[164] | 1 | /***************************************************************************
|
---|
| 2 | * _ _ ____ _
|
---|
| 3 | * Project ___| | | | _ \| |
|
---|
| 4 | * / __| | | | |_) | |
|
---|
| 5 | * | (__| |_| | _ <| |___
|
---|
| 6 | * \___|\___/|_| \_\_____|
|
---|
| 7 | *
|
---|
| 8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
| 9 | *
|
---|
| 10 | * This software is licensed as described in the file COPYING, which
|
---|
| 11 | * you should have received as part of this distribution. The terms
|
---|
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
| 13 | *
|
---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
---|
| 17 | *
|
---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
| 19 | * KIND, either express or implied.
|
---|
| 20 | *
|
---|
| 21 | ***************************************************************************/
|
---|
| 22 |
|
---|
| 23 | /*
|
---|
| 24 | * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
|
---|
| 25 | * but vtls.c should ever call or use these functions.
|
---|
| 26 | */
|
---|
| 27 |
|
---|
| 28 | /*
|
---|
| 29 | * The original SSLeay-using code for curl was written by Linas Vepstas and
|
---|
| 30 | * Sampo Kellomaki 1998.
|
---|
| 31 | */
|
---|
| 32 |
|
---|
| 33 | #include "curl_setup.h"
|
---|
| 34 |
|
---|
| 35 | #ifdef USE_OPENSSL
|
---|
| 36 |
|
---|
| 37 | #ifdef HAVE_LIMITS_H
|
---|
| 38 | #include <limits.h>
|
---|
| 39 | #endif
|
---|
| 40 |
|
---|
| 41 | #include "urldata.h"
|
---|
| 42 | #include "sendf.h"
|
---|
| 43 | #include "formdata.h" /* for the boundary function */
|
---|
| 44 | #include "url.h" /* for the ssl config check function */
|
---|
| 45 | #include "inet_pton.h"
|
---|
| 46 | #include "openssl.h"
|
---|
| 47 | #include "connect.h"
|
---|
| 48 | #include "slist.h"
|
---|
| 49 | #include "strequal.h"
|
---|
| 50 | #include "select.h"
|
---|
| 51 | #include "vtls.h"
|
---|
| 52 | #include "rawstr.h"
|
---|
| 53 | #include "hostcheck.h"
|
---|
| 54 | #include "curl_printf.h"
|
---|
| 55 |
|
---|
| 56 | #include <openssl/ssl.h>
|
---|
| 57 | #include <openssl/rand.h>
|
---|
| 58 | #include <openssl/x509v3.h>
|
---|
| 59 | #include <openssl/dsa.h>
|
---|
| 60 | #include <openssl/dh.h>
|
---|
| 61 | #include <openssl/err.h>
|
---|
| 62 | #include <openssl/md5.h>
|
---|
| 63 | #include <openssl/conf.h>
|
---|
| 64 | #include <openssl/bn.h>
|
---|
| 65 | #include <openssl/rsa.h>
|
---|
| 66 |
|
---|
| 67 | #ifdef HAVE_OPENSSL_PKCS12_H
|
---|
| 68 | #include <openssl/pkcs12.h>
|
---|
| 69 | #endif
|
---|
| 70 |
|
---|
| 71 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 72 | #include <openssl/ocsp.h>
|
---|
| 73 | #endif
|
---|
| 74 |
|
---|
| 75 | #include "warnless.h"
|
---|
| 76 | #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
---|
| 77 |
|
---|
| 78 | /* The last #include files should be: */
|
---|
| 79 | #include "curl_memory.h"
|
---|
| 80 | #include "memdebug.h"
|
---|
| 81 |
|
---|
| 82 | #ifndef OPENSSL_VERSION_NUMBER
|
---|
| 83 | #error "OPENSSL_VERSION_NUMBER not defined"
|
---|
| 84 | #endif
|
---|
| 85 |
|
---|
| 86 | #if !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 87 | /* ENGINE_load_private_key() takes four arguments */
|
---|
| 88 | #define HAVE_ENGINE_LOAD_FOUR_ARGS
|
---|
| 89 | #include <openssl/ui.h>
|
---|
| 90 | #else
|
---|
| 91 | /* ENGINE_load_private_key() takes three arguments */
|
---|
| 92 | #undef HAVE_ENGINE_LOAD_FOUR_ARGS
|
---|
| 93 | #endif
|
---|
| 94 |
|
---|
| 95 | #if defined(HAVE_OPENSSL_PKCS12_H) && !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 96 | /* OpenSSL has PKCS 12 support, BoringSSL does not */
|
---|
| 97 | #define HAVE_PKCS12_SUPPORT
|
---|
| 98 | #else
|
---|
| 99 | /* OpenSSL does not have PKCS12 support */
|
---|
| 100 | #undef HAVE_PKCS12_SUPPORT
|
---|
| 101 | #endif
|
---|
| 102 |
|
---|
| 103 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
| 104 | #define SSL_METHOD_QUAL const
|
---|
| 105 | #else
|
---|
| 106 | #define SSL_METHOD_QUAL
|
---|
| 107 | #endif
|
---|
| 108 |
|
---|
| 109 | #ifdef OPENSSL_IS_BORINGSSL
|
---|
| 110 | /* BoringSSL has no ERR_remove_state() */
|
---|
| 111 | #define ERR_remove_state(x)
|
---|
| 112 | #elif (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
---|
| 113 | #define HAVE_ERR_REMOVE_THREAD_STATE 1
|
---|
| 114 | #endif
|
---|
| 115 |
|
---|
| 116 | #if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
|
---|
| 117 | OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
|
---|
| 118 | #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
|
---|
| 119 | #define OPENSSL_NO_SSL2
|
---|
| 120 | #endif
|
---|
| 121 |
|
---|
| 122 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
|
---|
| 123 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 124 | #define SSLeay_add_ssl_algorithms() SSL_library_init()
|
---|
| 125 | #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
---|
| 126 | #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
|
---|
| 127 | #endif
|
---|
| 128 |
|
---|
| 129 | #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
|
---|
| 130 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 131 | #define HAVE_X509_GET0_SIGNATURE 1
|
---|
| 132 | #endif
|
---|
| 133 |
|
---|
| 134 | #if defined(OPENSSL_IS_BORINGSSL)
|
---|
| 135 | #define NO_RAND_SEED 1
|
---|
| 136 | /* In BoringSSL OpenSSL_add_all_algorithms does nothing */
|
---|
| 137 | #define OpenSSL_add_all_algorithms()
|
---|
| 138 | /* BoringSSL does not have CONF_modules_load_file, CONF_modules_free */
|
---|
| 139 | #define CONF_modules_load_file(a,b,c)
|
---|
| 140 | #define CONF_modules_free()
|
---|
| 141 | #endif
|
---|
| 142 |
|
---|
| 143 | #if (OPENSSL_VERSION_NUMBER < 0x0090808fL) || defined(OPENSSL_IS_BORINGSSL)
|
---|
| 144 | /* not present in BoringSSL or older OpenSSL */
|
---|
| 145 | #define OPENSSL_load_builtin_modules(x)
|
---|
| 146 | #endif
|
---|
| 147 |
|
---|
| 148 | /*
|
---|
| 149 | * Number of bytes to read from the random number seed file. This must be
|
---|
| 150 | * a finite value (because some entropy "files" like /dev/urandom have
|
---|
| 151 | * an infinite length), but must be large enough to provide enough
|
---|
| 152 | * entopy to properly seed OpenSSL's PRNG.
|
---|
| 153 | */
|
---|
| 154 | #define RAND_LOAD_LENGTH 1024
|
---|
| 155 |
|
---|
| 156 | static int passwd_callback(char *buf, int num, int encrypting,
|
---|
| 157 | void *global_passwd)
|
---|
| 158 | {
|
---|
| 159 | DEBUGASSERT(0 == encrypting);
|
---|
| 160 |
|
---|
| 161 | if(!encrypting) {
|
---|
| 162 | int klen = curlx_uztosi(strlen((char *)global_passwd));
|
---|
| 163 | if(num > klen) {
|
---|
| 164 | memcpy(buf, global_passwd, klen+1);
|
---|
| 165 | return klen;
|
---|
| 166 | }
|
---|
| 167 | }
|
---|
| 168 | return 0;
|
---|
| 169 | }
|
---|
| 170 |
|
---|
| 171 | /*
|
---|
| 172 | * rand_enough() is a function that returns TRUE if we have seeded the random
|
---|
| 173 | * engine properly. We use some preprocessor magic to provide a seed_enough()
|
---|
| 174 | * macro to use, just to prevent a compiler warning on this function if we
|
---|
| 175 | * pass in an argument that is never used.
|
---|
| 176 | */
|
---|
| 177 |
|
---|
| 178 | #ifndef NO_RAND_SEED
|
---|
| 179 | #ifdef HAVE_RAND_STATUS
|
---|
| 180 | #define seed_enough(x) rand_enough()
|
---|
| 181 | static bool rand_enough(void)
|
---|
| 182 | {
|
---|
| 183 | return (0 != RAND_status()) ? TRUE : FALSE;
|
---|
| 184 | }
|
---|
| 185 | #else
|
---|
| 186 | #define seed_enough(x) rand_enough(x)
|
---|
| 187 | static bool rand_enough(int nread)
|
---|
| 188 | {
|
---|
| 189 | /* this is a very silly decision to make */
|
---|
| 190 | return (nread > 500) ? TRUE : FALSE;
|
---|
| 191 | }
|
---|
| 192 | #endif
|
---|
| 193 |
|
---|
| 194 | static int ossl_seed(struct SessionHandle *data)
|
---|
| 195 | {
|
---|
| 196 | char *buf = data->state.buffer; /* point to the big buffer */
|
---|
| 197 | int nread=0;
|
---|
| 198 |
|
---|
| 199 | /* Q: should we add support for a random file name as a libcurl option?
|
---|
| 200 | A: Yes, it is here */
|
---|
| 201 |
|
---|
| 202 | #ifndef RANDOM_FILE
|
---|
| 203 | /* if RANDOM_FILE isn't defined, we only perform this if an option tells
|
---|
| 204 | us to! */
|
---|
| 205 | if(data->set.ssl.random_file)
|
---|
| 206 | #define RANDOM_FILE "" /* doesn't matter won't be used */
|
---|
| 207 | #endif
|
---|
| 208 | {
|
---|
| 209 | /* let the option override the define */
|
---|
| 210 | nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
|
---|
| 211 | data->set.str[STRING_SSL_RANDOM_FILE]:
|
---|
| 212 | RANDOM_FILE),
|
---|
| 213 | RAND_LOAD_LENGTH);
|
---|
| 214 | if(seed_enough(nread))
|
---|
| 215 | return nread;
|
---|
| 216 | }
|
---|
| 217 |
|
---|
| 218 | #if defined(HAVE_RAND_EGD)
|
---|
| 219 | /* only available in OpenSSL 0.9.5 and later */
|
---|
| 220 | /* EGD_SOCKET is set at configure time or not at all */
|
---|
| 221 | #ifndef EGD_SOCKET
|
---|
| 222 | /* If we don't have the define set, we only do this if the egd-option
|
---|
| 223 | is set */
|
---|
| 224 | if(data->set.str[STRING_SSL_EGDSOCKET])
|
---|
| 225 | #define EGD_SOCKET "" /* doesn't matter won't be used */
|
---|
| 226 | #endif
|
---|
| 227 | {
|
---|
| 228 | /* If there's an option and a define, the option overrides the
|
---|
| 229 | define */
|
---|
| 230 | int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
|
---|
| 231 | data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
|
---|
| 232 | if(-1 != ret) {
|
---|
| 233 | nread += ret;
|
---|
| 234 | if(seed_enough(nread))
|
---|
| 235 | return nread;
|
---|
| 236 | }
|
---|
| 237 | }
|
---|
| 238 | #endif
|
---|
| 239 |
|
---|
| 240 | /* If we get here, it means we need to seed the PRNG using a "silly"
|
---|
| 241 | approach! */
|
---|
| 242 | do {
|
---|
| 243 | unsigned char randb[64];
|
---|
| 244 | int len = sizeof(randb);
|
---|
| 245 | RAND_bytes(randb, len);
|
---|
| 246 | RAND_add(randb, len, (len >> 1));
|
---|
| 247 | } while(!RAND_status());
|
---|
| 248 |
|
---|
| 249 | /* generates a default path for the random seed file */
|
---|
| 250 | buf[0]=0; /* blank it first */
|
---|
| 251 | RAND_file_name(buf, BUFSIZE);
|
---|
| 252 | if(buf[0]) {
|
---|
| 253 | /* we got a file name to try */
|
---|
| 254 | nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
|
---|
| 255 | if(seed_enough(nread))
|
---|
| 256 | return nread;
|
---|
| 257 | }
|
---|
| 258 |
|
---|
| 259 | infof(data, "libcurl is now using a weak random seed!\n");
|
---|
| 260 | return nread;
|
---|
| 261 | }
|
---|
| 262 |
|
---|
| 263 | static void Curl_ossl_seed(struct SessionHandle *data)
|
---|
| 264 | {
|
---|
| 265 | /* we have the "SSL is seeded" boolean static to prevent multiple
|
---|
| 266 | time-consuming seedings in vain */
|
---|
| 267 | static bool ssl_seeded = FALSE;
|
---|
| 268 |
|
---|
| 269 | if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
|
---|
| 270 | data->set.str[STRING_SSL_EGDSOCKET]) {
|
---|
| 271 | ossl_seed(data);
|
---|
| 272 | ssl_seeded = TRUE;
|
---|
| 273 | }
|
---|
| 274 | }
|
---|
| 275 | #else
|
---|
| 276 | /* BoringSSL needs no seeding */
|
---|
| 277 | #define Curl_ossl_seed(x)
|
---|
| 278 | #endif
|
---|
| 279 |
|
---|
| 280 |
|
---|
| 281 | #ifndef SSL_FILETYPE_ENGINE
|
---|
| 282 | #define SSL_FILETYPE_ENGINE 42
|
---|
| 283 | #endif
|
---|
| 284 | #ifndef SSL_FILETYPE_PKCS12
|
---|
| 285 | #define SSL_FILETYPE_PKCS12 43
|
---|
| 286 | #endif
|
---|
| 287 | static int do_file_type(const char *type)
|
---|
| 288 | {
|
---|
| 289 | if(!type || !type[0])
|
---|
| 290 | return SSL_FILETYPE_PEM;
|
---|
| 291 | if(Curl_raw_equal(type, "PEM"))
|
---|
| 292 | return SSL_FILETYPE_PEM;
|
---|
| 293 | if(Curl_raw_equal(type, "DER"))
|
---|
| 294 | return SSL_FILETYPE_ASN1;
|
---|
| 295 | if(Curl_raw_equal(type, "ENG"))
|
---|
| 296 | return SSL_FILETYPE_ENGINE;
|
---|
| 297 | if(Curl_raw_equal(type, "P12"))
|
---|
| 298 | return SSL_FILETYPE_PKCS12;
|
---|
| 299 | return -1;
|
---|
| 300 | }
|
---|
| 301 |
|
---|
| 302 | #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_FOUR_ARGS)
|
---|
| 303 | /*
|
---|
| 304 | * Supply default password to the engine user interface conversation.
|
---|
| 305 | * The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
---|
| 306 | * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
|
---|
| 307 | */
|
---|
| 308 | static int ssl_ui_reader(UI *ui, UI_STRING *uis)
|
---|
| 309 | {
|
---|
| 310 | const char *password;
|
---|
| 311 | switch(UI_get_string_type(uis)) {
|
---|
| 312 | case UIT_PROMPT:
|
---|
| 313 | case UIT_VERIFY:
|
---|
| 314 | password = (const char*)UI_get0_user_data(ui);
|
---|
| 315 | if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
| 316 | UI_set_result(ui, uis, password);
|
---|
| 317 | return 1;
|
---|
| 318 | }
|
---|
| 319 | default:
|
---|
| 320 | break;
|
---|
| 321 | }
|
---|
| 322 | return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
|
---|
| 323 | }
|
---|
| 324 |
|
---|
| 325 | /*
|
---|
| 326 | * Suppress interactive request for a default password if available.
