBNAME)-@host_cpu@.zip \ | |
372 | + $(BINRLS)/*@DLLEXT@ | |
373 | + | |
365 | 374 | $(BINDBG)/$(LIBNAME)@DLLEXT@: \ |
366 | 375 | $(BINDBG)/$(LIBNAME)@DLLEXT@.@PACKAGE_MAJOR_VERSION@ |
367 | 376 | ... | ... |
src/lib3270/ssl/windows/getcrl.c
... | ... | @@ -112,9 +112,8 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n |
112 | 112 | |
113 | 113 | unsigned char *ptr = (unsigned char *) contents; |
114 | 114 | |
115 | -#ifdef DEBUG | |
116 | - lib3270_trace_data(data->hSession,"************* Received block",(const char *) contents, realsize); | |
117 | -#endif | |
115 | + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
116 | + lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize); | |
118 | 117 | |
119 | 118 | for(ix = 0; ix < realsize; ix++) |
120 | 119 | { |
... | ... | @@ -225,187 +224,190 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
225 | 224 | // Use CURL to download the CRL |
226 | 225 | lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA)); |
227 | 226 | |
228 | - // Initialize curl and curl_easy | |
229 | - lib3270_autoptr(CURL) hCurl = curl_easy_init(); | |
230 | - | |
231 | 227 | memset(crl_data,0,sizeof(CURLDATA)); |
232 | 228 | crl_data->message = message; |
233 | 229 | crl_data->hSession = hSession; |
234 | 230 | |
235 | - debug("datablock is %p",crl_data); | |
231 | + // Initialize curl and curl_easy | |
232 | + lib3270_autoptr(CURL) hCurl = curl_easy_init(); | |
236 | 233 | |
237 | - if(hCurl) | |
234 | + if(!hCurl) | |
238 | 235 | { |
239 | - CURLcode res; | |
236 | + message->error = hSession->ssl.error = 0; | |
237 | + message->title = N_( "Security error" ); | |
238 | + message->text = N_( "Can't initialize curl" ); | |
239 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
240 | + return NULL; | |
241 | + } | |
240 | 242 | |
241 | - curl_easy_setopt(hCurl, CURLOPT_URL, consturl); | |
242 | - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L); | |
243 | + CURLcode res; | |
243 | 244 | |
244 | - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf); | |
245 | + curl_easy_setopt(hCurl, CURLOPT_URL, consturl); | |
246 | + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L); | |
245 | 247 | |
246 | - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback); | |
247 | - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data); | |
248 | + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf); | |
248 | 249 | |
249 | - curl_easy_setopt(hCurl, CURLOPT_USERNAME, ""); | |
250 | + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback); | |
251 | + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data); | |
250 | 252 | |
251 | - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
252 | - { | |
253 | - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L); | |
254 | - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback); | |
255 | - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data); | |
256 | - } | |
253 | + curl_easy_setopt(hCurl, CURLOPT_USERNAME, ""); | |
257 | 254 | |
258 | - res = curl_easy_perform(hCurl); | |
255 | + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
256 | + { | |
257 | + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L); | |
258 | + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback); | |
259 | + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data); | |
260 | + } | |
259 | 261 | |
260 | - if(res != CURLE_OK) | |
261 | - { | |
262 | - message->error = hSession->ssl.error = 0; | |
263 | - message->title = N_( "Security error" ); | |
262 | + res = curl_easy_perform(hCurl); | |
264 | 263 | |
265 | - if(crl_data->errbuf[0]) | |
266 | - { | |
267 | - message->text = curl_easy_strerror(res); | |
268 | - message->description = crl_data->errbuf; | |
269 | - } | |
270 | - else | |
271 | - { | |
272 | - message->text = N_( "Error loading CRL" ); | |
273 | - message->description = curl_easy_strerror(res); | |
274 | - } | |
264 | + if(res != CURLE_OK) | |
265 | + { | |
266 | + message->error = hSession->ssl.error = 0; | |
267 | + message->title = N_( "Security error" ); | |
275 | 268 | |
276 | - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description); | |
277 | - return NULL; | |
269 | + if(crl_data->errbuf[0]) | |
270 | + { | |
271 | + message->text = curl_easy_strerror(res); | |
272 | + message->description = crl_data->errbuf; | |
278 | 273 | } |
279 | - | |
280 | - debug("Tamanho da resposta: %u", (unsigned int) crl_data->length); | |
281 | - debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents); | |
