1 | /***************************************************************************
|
---|
2 | * _ _ ____ _
|
---|
3 | * Project ___| | | | _ \| |
|
---|
4 | * / __| | | | |_) | |
|
---|
5 | * | (__| |_| | _ <| |___
|
---|
6 | * \___|\___/|_| \_\_____|
|
---|
7 | *
|
---|
8 | * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
9 | *
|
---|
10 | * This software is licensed as described in the file COPYING, which
|
---|
11 | * you should have received as part of this distribution. The terms
|
---|
12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
13 | *
|
---|
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
15 | * copies of the Software, and permit persons to whom the Software is
|
---|
16 | * furnished to do so, under the terms of the COPYING file.
|
---|
17 | *
|
---|
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
19 | * KIND, either express or implied.
|
---|
20 | *
|
---|
21 | ***************************************************************************/
|
---|
22 |
|
---|
23 | /*
|
---|
24 | * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
|
---|
25 | * but vtls.c should ever call or use these functions.
|
---|
26 | */
|
---|
27 |
|
---|
28 | /*
|
---|
29 | * The original SSLeay-using code for curl was written by Linas Vepstas and
|
---|
30 | * Sampo Kellomaki 1998.
|
---|
31 | */
|
---|
32 |
|
---|
33 | #include "curl_setup.h"
|
---|
34 |
|
---|
35 | #ifdef USE_OPENSSL
|
---|
36 |
|
---|
37 | #ifdef HAVE_LIMITS_H
|
---|
38 | #include <limits.h>
|
---|
39 | #endif
|
---|
40 |
|
---|
41 | #include "urldata.h"
|
---|
42 | #include "sendf.h"
|
---|
43 | #include "formdata.h" /* for the boundary function */
|
---|
44 | #include "url.h" /* for the ssl config check function */
|
---|
45 | #include "inet_pton.h"
|
---|
46 | #include "openssl.h"
|
---|
47 | #include "connect.h"
|
---|
48 | #include "slist.h"
|
---|
49 | #include "select.h"
|
---|
50 | #include "vtls.h"
|
---|
51 | #include "strcase.h"
|
---|
52 | #include "hostcheck.h"
|
---|
53 | #include "curl_printf.h"
|
---|
54 | #include <openssl/ssl.h>
|
---|
55 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
56 | #include <openssl/engine.h>
|
---|
57 | #endif
|
---|
58 | #include <openssl/rand.h>
|
---|
59 | #include <openssl/x509v3.h>
|
---|
60 | #ifndef OPENSSL_NO_DSA
|
---|
61 | #include <openssl/dsa.h>
|
---|
62 | #endif
|
---|
63 | #include <openssl/dh.h>
|
---|
64 | #include <openssl/err.h>
|
---|
65 | #include <openssl/md5.h>
|
---|
66 | #include <openssl/conf.h>
|
---|
67 | #include <openssl/bn.h>
|
---|
68 | #include <openssl/rsa.h>
|
---|
69 | #include <openssl/bio.h>
|
---|
70 | #include <openssl/buffer.h>
|
---|
71 |
|
---|
72 | #ifndef OPENSSL_IS_BORINGSSL
|
---|
73 | /* BoringSSL does not support PKCS12 */
|
---|
74 | #define HAVE_PKCS12_SUPPORT 1
|
---|
75 | #include <openssl/pkcs12.h>
|
---|
76 | #endif
|
---|
77 |
|
---|
78 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
|
---|
79 | #include <openssl/ocsp.h>
|
---|
80 | #endif
|
---|
81 |
|
---|
82 | #include "warnless.h"
|
---|
83 | #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
---|
84 |
|
---|
85 | /* The last #include files should be: */
|
---|
86 | #include "curl_memory.h"
|
---|
87 | #include "memdebug.h"
|
---|
88 |
|
---|
89 | #ifndef OPENSSL_VERSION_NUMBER
|
---|
90 | #error "OPENSSL_VERSION_NUMBER not defined"
|
---|
91 | #endif
|
---|
92 |
|
---|
93 | #if defined(HAVE_OPENSSL_ENGINE_H)
|
---|
94 | #include <openssl/ui.h>
|
---|
95 | #endif
|
---|
96 |
|
---|
97 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
98 | #define SSL_METHOD_QUAL const
|
---|
99 | #else
|
---|
100 | #define SSL_METHOD_QUAL
|
---|
101 | #endif
|
---|
102 |
|
---|
103 | #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
---|
104 | #define HAVE_ERR_REMOVE_THREAD_STATE 1
|
---|
105 | #endif
|
---|
106 |
|
---|
107 | #if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
|
---|
108 | OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
|
---|
109 | #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
|
---|
110 | #define OPENSSL_NO_SSL2
|
---|
111 | #endif
|
---|
112 |
|
---|
113 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
|
---|
114 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