|
---|
| 327 | */
|
---|
| 328 | static int ssl_ui_writer(UI *ui, UI_STRING *uis)
|
---|
| 329 | {
|
---|
| 330 | switch(UI_get_string_type(uis)) {
|
---|
| 331 | case UIT_PROMPT:
|
---|
| 332 | case UIT_VERIFY:
|
---|
| 333 | if(UI_get0_user_data(ui) &&
|
---|
| 334 | (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
| 335 | return 1;
|
---|
| 336 | }
|
---|
| 337 | default:
|
---|
| 338 | break;
|
---|
| 339 | }
|
---|
| 340 | return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
|
---|
| 341 | }
|
---|
| 342 | #endif
|
---|
| 343 |
|
---|
| 344 | static
|
---|
| 345 | int cert_stuff(struct connectdata *conn,
|
---|
| 346 | SSL_CTX* ctx,
|
---|
| 347 | char *cert_file,
|
---|
| 348 | const char *cert_type,
|
---|
| 349 | char *key_file,
|
---|
| 350 | const char *key_type)
|
---|
| 351 | {
|
---|
| 352 | struct SessionHandle *data = conn->data;
|
---|
| 353 |
|
---|
| 354 | int file_type = do_file_type(cert_type);
|
---|
| 355 |
|
---|
| 356 | if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
|
---|
| 357 | SSL *ssl;
|
---|
| 358 | X509 *x509;
|
---|
| 359 | int cert_done = 0;
|
---|
| 360 |
|
---|
| 361 | if(data->set.str[STRING_KEY_PASSWD]) {
|
---|
| 362 | /* set the password in the callback userdata */
|
---|
| 363 | SSL_CTX_set_default_passwd_cb_userdata(ctx,
|
---|
| 364 | data->set.str[STRING_KEY_PASSWD]);
|
---|
| 365 | /* Set passwd callback: */
|
---|
| 366 | SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
|
---|
| 367 | }
|
---|
| 368 |
|
---|
| 369 |
|
---|
| 370 | switch(file_type) {
|
---|
| 371 | case SSL_FILETYPE_PEM:
|
---|
| 372 | /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
|
---|
| 373 | if(SSL_CTX_use_certificate_chain_file(ctx,
|
---|
| 374 | cert_file) != 1) {
|
---|
| 375 | failf(data,
|
---|
| 376 | "could not load PEM client certificate, OpenSSL error %s, "
|
---|
| 377 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
| 378 | ERR_error_string(ERR_get_error(), NULL) );
|
---|
| 379 | return 0;
|
---|
| 380 | }
|
---|
| 381 | break;
|
---|
| 382 |
|
---|
| 383 | case SSL_FILETYPE_ASN1:
|
---|
| 384 | /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
|
---|
| 385 | we use the case above for PEM so this can only be performed with
|
---|
| 386 | ASN1 files. */
|
---|
| 387 | if(SSL_CTX_use_certificate_file(ctx,
|
---|
| 388 | cert_file,
|
---|
| 389 | file_type) != 1) {
|
---|
| 390 | failf(data,
|
---|
| 391 | "could not load ASN1 client certificate, OpenSSL error %s, "
|
---|
| 392 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
| 393 | ERR_error_string(ERR_get_error(), NULL) );
|
---|
| 394 | return 0;
|
---|
| 395 | }
|
---|
| 396 | break;
|
---|
| 397 | case SSL_FILETYPE_ENGINE:
|
---|
| 398 | #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
---|
| 399 | {
|
---|
| 400 | if(data->state.engine) {
|
---|
| 401 | const char *cmd_name = "LOAD_CERT_CTRL";
|
---|
| 402 | struct {
|
---|
| 403 | const char *cert_id;
|
---|
| 404 | X509 *cert;
|
---|
| 405 | } params;
|
---|
| 406 |
|
---|
| 407 | params.cert_id = cert_file;
|
---|
| 408 | params.cert = NULL;
|
---|
| 409 |
|
---|
| 410 | /* Does the engine supports LOAD_CERT_CTRL ? */
|
---|
| 411 | if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
|
---|
| 412 | 0, (void *)cmd_name, NULL)) {
|
---|
| 413 | failf(data, "ssl engine does not support loading certificates");
|
---|
| 414 | return 0;
|
---|
| 415 | }
|
---|
| 416 |
|
---|
| 417 | /* Load the certificate from the engine */
|
---|
| 418 | if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
|
---|
| 419 | 0, ¶ms, NULL, 1)) {
|
---|
| 420 | failf(data, "ssl engine cannot load client cert with id"
|
---|
| 421 | " '%s' [%s]", cert_file,
|
---|
| 422 | ERR_error_string(ERR_get_error(), NULL));
|
---|
| 423 | return 0;
|
---|
| 424 | }
|
---|
| 425 |
|
---|
| 426 | if(!params.cert) {
|
---|
| 427 | failf(data, "ssl engine didn't initialized the certificate "
|
---|
| 428 | "properly.");
|
---|
| 429 | return 0;
|
---|
| 430 | }
|
---|
| 431 |
|
---|
| 432 | if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
|
---|
| 433 | failf(data, "unable to set client certificate");
|
---|
| 434 | X509_free(params.cert);
|
---|
| 435 | return 0;
|
---|
| 436 | }
|
---|
| 437 | X509_free(params.cert); /* we don't need the handle any more... */
|
---|
| 438 | }
|
---|
| 439 | else {
|
---|
| 440 | failf(data, "crypto engine not set, can't load certificate");
|
---|
| 441 | return 0;
|
---|
| 442 | }
|
---|
| 443 | }
|
---|
| 444 | break;
|
---|
| 445 | #else
|
---|
| 446 | failf(data, "file type ENG for certificate not implemented");
|
---|
| 447 | return 0;
|
---|
| 448 | #endif
|
---|
| 449 |
|
---|
| 450 | case SSL_FILETYPE_PKCS12:
|
---|
| 451 | {
|
---|
| 452 | #ifdef HAVE_PKCS12_SUPPORT
|
---|
| 453 | FILE *f;
|
---|
| 454 | PKCS12 *p12;
|
---|
| 455 | EVP_PKEY *pri;
|
---|
| 456 | STACK_OF(X509) *ca = NULL;
|
---|
| 457 |
|
---|
| 458 | f = fopen(cert_file, "rb");
|
---|
| 459 | if(!f) {
|
---|
| 460 | failf(data, "could not open PKCS12 file '%s'", cert_file);
|
---|
| 461 | return 0;
|
---|
| 462 | }
|
---|
| 463 | p12 = d2i_PKCS12_fp(f, NULL);
|
---|
| 464 | fclose(f);
|
---|
| 465 |
|
---|
| 466 | if(!p12) {
|
---|
| 467 | failf(data, "error reading PKCS12 file '%s'", cert_file);
|
---|
| 468 | return 0;
|
---|
| 469 | }
|
---|
| 470 |
|
---|
| 471 | PKCS12_PBE_add();
|
---|
| 472 |
|
---|
| 473 | if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
|
---|
| 474 | &ca)) {
|
---|
| 475 | failf(data,
|
---|
| 476 | "could not parse PKCS12 file, check password, OpenSSL error %s",
|
---|
| 477 | ERR_error_string(ERR_get_error(), NULL) );
|
---|
| 478 | PKCS12_free(p12);
|
---|
| 479 | return 0;
|
---|
| 480 | }
|
---|
| 481 |
|
---|
| 482 | PKCS12_free(p12);
|
---|
| 483 |
|
---|
| 484 | if(SSL_CTX_use_certificate(ctx, x509) != 1) {
|
---|
| 485 | failf(data,
|
---|
| 486 | "could not load PKCS12 client certificate, OpenSSL error %s",
|
---|
| 487 | ERR_error_string(ERR_get_error(), NULL) );
|
---|
| 488 | goto fail;
|
---|
| 489 | }
|
---|
| 490 |
|
---|
| 491 | if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
|
---|
| 492 | failf(data, "unable to use private key from PKCS12 file '%s'",
|
---|
| 493 | cert_file);
|
---|
| 494 | goto fail;
|
---|
| 495 | }
|
---|
| 496 |
|
---|
| 497 | if(!SSL_CTX_check_private_key (ctx)) {
|
---|
| 498 | failf(data, "private key from PKCS12 file '%s' "
|
---|
| 499 | "does not match certificate in same file", cert_file);
|
---|
| 500 | goto fail;
|
---|
| 501 | }
|
---|
| 502 | /* Set Certificate Verification chain */
|
---|
| 503 | if(ca) {
|
---|
| 504 | while(sk_X509_num(ca)) {
|
---|
| 505 | /*
|
---|
| 506 | * Note that sk_X509_pop() is used below to make sure the cert is
|
---|
| 507 | * removed from the stack properly before getting passed to
|
---|
| 508 | * SSL_CTX_add_extra_chain_cert(). Previously we used
|
---|
| 509 | * sk_X509_value() instead, but then we'd clean it in the subsequent
|
---|
| 510 | * sk_X509_pop_free() call.
|
---|
| 511 | */
|
---|
| 512 | X509 *x = sk_X509_pop(ca);
|
---|
| 513 | if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
|
---|
| 514 | X509_free(x);
|
---|
| 515 | failf(data, "cannot add certificate to certificate chain");
|
---|
| 516 | goto fail;
|
---|
| 517 | }
|
---|
| 518 | /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
|
---|
| 519 | * presumably because it duplicates what we pass to it.
|
---|
| 520 | */
|
---|
| 521 | if(!SSL_CTX_add_client_CA(ctx, x)) {
|
---|
| 522 | failf(data, "cannot add certificate to client CA list");
|
---|
| 523 | goto fail;
|
---|
| 524 | }
|
---|
| 525 | }
|
---|
| 526 | }
|
---|
| 527 |
|
---|
| 528 | cert_done = 1;
|
---|
| 529 | fail:
|
---|
| 530 | EVP_PKEY_free(pri);
|
---|
| 531 | X509_free(x509);
|
---|
| 532 | sk_X509_pop_free(ca, X509_free);
|
---|
| 533 |
|
---|
| 534 | if(!cert_done)
|
---|
| 535 | return 0; /* failure! */
|
---|
| 536 | break;
|
---|
| 537 | #else
|
---|
| 538 | failf(data, "file type P12 for certificate not supported");
|
---|
| 539 | return 0;
|
---|
| 540 | #endif
|
---|
| 541 | }
|
---|
| 542 | default:
|
---|
| 543 | failf(data, "not supported file type '%s' for certificate", cert_type);
|
---|
| 544 | return 0;
|
---|
| 545 | }
|
---|
| 546 |
|
---|
| 547 | file_type = do_file_type(key_type);
|
---|
| 548 |
|
---|
| 549 | switch(file_type) {
|
---|
| 550 | case SSL_FILETYPE_PEM:
|
---|
| 551 | if(cert_done)
|
---|
| 552 | break;
|
---|
| 553 | if(!key_file)
|
---|
| 554 | /* cert & key can only be in PEM case in the same file */
|
---|
| 555 | key_file=cert_file;
|
---|
| 556 | case SSL_FILETYPE_ASN1:
|
---|
| 557 | if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
|
---|
| 558 | failf(data, "unable to set private key file: '%s' type %s",
|
---|
| 559 | key_file, key_type?key_type:"PEM");
|
---|
| 560 | return 0;
|
---|
| 561 | }
|
---|
| 562 | break;
|
---|
| 563 | case SSL_FILETYPE_ENGINE:
|
---|
| 564 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 565 | { /* XXXX still needs some work */
|
---|
| 566 | EVP_PKEY *priv_key = NULL;
|
---|
| 567 | if(data->state.engine) {
|
---|
| 568 | #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
|
---|
| 569 | UI_METHOD *ui_method =
|
---|
| 570 | UI_create_method((char *)"cURL user interface");
|
---|
| 571 | if(!ui_method) {
|
---|
| 572 | failf(data, "unable do create OpenSSL user-interface method");
|
---|
| 573 | return 0;
|
---|
| 574 | }
|
---|
| 575 | UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
|
---|
| 576 | UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
|
---|
| 577 | UI_method_set_reader(ui_method, ssl_ui_reader);
|
---|
| 578 | UI_method_set_writer(ui_method, ssl_ui_writer);
|
---|
| 579 | #endif
|
---|
| 580 | /* the typecast below was added to please mingw32 */
|
---|
| 581 | priv_key = (EVP_PKEY *)
|
---|
| 582 | ENGINE_load_private_key(data->state.engine, key_file,
|
---|
| 583 | #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
|
---|
| 584 | ui_method,
|
---|
| 585 | #endif
|
---|
| 586 | data->set.str[STRING_KEY_PASSWD]);
|
---|
| 587 | #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
|
---|
| 588 | UI_destroy_method(ui_method);
|
---|
| 589 | #endif
|
---|
| 590 | if(!priv_key) {
|
---|
| 591 | failf(data, "failed to load private key from crypto engine");
|
---|
| 592 | return 0;
|
---|
| 593 | }
|
---|
| 594 | if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
|
---|
| 595 | failf(data, "unable to set private key");
|
---|
| 596 | EVP_PKEY_free(priv_key);
|
---|
| 597 | return 0;
|
---|
| 598 | }
|
---|
| 599 | EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
|
---|
| 600 | }
|
---|
| 601 | else {
|
---|
| 602 | failf(data, "crypto engine not set, can't load private key");
|
---|
| 603 | return 0;
|
---|
| 604 | }
|
---|
| 605 | }
|
---|
| 606 | break;
|
---|
| 607 | #else
|
---|
| 608 | failf(data, "file type ENG for private key not supported");
|
---|
| 609 | return 0;
|
---|
| 610 | #endif
|
---|
| 611 | case SSL_FILETYPE_PKCS12:
|
---|
| 612 | if(!cert_done) {
|
---|
| 613 | failf(data, "file type P12 for private key not supported");
|
---|
| 614 | return 0;
|
---|
| 615 | }
|
---|
| 616 | break;
|
---|
| 617 | default:
|
---|
| 618 | failf(data, "not supported file type for private key");
|
---|
| 619 | return 0;
|
---|
| 620 | }
|
---|
| 621 |
|
---|
| 622 | ssl=SSL_new(ctx);
|
---|
| 623 | if(!ssl) {
|
---|
| 624 | failf(data, "unable to create an SSL structure");
|
---|
| 625 | return 0;
|
---|
| 626 | }
|
---|
| 627 |
|
---|
| 628 | x509=SSL_get_certificate(ssl);
|
---|
| 629 |
|
---|
| 630 | /* This version was provided by Evan Jordan and is supposed to not
|
---|
| 631 | leak memory as the previous version: */
|
---|
| 632 | if(x509) {
|
---|
| 633 | EVP_PKEY *pktmp = X509_get_pubkey(x509);
|
---|
| 634 | EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
|
---|
| 635 | EVP_PKEY_free(pktmp);
|
---|
| 636 | }
|
---|
| 637 |
|
---|
| 638 | SSL_free(ssl);
|
---|
| 639 |
|
---|
| 640 | /* If we are using DSA, we can copy the parameters from
|
---|
| 641 | * the private key */
|
---|
| 642 |
|
---|
| 643 |
|
---|
| 644 | /* Now we know that a key and cert have been set against
|
---|
| 645 | * the SSL context */
|
---|
| 646 | if(!SSL_CTX_check_private_key(ctx)) {
|
---|
| 647 | failf(data, "Private key does not match the certificate public key");
|
---|
| 648 | return 0;
|
---|
| 649 | }
|
---|
| 650 | }
|
---|
| 651 | return 1;
|
---|
| 652 | }
|
---|
| 653 |
|
---|
| 654 | /* returns non-zero on failure */
|
---|
| 655 | static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
|
---|
| 656 | {
|
---|
| 657 | #if 0
|
---|
| 658 | return X509_NAME_oneline(a, buf, size);
|
---|
| 659 | #else
|
---|
| 660 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
| 661 | BUF_MEM *biomem;
|
---|
| 662 | int rc;
|
---|
| 663 |
|
---|
| 664 | if(!bio_out)
|
---|
| 665 | return 1; /* alloc failed! */
|
---|
| 666 |
|
---|
| 667 | rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
|
---|
| 668 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
| 669 |
|
---|
| 670 | if((size_t)biomem->length < size)
|
---|
| 671 | size = biomem->length;
|
---|
| 672 | else
|
---|
| 673 | size--; /* don't overwrite the buffer end */
|
---|
| 674 |
|
---|
| 675 | memcpy(buf, biomem->data, size);
|
---|
| 676 | buf[size]=0;
|
---|
| 677 |
|
---|
| 678 | BIO_free(bio_out);
|
---|
| 679 |
|
---|
| 680 | return !rc;
|
---|
| 681 | #endif
|
---|
| 682 | }
|
---|
| 683 |
|
---|
| 684 | /* Return error string for last OpenSSL error
|
---|
| 685 | */
|
---|
| 686 | static char *SSL_strerror(unsigned long error, char *buf, size_t size)
|
---|
| 687 | {
|
---|
| 688 | /* OpenSSL 0.9.6 and later has a function named
|
---|
| 689 | ERR_error_string_n() that takes the size of the buffer as a
|
---|
| 690 | third argument */
|
---|
| 691 | ERR_error_string_n(error, buf, size);
|
---|
| 692 | return buf;
|
---|
| 693 | }
|
---|
| 694 |
|
---|
| 695 | /**
|
---|
| 696 | * Global SSL init
|
---|
| 697 | *
|
---|
| 698 | * @retval 0 error initializing SSL
|
---|
| 699 | * @retval 1 SSL initialized successfully
|
---|
| 700 | */
|
---|
| 701 | int Curl_ossl_init(void)
|
---|
| 702 | {
|
---|
| 703 | OPENSSL_load_builtin_modules();
|
---|
| 704 |
|
---|
| 705 | #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
---|
| 706 | ENGINE_load_builtin_engines();
|
---|
| 707 | #endif
|
---|
| 708 |
|
---|
| 709 | /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
|
---|
| 710 | that function makes an exit() call on wrongly formatted config files
|
---|
| 711 | which makes it hard to use in some situations. OPENSSL_config() itself
|
---|
| 712 | calls CONF_modules_load_file() and we use that instead and we ignore
|
---|
| 713 | its return code! */
|
---|
| 714 |
|
---|
| 715 | /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
|
---|
| 716 | 0.9.8e */
|
---|
| 717 | #ifndef CONF_MFLAGS_DEFAULT_SECTION
|
---|
| 718 | #define CONF_MFLAGS_DEFAULT_SECTION 0x0
|
---|
| 719 | #endif
|
---|
| 720 |
|
---|
| 721 | CONF_modules_load_file(NULL, NULL,
|
---|
| 722 | CONF_MFLAGS_DEFAULT_SECTION|
|
---|
| 723 | CONF_MFLAGS_IGNORE_MISSING_FILE);
|
---|
| 724 |
|
---|
| 725 | /* Lets get nice error messages */
|
---|
| 726 | SSL_load_error_strings();
|
---|
| 727 |
|
---|
| 728 | /* Init the global ciphers and digests */
|
---|
| 729 | if(!SSLeay_add_ssl_algorithms())
|
---|
| 730 | return 0;
|
---|
| 731 |
|
---|
| 732 | OpenSSL_add_all_algorithms();
|
---|
| 733 |
|
---|
| 734 | return 1;
|
---|
| 735 | }
|
---|
| 736 |
|
---|
| 737 | /* Global cleanup */
|
---|
| 738 | void Curl_ossl_cleanup(void)
|
---|
| 739 | {
|
---|
| 740 | /* Free ciphers and digests lists */
|
---|
| 741 | EVP_cleanup();
|
---|
| 742 |
|
---|
| 743 | #ifdef HAVE_ENGINE_CLEANUP
|
---|
| 744 | /* Free engine list */
|
---|
| 745 | ENGINE_cleanup();
|
---|
| 746 | #endif
|
---|
| 747 |
|
---|
| 748 | #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
|
---|
| 749 | /* Free OpenSSL ex_data table */
|
---|
| 750 | CRYPTO_cleanup_all_ex_data();
|
---|
| 751 | #endif
|
---|
| 752 |
|
---|
| 753 | /* Free OpenSSL error strings */
|
---|
| 754 | ERR_free_strings();
|
---|
| 755 |
|
---|
| 756 | /* Free thread local error state, destroying hash upon zero refcount */
|
---|
| 757 | #ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
---|
| 758 | ERR_remove_thread_state(NULL);
|
---|
| 759 | #else
|
---|
| 760 | ERR_remove_state(0);
|
---|
| 761 | #endif
|
---|
| 762 |
|
---|
| 763 | /* Free all memory allocated by all configuration modules */
|
---|
| 764 | CONF_modules_free();
|
---|
| 765 | }
|
---|
| 766 |
|
---|
| 767 | /*
|
---|
| 768 | * This function uses SSL_peek to determine connection status.