282 | - | |
283 | - char *ct = NULL; | |
284 | - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct); | |
285 | - if(res != CURLE_OK) | |
274 | + else | |
286 | 275 | { |
287 | - message->error = hSession->ssl.error = 0; | |
288 | - message->title = N_( "Security error" ); | |
289 | 276 | message->text = N_( "Error loading CRL" ); |
290 | - message->description = curl_easy_strerror(res); | |
291 | - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description); | |
292 | - return NULL; | |
277 | + message->description = curl_easy_strerror(res); | |
293 | 278 | } |
294 | 279 | |
295 | - /* | |
296 | - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
297 | - { | |
298 | - lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined")); | |
299 | - lib3270_trace_data( | |
300 | - data->hSession, | |
301 | - msg, | |
302 | - (const char *) crl_data->contents, | |
303 | - crl_data->length | |
304 | - ); | |
305 | - } | |
306 | - */ | |
280 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description); | |
281 | + return NULL; | |
282 | + } | |
307 | 283 | |
308 | - if(ct) | |
309 | - { | |
310 | - const unsigned char * data = crl_data->contents; | |
284 | + debug("Tamanho da resposta: %u", (unsigned int) crl_data->length); | |
285 | + debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents); | |
311 | 286 | |
312 | - trace_ssl(crl_data->hSession, "Content-type: %s", ct); | |
287 | + char *ct = NULL; | |
288 | + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct); | |
289 | + if(res != CURLE_OK) | |
290 | + { | |
291 | + message->error = hSession->ssl.error = 0; | |
292 | + message->title = N_( "Security error" ); | |
293 | + message->text = N_( "Error loading CRL" ); | |
294 | + message->description = curl_easy_strerror(res); | |
295 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description); | |
296 | + return NULL; | |
297 | + } | |
313 | 298 | |
314 | - if(strcasecmp(ct,"application/pkix-crl") == 0) | |
315 | - { | |
316 | - // CRL File, convert it | |
317 | - if(!d2i_X509_CRL(&crl, &data, crl_data->length)) | |
318 | - { | |
319 | - message->error = hSession->ssl.error = ERR_get_error(); | |
320 | - message->title = N_( "Security error" ); | |
321 | - message->text = N_( "Got an invalid CRL from server" ); | |
322 | - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
323 | - return NULL; | |
324 | - } | |
325 | - } | |
326 | - else | |
299 | + /* | |
300 | + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
301 | + { | |
302 | + lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined")); | |
303 | + lib3270_trace_data( | |
304 | + data->hSession, | |
305 | + msg, | |
306 | + (const char *) crl_data->contents, | |
307 | + crl_data->length | |
308 | + ); | |
309 | + } | |
310 | + */ | |
311 | + | |
312 | + if(ct) | |
313 | + { | |
314 | + const unsigned char * data = crl_data->contents; | |
315 | + | |
316 | + trace_ssl(crl_data->hSession, "Content-type: %s", ct); | |
317 | + | |
318 | + if(strcasecmp(ct,"application/pkix-crl") == 0) | |
319 | + { | |
320 | + // CRL File, convert it | |
321 | + if(!d2i_X509_CRL(&crl, &data, crl_data->length)) | |
327 | 322 | { |
328 | 323 | message->error = hSession->ssl.error = ERR_get_error(); |
329 | 324 | message->title = N_( "Security error" ); |
330 | 325 | message->text = N_( "Got an invalid CRL from server" ); |
331 | - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); | |
326 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
332 | 327 | return NULL; |
333 | 328 | } |
334 | 329 | } |
335 | - else if(strncasecmp(consturl,"ldap://",7) == 0) | |
330 | + else | |
336 | 331 | { |
337 | - // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data. | |
338 | - char * attr = strchr(consturl,'?'); | |
339 | - if(!attr) | |
340 | - { | |
341 | - message->error = hSession->ssl.error = 0; | |
342 | - message->title = N_( "Security error" ); | |
343 | - message->text = N_( "No attribute in LDAP search URL" ); | |
344 | - return NULL; | |
345 | - } | |
346 | - | |
347 | - attr++; | |
332 | + message->error = hSession->ssl.error = ERR_get_error(); | |
333 | + message->title = N_( "Security error" ); | |
334 | + message->text = N_( "Got an invalid CRL from server" ); | |
335 | + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); | |
336 | + return NULL; | |
337 | + } | |
338 | + } | |
339 | + else if(strncasecmp(consturl,"ldap://",7) == 0) | |
340 | + { | |
341 | + // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data. | |
