/* * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a * aplicativos mainframe. Registro no INPI sob o nome G3270. * * Copyright (C) <2008> * * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela * Free Software Foundation. * * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para * obter mais detalhes. * * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin * St, Fifth Floor, Boston, MA 02110-1301 USA * * Este programa está nomeado como - e possui - linhas de código. * * Contatos: * * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça) * * References: * * https://docs.microsoft.com/en-us/windows/win32/winhttp/winhttp-autoproxy-api * */ /** * @brief Implements CRL download using winhttp. * */ #include #include "private.h" #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) #include #include /*--[ Implement ]------------------------------------------------------------------------------------*/ static void lib3270_autoptr_cleanup_HINTERNET(HINTERNET **hInternet) { if(*hInternet) WinHttpCloseHandle(*hInternet); *hInternet = 0; } X509_CRL * get_crl_using_http(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl) { wchar_t wHostname[4096]; wchar_t wPath[4096]; { // Strip URL char * url = lib3270_unescape(consturl); char *hostname = strstr(url,"://"); if(!hostname) hostname = url; else hostname += 3; char *path = strchr(hostname,'/'); if(path) *(path++) = 0; mbstowcs(wHostname, hostname, strlen(hostname)+1); mbstowcs(wPath, path, strlen(path)+1); lib3270_free(url); } // https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpopenrequest // Open HTTP session // https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpopenrequest static const char * userAgent = PACKAGE_NAME "/" PACKAGE_VERSION; wchar_t wUserAgent[256]; mbstowcs(wUserAgent, userAgent, strlen(userAgent)+1); lib3270_autoptr(HINTERNET) httpSession = WinHttpOpen(wUserAgent, WINHTTP_ACCESS_TYPE_NO_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0 ); if(!httpSession) { lib3270_autoptr(char) windows_error = lib3270_win32_translate_error_code(GetLastError()); lib3270_write_log(hSession,"ssl","%s: %s",consturl, windows_error); message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't open HTTP session" ); debug("%s",message->text); errno = EINVAL; return NULL; } // Connect to server lib3270_autoptr(HINTERNET) hConnect = WinHttpConnect(httpSession, wHostname, INTERNET_DEFAULT_HTTP_PORT, 0); if(!hConnect) { lib3270_autoptr(char) windows_error = lib3270_win32_translate_error_code(GetLastError()); lib3270_write_log(hSession,"ssl","%s: %s",consturl, windows_error); message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't connect to HTTP server." ); debug("%s",message->text); errno = EINVAL; return NULL; } // Create request. lib3270_autoptr(HINTERNET) hRequest = WinHttpOpenRequest(hConnect, L"GET", wPath, NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_ESCAPE_PERCENT); if(!hConnect) { message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't create HTTP request." ); debug("%s",message->text); errno = EINVAL; return NULL; } WinHttpSetOption(hRequest, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0); // Send request. if(!WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0, WINHTTP_NO_REQUEST_DATA, 0, 0, 0)) { message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't send HTTP request." ); debug("%s",message->text); errno = EINVAL; return NULL; } // Get response if(!WinHttpReceiveResponse(hRequest, NULL)) { message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't receive HTTP response." ); debug("%s",message->text); errno = EINVAL; return NULL; } DWORD szResponse = 0; if(!WinHttpQueryDataAvailable(hRequest, &szResponse)) { message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Empty response from HTTP server." ); debug("%s",message->text); errno = EINVAL; return NULL; } lib3270_autoptr(char) httpText = lib3270_malloc(szResponse+1); memset(httpText,0,szResponse+1); debug("Data block: %p",httpText); debug("Response before: %u", (unsigned int) szResponse); if(!WinHttpReadData(hRequest,httpText,szResponse,&szResponse)){ message->error = hSession->ssl.error = 0; message->title = _( "Security error" ); message->text = _( "Can't read HTTP response." ); debug("%s",message->text); errno = EINVAL; return NULL; } debug("Response after: %u", (unsigned int) szResponse); // // Parse CRL // X509_CRL * x509_crl = NULL; // Copy the pointer because d2i_X509_CRL changes the value!!! const unsigned char *crl_data = (const unsigned char *) httpText; if(!d2i_X509_CRL(&x509_crl,&crl_data, szResponse)) { message->error = hSession->ssl.error = ERR_get_error(); message->title = _( "Security error" ); message->text = _( "Can't decode certificate revocation list" ); lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text); return NULL; } debug("**************URL:[%s]*********************",consturl); return x509_crl; } #endif // defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)