|
---|
| 769 | *
|
---|
| 770 | * Return codes:
|
---|
| 771 | * 1 means the connection is still in place
|
---|
| 772 | * 0 means the connection has been closed
|
---|
| 773 | * -1 means the connection status is unknown
|
---|
| 774 | */
|
---|
| 775 | int Curl_ossl_check_cxn(struct connectdata *conn)
|
---|
| 776 | {
|
---|
| 777 | int rc;
|
---|
| 778 | char buf;
|
---|
| 779 |
|
---|
| 780 | rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
|
---|
| 781 | if(rc > 0)
|
---|
| 782 | return 1; /* connection still in place */
|
---|
| 783 |
|
---|
| 784 | if(rc == 0)
|
---|
| 785 | return 0; /* connection has been closed */
|
---|
| 786 |
|
---|
| 787 | return -1; /* connection status unknown */
|
---|
| 788 | }
|
---|
| 789 |
|
---|
| 790 | /* Selects an OpenSSL crypto engine
|
---|
| 791 | */
|
---|
| 792 | CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
|
---|
| 793 | {
|
---|
| 794 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
| 795 | ENGINE *e;
|
---|
| 796 |
|
---|
| 797 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
| 798 | e = ENGINE_by_id(engine);
|
---|
| 799 | #else
|
---|
| 800 | /* avoid memory leak */
|
---|
| 801 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
| 802 | const char *e_id = ENGINE_get_id(e);
|
---|
| 803 | if(!strcmp(engine, e_id))
|
---|
| 804 | break;
|
---|
| 805 | }
|
---|
| 806 | #endif
|
---|
| 807 |
|
---|
| 808 | if(!e) {
|
---|
| 809 | failf(data, "SSL Engine '%s' not found", engine);
|
---|
| 810 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
| 811 | }
|
---|
| 812 |
|
---|
| 813 | if(data->state.engine) {
|
---|
| 814 | ENGINE_finish(data->state.engine);
|
---|
| 815 | ENGINE_free(data->state.engine);
|
---|
| 816 | data->state.engine = NULL;
|
---|
| 817 | }
|
---|
| 818 | if(!ENGINE_init(e)) {
|
---|
| 819 | char buf[256];
|
---|
| 820 |
|
---|
| 821 | ENGINE_free(e);
|
---|
| 822 | failf(data, "Failed to initialise SSL Engine '%s':\n%s",
|
---|
| 823 | engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
|
---|
| 824 | return CURLE_SSL_ENGINE_INITFAILED;
|
---|
| 825 | }
|
---|
| 826 | data->state.engine = e;
|
---|
| 827 | return CURLE_OK;
|
---|
| 828 | #else
|
---|
| 829 | (void)engine;
|
---|
| 830 | failf(data, "SSL Engine not supported");
|
---|
| 831 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
| 832 | #endif
|
---|
| 833 | }
|
---|
| 834 |
|
---|
| 835 | /* Sets engine as default for all SSL operations
|
---|
| 836 | */
|
---|
| 837 | CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
|
---|
| 838 | {
|
---|
| 839 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 840 | if(data->state.engine) {
|
---|
| 841 | if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
---|
| 842 | infof(data, "set default crypto engine '%s'\n",
|
---|
| 843 | ENGINE_get_id(data->state.engine));
|
---|
| 844 | }
|
---|
| 845 | else {
|
---|
| 846 | failf(data, "set default crypto engine '%s' failed",
|
---|
| 847 | ENGINE_get_id(data->state.engine));
|
---|
| 848 | return CURLE_SSL_ENGINE_SETFAILED;
|
---|
| 849 | }
|
---|
| 850 | }
|
---|
| 851 | #else
|
---|
| 852 | (void) data;
|
---|
| 853 | #endif
|
---|
| 854 | return CURLE_OK;
|
---|
| 855 | }
|
---|
| 856 |
|
---|
| 857 | /* Return list of OpenSSL crypto engine names.
|
---|
| 858 | */
|
---|
| 859 | struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
|
---|
| 860 | {
|
---|
| 861 | struct curl_slist *list = NULL;
|
---|
| 862 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
| 863 | struct curl_slist *beg;
|
---|
| 864 | ENGINE *e;
|
---|
| 865 |
|
---|
| 866 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
| 867 | beg = curl_slist_append(list, ENGINE_get_id(e));
|
---|
| 868 | if(!beg) {
|
---|
| 869 | curl_slist_free_all(list);
|
---|
| 870 | return NULL;
|
---|
| 871 | }
|
---|
| 872 | list = beg;
|
---|
| 873 | }
|
---|
| 874 | #endif
|
---|
| 875 | (void) data;
|
---|
| 876 | return list;
|
---|
| 877 | }
|
---|
| 878 |
|
---|
| 879 |
|
---|
| 880 | /*
|
---|
| 881 | * This function is called when an SSL connection is closed.
|
---|
| 882 | */
|
---|
| 883 | void Curl_ossl_close(struct connectdata *conn, int sockindex)
|
---|
| 884 | {
|
---|
| 885 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 886 |
|
---|
| 887 | if(connssl->handle) {
|
---|
| 888 | (void)SSL_shutdown(connssl->handle);
|
---|
| 889 | SSL_set_connect_state(connssl->handle);
|
---|
| 890 |
|
---|
| 891 | SSL_free (connssl->handle);
|
---|
| 892 | connssl->handle = NULL;
|
---|
| 893 | }
|
---|
| 894 | if(connssl->ctx) {
|
---|
| 895 | SSL_CTX_free (connssl->ctx);
|
---|
| 896 | connssl->ctx = NULL;
|
---|
| 897 | }
|
---|
| 898 | }
|
---|
| 899 |
|
---|
| 900 | /*
|
---|
| 901 | * This function is called to shut down the SSL layer but keep the
|
---|
| 902 | * socket open (CCC - Clear Command Channel)
|
---|
| 903 | */
|
---|
| 904 | int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
|
---|
| 905 | {
|
---|
| 906 | int retval = 0;
|
---|
| 907 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 908 | struct SessionHandle *data = conn->data;
|
---|
| 909 | char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
|
---|
| 910 | to be at least 120 bytes long. */
|
---|
| 911 | unsigned long sslerror;
|
---|
| 912 | ssize_t nread;
|
---|
| 913 | int buffsize;
|
---|
| 914 | int err;
|
---|
| 915 | int done = 0;
|
---|
| 916 |
|
---|
| 917 | /* This has only been tested on the proftpd server, and the mod_tls code
|
---|
| 918 | sends a close notify alert without waiting for a close notify alert in
|
---|
| 919 | response. Thus we wait for a close notify alert from the server, but
|
---|
| 920 | we do not send one. Let's hope other servers do the same... */
|
---|
| 921 |
|
---|
| 922 | if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
---|
| 923 | (void)SSL_shutdown(connssl->handle);
|
---|
| 924 |
|
---|
| 925 | if(connssl->handle) {
|
---|
| 926 | buffsize = (int)sizeof(buf);
|
---|
| 927 | while(!done) {
|
---|
| 928 | int what = Curl_socket_ready(conn->sock[sockindex],
|
---|
| 929 | CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
|
---|
| 930 | if(what > 0) {
|
---|
| 931 | ERR_clear_error();
|
---|
| 932 |
|
---|
| 933 | /* Something to read, let's do it and hope that it is the close
|
---|
| 934 | notify alert from the server */
|
---|
| 935 | nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
|
---|
| 936 | buffsize);
|
---|
| 937 | err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
|
---|
| 938 |
|
---|
| 939 | switch(err) {
|
---|
| 940 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
| 941 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
| 942 | /* This is the expected response. There was no data but only
|
---|
| 943 | the close notify alert */
|
---|
| 944 | done = 1;
|
---|
| 945 | break;
|
---|
| 946 | case SSL_ERROR_WANT_READ:
|
---|
| 947 | /* there's data pending, re-invoke SSL_read() */
|
---|
| 948 | infof(data, "SSL_ERROR_WANT_READ\n");
|
---|
| 949 | break;
|
---|
| 950 | case SSL_ERROR_WANT_WRITE:
|
---|
| 951 | /* SSL wants a write. Really odd. Let's bail out. */
|
---|
| 952 | infof(data, "SSL_ERROR_WANT_WRITE\n");
|
---|
| 953 | done = 1;
|
---|
| 954 | break;
|
---|
| 955 | default:
|
---|
| 956 | /* openssl/ssl.h says "look at error stack/return value/errno" */
|
---|
| 957 | sslerror = ERR_get_error();
|
---|
| 958 | failf(conn->data, "SSL read: %s, errno %d",
|
---|
| 959 | ERR_error_string(sslerror, buf),
|
---|
| 960 | SOCKERRNO);
|
---|
| 961 | done = 1;
|
---|
| 962 | break;
|
---|
| 963 | }
|
---|
| 964 | }
|
---|
| 965 | else if(0 == what) {
|
---|
| 966 | /* timeout */
|
---|
| 967 | failf(data, "SSL shutdown timeout");
|
---|
| 968 | done = 1;
|
---|
| 969 | }
|
---|
| 970 | else {
|
---|
| 971 | /* anything that gets here is fatally bad */
|
---|
| 972 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
| 973 | retval = -1;
|
---|
| 974 | done = 1;
|
---|
| 975 | }
|
---|
| 976 | } /* while()-loop for the select() */
|
---|
| 977 |
|
---|
| 978 | if(data->set.verbose) {
|
---|
| 979 | #ifdef HAVE_SSL_GET_SHUTDOWN
|
---|
| 980 | switch(SSL_get_shutdown(connssl->handle)) {
|
---|
| 981 | case SSL_SENT_SHUTDOWN:
|
---|
| 982 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
|
---|
| 983 | break;
|
---|
| 984 | case SSL_RECEIVED_SHUTDOWN:
|
---|
| 985 | infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
|
---|
| 986 | break;
|
---|
| 987 | case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
|
---|
| 988 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
|
---|
| 989 | "SSL_RECEIVED__SHUTDOWN\n");
|
---|
| 990 | break;
|
---|
| 991 | }
|
---|
| 992 | #endif
|
---|
| 993 | }
|
---|
| 994 |
|
---|
| 995 | SSL_free (connssl->handle);
|
---|
| 996 | connssl->handle = NULL;
|
---|
| 997 | }
|
---|
| 998 | return retval;
|
---|
| 999 | }
|
---|
| 1000 |
|
---|
| 1001 | void Curl_ossl_session_free(void *ptr)
|
---|
| 1002 | {
|
---|
| 1003 | /* free the ID */
|
---|
| 1004 | SSL_SESSION_free(ptr);
|
---|
| 1005 | }
|
---|
| 1006 |
|
---|
| 1007 | /*
|
---|
| 1008 | * This function is called when the 'data' struct is going away. Close
|
---|
| 1009 | * down everything and free all resources!
|
---|
| 1010 | */
|
---|
| 1011 | void Curl_ossl_close_all(struct SessionHandle *data)
|
---|
| 1012 | {
|
---|
| 1013 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 1014 | if(data->state.engine) {
|
---|
| 1015 | ENGINE_finish(data->state.engine);
|
---|
| 1016 | ENGINE_free(data->state.engine);
|
---|
| 1017 | data->state.engine = NULL;
|
---|
| 1018 | }
|
---|
| 1019 | #else
|
---|
| 1020 | (void)data;
|
---|
| 1021 | #endif
|
---|
| 1022 | }
|
---|
| 1023 |
|
---|
| 1024 | /* ====================================================== */
|
---|
| 1025 |
|
---|
| 1026 |
|
---|
| 1027 | /* Quote from RFC2818 section 3.1 "Server Identity"
|
---|
| 1028 |
|
---|
| 1029 | If a subjectAltName extension of type dNSName is present, that MUST
|
---|
| 1030 | be used as the identity. Otherwise, the (most specific) Common Name
|
---|
| 1031 | field in the Subject field of the certificate MUST be used. Although
|
---|
| 1032 | the use of the Common Name is existing practice, it is deprecated and
|
---|
| 1033 | Certification Authorities are encouraged to use the dNSName instead.
|
---|
| 1034 |
|
---|
| 1035 | Matching is performed using the matching rules specified by
|
---|
| 1036 | [RFC2459]. If more than one identity of a given type is present in
|
---|
| 1037 | the certificate (e.g., more than one dNSName name, a match in any one
|
---|
| 1038 | of the set is considered acceptable.) Names may contain the wildcard
|
---|
| 1039 | character * which is considered to match any single domain name
|
---|
| 1040 | component or component fragment. E.g., *.a.com matches foo.a.com but
|
---|
| 1041 | not bar.foo.a.com. f*.com matches foo.com but not bar.com.
|
---|
| 1042 |
|
---|
| 1043 | In some cases, the URI is specified as an IP address rather than a
|
---|
| 1044 | hostname. In this case, the iPAddress subjectAltName must be present
|
---|
| 1045 | in the certificate and must exactly match the IP in the URI.
|
---|
| 1046 |
|
---|
| 1047 | */
|
---|
| 1048 | static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
|
---|
| 1049 | {
|
---|
| 1050 | int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
|
---|
| 1051 | means mismatch */
|
---|
| 1052 | int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
|
---|
| 1053 | size_t addrlen = 0;
|
---|
| 1054 | struct SessionHandle *data = conn->data;
|
---|
| 1055 | STACK_OF(GENERAL_NAME) *altnames;
|
---|
| 1056 | #ifdef ENABLE_IPV6
|
---|
| 1057 | struct in6_addr addr;
|
---|
| 1058 | #else
|
---|
| 1059 | struct in_addr addr;
|
---|
| 1060 | #endif
|
---|
| 1061 | CURLcode result = CURLE_OK;
|
---|
| 1062 |
|
---|
| 1063 | #ifdef ENABLE_IPV6
|
---|
| 1064 | if(conn->bits.ipv6_ip &&
|
---|
| 1065 | Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
|
---|
| 1066 | target = GEN_IPADD;
|
---|
| 1067 | addrlen = sizeof(struct in6_addr);
|
---|
| 1068 | }
|
---|
| 1069 | else
|
---|
| 1070 | #endif
|
---|
| 1071 | if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
|
---|
| 1072 | target = GEN_IPADD;
|
---|
| 1073 | addrlen = sizeof(struct in_addr);
|
---|
| 1074 | }
|
---|
| 1075 |
|
---|
| 1076 | /* get a "list" of alternative names */
|
---|
| 1077 | altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
|
---|
| 1078 |
|
---|
| 1079 | if(altnames) {
|
---|
| 1080 | int numalts;
|
---|
| 1081 | int i;
|
---|
| 1082 |
|
---|
| 1083 | /* get amount of alternatives, RFC2459 claims there MUST be at least
|
---|
| 1084 | one, but we don't depend on it... */
|
---|
| 1085 | numalts = sk_GENERAL_NAME_num(altnames);
|
---|
| 1086 |
|
---|
| 1087 | /* loop through all alternatives while none has matched */
|
---|
| 1088 | for(i=0; (i<numalts) && (matched != 1); i++) {
|
---|
| 1089 | /* get a handle to alternative name number i */
|
---|
| 1090 | const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
|
---|
| 1091 |
|
---|
| 1092 | /* only check alternatives of the same type the target is */
|
---|
| 1093 | if(check->type == target) {
|
---|
| 1094 | /* get data and length */
|
---|
| 1095 | const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
|
---|
| 1096 | size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
|
---|
| 1097 |
|
---|
| 1098 | switch(target) {
|
---|
| 1099 | case GEN_DNS: /* name/pattern comparison */
|
---|
| 1100 | /* The OpenSSL man page explicitly says: "In general it cannot be
|
---|
| 1101 | assumed that the data returned by ASN1_STRING_data() is null
|
---|
| 1102 | terminated or does not contain embedded nulls." But also that
|
---|
| 1103 | "The actual format of the data will depend on the actual string
|
---|
| 1104 | type itself: for example for and IA5String the data will be ASCII"
|
---|
| 1105 |
|
---|
| 1106 | Gisle researched the OpenSSL sources:
|
---|
| 1107 | "I checked the 0.9.6 and 0.9.8 sources before my patch and
|
---|
| 1108 | it always 0-terminates an IA5String."