115 | #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
---|
116 | #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
|
---|
117 | #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
|
---|
118 | #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
|
---|
119 | #define CONST_EXTS const
|
---|
120 | #define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
|
---|
121 | #else
|
---|
122 | /* For OpenSSL before 1.1.0 */
|
---|
123 | #define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
|
---|
124 | #define X509_get0_notBefore(x) X509_get_notBefore(x)
|
---|
125 | #define X509_get0_notAfter(x) X509_get_notAfter(x)
|
---|
126 | #define CONST_EXTS /* nope */
|
---|
127 | #ifdef LIBRESSL_VERSION_NUMBER
|
---|
128 | static unsigned long OpenSSL_version_num(void)
|
---|
129 | {
|
---|
130 | return LIBRESSL_VERSION_NUMBER;
|
---|
131 | }
|
---|
132 | #else
|
---|
133 | #define OpenSSL_version_num() SSLeay()
|
---|
134 | #endif
|
---|
135 | #endif
|
---|
136 |
|
---|
137 | #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
|
---|
138 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
139 | #define HAVE_X509_GET0_SIGNATURE 1
|
---|
140 | #endif
|
---|
141 |
|
---|
142 | #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
|
---|
143 | OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
|
---|
144 | !defined(OPENSSL_NO_COMP)
|
---|
145 | #define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
|
---|
146 | #endif
|
---|
147 |
|
---|
148 | #if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
|
---|
149 | /* not present in older OpenSSL */
|
---|
150 | #define OPENSSL_load_builtin_modules(x)
|
---|
151 | #endif
|
---|
152 |
|
---|
153 | /*
|
---|
154 | * Whether SSL_CTX_set_keylog_callback is available.
|
---|
155 | * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
|
---|
156 | * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
|
---|
157 | * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
|
---|
158 | * lies and pretends to be OpenSSL 2.0.0).
|
---|
159 | */
|
---|
160 | #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
---|
161 | !defined(LIBRESSL_VERSION_NUMBER)) || \
|
---|
162 | defined(OPENSSL_IS_BORINGSSL)
|
---|
163 | #define HAVE_KEYLOG_CALLBACK
|
---|
164 | #endif
|
---|
165 |
|
---|
166 | #if defined(LIBRESSL_VERSION_NUMBER)
|
---|
167 | #define OSSL_PACKAGE "LibreSSL"
|
---|
168 | #elif defined(OPENSSL_IS_BORINGSSL)
|
---|
169 | #define OSSL_PACKAGE "BoringSSL"
|
---|
170 | #else
|
---|
171 | #define OSSL_PACKAGE "OpenSSL"
|
---|
172 | #endif
|
---|
173 |
|
---|
174 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
---|
175 | /* up2date versions of OpenSSL maintain the default reasonably secure without
|
---|
176 | * breaking compatibility, so it is better not to override the default by curl
|
---|
177 | */
|
---|
178 | #define DEFAULT_CIPHER_SELECTION NULL
|
---|
179 | #else
|
---|
180 | /* ... but it is not the case with old versions of OpenSSL */
|
---|
181 | #define DEFAULT_CIPHER_SELECTION \
|
---|
182 | "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
---|
183 | #endif
|
---|
184 |
|
---|
185 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
186 | typedef struct ssl_tap_state {
|
---|
187 | int master_key_length;
|
---|
188 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
---|
189 | unsigned char client_random[SSL3_RANDOM_SIZE];
|
---|
190 | } ssl_tap_state_t;
|
---|
191 | #endif /* ENABLE_SSLKEYLOGFILE */
|
---|
192 |
|
---|
193 | struct ssl_backend_data {
|
---|
194 | /* these ones requires specific SSL-types */
|
---|
195 | SSL_CTX* ctx;
|
---|
196 | SSL* handle;
|
---|
197 | X509* server_cert;
|
---|
198 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
199 | /* tap_state holds the last seen master key if we're logging them */
|
---|
200 | ssl_tap_state_t tap_state;
|
---|
201 | #endif
|
---|
202 | };
|
---|
203 |
|
---|
204 | #define BACKEND connssl->backend
|
---|
205 |
|
---|
206 | /*
|
---|
207 | * Number of bytes to read from the random number seed file. This must be
|
---|
208 | * a finite value (because some entropy "files" like /dev/urandom have
|
---|
209 | * an infinite length), but must be large enough to provide enough
|
---|
210 | * entropy to properly seed OpenSSL's PRNG.
