Download as
Browse Code »

Commit 63f527a79c2ba6c34191345333c8b4c0079f18b7

Authored by Perry Werneck
1 parent 5d36ae07
Exists in master and in 3 other branches develop, macos, network_module

Improving SSL trace.

Showing 2 changed files with 151 additions and 140 deletions   Show diff stats
src/lib3270/Makefile.in
  Diff comments   View file @63f527a
@@ -362,6 +362,15 @@ publish-debug: \ @@ -362,6 +362,15 @@ publish-debug: \
362 ~/public_html/debug-$(LIBNAME)-@host_cpu@.zip \ 362 ~/public_html/debug-$(LIBNAME)-@host_cpu@.zip \
363 $(BINDBG)/* 363 $(BINDBG)/*
364 364
  365 +publish-release: \
  366 + $(BINRLS)/$(LIBNAME)@DLLEXT@
  367 +
  368 + @rm -f ~/public-html/release-$(LIBNAME)-@host_cpu@.zip
  369 + @zip \
  370 + -9 -D \
  371 + ~/public_html/release-$(LIBNAME)-@host_cpu@.zip \
  372 + $(BINRLS)/*@DLLEXT@
  373 +
365 $(BINDBG)/$(LIBNAME)@DLLEXT@: \ 374 $(BINDBG)/$(LIBNAME)@DLLEXT@: \
366 $(BINDBG)/$(LIBNAME)@DLLEXT@.@PACKAGE_MAJOR_VERSION@ 375 $(BINDBG)/$(LIBNAME)@DLLEXT@.@PACKAGE_MAJOR_VERSION@
367 376
src/lib3270/ssl/windows/getcrl.c
  Diff comments   View file @63f527a
@@ -112,9 +112,8 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n @@ -112,9 +112,8 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n
112 112
113 unsigned char *ptr = (unsigned char *) contents; 113 unsigned char *ptr = (unsigned char *) contents;
114 114
115 -#ifdef DEBUG  
116 - lib3270_trace_data(data->hSession,"************* Received block",(const char *) contents, realsize);  
117 -#endif 115 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  116 + lib3270_trace_data(data->hSession,"curl_write:",(const char *) contents, realsize);
118 117
119 for(ix = 0; ix < realsize; ix++) 118 for(ix = 0; ix < realsize; ix++)
120 { 119 {
@@ -225,187 +224,190 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -225,187 +224,190 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
225 // Use CURL to download the CRL 224 // Use CURL to download the CRL
226 lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA)); 225 lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
227 226
228 - // Initialize curl and curl_easy  
229 - lib3270_autoptr(CURL) hCurl = curl_easy_init();  
230 -  
231 memset(crl_data,0,sizeof(CURLDATA)); 227 memset(crl_data,0,sizeof(CURLDATA));
232 crl_data->message = message; 228 crl_data->message = message;
233 crl_data->hSession = hSession; 229 crl_data->hSession = hSession;
234 230
235 - debug("datablock is %p",crl_data); 231 + // Initialize curl and curl_easy
  232 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
236 233
237 - if(hCurl) 234 + if(!hCurl)
238 { 235 {
239 - CURLcode res; 236 + message->error = hSession->ssl.error = 0;
  237 + message->title = N_( "Security error" );
  238 + message->text = N_( "Can't initialize curl" );
  239 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  240 + return NULL;
  241 + }
240 242
241 - curl_easy_setopt(hCurl, CURLOPT_URL, consturl);  
242 - curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L); 243 + CURLcode res;
243 244
244 - curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf); 245 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  246 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
245 247
246 - curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);  
247 - curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data); 248 + curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
248 249
249 - curl_easy_setopt(hCurl, CURLOPT_USERNAME, ""); 250 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  251 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
250 252
251 - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))  
252 - {  
253 - curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);  
254 - curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);  
255 - curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);  
256 - } 253 + curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
257 254
258 - res = curl_easy_perform(hCurl); 255 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
  256 + {
  257 + curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
  258 + curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
  259 + curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
  260 + }
259 261
260 - if(res != CURLE_OK)  
261 - {  
262 - message->error = hSession->ssl.error = 0;  
263 - message->title = N_( "Security error" ); 262 + res = curl_easy_perform(hCurl);
264 263
265 - if(crl_data->errbuf[0])  
266 - {  
267 - message->text = curl_easy_strerror(res);  
268 - message->description = crl_data->errbuf;  
269 - }  
270 - else  
271 - {  
272 - message->text = N_( "Error loading CRL" );  
273 - message->description = curl_easy_strerror(res);  
274 - } 264 + if(res != CURLE_OK)
  265 + {