|
---|
| 1109 | */
|
---|
| 1110 | if((altlen == strlen(altptr)) &&
|
---|
| 1111 | /* if this isn't true, there was an embedded zero in the name
|
---|
| 1112 | string and we cannot match it. */
|
---|
| 1113 | Curl_cert_hostcheck(altptr, conn->host.name))
|
---|
| 1114 | matched = 1;
|
---|
| 1115 | else
|
---|
| 1116 | matched = 0;
|
---|
| 1117 | break;
|
---|
| 1118 |
|
---|
| 1119 | case GEN_IPADD: /* IP address comparison */
|
---|
| 1120 | /* compare alternative IP address if the data chunk is the same size
|
---|
| 1121 | our server IP address is */
|
---|
| 1122 | if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
|
---|
| 1123 | matched = 1;
|
---|
| 1124 | else
|
---|
| 1125 | matched = 0;
|
---|
| 1126 | break;
|
---|
| 1127 | }
|
---|
| 1128 | }
|
---|
| 1129 | }
|
---|
| 1130 | GENERAL_NAMES_free(altnames);
|
---|
| 1131 | }
|
---|
| 1132 |
|
---|
| 1133 | if(matched == 1)
|
---|
| 1134 | /* an alternative name matched the server hostname */
|
---|
| 1135 | infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
|
---|
| 1136 | else if(matched == 0) {
|
---|
| 1137 | /* an alternative name field existed, but didn't match and then
|
---|
| 1138 | we MUST fail */
|
---|
| 1139 | infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
|
---|
| 1140 | failf(data, "SSL: no alternative certificate subject name matches "
|
---|
| 1141 | "target host name '%s'", conn->host.dispname);
|
---|
| 1142 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1143 | }
|
---|
| 1144 | else {
|
---|
| 1145 | /* we have to look to the last occurrence of a commonName in the
|
---|
| 1146 | distinguished one to get the most significant one. */
|
---|
| 1147 | int j, i=-1;
|
---|
| 1148 |
|
---|
| 1149 | /* The following is done because of a bug in 0.9.6b */
|
---|
| 1150 |
|
---|
| 1151 | unsigned char *nulstr = (unsigned char *)"";
|
---|
| 1152 | unsigned char *peer_CN = nulstr;
|
---|
| 1153 |
|
---|
| 1154 | X509_NAME *name = X509_get_subject_name(server_cert);
|
---|
| 1155 | if(name)
|
---|
| 1156 | while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
|
---|
| 1157 | i=j;
|
---|
| 1158 |
|
---|
| 1159 | /* we have the name entry and we will now convert this to a string
|
---|
| 1160 | that we can use for comparison. Doing this we support BMPstring,
|
---|
| 1161 | UTF8 etc. */
|
---|
| 1162 |
|
---|
| 1163 | if(i>=0) {
|
---|
| 1164 | ASN1_STRING *tmp =
|
---|
| 1165 | X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
|
---|
| 1166 |
|
---|
| 1167 | /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
|
---|
| 1168 | is already UTF-8 encoded. We check for this case and copy the raw
|
---|
| 1169 | string manually to avoid the problem. This code can be made
|
---|
| 1170 | conditional in the future when OpenSSL has been fixed. Work-around
|
---|
| 1171 | brought by Alexis S. L. Carvalho. */
|
---|
| 1172 | if(tmp) {
|
---|
| 1173 | if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
|
---|
| 1174 | j = ASN1_STRING_length(tmp);
|
---|
| 1175 | if(j >= 0) {
|
---|
| 1176 | peer_CN = OPENSSL_malloc(j+1);
|
---|
| 1177 | if(peer_CN) {
|
---|
| 1178 | memcpy(peer_CN, ASN1_STRING_data(tmp), j);
|
---|
| 1179 | peer_CN[j] = '\0';
|
---|
| 1180 | }
|
---|
| 1181 | }
|
---|
| 1182 | }
|
---|
| 1183 | else /* not a UTF8 name */
|
---|
| 1184 | j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
|
---|
| 1185 |
|
---|
| 1186 | if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
|
---|
| 1187 | /* there was a terminating zero before the end of string, this
|
---|
| 1188 | cannot match and we return failure! */
|
---|
| 1189 | failf(data, "SSL: illegal cert name field");
|
---|
| 1190 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1191 | }
|
---|
| 1192 | }
|
---|
| 1193 | }
|
---|
| 1194 |
|
---|
| 1195 | if(peer_CN == nulstr)
|
---|
| 1196 | peer_CN = NULL;
|
---|
| 1197 | else {
|
---|
| 1198 | /* convert peer_CN from UTF8 */
|
---|
| 1199 | CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
|
---|
| 1200 | /* Curl_convert_from_utf8 calls failf if unsuccessful */
|
---|
| 1201 | if(rc) {
|
---|
| 1202 | OPENSSL_free(peer_CN);
|
---|
| 1203 | return rc;
|
---|
| 1204 | }
|
---|
| 1205 | }
|
---|
| 1206 |
|
---|
| 1207 | if(result)
|
---|
| 1208 | /* error already detected, pass through */
|
---|
| 1209 | ;
|
---|
| 1210 | else if(!peer_CN) {
|
---|
| 1211 | failf(data,
|
---|
| 1212 | "SSL: unable to obtain common name from peer certificate");
|
---|
| 1213 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1214 | }
|
---|
| 1215 | else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
|
---|
| 1216 | failf(data, "SSL: certificate subject name '%s' does not match "
|
---|
| 1217 | "target host name '%s'", peer_CN, conn->host.dispname);
|
---|
| 1218 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1219 | }
|
---|
| 1220 | else {
|
---|
| 1221 | infof(data, "\t common name: %s (matched)\n", peer_CN);
|
---|
| 1222 | }
|
---|
| 1223 | if(peer_CN)
|
---|
| 1224 | OPENSSL_free(peer_CN);
|
---|
| 1225 | }
|
---|
| 1226 |
|
---|
| 1227 | return result;
|
---|
| 1228 | }
|
---|
| 1229 |
|
---|
| 1230 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 1231 | !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 1232 | static CURLcode verifystatus(struct connectdata *conn,
|
---|
| 1233 | struct ssl_connect_data *connssl)
|
---|
| 1234 | {
|
---|
| 1235 | int i, ocsp_status;
|
---|
| 1236 | const unsigned char *p;
|
---|
| 1237 | CURLcode result = CURLE_OK;
|
---|
| 1238 | struct SessionHandle *data = conn->data;
|
---|
| 1239 |
|
---|
| 1240 | OCSP_RESPONSE *rsp = NULL;
|
---|
| 1241 | OCSP_BASICRESP *br = NULL;
|
---|
| 1242 | X509_STORE *st = NULL;
|
---|
| 1243 | STACK_OF(X509) *ch = NULL;
|
---|
| 1244 |
|
---|
| 1245 | long len = SSL_get_tlsext_status_ocsp_resp(connssl->handle, &p);
|
---|
| 1246 |
|
---|
| 1247 | if(!p) {
|
---|
| 1248 | failf(data, "No OCSP response received");
|
---|
| 1249 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1250 | goto end;
|
---|
| 1251 | }
|
---|
| 1252 |
|
---|
| 1253 | rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
|
---|
| 1254 | if(!rsp) {
|
---|
| 1255 | failf(data, "Invalid OCSP response");
|
---|
| 1256 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1257 | goto end;
|
---|
| 1258 | }
|
---|
| 1259 |
|
---|
| 1260 | ocsp_status = OCSP_response_status(rsp);
|
---|
| 1261 | if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
|
---|
| 1262 | failf(data, "Invalid OCSP response status: %s (%d)",
|
---|
| 1263 | OCSP_response_status_str(ocsp_status), ocsp_status);
|
---|
| 1264 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1265 | goto end;
|
---|
| 1266 | }
|
---|
| 1267 |
|
---|
| 1268 | br = OCSP_response_get1_basic(rsp);
|
---|
| 1269 | if(!br) {
|
---|
| 1270 | failf(data, "Invalid OCSP response");
|
---|
| 1271 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1272 | goto end;
|
---|
| 1273 | }
|
---|
| 1274 |
|
---|
| 1275 | ch = SSL_get_peer_cert_chain(connssl->handle);
|
---|
| 1276 | st = SSL_CTX_get_cert_store(connssl->ctx);
|
---|
| 1277 |
|
---|
| 1278 | #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
|
---|
| 1279 | defined(LIBRESSL_VERSION_NUMBER))
|
---|
| 1280 | /* The authorized responder cert in the OCSP response MUST be signed by the
|
---|
| 1281 | peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
|
---|
| 1282 | no problem, but if it's an intermediate cert OpenSSL has a bug where it
|
---|
| 1283 | expects this issuer to be present in the chain embedded in the OCSP
|
---|
| 1284 | response. So we add it if necessary. */
|
---|
| 1285 |
|
---|
| 1286 | /* First make sure the peer cert chain includes both a peer and an issuer,
|
---|
| 1287 | and the OCSP response contains a responder cert. */
|
---|
| 1288 | if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
|
---|
| 1289 | X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
|
---|
| 1290 |
|
---|
| 1291 | /* Find issuer of responder cert and add it to the OCSP response chain */
|
---|
| 1292 | for(i = 0; i < sk_X509_num(ch); i++) {
|
---|
| 1293 | X509 *issuer = sk_X509_value(ch, i);
|
---|
| 1294 | if(X509_check_issued(issuer, responder) == X509_V_OK) {
|
---|
| 1295 | if(!OCSP_basic_add1_cert(br, issuer)) {
|
---|
| 1296 | failf(data, "Could not add issuer cert to OCSP response");
|
---|
| 1297 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1298 | goto end;
|
---|
| 1299 | }
|
---|
| 1300 | }
|
---|
| 1301 | }
|
---|
| 1302 | }
|
---|
| 1303 | #endif
|
---|
| 1304 |
|
---|
| 1305 | if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
|
---|
| 1306 | failf(data, "OCSP response verification failed");
|
---|
| 1307 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1308 | goto end;
|
---|
| 1309 | }
|
---|
| 1310 |
|
---|
| 1311 | for(i = 0; i < OCSP_resp_count(br); i++) {
|
---|
| 1312 | int cert_status, crl_reason;
|
---|
| 1313 | OCSP_SINGLERESP *single = NULL;
|
---|
| 1314 |
|
---|
| 1315 | ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
|
---|
| 1316 |
|
---|
| 1317 | if(!(single = OCSP_resp_get0(br, i)))
|
---|
| 1318 | continue;
|
---|
| 1319 |
|
---|
| 1320 | cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
|
---|
| 1321 | &thisupd, &nextupd);
|
---|
| 1322 |
|
---|
| 1323 | if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
|
---|
| 1324 | failf(data, "OCSP response has expired");
|
---|
| 1325 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1326 | goto end;
|
---|
| 1327 | }
|
---|
| 1328 |
|
---|
| 1329 | infof(data, "SSL certificate status: %s (%d)\n",
|
---|
| 1330 | OCSP_cert_status_str(cert_status), cert_status);
|
---|
| 1331 |
|
---|
| 1332 | switch(cert_status) {
|
---|
| 1333 | case V_OCSP_CERTSTATUS_GOOD:
|
---|
| 1334 | break;
|
---|
| 1335 |
|
---|
| 1336 | case V_OCSP_CERTSTATUS_REVOKED:
|
---|
| 1337 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1338 |
|
---|
| 1339 | failf(data, "SSL certificate revocation reason: %s (%d)",
|
---|
| 1340 | OCSP_crl_reason_str(crl_reason), crl_reason);
|
---|
| 1341 | goto end;
|
---|
| 1342 |
|
---|
| 1343 | case V_OCSP_CERTSTATUS_UNKNOWN:
|
---|
| 1344 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1345 | goto end;
|
---|
| 1346 | }
|
---|
| 1347 | }
|
---|
| 1348 |
|
---|
| 1349 | end:
|
---|
| 1350 | if(br) OCSP_BASICRESP_free(br);
|
---|
| 1351 | OCSP_RESPONSE_free(rsp);
|
---|
| 1352 |
|
---|
| 1353 | return result;
|
---|
| 1354 | }
|
---|
| 1355 | #endif
|
---|
| 1356 |
|
---|
| 1357 | #endif /* USE_OPENSSL */
|
---|
| 1358 |
|
---|
| 1359 | /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
|
---|
| 1360 | and thus this cannot be done there. */
|
---|
| 1361 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
| 1362 |
|
---|
| 1363 | static const char *ssl_msg_type(int ssl_ver, int msg)
|
---|
| 1364 | {
|
---|
| 1365 | #ifdef SSL2_VERSION_MAJOR
|
---|
| 1366 | if(ssl_ver == SSL2_VERSION_MAJOR) {
|
---|
| 1367 | switch (msg) {
|
---|
| 1368 | case SSL2_MT_ERROR:
|
---|
| 1369 | return "Error";
|
---|
| 1370 | case SSL2_MT_CLIENT_HELLO:
|
---|
| 1371 | return "Client hello";
|
---|
| 1372 | case SSL2_MT_CLIENT_MASTER_KEY:
|
---|
| 1373 | return "Client key";
|
---|
| 1374 | case SSL2_MT_CLIENT_FINISHED:
|
---|
| 1375 | return "Client finished";
|
---|
| 1376 | case SSL2_MT_SERVER_HELLO:
|
---|
| 1377 | return "Server hello";
|
---|
| 1378 | case SSL2_MT_SERVER_VERIFY:
|
---|
| 1379 | return "Server verify";
|
---|
| 1380 | case SSL2_MT_SERVER_FINISHED:
|
---|
| 1381 | return "Server finished";
|
---|
| 1382 | case SSL2_MT_REQUEST_CERTIFICATE:
|
---|
| 1383 | return "Request CERT";
|
---|
| 1384 | case SSL2_MT_CLIENT_CERTIFICATE:
|
---|
| 1385 | return "Client CERT";
|
---|
| 1386 | }
|
---|
| 1387 | }
|
---|
| 1388 | else
|
---|
| 1389 | #endif
|
---|
| 1390 | if(ssl_ver == SSL3_VERSION_MAJOR) {
|
---|
| 1391 | switch (msg) {
|
---|
| 1392 | case SSL3_MT_HELLO_REQUEST:
|
---|
| 1393 | return "Hello request";
|
---|
| 1394 | case SSL3_MT_CLIENT_HELLO:
|
---|
| 1395 | return "Client hello";
|
---|
| 1396 | case SSL3_MT_SERVER_HELLO:
|
---|
| 1397 | return "Server hello";
|
---|
| 1398 | #ifdef SSL3_MT_NEWSESSION_TICKET
|
---|
| 1399 | case SSL3_MT_NEWSESSION_TICKET:
|
---|
| 1400 | return "Newsession Ticket";
|
---|
| 1401 | #endif
|
---|
| 1402 | case SSL3_MT_CERTIFICATE:
|
---|
| 1403 | return "Certificate";
|
---|
| 1404 | case SSL3_MT_SERVER_KEY_EXCHANGE:
|
---|
| 1405 | return "Server key exchange";
|
---|
| 1406 | case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
---|
| 1407 | return "Client key exchange";
|
---|
| 1408 | case SSL3_MT_CERTIFICATE_REQUEST:
|
---|
| 1409 | return "Request CERT";
|
---|
| 1410 | case SSL3_MT_SERVER_DONE:
|
---|
| 1411 | return "Server finished";
|
---|
| 1412 | case SSL3_MT_CERTIFICATE_VERIFY:
|
---|
| 1413 | return "CERT verify";
|
---|
| 1414 | case SSL3_MT_FINISHED:
|
---|
| 1415 | return "Finished";
|
---|
| 1416 | #ifdef SSL3_MT_CERTIFICATE_STATUS
|
---|
| 1417 | case SSL3_MT_CERTIFICATE_STATUS:
|
---|
| 1418 | return "Certificate Status";
|
---|
| 1419 | #endif
|
---|
| 1420 | }
|
---|
| 1421 | }
|
---|
| 1422 | return "Unknown";
|
---|
| 1423 | }
|
---|
| 1424 |
|
---|
| 1425 | static const char *tls_rt_type(int type)
|
---|
| 1426 | {
|
---|
| 1427 | switch(type) {
|
---|
| 1428 | #ifdef SSL3_RT_HEADER
|
---|
| 1429 | case SSL3_RT_HEADER:
|
---|
| 1430 | return "TLS header";
|
---|
| 1431 | #endif
|
---|
| 1432 | case SSL3_RT_CHANGE_CIPHER_SPEC:
|
---|
| 1433 | return "TLS change cipher";
|
---|
| 1434 | case SSL3_RT_ALERT:
|
---|
| 1435 | return "TLS alert";
|
---|
| 1436 | case SSL3_RT_HANDSHAKE:
|
---|
| 1437 | return "TLS handshake";
|
---|
| 1438 | case SSL3_RT_APPLICATION_DATA:
|
---|
| 1439 | return "TLS app data";
|
---|
| 1440 | default:
|
---|
| 1441 | return "TLS Unknown";
|
---|
| 1442 | }
|
---|
| 1443 | }
|
---|
| 1444 |
|
---|
| 1445 |
|
---|
| 1446 | /*
|
---|
| 1447 | * Our callback from the SSL/TLS layers.
|
---|
| 1448 | */
|
---|
| 1449 | static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
---|
| 1450 | const void *buf, size_t len, SSL *ssl,
|
---|
| 1451 | void *userp)
|
---|
| 1452 | {
|
---|
| 1453 | struct SessionHandle *data;
|
---|
| 1454 | const char *msg_name, *tls_rt_name;
|
---|
| 1455 | char ssl_buf[1024];
|
---|
| 1456 | char unknown[32];
|
---|
| 1457 | int msg_type, txt_len;
|
---|
| 1458 | const char *verstr = NULL;
|
---|
| 1459 | struct connectdata *conn = userp;
|
---|
| 1460 |
|
---|
| 1461 | if(!conn || !conn->data || !conn->data->set.fdebug ||
|
---|
| 1462 | (direction != 0 && direction != 1))
|
---|
| 1463 | return;
|
---|
| 1464 |
|
---|
| 1465 | data = conn->data;
|
---|
| 1466 |
|
---|
| 1467 | switch(ssl_ver) {
|
---|
| 1468 | #ifdef SSL2_VERSION /* removed in recent versions */
|
---|
| 1469 | case SSL2_VERSION:
|
---|
| 1470 | verstr = "SSLv2";
|
---|
| 1471 | break;
|
---|
| 1472 | #endif
|
---|
| 1473 | #ifdef SSL3_VERSION
|
---|
| 1474 | case SSL3_VERSION:
|
---|
| 1475 | verstr = "SSLv3";
|
---|
| 1476 | break;
|
---|
| 1477 | #endif
|
---|
| 1478 | case TLS1_VERSION:
|
---|
| 1479 | verstr = "TLSv1.0";
|
---|
| 1480 | break;
|
---|
| 1481 | #ifdef TLS1_1_VERSION
|
---|
| 1482 | case TLS1_1_VERSION:
|
---|
| 1483 | verstr = "TLSv1.1";
|
---|
| 1484 | break;
|
---|
| 1485 | #endif
|
---|
| 1486 | #ifdef TLS1_2_VERSION
|
---|
| 1487 | case TLS1_2_VERSION:
|
---|
| 1488 | verstr = "TLSv1.2";
|
---|
| 1489 | break;
|
---|
| 1490 | #endif
|
---|
| 1491 | case 0:
|
---|
| 1492 | break;
|
---|
| 1493 | default:
|
---|
| 1494 | snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
---|
| 1495 | verstr = unknown;
|
---|
| 1496 | break;
|
---|
| 1497 | }
|
---|
| 1498 |
|
---|
| 1499 | if(ssl_ver) {
|
---|
| 1500 | /* the info given when the version is zero is not that useful for us */
|
---|
| 1501 |
|
---|
| 1502 | ssl_ver >>= 8; /* check the upper 8 bits only below */
|
---|
| 1503 |
|
---|
| 1504 | /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
---|
| 1505 | * always pass-up content-type as 0. But the interesting message-type
|
---|
| 1506 | * is at 'buf[0]'.
|
---|
| 1507 | */
|
---|
| 1508 | if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
---|
| 1509 | tls_rt_name = tls_rt_type(content_type);
|
---|
| 1510 | else
|
---|
| 1511 | tls_rt_name = "";
|
---|
| 1512 |
|
---|
| 1513 | msg_type = *(char*)buf;
|
---|
| 1514 | msg_name = ssl_msg_type(ssl_ver, msg_type);
|
---|
| 1515 |
|
---|
| 1516 | txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
---|
| 1517 | verstr, direction?"OUT":"IN",
|
---|
| 1518 | tls_rt_name, msg_name, msg_type);
|
---|
| 1519 | Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
---|
| 1520 | }
|
---|
| 1521 |
|
---|
| 1522 | Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
---|
| 1523 | CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
---|
| 1524 | (void) ssl;
|
---|
| 1525 | }
|
---|
| 1526 | #endif
|
---|
| 1527 |
|
---|
| 1528 | #ifdef USE_OPENSSL
|
---|
| 1529 | /* ====================================================== */
|
---|
| 1530 |
|
---|
| 1531 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 1532 | # define use_sni(x) sni = (x)
|
---|
| 1533 | #else
|
---|
| 1534 | # define use_sni(x) Curl_nop_stmt
|
---|
| 1535 | #endif
|
---|
| 1536 |
|
---|
| 1537 | /* Check for OpenSSL 1.0.2 which has ALPN support. */
|
---|
| 1538 | #undef HAS_ALPN
|
---|
| 1539 | #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
|
---|
| 1540 | && !defined(OPENSSL_NO_TLSEXT)
|
---|
| 1541 | # define HAS_ALPN 1
|
---|
| 1542 | #endif
|
---|
| 1543 |
|
---|
| 1544 | /* Check for OpenSSL 1.0.1 which has NPN support. */
|
---|
| 1545 | #undef HAS_NPN
|
---|
| 1546 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L \
|
---|
| 1547 | && !defined(OPENSSL_NO_TLSEXT) \
|
---|
| 1548 | && !defined(OPENSSL_NO_NEXTPROTONEG)
|
---|
| 1549 | # define HAS_NPN 1
|
---|
| 1550 | #endif
|
---|
| 1551 |
|
---|
| 1552 | #ifdef HAS_NPN
|
---|
| 1553 |
|
---|
| 1554 | /*
|
---|
| 1555 | * in is a list of lenght prefixed strings. this function has to select
|
---|
| 1556 | * the protocol we want to use from the list and write its string into out.