|
---|
211 | */
|
---|
212 | #define RAND_LOAD_LENGTH 1024
|
---|
213 |
|
---|
214 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
215 | /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
|
---|
216 | static FILE *keylog_file_fp;
|
---|
217 |
|
---|
218 | #ifdef HAVE_KEYLOG_CALLBACK
|
---|
219 | static void ossl_keylog_callback(const SSL *ssl, const char *line)
|
---|
220 | {
|
---|
221 | (void)ssl;
|
---|
222 |
|
---|
223 | /* Using fputs here instead of fprintf since libcurl's fprintf replacement
|
---|
224 | may not be thread-safe. */
|
---|
225 | if(keylog_file_fp && line && *line) {
|
---|
226 | char stackbuf[256];
|
---|
227 | char *buf;
|
---|
228 | size_t linelen = strlen(line);
|
---|
229 |
|
---|
230 | if(linelen <= sizeof(stackbuf) - 2)
|
---|
231 | buf = stackbuf;
|
---|
232 | else {
|
---|
233 | buf = malloc(linelen + 2);
|
---|
234 | if(!buf)
|
---|
235 | return;
|
---|
236 | }
|
---|
237 | strncpy(buf, line, linelen);
|
---|
238 | buf[linelen] = '\n';
|
---|
239 | buf[linelen + 1] = '\0';
|
---|
240 |
|
---|
241 | fputs(buf, keylog_file_fp);
|
---|
242 | if(buf != stackbuf)
|
---|
243 | free(buf);
|
---|
244 | }
|
---|
245 | }
|
---|
246 | #else
|
---|
247 | #define KEYLOG_PREFIX "CLIENT_RANDOM "
|
---|
248 | #define KEYLOG_PREFIX_LEN (sizeof(KEYLOG_PREFIX) - 1)
|
---|
249 | /*
|
---|
250 | * tap_ssl_key is called by libcurl to make the CLIENT_RANDOMs if the OpenSSL
|
---|
251 | * being used doesn't have native support for doing that.
|
---|
252 | */
|
---|
253 | static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
|
---|
254 | {
|
---|
255 | const char *hex = "0123456789ABCDEF";
|
---|
256 | int pos, i;
|
---|
257 | char line[KEYLOG_PREFIX_LEN + 2 * SSL3_RANDOM_SIZE + 1 +
|
---|
258 | 2 * SSL_MAX_MASTER_KEY_LENGTH + 1 + 1];
|
---|
259 | const SSL_SESSION *session = SSL_get_session(ssl);
|
---|
260 | unsigned char client_random[SSL3_RANDOM_SIZE];
|
---|
261 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
---|
262 | int master_key_length = 0;
|
---|
263 |
|
---|
264 | if(!session || !keylog_file_fp)
|
---|
265 | return;
|
---|
266 |
|
---|
267 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
---|
268 | /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
|
---|
269 | * we have a valid SSL context if we have a non-NULL session. */
|
---|
270 | SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
|
---|
271 | master_key_length =
|
---|
272 | SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
|
---|
273 | #else
|
---|
274 | if(ssl->s3 && session->master_key_length > 0) {
|
---|
275 | master_key_length = session->master_key_length;
|
---|
276 | memcpy(master_key, session->master_key, session->master_key_length);
|
---|
277 | memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
|
---|
278 | }
|
---|
279 | #endif
|
---|
280 |
|
---|
281 | if(master_key_length <= 0)
|
---|
282 | return;
|
---|
283 |
|
---|
284 | /* Skip writing keys if there is no key or it did not change. */
|
---|
285 | if(state->master_key_length == master_key_length &&
|
---|
286 | !memcmp(state->master_key, master_key, master_key_length) &&
|
---|
287 | !memcmp(state->client_random, client_random, SSL3_RANDOM_SIZE)) {
|
---|
288 | return;
|
---|
289 | }
|
---|
290 |
|
---|
291 | state->master_key_length = master_key_length;
|
---|
292 | memcpy(state->master_key, master_key, master_key_length);