  266 + message->error = hSession->ssl.error = 0;
  267 + message->title = N_( "Security error" );
275 268
276 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
277 - return NULL; 269 + if(crl_data->errbuf[0])
  270 + {
  271 + message->text = curl_easy_strerror(res);
  272 + message->description = crl_data->errbuf;
278 } 273 }
279 -  
280 - debug("Tamanho da resposta: %u", (unsigned int) crl_data->length);  
281 - debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents);  
282 -  
283 - char *ct = NULL;  
284 - res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);  
285 - if(res != CURLE_OK) 274 + else
286 { 275 {
287 - message->error = hSession->ssl.error = 0;  
288 - message->title = N_( "Security error" );  
289 message->text = N_( "Error loading CRL" ); 276 message->text = N_( "Error loading CRL" );
290 - message->description = curl_easy_strerror(res);  
291 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);  
292 - return NULL; 277 + message->description = curl_easy_strerror(res);
293 } 278 }
294 279
295 - /*  
296 - if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))  
297 - {  
298 - lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));  
299 - lib3270_trace_data(  
300 - data->hSession,  
301 - msg,  
302 - (const char *) crl_data->contents,  
303 - crl_data->length  
304 - );  
305 - }  
306 - */ 280 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  281 + return NULL;
  282 + }
307 283
308 - if(ct)  
309 - {  
310 - const unsigned char * data = crl_data->contents; 284 + debug("Tamanho da resposta: %u", (unsigned int) crl_data->length);
  285 + debug("Resposta:\n-------------------------------------------\n%s\n-------------------------------------------\n",crl_data->contents);
311 286
312 - trace_ssl(crl_data->hSession, "Content-type: %s", ct); 287 + char *ct = NULL;
  288 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  289 + if(res != CURLE_OK)
  290 + {
  291 + message->error = hSession->ssl.error = 0;
  292 + message->title = N_( "Security error" );
  293 + message->text = N_( "Error loading CRL" );
  294 + message->description = curl_easy_strerror(res);
  295 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  296 + return NULL;
  297 + }
313 298
314 - if(strcasecmp(ct,"application/pkix-crl") == 0)  
315 - {  
316 - // CRL File, convert it  
317 - if(!d2i_X509_CRL(&crl, &data, crl_data->length))  
318 - {  
319 - message->error = hSession->ssl.error = ERR_get_error();  
320 - message->title = N_( "Security error" );  
321 - message->text = N_( "Got an invalid CRL from server" );  
322 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
323 - return NULL;  
324 - }  
325 - }  
326 - else 299 + /*
  300 + if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
  301 + {
  302 + lib3270_autoptr(msg) = lib3270_vsprintf("CRL Data received with content-type \"%s\"", (ct ? ct : "undefined"));
  303 + lib3270_trace_data(
  304 + data->hSession,
  305 + msg,
  306 + (const char *) crl_data->contents,
  307 + crl_data->length
  308 + );
  309 + }
  310 + */
  311 +
  312 + if(ct)
  313 + {
  314 + const unsigned char * data = crl_data->contents;
  315 +
  316 + trace_ssl(crl_data->hSession, "Content-type: %s", ct);
  317 +
  318 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  319 + {
  320 + // CRL File, convert it
  321 + if(!d2i_X509_CRL(&crl, &data, crl_data->length))
327 { 322 {
328 message->error = hSession->ssl.error = ERR_get_error(); 323 message->error = hSession->ssl.error = ERR_get_error();
329 message->title = N_( "Security error" ); 324 message->title = N_( "Security error" );
330 message->text = N_( "Got an invalid CRL from server" ); 325 message->text = N_( "Got an invalid CRL from server" );
331 - lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct); 326 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
332 return NULL; 327 return NULL;
333 } 328 }
334 } 329 }
335 - else if(strncasecmp(consturl,"ldap://",7) == 0) 330 + else
336 { 331 {
337 - // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.  
338 - char * attr = strchr(consturl,'?');  
339 - if(!attr)  
340 - {  
341 - message->error = hSession->ssl.error = 0;  
342 - message->title = N_( "Security error" );  
343 - message->text = N_( "No attribute in LDAP search URL" );  
344 - return NULL;  
345 - }  
346 -  
347 - attr++; 332 + message->error = hSession->ssl.error = ERR_get_error();
  333 + message->title = N_( "Security error" );
  334 + message->text = N_( "Got an invalid CRL from server" );
  335 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  336 + return NULL;
  337 + }
  338 + }
  339 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  340 + {
  341 + // LDAP Query on curl for windows returns an unprocessed response instead of a base64 data.