|
---|
| 1557 | */
|
---|
| 1558 |
|
---|
| 1559 | static int
|
---|
| 1560 | select_next_protocol(unsigned char **out, unsigned char *outlen,
|
---|
| 1561 | const unsigned char *in, unsigned int inlen,
|
---|
| 1562 | const char *key, unsigned int keylen)
|
---|
| 1563 | {
|
---|
| 1564 | unsigned int i;
|
---|
| 1565 | for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
|
---|
| 1566 | if(memcmp(&in[i + 1], key, keylen) == 0) {
|
---|
| 1567 | *out = (unsigned char *) &in[i + 1];
|
---|
| 1568 | *outlen = in[i];
|
---|
| 1569 | return 0;
|
---|
| 1570 | }
|
---|
| 1571 | }
|
---|
| 1572 | return -1;
|
---|
| 1573 | }
|
---|
| 1574 |
|
---|
| 1575 | static int
|
---|
| 1576 | select_next_proto_cb(SSL *ssl,
|
---|
| 1577 | unsigned char **out, unsigned char *outlen,
|
---|
| 1578 | const unsigned char *in, unsigned int inlen,
|
---|
| 1579 | void *arg)
|
---|
| 1580 | {
|
---|
| 1581 | struct connectdata *conn = (struct connectdata*) arg;
|
---|
| 1582 |
|
---|
| 1583 | (void)ssl;
|
---|
| 1584 |
|
---|
| 1585 | #ifdef USE_NGHTTP2
|
---|
| 1586 | if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
| 1587 | !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
|
---|
| 1588 | NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
---|
| 1589 | infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
|
---|
| 1590 | NGHTTP2_PROTO_VERSION_ID);
|
---|
| 1591 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
| 1592 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1593 | }
|
---|
| 1594 | #endif
|
---|
| 1595 |
|
---|
| 1596 | if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
|
---|
| 1597 | ALPN_HTTP_1_1_LENGTH)) {
|
---|
| 1598 | infof(conn->data, "NPN, negotiated HTTP1.1\n");
|
---|
| 1599 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 1600 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1601 | }
|
---|
| 1602 |
|
---|
| 1603 | infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
|
---|
| 1604 | *out = (unsigned char *)ALPN_HTTP_1_1;
|
---|
| 1605 | *outlen = ALPN_HTTP_1_1_LENGTH;
|
---|
| 1606 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 1607 |
|
---|
| 1608 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1609 | }
|
---|
| 1610 | #endif /* HAS_NPN */
|
---|
| 1611 |
|
---|
| 1612 | static const char *
|
---|
| 1613 | get_ssl_version_txt(SSL *ssl)
|
---|
| 1614 | {
|
---|
| 1615 | if(!ssl)
|
---|
| 1616 | return "";
|
---|
| 1617 |
|
---|
| 1618 | switch(SSL_version(ssl)) {
|
---|
| 1619 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1620 | case TLS1_2_VERSION:
|
---|
| 1621 | return "TLSv1.2";
|
---|
| 1622 | case TLS1_1_VERSION:
|
---|
| 1623 | return "TLSv1.1";
|
---|
| 1624 | #endif
|
---|
| 1625 | case TLS1_VERSION:
|
---|
| 1626 | return "TLSv1.0";
|
---|
| 1627 | case SSL3_VERSION:
|
---|
| 1628 | return "SSLv3";
|
---|
| 1629 | case SSL2_VERSION:
|
---|
| 1630 | return "SSLv2";
|
---|
| 1631 | }
|
---|
| 1632 | return "unknown";
|
---|
| 1633 | }
|
---|
| 1634 |
|
---|
| 1635 | static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
---|
| 1636 | {
|
---|
| 1637 | CURLcode result = CURLE_OK;
|
---|
| 1638 | char *ciphers;
|
---|
| 1639 | struct SessionHandle *data = conn->data;
|
---|
| 1640 | SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
|
---|
| 1641 | void *ssl_sessionid = NULL;
|
---|
| 1642 | X509_LOOKUP *lookup = NULL;
|
---|
| 1643 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
| 1644 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 1645 | long ctx_options;
|
---|
| 1646 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 1647 | bool sni;
|
---|
| 1648 | #ifdef ENABLE_IPV6
|
---|
| 1649 | struct in6_addr addr;
|
---|
| 1650 | #else
|
---|
| 1651 | struct in_addr addr;
|
---|
| 1652 | #endif
|
---|
| 1653 | #endif
|
---|
| 1654 |
|
---|
| 1655 | DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
---|
| 1656 |
|
---|
| 1657 | /* Make funny stuff to get random input */
|
---|
| 1658 | Curl_ossl_seed(data);
|
---|
| 1659 |
|
---|
| 1660 | data->set.ssl.certverifyresult = !X509_V_OK;
|
---|
| 1661 |
|
---|
| 1662 | /* check to see if we've been told to use an explicit SSL/TLS version */
|
---|
| 1663 |
|
---|
| 1664 | switch(data->set.ssl.version) {
|
---|
| 1665 | default:
|
---|
| 1666 | case CURL_SSLVERSION_DEFAULT:
|
---|
| 1667 | case CURL_SSLVERSION_TLSv1:
|
---|
| 1668 | case CURL_SSLVERSION_TLSv1_0:
|
---|
| 1669 | case CURL_SSLVERSION_TLSv1_1:
|
---|
| 1670 | case CURL_SSLVERSION_TLSv1_2:
|
---|
| 1671 | /* it will be handled later with the context options */
|
---|
| 1672 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
| 1673 | !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 1674 | req_method = TLS_client_method();
|
---|
| 1675 | #else
|
---|
| 1676 | req_method = SSLv23_client_method();
|
---|
| 1677 | #endif
|
---|
| 1678 | use_sni(TRUE);
|
---|
| 1679 | break;
|
---|
| 1680 | case CURL_SSLVERSION_SSLv2:
|
---|
| 1681 | #ifdef OPENSSL_NO_SSL2
|
---|
| 1682 | failf(data, "OpenSSL was built without SSLv2 support");
|
---|
| 1683 | return CURLE_NOT_BUILT_IN;
|
---|
| 1684 | #else
|
---|
| 1685 | #ifdef USE_TLS_SRP
|
---|
| 1686 | if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
|
---|
| 1687 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 1688 | #endif
|
---|
| 1689 | req_method = SSLv2_client_method();
|
---|
| 1690 | use_sni(FALSE);
|
---|
| 1691 | break;
|
---|
| 1692 | #endif
|
---|
| 1693 | case CURL_SSLVERSION_SSLv3:
|
---|
| 1694 | #ifdef OPENSSL_NO_SSL3_METHOD
|
---|
| 1695 | failf(data, "OpenSSL was built without SSLv3 support");
|
---|
| 1696 | return CURLE_NOT_BUILT_IN;
|
---|
| 1697 | #else
|
---|
| 1698 | #ifdef USE_TLS_SRP
|
---|
| 1699 | if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
|
---|
| 1700 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 1701 | #endif
|
---|
| 1702 | req_method = SSLv3_client_method();
|
---|
| 1703 | use_sni(FALSE);
|
---|
| 1704 | break;
|
---|
| 1705 | #endif
|
---|
| 1706 | }
|
---|
| 1707 |
|
---|
| 1708 | if(connssl->ctx)
|
---|
| 1709 | SSL_CTX_free(connssl->ctx);
|
---|
| 1710 | connssl->ctx = SSL_CTX_new(req_method);
|
---|
| 1711 |
|
---|
| 1712 | if(!connssl->ctx) {
|
---|
| 1713 | failf(data, "SSL: couldn't create a context: %s",
|
---|
| 1714 | ERR_error_string(ERR_peek_error(), NULL));
|
---|
| 1715 | return CURLE_OUT_OF_MEMORY;
|
---|
| 1716 | }
|
---|
| 1717 |
|
---|
| 1718 | #ifdef SSL_MODE_RELEASE_BUFFERS
|
---|
| 1719 | SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
|
---|
| 1720 | #endif
|
---|
| 1721 |
|
---|
| 1722 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
| 1723 | if(data->set.fdebug && data->set.verbose) {
|
---|
| 1724 | /* the SSL trace callback is only used for verbose logging */
|
---|
| 1725 | SSL_CTX_set_msg_callback(connssl->ctx, ssl_tls_trace);
|
---|
| 1726 | SSL_CTX_set_msg_callback_arg(connssl->ctx, conn);
|
---|
| 1727 | }
|
---|
| 1728 | #endif
|
---|
| 1729 |
|
---|
| 1730 | /* OpenSSL contains code to work-around lots of bugs and flaws in various
|
---|
| 1731 | SSL-implementations. SSL_CTX_set_options() is used to enabled those
|
---|
| 1732 | work-arounds. The man page for this option states that SSL_OP_ALL enables
|
---|
| 1733 | all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
|
---|
| 1734 | enable the bug workaround options if compatibility with somewhat broken
|
---|
| 1735 | implementations is desired."
|
---|
| 1736 |
|
---|
| 1737 | The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
|
---|
| 1738 | disable "rfc4507bis session ticket support". rfc4507bis was later turned
|
---|
| 1739 | into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
|
---|
| 1740 |
|
---|
| 1741 | The enabled extension concerns the session management. I wonder how often
|
---|
| 1742 | libcurl stops a connection and then resumes a TLS session. also, sending
|
---|
| 1743 | the session data is some overhead. .I suggest that you just use your
|
---|
| 1744 | proposed patch (which explicitly disables TICKET).
|
---|
| 1745 |
|
---|
| 1746 | If someone writes an application with libcurl and openssl who wants to
|
---|
| 1747 | enable the feature, one can do this in the SSL callback.
|
---|
| 1748 |
|
---|
| 1749 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
|
---|
| 1750 | interoperability with web server Netscape Enterprise Server 2.0.1 which
|
---|
| 1751 | was released back in 1996.
|
---|
| 1752 |
|
---|
| 1753 | Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
|
---|
| 1754 | become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
|
---|
| 1755 | CVE-2010-4180 when using previous OpenSSL versions we no longer enable
|
---|
| 1756 | this option regardless of OpenSSL version and SSL_OP_ALL definition.
|
---|
| 1757 |
|
---|
| 1758 | OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
|
---|
| 1759 | (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
|
---|
| 1760 | SSL_OP_ALL that _disables_ that work-around despite the fact that
|
---|
| 1761 | SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
|
---|
| 1762 | keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
|
---|
| 1763 | must not be set.
|
---|
| 1764 | */
|
---|
| 1765 |
|
---|
| 1766 | ctx_options = SSL_OP_ALL;
|
---|
| 1767 |
|
---|
| 1768 | #ifdef SSL_OP_NO_TICKET
|
---|
| 1769 | ctx_options |= SSL_OP_NO_TICKET;
|
---|
| 1770 | #endif
|
---|
| 1771 |
|
---|
| 1772 | #ifdef SSL_OP_NO_COMPRESSION
|
---|
| 1773 | ctx_options |= SSL_OP_NO_COMPRESSION;
|
---|
| 1774 | #endif
|
---|
| 1775 |
|
---|
| 1776 | #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
---|
| 1777 | /* mitigate CVE-2010-4180 */
|
---|
| 1778 | ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
---|
| 1779 | #endif
|
---|
| 1780 |
|
---|
| 1781 | #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
---|
| 1782 | /* unless the user explicitly ask to allow the protocol vulnerability we
|
---|
| 1783 | use the work-around */
|
---|
| 1784 | if(!conn->data->set.ssl_enable_beast)
|
---|
| 1785 | ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
---|
| 1786 | #endif
|
---|
| 1787 |
|
---|
| 1788 | switch(data->set.ssl.version) {
|
---|
| 1789 | case CURL_SSLVERSION_SSLv3:
|
---|
| 1790 | #ifdef USE_TLS_SRP
|
---|
| 1791 | if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
|
---|
| 1792 | infof(data, "Set version TLSv1.x for SRP authorisation\n");
|
---|
| 1793 | }
|
---|
| 1794 | #endif
|
---|
| 1795 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 1796 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 1797 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1798 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 1799 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 1800 | #endif
|
---|
| 1801 | break;
|
---|
| 1802 |
|
---|
| 1803 | case CURL_SSLVERSION_DEFAULT:
|
---|
| 1804 | case CURL_SSLVERSION_TLSv1:
|
---|
| 1805 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 1806 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 1807 | break;
|
---|
| 1808 |
|
---|
| 1809 | case CURL_SSLVERSION_TLSv1_0:
|
---|
| 1810 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 1811 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 1812 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1813 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 1814 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 1815 | #endif
|
---|
| 1816 | break;
|
---|
| 1817 |
|
---|
| 1818 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1819 | case CURL_SSLVERSION_TLSv1_1:
|
---|
| 1820 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 1821 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 1822 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 1823 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 1824 | break;
|
---|
| 1825 |
|
---|
| 1826 | case CURL_SSLVERSION_TLSv1_2:
|
---|
| 1827 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 1828 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 1829 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 1830 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 1831 | break;
|
---|
| 1832 | #endif
|
---|
| 1833 |
|
---|
| 1834 | #ifndef OPENSSL_NO_SSL2
|
---|
| 1835 | case CURL_SSLVERSION_SSLv2:
|
---|
| 1836 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 1837 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 1838 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1839 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 1840 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 1841 | #endif
|
---|
| 1842 | break;
|
---|
| 1843 | #endif
|
---|
| 1844 |
|
---|
| 1845 | default:
|
---|
| 1846 | failf(data, "Unsupported SSL protocol version");
|
---|
| 1847 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 1848 | }
|
---|
| 1849 |
|
---|
| 1850 | SSL_CTX_set_options(connssl->ctx, ctx_options);
|
---|
| 1851 |
|
---|
| 1852 | #ifdef HAS_NPN
|
---|
| 1853 | if(data->set.ssl_enable_npn)
|
---|
| 1854 | SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn);
|
---|
| 1855 | #endif
|
---|
| 1856 |
|
---|
| 1857 | #ifdef HAS_ALPN
|
---|
| 1858 | if(data->set.ssl_enable_alpn) {
|
---|
| 1859 | int cur = 0;
|
---|
| 1860 | unsigned char protocols[128];
|
---|
| 1861 |
|
---|
| 1862 | #ifdef USE_NGHTTP2
|
---|
| 1863 | if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
|
---|
| 1864 | protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
| 1865 |
|
---|
| 1866 | memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
---|
| 1867 | NGHTTP2_PROTO_VERSION_ID_LEN);
|
---|
| 1868 | cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
| 1869 | infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
---|
| 1870 | }
|
---|
| 1871 | #endif
|
---|
| 1872 |
|
---|
| 1873 | protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
---|
| 1874 | memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
|
---|
| 1875 | cur += ALPN_HTTP_1_1_LENGTH;
|
---|
| 1876 | infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
|
---|
| 1877 |
|
---|
| 1878 | /* expects length prefixed preference ordered list of protocols in wire
|
---|
| 1879 | * format
|
---|
| 1880 | */
|
---|
| 1881 | SSL_CTX_set_alpn_protos(connssl->ctx, protocols, cur);
|
---|
| 1882 | }
|
---|
| 1883 | #endif
|
---|
| 1884 |
|
---|
| 1885 | if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
|
---|
| 1886 | if(!cert_stuff(conn,
|
---|
| 1887 | connssl->ctx,
|
---|
| 1888 | data->set.str[STRING_CERT],
|
---|
| 1889 | data->set.str[STRING_CERT_TYPE],
|
---|
| 1890 | data->set.str[STRING_KEY],
|
---|
| 1891 | data->set.str[STRING_KEY_TYPE])) {
|
---|
| 1892 | /* failf() is already done in cert_stuff() */
|
---|
| 1893 | return CURLE_SSL_CERTPROBLEM;
|
---|
| 1894 | }
|
---|
| 1895 | }
|
---|
| 1896 |
|
---|
| 1897 | ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
|
---|
| 1898 | if(!ciphers)
|
---|
| 1899 | ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
---|
| 1900 | if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
|
---|
| 1901 | failf(data, "failed setting cipher list: %s", ciphers);
|
---|
| 1902 | return CURLE_SSL_CIPHER;
|
---|
| 1903 | }
|
---|
| 1904 | infof(data, "Cipher selection: %s\n", ciphers);
|
---|
| 1905 |
|
---|
| 1906 | #ifdef USE_TLS_SRP
|
---|
| 1907 | if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
|
---|
| 1908 | infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
|
---|
| 1909 |
|
---|
| 1910 | if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
|
---|
| 1911 | failf(data, "Unable to set SRP user name");
|
---|
| 1912 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
| 1913 | }
|
---|
| 1914 | if(!SSL_CTX_set_srp_password(connssl->ctx, data->set.ssl.password)) {
|
---|
| 1915 | failf(data, "failed setting SRP password");
|
---|
| 1916 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
| 1917 | }
|
---|
| 1918 | if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
|
---|
| 1919 | infof(data, "Setting cipher list SRP\n");
|
---|
| 1920 |
|
---|
| 1921 | if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
|
---|
| 1922 | failf(data, "failed setting SRP cipher list");
|
---|
| 1923 | return CURLE_SSL_CIPHER;
|
---|
| 1924 | }
|
---|
| 1925 | }
|
---|
| 1926 | }
|
---|
| 1927 | #endif
|
---|
| 1928 | if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
|
---|
| 1929 | /* tell SSL where to find CA certificates that are used to verify
|
---|
| 1930 | the servers certificate. */
|
---|
| 1931 | if(!SSL_CTX_load_verify_locations(connssl->ctx,
|
---|
| 1932 | data->set.str[STRING_SSL_CAFILE],
|
---|
| 1933 | data->set.str[STRING_SSL_CAPATH])) {
|
---|
| 1934 | if(data->set.ssl.verifypeer) {
|
---|
| 1935 | /* Fail if we insist on successfully verifying the server. */
|
---|
| 1936 | failf(data, "error setting certificate verify locations:\n"
|
---|
| 1937 | " CAfile: %s\n CApath: %s",
|
---|
| 1938 | data->set.str[STRING_SSL_CAFILE]?