|
---|
293 | memcpy(state->client_random, client_random, SSL3_RANDOM_SIZE);
|
---|
294 |
|
---|
295 | memcpy(line, KEYLOG_PREFIX, KEYLOG_PREFIX_LEN);
|
---|
296 | pos = KEYLOG_PREFIX_LEN;
|
---|
297 |
|
---|
298 | /* Client Random for SSLv3/TLS */
|
---|
299 | for(i = 0; i < SSL3_RANDOM_SIZE; i++) {
|
---|
300 | line[pos++] = hex[client_random[i] >> 4];
|
---|
301 | line[pos++] = hex[client_random[i] & 0xF];
|
---|
302 | }
|
---|
303 | line[pos++] = ' ';
|
---|
304 |
|
---|
305 | /* Master Secret (size is at most SSL_MAX_MASTER_KEY_LENGTH) */
|
---|
306 | for(i = 0; i < master_key_length; i++) {
|
---|
307 | line[pos++] = hex[master_key[i] >> 4];
|
---|
308 | line[pos++] = hex[master_key[i] & 0xF];
|
---|
309 | }
|
---|
310 | line[pos++] = '\n';
|
---|
311 | line[pos] = '\0';
|
---|
312 |
|
---|
313 | /* Using fputs here instead of fprintf since libcurl's fprintf replacement
|
---|
314 | may not be thread-safe. */
|
---|
315 | fputs(line, keylog_file_fp);
|
---|
316 | }
|
---|
317 | #endif /* !HAVE_KEYLOG_CALLBACK */
|
---|
318 | #endif /* ENABLE_SSLKEYLOGFILE */
|
---|
319 |
|
---|
320 | static const char *SSL_ERROR_to_str(int err)
|
---|
321 | {
|
---|
322 | switch(err) {
|
---|
323 | case SSL_ERROR_NONE:
|
---|
324 | return "SSL_ERROR_NONE";
|
---|
325 | case SSL_ERROR_SSL:
|
---|
326 | return "SSL_ERROR_SSL";
|
---|
327 | case SSL_ERROR_WANT_READ:
|
---|
328 | return "SSL_ERROR_WANT_READ";
|
---|
329 | case SSL_ERROR_WANT_WRITE:
|
---|
330 | return "SSL_ERROR_WANT_WRITE";
|
---|
331 | case SSL_ERROR_WANT_X509_LOOKUP:
|
---|
332 | return "SSL_ERROR_WANT_X509_LOOKUP";
|
---|
333 | case SSL_ERROR_SYSCALL:
|
---|
334 | return "SSL_ERROR_SYSCALL";
|
---|
335 | case SSL_ERROR_ZERO_RETURN:
|
---|
336 | return "SSL_ERROR_ZERO_RETURN";
|
---|
337 | case SSL_ERROR_WANT_CONNECT:
|
---|
338 | return "SSL_ERROR_WANT_CONNECT";
|
---|
339 | case SSL_ERROR_WANT_ACCEPT:
|
---|
340 | return "SSL_ERROR_WANT_ACCEPT";
|
---|
341 | #if defined(SSL_ERROR_WANT_ASYNC)
|
---|
342 | case SSL_ERROR_WANT_ASYNC:
|
---|
343 | return "SSL_ERROR_WANT_ASYNC";
|
---|
344 | #endif
|
---|
345 | #if defined(SSL_ERROR_WANT_ASYNC_JOB)
|
---|
346 | case SSL_ERROR_WANT_ASYNC_JOB:
|
---|
347 | return "SSL_ERROR_WANT_ASYNC_JOB";
|
---|
348 | #endif
|
---|
349 | #if defined(SSL_ERROR_WANT_EARLY)
|
---|
350 | case SSL_ERROR_WANT_EARLY:
|
---|
351 | return "SSL_ERROR_WANT_EARLY";
|
---|
352 | #endif
|
---|
353 | default:
|
---|
354 | return "SSL_ERROR unknown";
|
---|
355 | }
|
---|
356 | }
|
---|
357 |
|
---|
358 | /* Return error string for last OpenSSL error
|
---|
359 | */
|
---|
360 | static char *ossl_strerror(unsigned long error, char *buf, size_t size)
|
---|
361 | {
|
---|
362 | ERR_error_string_n(error, buf, size);
|
---|
363 | return buf;
|
---|
364 | }
|
---|
365 |
|
---|
366 | static int passwd_callback(char *buf, int num, int encrypting,
|
---|
367 | void *global_passwd)
|
---|
368 | {
|
---|
369 | DEBUGASSERT(0 == encrypting);
|
---|
370 |
|
---|
371 | if(!encrypting) {
|
---|
372 | int klen = curlx_uztosi(strlen((char *)global_passwd));
|
---|
373 | if(num > klen) {
|
---|
374 | memcpy(buf, global_passwd, klen + 1);
|
---|
375 | return klen;
|
---|
376 | }
|
---|
377 | }
|
---|
378 | return 0;
|
---|
379 | }
|
---|
380 |
|
---|
381 | /*
|
---|
382 | * rand_enough() returns TRUE if we have seeded the random engine properly.