  342 + char * attr = strchr(consturl,'?');
  343 + if(!attr)
  344 + {
  345 + message->error = hSession->ssl.error = 0;
  346 + message->title = N_( "Security error" );
  347 + message->text = N_( "No attribute in LDAP search URL" );
  348 + return NULL;
  349 + }
348 350
349 - //  
350 - // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to  
351 - // base64, because of this I've to extract the BER directly.  
352 - //  
353 - // This is an ugly solution, I know!  
354 - // 351 + attr++;
355 352
356 - lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);  
357 - trace_ssl(crl_data->hSession, text); 353 + //
  354 + // There's something odd on libcurl for windows! For some reason it's not converting the LDAP response values to
  355 + // base64, because of this I've to extract the BER directly.
  356 + //
  357 + // This is an ugly solution, I know!
  358 + //
358 359
359 - lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);  
360 - char *ptr = strstr((char *) crl_data->contents, key); 360 + lib3270_autoptr(char) text = lib3270_strdup_printf("No mime-type, extracting \"%s\" directly from LDAP response\n",attr);
  361 + trace_ssl(crl_data->hSession, text);
361 362
362 - debug("key=\"%s\" ptr=%p",key,ptr) 363 + lib3270_autoptr(char) key = lib3270_strdup_printf("%s: ",attr);
  364 + char *ptr = strstr((char *) crl_data->contents, key);
363 365
364 - if(!ptr)  
365 - {  
366 - message->error = hSession->ssl.error = 0;  
367 - message->title = N_( "Security error" );  
368 - message->text = N_( "Can't find attribute in LDAP response" );  
369 - return NULL;  
370 - } 366 + debug("key=\"%s\" ptr=%p",key,ptr)
371 367
372 - ptr += strlen(key);  
373 - size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));  
374 - size_t ix; 368 + if(!ptr)
  369 + {
  370 + message->error = hSession->ssl.error = 0;
  371 + message->title = N_( "Security error" );
  372 + message->text = N_( "Can't find attribute in LDAP response" );
  373 + return NULL;
  374 + }
375 375
376 - for(ix = 0; ix < (length-1); ix++)  
377 - {  
378 - if(ptr[ix] == '\n' && ptr[ix+1] == '\n')  
379 - break;  
380 - } 376 + ptr += strlen(key);
  377 + size_t length = crl_data->length - (ptr - ((char *) crl_data->contents));
  378 + size_t ix;
381 379
382 - debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix); 380 + for(ix = 0; ix < (length-1); ix++)
  381 + {
  382 + if(ptr[ix] == '\n' && ptr[ix+1] == '\n')
  383 + break;
  384 + }
383 385
384 - if(ix >= length)  
385 - {  
386 - message->error = hSession->ssl.error = 0;  
387 - message->title = N_( "Security error" );  
388 - message->text = N_( "Can't find attribute end in LDAP response" );  
389 - return NULL;  
390 - } 386 + debug("length=%u ix=%u", (unsigned int) length, (unsigned int) ix);
391 387
392 - length = ix; 388 + if(ix >= length)
  389 + {
  390 + message->error = hSession->ssl.error = 0;
  391 + message->title = N_( "Security error" );
  392 + message->text = N_( "Can't find attribute end in LDAP response" );
  393 + return NULL;
  394 + }
393 395
394 - lib3270_trace_data(  
395 - hSession,  
396 - "CRL Data received from LDAP server",  
397 - (const char *) ptr,  
398 - length  
399 - ); 396 + length = ix;
400 397
401 - if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))  
402 - {  
403 - message->error = hSession->ssl.error = ERR_get_error();  
404 - message->title = N_( "Security error" );  
405 - message->text = N_( "Can't get CRL from LDAP Search" );  
406 - lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);  
407 - } 398 + lib3270_trace_data(
  399 + hSession,
  400 + "CRL Data received from LDAP server",
  401 + (const char *) ptr,
  402 + length
  403 + );
408 404
  405 + if(!d2i_X509_CRL(&crl, (const unsigned char **) &ptr, length))
  406 + {
  407 + message->error = hSession->ssl.error = ERR_get_error();
  408 + message->title = N_( "Security error" );
  409 + message->text = N_( "Can't get CRL from LDAP Search" );
  410 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
409 } 411 }
410 412
411 } 413 }