|
---|
| 1939 | data->set.str[STRING_SSL_CAFILE]: "none",
|
---|
| 1940 | data->set.str[STRING_SSL_CAPATH]?
|
---|
| 1941 | data->set.str[STRING_SSL_CAPATH] : "none");
|
---|
| 1942 | return CURLE_SSL_CACERT_BADFILE;
|
---|
| 1943 | }
|
---|
| 1944 | else {
|
---|
| 1945 | /* Just continue with a warning if no strict certificate verification
|
---|
| 1946 | is required. */
|
---|
| 1947 | infof(data, "error setting certificate verify locations,"
|
---|
| 1948 | " continuing anyway:\n");
|
---|
| 1949 | }
|
---|
| 1950 | }
|
---|
| 1951 | else {
|
---|
| 1952 | /* Everything is fine. */
|
---|
| 1953 | infof(data, "successfully set certificate verify locations:\n");
|
---|
| 1954 | }
|
---|
| 1955 | infof(data,
|
---|
| 1956 | " CAfile: %s\n"
|
---|
| 1957 | " CApath: %s\n",
|
---|
| 1958 | data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
|
---|
| 1959 | "none",
|
---|
| 1960 | data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
|
---|
| 1961 | "none");
|
---|
| 1962 | }
|
---|
| 1963 |
|
---|
| 1964 | if(data->set.str[STRING_SSL_CRLFILE]) {
|
---|
| 1965 | /* tell SSL where to find CRL file that is used to check certificate
|
---|
| 1966 | * revocation */
|
---|
| 1967 | lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
|
---|
| 1968 | X509_LOOKUP_file());
|
---|
| 1969 | if(!lookup ||
|
---|
| 1970 | (!X509_load_crl_file(lookup, data->set.str[STRING_SSL_CRLFILE],
|
---|
| 1971 | X509_FILETYPE_PEM)) ) {
|
---|
| 1972 | failf(data, "error loading CRL file: %s",
|
---|
| 1973 | data->set.str[STRING_SSL_CRLFILE]);
|
---|
| 1974 | return CURLE_SSL_CRL_BADFILE;
|
---|
| 1975 | }
|
---|
| 1976 | else {
|
---|
| 1977 | /* Everything is fine. */
|
---|
| 1978 | infof(data, "successfully load CRL file:\n");
|
---|
| 1979 | X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
|
---|
| 1980 | X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
|
---|
| 1981 | }
|
---|
| 1982 | infof(data,
|
---|
| 1983 | " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
|
---|
| 1984 | data->set.str[STRING_SSL_CRLFILE]: "none");
|
---|
| 1985 | }
|
---|
| 1986 |
|
---|
| 1987 | /* Try building a chain using issuers in the trusted store first to avoid
|
---|
| 1988 | problems with server-sent legacy intermediates.
|
---|
| 1989 | Newer versions of OpenSSL do alternate chain checking by default which
|
---|
| 1990 | gives us the same fix without as much of a performance hit (slight), so we
|
---|
| 1991 | prefer that if available.
|
---|
| 1992 | https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
---|
| 1993 | */
|
---|
| 1994 | #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
|
---|
| 1995 | if(data->set.ssl.verifypeer) {
|
---|
| 1996 | X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
|
---|
| 1997 | X509_V_FLAG_TRUSTED_FIRST);
|
---|
| 1998 | }
|
---|
| 1999 | #endif
|
---|
| 2000 |
|
---|
| 2001 | /* SSL always tries to verify the peer, this only says whether it should
|
---|
| 2002 | * fail to connect if the verification fails, or if it should continue
|
---|
| 2003 | * anyway. In the latter case the result of the verification is checked with
|
---|
| 2004 | * SSL_get_verify_result() below. */
|
---|
| 2005 | SSL_CTX_set_verify(connssl->ctx,
|
---|
| 2006 | data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
|
---|
| 2007 | NULL);
|
---|
| 2008 |
|
---|
| 2009 | /* give application a chance to interfere with SSL set up. */
|
---|
| 2010 | if(data->set.ssl.fsslctx) {
|
---|
| 2011 | result = (*data->set.ssl.fsslctx)(data, connssl->ctx,
|
---|
| 2012 | data->set.ssl.fsslctxp);
|
---|
| 2013 | if(result) {
|
---|
| 2014 | failf(data, "error signaled by ssl ctx callback");
|
---|
| 2015 | return result;
|
---|
| 2016 | }
|
---|
| 2017 | }
|
---|
| 2018 |
|
---|
| 2019 | /* Lets make an SSL structure */
|
---|
| 2020 | if(connssl->handle)
|
---|
| 2021 | SSL_free(connssl->handle);
|
---|
| 2022 | connssl->handle = SSL_new(connssl->ctx);
|
---|
| 2023 | if(!connssl->handle) {
|
---|
| 2024 | failf(data, "SSL: couldn't create a context (handle)!");
|
---|
| 2025 | return CURLE_OUT_OF_MEMORY;
|
---|
| 2026 | }
|
---|
| 2027 |
|
---|
| 2028 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 2029 | !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 2030 | if(data->set.ssl.verifystatus)
|
---|
| 2031 | SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
|
---|
| 2032 | #endif
|
---|
| 2033 |
|
---|
| 2034 | SSL_set_connect_state(connssl->handle);
|
---|
| 2035 |
|
---|
| 2036 | connssl->server_cert = 0x0;
|
---|
| 2037 |
|
---|
| 2038 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 2039 | if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
|
---|
| 2040 | #ifdef ENABLE_IPV6
|
---|
| 2041 | (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
|
---|
| 2042 | #endif
|
---|
| 2043 | sni &&
|
---|
| 2044 | !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
|
---|
| 2045 | infof(data, "WARNING: failed to configure server name indication (SNI) "
|
---|
| 2046 | "TLS extension\n");
|
---|
| 2047 | #endif
|
---|
| 2048 |
|
---|
| 2049 | /* Check if there's a cached ID we can/should use here! */
|
---|
| 2050 | if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
|
---|
| 2051 | /* we got a session id, use it! */
|
---|
| 2052 | if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
|
---|
| 2053 | failf(data, "SSL: SSL_set_session failed: %s",
|
---|
| 2054 | ERR_error_string(ERR_get_error(), NULL));
|
---|
| 2055 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2056 | }
|
---|
| 2057 | /* Informational message */
|
---|
| 2058 | infof (data, "SSL re-using session ID\n");
|
---|
| 2059 | }
|
---|
| 2060 |
|
---|
| 2061 | /* pass the raw socket into the SSL layers */
|
---|
| 2062 | if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
|
---|
| 2063 | failf(data, "SSL: SSL_set_fd failed: %s",
|
---|
| 2064 | ERR_error_string(ERR_get_error(), NULL));
|
---|
| 2065 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2066 | }
|
---|
| 2067 |
|
---|
| 2068 | connssl->connecting_state = ssl_connect_2;
|
---|
| 2069 |
|
---|
| 2070 | return CURLE_OK;
|
---|
| 2071 | }
|
---|
| 2072 |
|
---|
| 2073 | static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
---|
| 2074 | {
|
---|
| 2075 | struct SessionHandle *data = conn->data;
|
---|
| 2076 | int err;
|
---|
| 2077 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 2078 | DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|
---|
| 2079 | || ssl_connect_2_reading == connssl->connecting_state
|
---|
| 2080 | || ssl_connect_2_writing == connssl->connecting_state);
|
---|
| 2081 |
|
---|
| 2082 | ERR_clear_error();
|
---|
| 2083 |
|
---|
| 2084 | err = SSL_connect(connssl->handle);
|
---|
| 2085 |
|
---|
| 2086 | /* 1 is fine
|
---|
| 2087 | 0 is "not successful but was shut down controlled"
|
---|
| 2088 | <0 is "handshake was not successful, because a fatal error occurred" */
|
---|
| 2089 | if(1 != err) {
|
---|
| 2090 | int detail = SSL_get_error(connssl->handle, err);
|
---|
| 2091 |
|
---|
| 2092 | if(SSL_ERROR_WANT_READ == detail) {
|
---|
| 2093 | connssl->connecting_state = ssl_connect_2_reading;
|
---|
| 2094 | return CURLE_OK;
|
---|
| 2095 | }
|
---|
| 2096 | else if(SSL_ERROR_WANT_WRITE == detail) {
|
---|
| 2097 | connssl->connecting_state = ssl_connect_2_writing;
|
---|
| 2098 | return CURLE_OK;
|
---|
| 2099 | }
|
---|
| 2100 | else {
|
---|
| 2101 | /* untreated error */
|
---|
| 2102 | unsigned long errdetail;
|
---|
| 2103 | char error_buffer[256]=""; /* OpenSSL documents that this must be at
|
---|
| 2104 | least 256 bytes long. */
|
---|
| 2105 | CURLcode result;
|
---|
| 2106 | long lerr;
|
---|
| 2107 | int lib;
|
---|
| 2108 | int reason;
|
---|
| 2109 |
|
---|
| 2110 | /* the connection failed, we're not waiting for anything else. */
|
---|
| 2111 | connssl->connecting_state = ssl_connect_2;
|
---|
| 2112 |
|
---|
| 2113 | /* Get the earliest error code from the thread's error queue and removes
|
---|
| 2114 | the entry. */
|
---|
| 2115 | errdetail = ERR_get_error();
|
---|
| 2116 |
|
---|
| 2117 | /* Extract which lib and reason */
|
---|
| 2118 | lib = ERR_GET_LIB(errdetail);
|
---|
| 2119 | reason = ERR_GET_REASON(errdetail);
|
---|
| 2120 |
|
---|
| 2121 | if((lib == ERR_LIB_SSL) &&
|
---|
| 2122 | (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
|
---|
| 2123 | result = CURLE_SSL_CACERT;
|
---|
| 2124 |
|
---|
| 2125 | lerr = SSL_get_verify_result(connssl->handle);
|
---|
| 2126 | if(lerr != X509_V_OK) {
|
---|
| 2127 | snprintf(error_buffer, sizeof(error_buffer),
|
---|
| 2128 | "SSL certificate problem: %s",
|
---|
| 2129 | X509_verify_cert_error_string(lerr));
|
---|
| 2130 | }
|
---|
| 2131 | else
|
---|
| 2132 | /* strcpy() is fine here as long as the string fits within
|
---|
| 2133 | error_buffer */
|
---|
| 2134 | strcpy(error_buffer, "SSL certificate verification failed");
|
---|
| 2135 | }
|
---|
| 2136 | else {
|
---|
| 2137 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
| 2138 | SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
---|
| 2139 | }
|
---|
| 2140 |
|
---|
| 2141 | /* detail is already set to the SSL error above */
|
---|
| 2142 |
|
---|
| 2143 | /* If we e.g. use SSLv2 request-method and the server doesn't like us
|
---|
| 2144 | * (RST connection etc.), OpenSSL gives no explanation whatsoever and
|
---|
| 2145 | * the SO_ERROR is also lost.
|
---|
| 2146 | */
|
---|
| 2147 | if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
|
---|
| 2148 | failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
|
---|
| 2149 | conn->host.name, conn->remote_port);
|
---|
| 2150 | return result;
|
---|
| 2151 | }
|
---|
| 2152 |
|
---|
| 2153 | /* Could be a CERT problem */
|
---|
| 2154 | failf(data, "%s", error_buffer);
|
---|
| 2155 |
|
---|
| 2156 | return result;
|
---|
| 2157 | }
|
---|
| 2158 | }
|
---|
| 2159 | else {
|
---|
| 2160 | /* we have been connected fine, we're not waiting for anything else. */
|
---|
| 2161 | connssl->connecting_state = ssl_connect_3;
|
---|
| 2162 |
|
---|
| 2163 | /* Informational message */
|
---|
| 2164 | infof(data, "SSL connection using %s / %s\n",
|
---|
| 2165 | get_ssl_version_txt(connssl->handle),
|
---|
| 2166 | SSL_get_cipher(connssl->handle));
|
---|
| 2167 |
|
---|
| 2168 | #ifdef HAS_ALPN
|
---|
| 2169 | /* Sets data and len to negotiated protocol, len is 0 if no protocol was
|
---|
| 2170 | * negotiated
|
---|
| 2171 | */
|
---|
| 2172 | if(data->set.ssl_enable_alpn) {
|
---|
| 2173 | const unsigned char* neg_protocol;
|
---|
| 2174 | unsigned int len;
|
---|
| 2175 | SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
|
---|
| 2176 | if(len != 0) {
|
---|
| 2177 | infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
---|
| 2178 |
|
---|
| 2179 | #ifdef USE_NGHTTP2
|
---|
| 2180 | if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
---|
| 2181 | !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
|
---|
| 2182 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
| 2183 | }
|
---|
| 2184 | else
|
---|
| 2185 | #endif
|
---|
| 2186 | if(len == ALPN_HTTP_1_1_LENGTH &&
|
---|
| 2187 | !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
|
---|
| 2188 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 2189 | }
|
---|
| 2190 | }
|
---|
| 2191 | else
|
---|
| 2192 | infof(data, "ALPN, server did not agree to a protocol\n");
|
---|
| 2193 | }
|
---|
| 2194 | #endif
|
---|
| 2195 |
|
---|
| 2196 | return CURLE_OK;
|
---|
| 2197 | }
|
---|
| 2198 | }
|
---|
| 2199 |
|
---|
| 2200 | static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
|
---|
| 2201 | {
|
---|
| 2202 | int i, ilen;
|
---|
| 2203 |
|
---|
| 2204 | if((ilen = (int)len) < 0)
|
---|
| 2205 | return 1; /* buffer too big */
|
---|
| 2206 |
|
---|
| 2207 | i = i2t_ASN1_OBJECT(buf, ilen, a);
|
---|
| 2208 |
|
---|
| 2209 | if(i >= ilen)
|
---|
| 2210 | return 1; /* buffer too small */
|
---|
| 2211 |
|
---|
| 2212 | return 0;
|
---|
| 2213 | }
|
---|
| 2214 |
|
---|
| 2215 | #define push_certinfo(_label, _num) \
|
---|
| 2216 | do { \
|
---|
| 2217 | long info_len = BIO_get_mem_data(mem, &ptr); \
|
---|
| 2218 | Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
|
---|
| 2219 | if(1!=BIO_reset(mem)) \
|
---|
| 2220 | break; \
|
---|
| 2221 | } WHILE_FALSE
|
---|
| 2222 |
|
---|
| 2223 | static void pubkey_show(struct SessionHandle *data,
|
---|
| 2224 | BIO *mem,
|
---|
| 2225 | int num,
|
---|
| 2226 | const char *type,
|
---|
| 2227 | const char *name,
|
---|
| 2228 | BIGNUM *bn)
|
---|
| 2229 | {
|
---|
| 2230 | char *ptr;
|
---|
| 2231 | char namebuf[32];
|
---|
| 2232 |
|
---|
| 2233 | snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
|
---|
| 2234 |
|
---|
| 2235 | BN_print(mem, bn);
|
---|
| 2236 | push_certinfo(namebuf, num);
|
---|
| 2237 | }
|
---|
| 2238 |
|
---|
| 2239 | #define print_pubkey_BN(_type, _name, _num) \
|
---|
| 2240 | do { \
|
---|
| 2241 | if(pubkey->pkey._type->_name) { \
|
---|
| 2242 | pubkey_show(data, mem, _num, #_type, #_name, pubkey->pkey._type->_name); \
|
---|
| 2243 | } \
|
---|
| 2244 | } WHILE_FALSE
|
---|
| 2245 |
|
---|
| 2246 | static int X509V3_ext(struct SessionHandle *data,
|
---|
| 2247 | int certnum,
|
---|
| 2248 | STACK_OF(X509_EXTENSION) *exts)
|
---|
| 2249 | {
|
---|
| 2250 | int i;
|
---|
| 2251 | size_t j;
|
---|
| 2252 |
|
---|
| 2253 | if((int)sk_X509_EXTENSION_num(exts) <= 0)
|
---|
| 2254 | /* no extensions, bail out */
|
---|
| 2255 | return 1;
|
---|
| 2256 |
|
---|
| 2257 | for(i=0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
|
---|
| 2258 | ASN1_OBJECT *obj;
|
---|
| 2259 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
|
---|
| 2260 | BUF_MEM *biomem;
|
---|
| 2261 | char buf[512];
|
---|
| 2262 | char *ptr=buf;
|
---|
| 2263 | char namebuf[128];
|
---|
| 2264 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
| 2265 |
|
---|
| 2266 | if(!bio_out)
|
---|
| 2267 | return 1;
|
---|
| 2268 |
|
---|
| 2269 | obj = X509_EXTENSION_get_object(ext);
|
---|
| 2270 |
|
---|
| 2271 | asn1_object_dump(obj, namebuf, sizeof(namebuf));
|
---|
| 2272 |
|
---|
| 2273 | if(!X509V3_EXT_print(bio_out, ext, 0, 0))
|
---|
| 2274 | ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
|
---|
| 2275 |
|
---|
| 2276 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
| 2277 |
|
---|
| 2278 | for(j = 0; j < (size_t)biomem->length; j++) {
|
---|
| 2279 | const char *sep="";
|
---|
| 2280 | if(biomem->data[j] == '\n') {
|
---|
| 2281 | sep=", ";
|
---|
| 2282 | j++; /* skip the newline */
|
---|
| 2283 | };
|
---|
| 2284 | while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
|
---|
| 2285 | j++;
|
---|
| 2286 | if(j<(size_t)biomem->length)
|
---|
| 2287 | ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
|
---|
| 2288 | biomem->data[j]);
|
---|
| 2289 | }
|
---|
| 2290 |
|
---|
| 2291 | Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
|
---|
| 2292 |
|
---|
| 2293 | BIO_free(bio_out);
|
---|
| 2294 |
|
---|
| 2295 | }
|
---|
| 2296 | return 0; /* all is fine */
|
---|
| 2297 | }
|
---|
| 2298 |
|
---|
| 2299 | static CURLcode get_cert_chain(struct connectdata *conn,
|
---|
| 2300 | struct ssl_connect_data *connssl)
|
---|
| 2301 |
|
---|
| 2302 | {
|
---|
| 2303 | CURLcode result;
|
---|
| 2304 | STACK_OF(X509) *sk;
|
---|
| 2305 | int i;
|
---|
| 2306 | struct SessionHandle *data = conn->data;
|
---|
| 2307 | int numcerts;
|
---|
| 2308 | BIO *mem;
|
---|
| 2309 |
|
---|
| 2310 | sk = SSL_get_peer_cert_chain(connssl->handle);
|
---|
| 2311 | if(!sk) {
|
---|
| 2312 | return CURLE_OUT_OF_MEMORY;
|
---|
| 2313 | }
|
---|
| 2314 |
|
---|
| 2315 | numcerts = sk_X509_num(sk);