|
---|
383 | */
|
---|
384 | static bool rand_enough(void)
|
---|
385 | {
|
---|
386 | return (0 != RAND_status()) ? TRUE : FALSE;
|
---|
387 | }
|
---|
388 |
|
---|
389 | static CURLcode Curl_ossl_seed(struct Curl_easy *data)
|
---|
390 | {
|
---|
391 | /* we have the "SSL is seeded" boolean static to prevent multiple
|
---|
392 | time-consuming seedings in vain */
|
---|
393 | static bool ssl_seeded = FALSE;
|
---|
394 | char fname[256];
|
---|
395 |
|
---|
396 | if(ssl_seeded)
|
---|
397 | return CURLE_OK;
|
---|
398 |
|
---|
399 | if(rand_enough()) {
|
---|
400 | /* OpenSSL 1.1.0+ will return here */
|
---|
401 | ssl_seeded = TRUE;
|
---|
402 | return CURLE_OK;
|
---|
403 | }
|
---|
404 |
|
---|
405 | #ifndef RANDOM_FILE
|
---|
406 | /* if RANDOM_FILE isn't defined, we only perform this if an option tells
|
---|
407 | us to! */
|
---|
408 | if(data->set.str[STRING_SSL_RANDOM_FILE])
|
---|
409 | #define RANDOM_FILE "" /* doesn't matter won't be used */
|
---|
410 | #endif
|
---|
411 | {
|
---|
412 | /* let the option override the define */
|
---|
413 | RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
|
---|
414 | data->set.str[STRING_SSL_RANDOM_FILE]:
|
---|
415 | RANDOM_FILE),
|
---|
416 | RAND_LOAD_LENGTH);
|
---|
417 | if(rand_enough())
|
---|
418 | return CURLE_OK;
|
---|
419 | }
|
---|
420 |
|
---|
421 | #if defined(HAVE_RAND_EGD)
|
---|
422 | /* only available in OpenSSL 0.9.5 and later */
|
---|
423 | /* EGD_SOCKET is set at configure time or not at all */
|
---|
424 | #ifndef EGD_SOCKET
|
---|
425 | /* If we don't have the define set, we only do this if the egd-option
|
---|
426 | is set */
|
---|
427 | if(data->set.str[STRING_SSL_EGDSOCKET])
|
---|
428 | #define EGD_SOCKET "" /* doesn't matter won't be used */
|
---|
429 | #endif
|
---|
430 | {
|
---|
431 | /* If there's an option and a define, the option overrides the
|
---|
432 | define */
|
---|
433 | int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
|
---|
434 | data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
|
---|
435 | if(-1 != ret) {
|
---|
436 | if(rand_enough())
|
---|
437 | return CURLE_OK;
|
---|
438 | }
|
---|
439 | }
|
---|
440 | #endif
|
---|
441 |
|
---|
442 | /* fallback to a custom seeding of the PRNG using a hash based on a current
|
---|
443 | time */
|
---|
444 | do {
|
---|
445 | unsigned char randb[64];
|
---|
446 | size_t len = sizeof(randb);
|
---|
447 | size_t i, i_max;
|
---|
448 | for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
|
---|
449 | struct curltime tv = Curl_now();
|
---|
450 | Curl_wait_ms(1);
|
---|
451 | tv.tv_sec *= i + 1;
|
---|
452 | tv.tv_usec *= (unsigned int)i + 2;
|
---|
453 | tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
|
---|
454 | (i + 3)) << 8;
|
---|
455 | tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
|
---|
456 | Curl_now().tv_usec) *
|
---|
457 | (i + 4)) << 16;
|
---|
458 | memcpy(&randb[i * sizeof(struct curltime)], &tv,
|
---|
459 | sizeof(struct curltime));
|
---|
460 | }
|
---|
461 | RAND_add(randb, (int)len, (double)len/2);
|
---|
462 | } while(!rand_enough());
|
---|
463 |
|
---|
464 | /* generates a default path for the random seed file */
|
---|
465 | fname[0] = 0; /* blank it first */
|
---|
466 | RAND_file_name(fname, sizeof(fname));
|
---|
467 | if(fname[0]) {
|
---|
468 | /* we got a file name to try */
|
---|
469 | RAND_load_file(fname, RAND_LOAD_LENGTH);
|
---|