342 | + char * attr = strchr(consturl,'?'); | |
343 | + if(!attr) | |
344 | + { | |
345 | + message->error = hSession->ssl.error = 0; | |
346 | + message->title = N_( "Security error" ); | |
347 | + message->text = N_( "No attribute in LDAP search URL" ); | |
348 | + return NULL; | |
349 | + } | |
348 | 350 | |
349 | - // | |
350 | - // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to | |
351 | - // base64, because of this I've to extract the BER directly. | |
352 | - // | |
353 | - // This is an ugly solution, I know! | |
354 | - // | |
351 | + attr++; | |
355 | 352 | |
356 | - lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr); | |
357 | - trace_ssl(crl_data->hSession, text); | |
353 | + // | |
354 | + // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to | |
355 | + // base64, because of this I've to extract the BER directly. | |
356 | + // | |
357 | + // This is an ugly solution, I know! | |
358 | + // | |
358 | 359 | |
359 | - lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr); | |
360 | - char *ptr = strstr((char *) crl_data->contents, key); | |
360 | + lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr); | |
361 | + trace_ssl(crl_data->hSession, text); | |
361 | 362 | |
362 | - debug("key=\"%s\" ptr=%p",key,ptr) | |
363 | + lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr); | |
364 | + char *ptr = strstr((char *) crl_data->contents, key); | |
363 | 365 | |
364 | - if(!ptr) | |
365 | - { | |
366 | - message->error = hSession->ssl.error = 0; | |
367 | - message->title = N_( "Security error" ); | |
368 | - message->text = N_( "Can't find attribute in LDAP response" ); | |
369 | - return NULL; | |
370 | - } | |
366 | + debug("key=\"%s\" ptr=%p",key,ptr) | |
371 | 367 | |
372 | - ptr += strlen(key); | |
373 | - size_t length = crl_data->length - (ptr - ((char *) crl_data->contents)); | |
374 | - size_t ix; | |
368 | + if(!ptr) | |
369 | + { | |
370 | + message->error = hSession->ssl.error = 0; | |
371 | + message->title = N_( "Security error" ); | |
372 | + message->text = N_( "Can't find attribute in LDAP response" ); | |
373 | + return NULL; | |
374 | + } | |
375 | 375 | |
376 | - for(ix = 0; ix < (length-1); ix++) | |
377 | - { | |
378 | - if(ptr[ix] == '\n' && ptr[ix+1] == '\n') | |
379 | - break; | |
380 | - } | |
376 | + ptr += strlen(key); | |
377 | + size_t length = crl_data->length - (ptr - ((char *) crl_data->contents)); | |
378 | + size_t ix; | |
381 | 379 | |
382 | - debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix); | |
380 | + for(ix = 0; ix < (length-1); ix++) | |
381 | + { | |
382 | + if(ptr[ix] == '\n' && ptr[ix+1] == '\n') | |
383 | + break; | |
384 | + } | |
383 | 385 | |
384 | - if(ix >= length) | |
385 | - { | |
386 | - message->error = hSession->ssl.error = 0; | |
387 | - message->title = N_( "Security error" ); | |
388 | - message->text = N_( "Can't find attribute end in LDAP response" ); | |
389 | - return NULL; | |
390 | - } | |
386 | + debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix); | |
391 | 387 | |
392 | - length = ix; | |
388 | + if(ix >= length) | |
389 | + { | |
390 | + message->error = hSession->ssl.error = 0; | |
391 | + message->title = N_( "Security error" ); | |
392 | + message->text = N_( "Can't find attribute end in LDAP response" ); | |
393 | + return NULL; | |
394 | + } | |
393 | 395 | |
394 | - lib3270_trace_data( | |
395 | - hSession, | |
396 | - "CRL Data received from LDAP server", | |
397 | - (const char *) ptr, | |
398 | - length | |
399 | - ); | |
396 | + length = ix; | |
400 | 397 | |
401 | - if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length)) | |
402 | - { | |
403 | - message->error = hSession->ssl.error = ERR_get_error(); | |
404 | - message->title = N_( "Security error" ); | |
405 | - message->text = N_( "Can't get CRL from LDAP Search" ); | |
406 | - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
407 | - } | |
398 | + lib3270_trace_data( | |
399 | + hSession, | |
400 | + "CRL Data received from LDAP server", | |
401 | + (const char *) ptr, | |
402 | + length | |
403 | + ); | |
408 | 404 | |
405 | + if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length)) | |
406 | + { | |
407 | + message->error = hSession->ssl.error = ERR_get_error(); | |
408 | + message->title = N_( "Security error" ); | |
409 | + message->text = N_( "Can't get CRL from LDAP Search" ); | |
410 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); | |
409 | 411 | } |
410 | 412 | |
411 | 413 | } | ... | ... |