|
---|
| 2316 |
|
---|
| 2317 | result = Curl_ssl_init_certinfo(data, numcerts);
|
---|
| 2318 | if(result) {
|
---|
| 2319 | return result;
|
---|
| 2320 | }
|
---|
| 2321 |
|
---|
| 2322 | mem = BIO_new(BIO_s_mem());
|
---|
| 2323 |
|
---|
| 2324 | for(i = 0; i < numcerts; i++) {
|
---|
| 2325 | ASN1_INTEGER *num;
|
---|
| 2326 | X509 *x = sk_X509_value(sk, i);
|
---|
| 2327 | EVP_PKEY *pubkey=NULL;
|
---|
| 2328 | int j;
|
---|
| 2329 | char *ptr;
|
---|
| 2330 | ASN1_BIT_STRING *psig;
|
---|
| 2331 |
|
---|
| 2332 | X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
|
---|
| 2333 | push_certinfo("Subject", i);
|
---|
| 2334 |
|
---|
| 2335 | X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
|
---|
| 2336 | push_certinfo("Issuer", i);
|
---|
| 2337 |
|
---|
| 2338 | BIO_printf(mem, "%lx", X509_get_version(x));
|
---|
| 2339 | push_certinfo("Version", i);
|
---|
| 2340 |
|
---|
| 2341 | num = X509_get_serialNumber(x);
|
---|
| 2342 | if(num->type == V_ASN1_NEG_INTEGER)
|
---|
| 2343 | BIO_puts(mem, "-");
|
---|
| 2344 | for(j = 0; j < num->length; j++)
|
---|
| 2345 | BIO_printf(mem, "%02x", num->data[j]);
|
---|
| 2346 | push_certinfo("Serial Number", i);
|
---|
| 2347 |
|
---|
| 2348 | #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
|
---|
| 2349 | {
|
---|
| 2350 | X509_ALGOR *palg;
|
---|
| 2351 | ASN1_STRING *a = ASN1_STRING_new();
|
---|
| 2352 | if(a) {
|
---|
| 2353 | X509_get0_signature(&psig, &palg, x);
|
---|
| 2354 | X509_signature_print(mem, palg, a);
|
---|
| 2355 | ASN1_STRING_free(a);
|
---|
| 2356 | }
|
---|
| 2357 | i2a_ASN1_OBJECT(mem, palg->algorithm);
|
---|
| 2358 | push_certinfo("Public Key Algorithm", i);
|
---|
| 2359 |
|
---|
| 2360 | X509V3_ext(data, i, X509_get0_extensions(x));
|
---|
| 2361 | }
|
---|
| 2362 | #else
|
---|
| 2363 | {
|
---|
| 2364 | /* before OpenSSL 1.0.2 */
|
---|
| 2365 | X509_CINF *cinf = x->cert_info;
|
---|
| 2366 |
|
---|
| 2367 | i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
|
---|
| 2368 | push_certinfo("Signature Algorithm", i);
|
---|
| 2369 |
|
---|
| 2370 | i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
|
---|
| 2371 | push_certinfo("Public Key Algorithm", i);
|
---|
| 2372 |
|
---|
| 2373 | X509V3_ext(data, i, cinf->extensions);
|
---|
| 2374 |
|
---|
| 2375 | psig = x->signature;
|
---|
| 2376 | }
|
---|
| 2377 | #endif
|
---|
| 2378 |
|
---|
| 2379 | ASN1_TIME_print(mem, X509_get_notBefore(x));
|
---|
| 2380 | push_certinfo("Start date", i);
|
---|
| 2381 |
|
---|
| 2382 | ASN1_TIME_print(mem, X509_get_notAfter(x));
|
---|
| 2383 | push_certinfo("Expire date", i);
|
---|
| 2384 |
|
---|
| 2385 | pubkey = X509_get_pubkey(x);
|
---|
| 2386 | if(!pubkey)
|
---|
| 2387 | infof(data, " Unable to load public key\n");
|
---|
| 2388 | else {
|
---|
| 2389 | switch(pubkey->type) {
|
---|
| 2390 | case EVP_PKEY_RSA:
|
---|
| 2391 | BIO_printf(mem, "%d", BN_num_bits(pubkey->pkey.rsa->n));
|
---|
| 2392 | push_certinfo("RSA Public Key", i);
|
---|
| 2393 |
|
---|
| 2394 | print_pubkey_BN(rsa, n, i);
|
---|
| 2395 | print_pubkey_BN(rsa, e, i);
|
---|
| 2396 | print_pubkey_BN(rsa, d, i);
|
---|
| 2397 | print_pubkey_BN(rsa, p, i);
|
---|
| 2398 | print_pubkey_BN(rsa, q, i);
|
---|
| 2399 | print_pubkey_BN(rsa, dmp1, i);
|
---|
| 2400 | print_pubkey_BN(rsa, dmq1, i);
|
---|
| 2401 | print_pubkey_BN(rsa, iqmp, i);
|
---|
| 2402 | break;
|
---|
| 2403 | case EVP_PKEY_DSA:
|
---|
| 2404 | print_pubkey_BN(dsa, p, i);
|
---|
| 2405 | print_pubkey_BN(dsa, q, i);
|
---|
| 2406 | print_pubkey_BN(dsa, g, i);
|
---|
| 2407 | print_pubkey_BN(dsa, priv_key, i);
|
---|
| 2408 | print_pubkey_BN(dsa, pub_key, i);
|
---|
| 2409 | break;
|
---|
| 2410 | case EVP_PKEY_DH:
|
---|
| 2411 | print_pubkey_BN(dh, p, i);
|
---|
| 2412 | print_pubkey_BN(dh, g, i);
|
---|
| 2413 | print_pubkey_BN(dh, priv_key, i);
|
---|
| 2414 | print_pubkey_BN(dh, pub_key, i);
|
---|
| 2415 | break;
|
---|
| 2416 | #if 0
|
---|
| 2417 | case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
|
---|
| 2418 | /* left TODO */
|
---|
| 2419 | break;
|
---|
| 2420 | #endif
|
---|
| 2421 | }
|
---|
| 2422 | EVP_PKEY_free(pubkey);
|
---|
| 2423 | }
|
---|
| 2424 |
|
---|
| 2425 | for(j = 0; j < psig->length; j++)
|
---|
| 2426 | BIO_printf(mem, "%02x:", psig->data[j]);
|
---|
| 2427 | push_certinfo("Signature", i);
|
---|
| 2428 |
|
---|
| 2429 | PEM_write_bio_X509(mem, x);
|
---|
| 2430 | push_certinfo("Cert", i);
|
---|
| 2431 | }
|
---|
| 2432 |
|
---|
| 2433 | BIO_free(mem);
|
---|
| 2434 |
|
---|
| 2435 | return CURLE_OK;
|
---|
| 2436 | }
|
---|
| 2437 |
|
---|
| 2438 | /*
|
---|
| 2439 | * Heavily modified from:
|
---|
| 2440 | * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
|
---|
| 2441 | */
|
---|
| 2442 | static CURLcode pkp_pin_peer_pubkey(struct SessionHandle *data, X509* cert,
|
---|
| 2443 | const char *pinnedpubkey)
|
---|
| 2444 | {
|
---|
| 2445 | /* Scratch */
|
---|
| 2446 | int len1 = 0, len2 = 0;
|
---|
| 2447 | unsigned char *buff1 = NULL, *temp = NULL;
|
---|
| 2448 |
|
---|
| 2449 | /* Result is returned to caller */
|
---|
| 2450 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
---|
| 2451 |
|
---|
| 2452 | /* if a path wasn't specified, don't pin */
|
---|
| 2453 | if(!pinnedpubkey)
|
---|
| 2454 | return CURLE_OK;
|
---|
| 2455 |
|
---|
| 2456 | if(!cert)
|
---|
| 2457 | return result;
|
---|
| 2458 |
|
---|
| 2459 | do {
|
---|
| 2460 | /* Begin Gyrations to get the subjectPublicKeyInfo */
|
---|
| 2461 | /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
|
---|
| 2462 |
|
---|
| 2463 | /* https://groups.google.com/group/mailing.openssl.users/browse_thread
|
---|
| 2464 | /thread/d61858dae102c6c7 */
|
---|
| 2465 | len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
|
---|
| 2466 | if(len1 < 1)
|
---|
| 2467 | break; /* failed */
|
---|
| 2468 |
|
---|
| 2469 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
| 2470 | buff1 = temp = OPENSSL_malloc(len1);
|
---|
| 2471 | if(!buff1)
|
---|
| 2472 | break; /* failed */
|
---|
| 2473 |
|
---|
| 2474 | /* https://www.openssl.org/docs/crypto/d2i_X509.html */
|
---|
| 2475 | len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
|
---|
| 2476 |
|
---|
| 2477 | /*
|
---|
| 2478 | * These checks are verifying we got back the same values as when we
|
---|
| 2479 | * sized the buffer. It's pretty weak since they should always be the
|
---|
| 2480 | * same. But it gives us something to test.
|
---|
| 2481 | */
|
---|
| 2482 | if((len1 != len2) || !temp || ((temp - buff1) != len1))
|
---|
| 2483 | break; /* failed */
|
---|
| 2484 |
|
---|
| 2485 | /* End Gyrations */
|
---|
| 2486 |
|
---|
| 2487 | /* The one good exit point */
|
---|
| 2488 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
|
---|
| 2489 | } while(0);
|
---|
| 2490 |
|
---|
| 2491 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
| 2492 | if(buff1)
|
---|
| 2493 | OPENSSL_free(buff1);
|
---|
| 2494 |
|
---|
| 2495 | return result;
|
---|
| 2496 | }
|
---|
| 2497 |
|
---|
| 2498 | /*
|
---|
| 2499 | * Get the server cert, verify it and show it etc, only call failf() if the
|
---|
| 2500 | * 'strict' argument is TRUE as otherwise all this is for informational
|
---|
| 2501 | * purposes only!
|
---|
| 2502 | *
|
---|
| 2503 | * We check certificates to authenticate the server; otherwise we risk
|
---|
| 2504 | * man-in-the-middle attack.
|
---|
| 2505 | */
|
---|
| 2506 | static CURLcode servercert(struct connectdata *conn,
|
---|
| 2507 | struct ssl_connect_data *connssl,
|
---|
| 2508 | bool strict)
|
---|
| 2509 | {
|
---|
| 2510 | CURLcode result = CURLE_OK;
|
---|
| 2511 | int rc;
|
---|
| 2512 | long lerr, len;
|
---|
| 2513 | struct SessionHandle *data = conn->data;
|
---|
| 2514 | X509 *issuer;
|
---|
| 2515 | FILE *fp;
|
---|
| 2516 | char *buffer = data->state.buffer;
|
---|
| 2517 | const char *ptr;
|
---|
| 2518 | BIO *mem = BIO_new(BIO_s_mem());
|
---|
| 2519 |
|
---|
| 2520 | if(data->set.ssl.certinfo)
|
---|
| 2521 | /* we've been asked to gather certificate info! */
|
---|
| 2522 | (void)get_cert_chain(conn, connssl);
|
---|
| 2523 |
|
---|
| 2524 | connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
|
---|
| 2525 | if(!connssl->server_cert) {
|
---|
| 2526 | if(!strict)
|
---|
| 2527 | return CURLE_OK;
|
---|
| 2528 |
|
---|
| 2529 | failf(data, "SSL: couldn't get peer certificate!");
|
---|
| 2530 | return CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 2531 | }
|
---|
| 2532 |
|
---|
| 2533 | infof(data, "Server certificate:\n");
|
---|
| 2534 |
|
---|
| 2535 | rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
|
---|
| 2536 | buffer, BUFSIZE);
|
---|
| 2537 | infof(data, "\t subject: %s\n", rc?"[NONE]":buffer);
|
---|
| 2538 |
|
---|
| 2539 | ASN1_TIME_print(mem, X509_get_notBefore(connssl->server_cert));
|
---|
| 2540 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
| 2541 | infof(data, "\t start date: %.*s\n", len, ptr);
|
---|
| 2542 | rc = BIO_reset(mem);
|
---|
| 2543 |
|
---|
| 2544 | ASN1_TIME_print(mem, X509_get_notAfter(connssl->server_cert));
|
---|
| 2545 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
| 2546 | infof(data, "\t expire date: %.*s\n", len, ptr);
|
---|
| 2547 | rc = BIO_reset(mem);
|
---|
| 2548 |
|
---|
| 2549 | BIO_free(mem);
|
---|
| 2550 |
|
---|
| 2551 | if(data->set.ssl.verifyhost) {
|
---|
| 2552 | result = verifyhost(conn, connssl->server_cert);
|
---|
| 2553 | if(result) {
|
---|
| 2554 | X509_free(connssl->server_cert);
|
---|
| 2555 | connssl->server_cert = NULL;
|
---|
| 2556 | return result;
|
---|
| 2557 | }
|
---|
| 2558 | }
|
---|
| 2559 |
|
---|
| 2560 | rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
|
---|
| 2561 | buffer, BUFSIZE);
|
---|
| 2562 | if(rc) {
|
---|
| 2563 | if(strict)
|
---|
| 2564 | failf(data, "SSL: couldn't get X509-issuer name!");
|
---|
| 2565 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
| 2566 | }
|
---|
| 2567 | else {
|
---|
| 2568 | infof(data, "\t issuer: %s\n", buffer);
|
---|
| 2569 |
|
---|
| 2570 | /* We could do all sorts of certificate verification stuff here before
|
---|
| 2571 | deallocating the certificate. */
|
---|
| 2572 |
|
---|
| 2573 | /* e.g. match issuer name with provided issuer certificate */
|
---|
| 2574 | if(data->set.str[STRING_SSL_ISSUERCERT]) {
|
---|
| 2575 | fp = fopen(data->set.str[STRING_SSL_ISSUERCERT], FOPEN_READTEXT);
|
---|
| 2576 | if(!fp) {
|
---|
| 2577 | if(strict)
|
---|
| 2578 | failf(data, "SSL: Unable to open issuer cert (%s)",
|
---|
| 2579 | data->set.str[STRING_SSL_ISSUERCERT]);
|
---|
| 2580 | X509_free(connssl->server_cert);
|
---|
| 2581 | connssl->server_cert = NULL;
|
---|
| 2582 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 2583 | }
|
---|
| 2584 |
|
---|
| 2585 | issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
|
---|
| 2586 | if(!issuer) {
|
---|
| 2587 | if(strict)
|
---|
| 2588 | failf(data, "SSL: Unable to read issuer cert (%s)",
|
---|
| 2589 | data->set.str[STRING_SSL_ISSUERCERT]);
|
---|
| 2590 | X509_free(connssl->server_cert);
|
---|
| 2591 | X509_free(issuer);
|
---|
| 2592 | fclose(fp);
|
---|
| 2593 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 2594 | }
|
---|
| 2595 |
|
---|
| 2596 | fclose(fp);
|
---|
| 2597 |
|
---|
| 2598 | if(X509_check_issued(issuer, connssl->server_cert) != X509_V_OK) {
|
---|
| 2599 | if(strict)
|
---|
| 2600 | failf(data, "SSL: Certificate issuer check failed (%s)",
|
---|
| 2601 | data->set.str[STRING_SSL_ISSUERCERT]);
|
---|
| 2602 | X509_free(connssl->server_cert);
|
---|
| 2603 | X509_free(issuer);
|
---|
| 2604 | connssl->server_cert = NULL;
|
---|
| 2605 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 2606 | }
|
---|
| 2607 |
|
---|
| 2608 | infof(data, "\t SSL certificate issuer check ok (%s)\n",
|
---|
| 2609 | data->set.str[STRING_SSL_ISSUERCERT]);
|
---|
| 2610 | X509_free(issuer);
|
---|
| 2611 | }
|
---|
| 2612 |
|
---|
| 2613 | lerr = data->set.ssl.certverifyresult =
|
---|
| 2614 | SSL_get_verify_result(connssl->handle);
|
---|
| 2615 |
|
---|
| 2616 | if(data->set.ssl.certverifyresult != X509_V_OK) {
|
---|
| 2617 | if(data->set.ssl.verifypeer) {
|
---|
| 2618 | /* We probably never reach this, because SSL_connect() will fail
|
---|
| 2619 | and we return earlier if verifypeer is set? */
|
---|
| 2620 | if(strict)
|
---|
| 2621 | failf(data, "SSL certificate verify result: %s (%ld)",
|
---|
| 2622 | X509_verify_cert_error_string(lerr), lerr);
|
---|
| 2623 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 2624 | }
|
---|
| 2625 | else
|
---|
| 2626 | infof(data, "\t SSL certificate verify result: %s (%ld),"
|
---|
| 2627 | " continuing anyway.\n",
|
---|
| 2628 | X509_verify_cert_error_string(lerr), lerr);
|
---|
| 2629 | }
|
---|
| 2630 | else
|
---|
| 2631 | infof(data, "\t SSL certificate verify ok.\n");
|
---|
| 2632 | }
|
---|
| 2633 |
|
---|
| 2634 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 2635 | !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 2636 | if(data->set.ssl.verifystatus) {
|
---|
| 2637 | result = verifystatus(conn, connssl);
|
---|
| 2638 | if(result) {
|
---|
| 2639 | X509_free(connssl->server_cert);
|
---|
| 2640 | connssl->server_cert = NULL;
|
---|
| 2641 | return result;
|
---|
| 2642 | }
|
---|
| 2643 | }
|
---|
| 2644 | #endif
|
---|
| 2645 |
|
---|
| 2646 | if(!strict)
|
---|
| 2647 | /* when not strict, we don't bother about the verify cert problems */
|
---|
| 2648 | result = CURLE_OK;
|
---|
| 2649 |
|
---|
| 2650 | ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
|
---|
| 2651 | if(!result && ptr) {
|
---|
| 2652 | result = pkp_pin_peer_pubkey(data, connssl->server_cert, ptr);
|
---|
| 2653 | if(result)
|
---|
| 2654 | failf(data, "SSL: public key does not match pinned public key!");
|
---|
| 2655 | }
|
---|
| 2656 |
|
---|
| 2657 | X509_free(connssl->server_cert);
|
---|
| 2658 | connssl->server_cert = NULL;
|
---|
| 2659 | connssl->connecting_state = ssl_connect_done;
|
---|
| 2660 |
|
---|
| 2661 | return result;
|
---|
| 2662 | }
|
---|
| 2663 |
|
---|
| 2664 | static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
|
---|
| 2665 | {
|
---|
| 2666 | CURLcode result = CURLE_OK;
|
---|
| 2667 | void *old_ssl_sessionid = NULL;
|
---|
| 2668 | struct SessionHandle *data = conn->data;
|
---|
| 2669 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 2670 | bool incache;
|
---|
| 2671 | SSL_SESSION *our_ssl_sessionid;
|
---|
| 2672 |
|
---|
| 2673 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
---|
| 2674 |
|
---|
| 2675 | our_ssl_sessionid = SSL_get1_session(connssl->handle);
|
---|
| 2676 |
|
---|
| 2677 | /* SSL_get1_session() will increment the reference count and the session
|
---|
| 2678 | will stay in memory until explicitly freed with SSL_SESSION_free(3),
|
---|
| 2679 | regardless of its state. */
|
---|
| 2680 |
|
---|
| 2681 | incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
|
---|
| 2682 | if(incache) {
|
---|
| 2683 | if(old_ssl_sessionid != our_ssl_sessionid) {
|
---|
| 2684 | infof(data, "old SSL session ID is stale, removing\n");
|
---|
| 2685 | Curl_ssl_delsessionid(conn, old_ssl_sessionid);
|
---|
| 2686 | incache = FALSE;
|
---|
| 2687 | }
|
---|
| 2688 | }
|
---|
| 2689 |
|
---|
| 2690 | if(!incache) {
|
---|
| 2691 | result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
|
---|
| 2692 | 0 /* unknown size */);
|
---|
| 2693 | if(result) {
|
---|
| 2694 | failf(data, "failed to store ssl session");
|
---|
| 2695 | return result;
|
---|
| 2696 | }
|
---|
| 2697 | }
|
---|
| 2698 | else {
|
---|
| 2699 | /* Session was incache, so refcount already incremented earlier.
|
---|
| 2700 | * Avoid further increments with each SSL_get1_session() call.
|
---|
| 2701 | * This does not free the session as refcount remains > 0
|
---|
| 2702 | */
|
---|
| 2703 | SSL_SESSION_free(our_ssl_sessionid);
|
---|
| 2704 | }
|
---|
| 2705 |
|
---|
| 2706 | /*
|
---|
| 2707 | * We check certificates to authenticate the server; otherwise we risk
|
---|
| 2708 | * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
|
---|
| 2709 | * verify the peer ignore faults and failures from the server cert
|
---|
| 2710 | * operations.
|
---|
| 2711 | */
|
---|
| 2712 |
|
---|
| 2713 | result = servercert(conn, connssl,
|
---|
| 2714 | (data->set.ssl.verifypeer || data->set.ssl.verifyhost));
|
---|
| 2715 |
|
---|
| 2716 | if(!result)
|
---|
| 2717 | connssl->connecting_state = ssl_connect_done;
|
---|
| 2718 |
|
---|
| 2719 | return result;
|
---|
| 2720 | }
|
---|
| 2721 |
|
---|
| 2722 | static Curl_recv ossl_recv;
|
---|
| 2723 | static Curl_send ossl_send;
|
---|
| 2724 |
|
---|
| 2725 | static CURLcode ossl_connect_common(struct connectdata *conn,
|
---|
| 2726 | int sockindex,
|
---|
| 2727 | bool nonblocking,
|
---|
| 2728 | bool *done)
|
---|
| 2729 | {
|
---|
| 2730 | CURLcode result;
|
---|
| 2731 | struct SessionHandle *data = conn->data;
|
---|
| 2732 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 2733 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
| 2734 | long timeout_ms;
|
---|
| 2735 | int what;
|
---|
| 2736 |
|
---|
| 2737 | /* check if the connection has already been established */
|
---|
| 2738 | if(ssl_connection_complete == connssl->state) {
|
---|
| 2739 | *done = TRUE;
|
---|
| 2740 | return CURLE_OK;
|
---|
| 2741 | }
|
---|
| 2742 |
|
---|
| 2743 | if(ssl_connect_1 == connssl->connecting_state) {
|
---|
| 2744 | /* Find out how much more time we're allowed */
|
---|
| 2745 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
| 2746 |
|
---|
| 2747 | if(timeout_ms < 0) {
|
---|
| 2748 | /* no need to continue if time already is up */
|
---|
| 2749 | failf(data, "SSL connection timeout");
|
---|
| 2750 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 2751 | }
|
---|
| 2752 |
|
---|
| 2753 | result = ossl_connect_step1(conn, sockindex);
|
---|
| 2754 | if(result)
|
---|
| 2755 | return result;
|
---|
| 2756 | }
|
---|
| 2757 |
|
---|
| 2758 | while(ssl_connect_2 == connssl->connecting_state ||
|
---|
| 2759 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
| 2760 | ssl_connect_2_writing == connssl->connecting_state) {
|
---|
| 2761 |
|
---|
| 2762 | /* check allowed time left */
|
---|
| 2763 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
| 2764 |
|
---|
| 2765 | if(timeout_ms < 0) {
|
---|
| 2766 | /* no need to continue if time already is up */
|
---|
| 2767 | failf(data, "SSL connection timeout");
|
---|
| 2768 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 2769 | }
|
---|
| 2770 |
|
---|
| 2771 | /* if ssl is expecting something, check if it's available. */
|
---|
| 2772 | if(connssl->connecting_state == ssl_connect_2_reading ||
|
---|
| 2773 | connssl->connecting_state == ssl_connect_2_writing) {
|
---|
| 2774 |
|
---|
| 2775 | curl_socket_t writefd = ssl_connect_2_writing==
|
---|
| 2776 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
| 2777 | curl_socket_t readfd = ssl_connect_2_reading==
|
---|
| 2778 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
| 2779 |
|
---|
| 2780 | what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
|
---|
| 2781 | if(what < 0) {
|
---|
| 2782 | /* fatal error */
|
---|
| 2783 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
| 2784 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2785 | }
|
---|
| 2786 | else if(0 == what) {
|
---|
| 2787 | if(nonblocking) {
|
---|
| 2788 | *done = FALSE;
|
---|
| 2789 | return CURLE_OK;
|
---|
| 2790 | }
|
---|
| 2791 | else {
|
---|
| 2792 | /* timeout */
|
---|
| 2793 | failf(data, "SSL connection timeout");
|
---|
| 2794 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 2795 | }
|
---|
| 2796 | }
|
---|
| 2797 | /* socket is readable or writable */
|
---|
| 2798 | }
|
---|
| 2799 |
|
---|
| 2800 | /* Run transaction, and return to the caller if it failed or if this
|
---|
| 2801 | * connection is done nonblocking and this loop would execute again. This
|
---|
| 2802 | * permits the owner of a multi handle to abort a connection attempt
|
---|
| 2803 | * before step2 has completed while ensuring that a client using select()
|
---|
| 2804 | * or epoll() will always have a valid fdset to wait on.
|
---|
| 2805 | */
|
---|
| 2806 | result = ossl_connect_step2(conn, sockindex);
|
---|
| 2807 | if(result || (nonblocking &&
|
---|
| 2808 | (ssl_connect_2 == connssl->connecting_state ||
|
---|
| 2809 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
| 2810 | ssl_connect_2_writing == connssl->connecting_state)))
|
---|
| 2811 | return result;
|
---|
| 2812 |
|
---|
| 2813 | } /* repeat step2 until all transactions are done. */
|
---|
| 2814 |
|
---|
| 2815 | if(ssl_connect_3 == connssl->connecting_state) {
|
---|
| 2816 | result = ossl_connect_step3(conn, sockindex);
|
---|
| 2817 | if(result)
|
---|
| 2818 | return result;
|
---|
| 2819 | }
|
---|
| 2820 |
|
---|
| 2821 | if(ssl_connect_done == connssl->connecting_state) {
|
---|
| 2822 | connssl->state = ssl_connection_complete;
|
---|
| 2823 | conn->recv[sockindex] = ossl_recv;
|
---|
| 2824 | conn->send[sockindex] = ossl_send;
|
---|
| 2825 | *done = TRUE;
|
---|
| 2826 | }
|
---|
| 2827 | else
|
---|
| 2828 | *done = FALSE;
|
---|
| 2829 |
|
---|
| 2830 | /* Reset our connect state machine */
|
---|
| 2831 | connssl->connecting_state = ssl_connect_1;
|
---|
| 2832 |
|
---|
| 2833 | return CURLE_OK;
|
---|
| 2834 | }
|
---|
| 2835 |
|
---|
| 2836 | CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
|
---|
| 2837 | int sockindex,
|
---|
| 2838 | bool *done)
|
---|
| 2839 | {
|
---|
| 2840 | return ossl_connect_common(conn, sockindex, TRUE, done);
|
---|
| 2841 | }
|
---|
| 2842 |
|
---|
| 2843 | CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
|
---|
| 2844 | {
|
---|
| 2845 | CURLcode result;
|
---|
| 2846 | bool done = FALSE;
|
---|
| 2847 |
|
---|
| 2848 | result = ossl_connect_common(conn, sockindex, FALSE, &done);
|
---|
| 2849 | if(result)
|
---|
| 2850 | return result;
|
---|
| 2851 |
|
---|
| 2852 | DEBUGASSERT(done);
|
---|
| 2853 |
|
---|
| 2854 | return CURLE_OK;
|
---|
| 2855 | }
|
---|
| 2856 |
|
---|
| 2857 | bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
|
---|
| 2858 | {
|
---|
| 2859 | if(conn->ssl[connindex].handle)
|
---|
| 2860 | /* SSL is in use */
|
---|
| 2861 | return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
|
---|
| 2862 | else
|
---|
| 2863 | return FALSE;
|
---|
| 2864 | }
|
---|
| 2865 |
|
---|
| 2866 | static ssize_t ossl_send(struct connectdata *conn,
|
---|
| 2867 | int sockindex,
|
---|
| 2868 | const void *mem,
|
---|
| 2869 | size_t len,
|
---|
| 2870 | CURLcode *curlcode)
|
---|
| 2871 | {
|
---|
| 2872 | /* SSL_write() is said to return 'int' while write() and send() returns
|
---|
| 2873 | 'size_t' */
|
---|
| 2874 | int err;
|
---|
| 2875 | char error_buffer[120]; /* OpenSSL documents that this must be at least 120
|
---|
| 2876 | bytes long. */
|
---|
| 2877 | unsigned long sslerror;
|
---|
| 2878 | int memlen;
|
---|
| 2879 | int rc;
|
---|
| 2880 |
|
---|
| 2881 | ERR_clear_error();
|
---|
| 2882 |
|
---|
| 2883 | memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
|
---|
| 2884 | rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
|
---|
| 2885 |
|
---|
| 2886 | if(rc <= 0) {
|
---|
| 2887 | err = SSL_get_error(conn->ssl[sockindex].handle, rc);
|
---|
| 2888 |
|
---|
| 2889 | switch(err) {
|
---|
| 2890 | case SSL_ERROR_WANT_READ:
|
---|
| 2891 | case SSL_ERROR_WANT_WRITE:
|
---|
| 2892 | /* The operation did not complete; the same TLS/SSL I/O function
|
---|
| 2893 | should be called again later. This is basically an EWOULDBLOCK
|
---|
| 2894 | equivalent. */
|
---|
| 2895 | *curlcode = CURLE_AGAIN;
|
---|
| 2896 | return -1;
|
---|
| 2897 | case SSL_ERROR_SYSCALL:
|
---|
| 2898 | failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
|
---|
| 2899 | SOCKERRNO);
|
---|
| 2900 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 2901 | return -1;
|
---|
| 2902 | case SSL_ERROR_SSL:
|
---|
| 2903 | /* A failure in the SSL library occurred, usually a protocol error.
|
---|
| 2904 | The OpenSSL error queue contains more information on the error. */
|
---|
| 2905 | sslerror = ERR_get_error();
|
---|
| 2906 | failf(conn->data, "SSL_write() error: %s",
|
---|
| 2907 | ERR_error_string(sslerror, error_buffer));
|
---|
| 2908 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 2909 | return -1;
|
---|
| 2910 | }
|
---|
| 2911 | /* a true error */
|
---|
| 2912 | failf(conn->data, "SSL_write() return error %d", err);
|
---|
| 2913 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 2914 | return -1;
|
---|
| 2915 | }
|
---|
| 2916 | *curlcode = CURLE_OK;
|
---|
| 2917 | return (ssize_t)rc; /* number of bytes */
|
---|
| 2918 | }
|
---|
| 2919 |
|
---|
| 2920 | static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
|
---|
| 2921 | int num, /* socketindex */
|
---|
| 2922 | char *buf, /* store read data here */
|
---|
| 2923 | size_t buffersize, /* max amount to read */
|
---|
| 2924 | CURLcode *curlcode)
|
---|
| 2925 | {
|
---|
| 2926 | char error_buffer[120]; /* OpenSSL documents that this must be at
|
---|
| 2927 | least 120 bytes long. */
|
---|
| 2928 | unsigned long sslerror;
|
---|
| 2929 | ssize_t nread;
|
---|
| 2930 | int buffsize;
|
---|
| 2931 |
|
---|
| 2932 | ERR_clear_error();
|
---|
| 2933 |
|
---|
| 2934 | buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
|
---|
| 2935 | nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
|
---|
| 2936 | if(nread <= 0) {
|
---|
| 2937 | /* failed SSL_read */
|
---|
| 2938 | int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
|
---|
| 2939 |
|
---|
| 2940 | switch(err) {
|
---|
| 2941 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
| 2942 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
| 2943 | break;
|
---|
| 2944 | case SSL_ERROR_WANT_READ:
|
---|
| 2945 | case SSL_ERROR_WANT_WRITE:
|
---|
| 2946 | /* there's data pending, re-invoke SSL_read() */
|
---|
| 2947 | *curlcode = CURLE_AGAIN;
|
---|
| 2948 | return -1;
|
---|
| 2949 | default:
|
---|
| 2950 | /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
|
---|
| 2951 | value/errno" */
|
---|
| 2952 | /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
|
---|
| 2953 | sslerror = ERR_get_error();
|
---|
| 2954 | if((nread < 0) || sslerror) {
|
---|
| 2955 | /* If the return code was negative or there actually is an error in the
|
---|
| 2956 | queue */
|
---|
| 2957 | failf(conn->data, "SSL read: %s, errno %d",
|
---|
| 2958 | ERR_error_string(sslerror, error_buffer),
|
---|
| 2959 | SOCKERRNO);
|
---|
| 2960 | *curlcode = CURLE_RECV_ERROR;
|
---|
| 2961 | return -1;
|
---|
| 2962 | }
|
---|
| 2963 | }
|
---|
| 2964 | }
|
---|
| 2965 | return nread;
|
---|
| 2966 | }
|
---|
| 2967 |
|
---|
| 2968 | size_t Curl_ossl_version(char *buffer, size_t size)
|
---|
| 2969 | {
|
---|
| 2970 | #ifdef OPENSSL_IS_BORINGSSL
|
---|
| 2971 | return snprintf(buffer, size, "BoringSSL");
|
---|
| 2972 | #else /* OPENSSL_IS_BORINGSSL */
|
---|
| 2973 | char sub[3];
|
---|
| 2974 | unsigned long ssleay_value;
|
---|
| 2975 | sub[2]='\0';
|
---|
| 2976 | sub[1]='\0';
|
---|
| 2977 | ssleay_value=SSLeay();
|
---|
| 2978 | if(ssleay_value < 0x906000) {
|
---|
| 2979 | ssleay_value=SSLEAY_VERSION_NUMBER;
|
---|
| 2980 | sub[0]='\0';
|
---|
| 2981 | }
|
---|
| 2982 | else {
|
---|
| 2983 | if(ssleay_value&0xff0) {
|
---|
| 2984 | int minor_ver = (ssleay_value >> 4) & 0xff;
|
---|
| 2985 | if(minor_ver > 26) {
|
---|
| 2986 | /* handle extended version introduced for 0.9.8za */
|
---|
| 2987 | sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
|
---|
| 2988 | sub[0] = 'z';
|
---|
| 2989 | }
|
---|
| 2990 | else {
|
---|
| 2991 | sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
|
---|
| 2992 | }
|
---|
| 2993 | }
|
---|
| 2994 | else
|
---|
| 2995 | sub[0]='\0';
|
---|
| 2996 | }
|
---|
| 2997 |
|
---|
| 2998 | return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
|
---|
| 2999 | #ifdef LIBRESSL_VERSION_NUMBER
|
---|
| 3000 | "LibreSSL"
|
---|
| 3001 | #else
|
---|
| 3002 | "OpenSSL"
|
---|
| 3003 | #endif
|
---|
| 3004 | , (ssleay_value>>28)&0xf,
|
---|
| 3005 | (ssleay_value>>20)&0xff,
|
---|
| 3006 | (ssleay_value>>12)&0xff,
|
---|
| 3007 | sub);
|
---|
| 3008 | #endif /* OPENSSL_IS_BORINGSSL */
|
---|
| 3009 | }
|
---|
| 3010 |
|
---|
| 3011 | /* can be called with data == NULL */
|
---|
| 3012 | int Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
|
---|
| 3013 | size_t length)
|
---|
| 3014 | {
|
---|
| 3015 | if(data) {
|
---|
| 3016 | Curl_ossl_seed(data); /* Initiate the seed if not already done */
|
---|
| 3017 | }
|
---|
| 3018 | RAND_bytes(entropy, curlx_uztosi(length));
|
---|
| 3019 | return 0; /* 0 as in no problem */
|
---|
| 3020 | }
|
---|
| 3021 |
|
---|
| 3022 | void Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
---|
| 3023 | size_t tmplen,
|
---|
| 3024 | unsigned char *md5sum /* output */,
|
---|
| 3025 | size_t unused)
|
---|
| 3026 | {
|
---|
| 3027 | MD5_CTX MD5pw;
|
---|
| 3028 | (void)unused;
|
---|
| 3029 | MD5_Init(&MD5pw);
|
---|
| 3030 | MD5_Update(&MD5pw, tmp, tmplen);
|
---|
| 3031 | MD5_Final(md5sum, &MD5pw);
|
---|
| 3032 | }
|
---|
| 3033 |
|
---|
| 3034 | #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
---|
| 3035 | void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
---|
| 3036 | size_t tmplen,
|
---|
| 3037 | unsigned char *sha256sum /* output */,
|
---|
| 3038 | size_t unused)
|
---|
| 3039 | {
|
---|
| 3040 | SHA256_CTX SHA256pw;
|
---|
| 3041 | (void)unused;
|
---|
| 3042 | SHA256_Init(&SHA256pw);
|
---|
| 3043 | SHA256_Update(&SHA256pw, tmp, tmplen);
|
---|
| 3044 | SHA256_Final(sha256sum, &SHA256pw);
|
---|
| 3045 | }
|
---|
| 3046 | #endif
|
---|
| 3047 |
|
---|
| 3048 | bool Curl_ossl_cert_status_request(void)
|
---|
| 3049 | {
|
---|
| 3050 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 3051 | !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 3052 | return TRUE;
|
---|
| 3053 | #else
|
---|
| 3054 | return FALSE;
|
---|
| 3055 | #endif
|
---|
| 3056 | }
|
---|
| 3057 | #endif /* USE_OPENSSL */
|
---|