470 | if(rand_enough())
|
---|
471 | return CURLE_OK;
|
---|
472 | }
|
---|
473 |
|
---|
474 | infof(data, "libcurl is now using a weak random seed!\n");
|
---|
475 | return (rand_enough() ? CURLE_OK :
|
---|
476 | CURLE_SSL_CONNECT_ERROR /* confusing error code */);
|
---|
477 | }
|
---|
478 |
|
---|
479 | #ifndef SSL_FILETYPE_ENGINE
|
---|
480 | #define SSL_FILETYPE_ENGINE 42
|
---|
481 | #endif
|
---|
482 | #ifndef SSL_FILETYPE_PKCS12
|
---|
483 | #define SSL_FILETYPE_PKCS12 43
|
---|
484 | #endif
|
---|
485 | static int do_file_type(const char *type)
|
---|
486 | {
|
---|
487 | if(!type || !type[0])
|
---|
488 | return SSL_FILETYPE_PEM;
|
---|
489 | if(strcasecompare(type, "PEM"))
|
---|
490 | return SSL_FILETYPE_PEM;
|
---|
491 | if(strcasecompare(type, "DER"))
|
---|
492 | return SSL_FILETYPE_ASN1;
|
---|
493 | if(strcasecompare(type, "ENG"))
|
---|
494 | return SSL_FILETYPE_ENGINE;
|
---|
495 | if(strcasecompare(type, "P12"))
|
---|
496 | return SSL_FILETYPE_PKCS12;
|
---|
497 | return -1;
|
---|
498 | }
|
---|
499 |
|
---|
500 | #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_UI)
|
---|
501 | /*
|
---|
502 | * Supply default password to the engine user interface conversation.
|
---|
503 | * The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
---|
504 | * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
|
---|
505 | */
|
---|
506 | static int ssl_ui_reader(UI *ui, UI_STRING *uis)
|
---|
507 | {
|
---|
508 | const char *password;
|
---|
509 | switch(UI_get_string_type(uis)) {
|
---|
510 | case UIT_PROMPT:
|
---|
511 | case UIT_VERIFY:
|
---|
512 | password = (const char *)UI_get0_user_data(ui);
|
---|
513 | if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
514 | UI_set_result(ui, uis, password);
|
---|
515 | return 1;
|
---|
516 | }
|
---|
517 | default:
|
---|
518 | break;
|
---|
519 | }
|
---|
520 | return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
|
---|
521 | }
|
---|
522 |
|
---|
523 | /*
|
---|
524 | * Suppress interactive request for a default password if available.
|
---|
525 | */
|
---|
526 | static int ssl_ui_writer(UI *ui, UI_STRING *uis)
|
---|
527 | {
|
---|
528 | switch(UI_get_string_type(uis)) {
|
---|
529 | case UIT_PROMPT:
|
---|
530 | case UIT_VERIFY:
|
---|
531 | if(UI_get0_user_data(ui) &&
|
---|
532 | (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
533 | return 1;
|
---|
534 | }
|
---|
535 | default:
|
---|
536 | break;
|
---|
537 | }
|
---|
538 | return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
|
---|
539 | }
|
---|
540 | #endif
|
---|
541 |
|
---|
542 | static
|
---|
543 | int cert_stuff(struct connectdata *conn,
|
---|
544 | SSL_CTX* ctx,
|
---|
545 | char *cert_file,
|
---|
546 | const char *cert_type,
|
---|
547 | char *key_file,
|
---|
548 | const char *key_type,
|
---|
549 | char *key_passwd)
|
---|
550 | {
|
---|
551 | struct Curl_easy *data = conn->data;
|
---|
552 | char error_buffer[256];
|
---|
553 | bool check_privkey = TRUE;
|
---|
554 |
|
---|
555 | int file_type = do_file_type(cert_type);
|
---|
556 |
|
---|
557 | if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
|
---|
558 | SSL *ssl;
|
---|
559 | X509 *x509;
|
---|
560 | int cert_done = 0;
|
---|
561 |
|
---|
562 | if(key_passwd) {
|
---|
563 | /* set the password in the callback userdata */
|
---|
564 | SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
|
---|
565 | /* Set passwd callback: */
|
---|
566 | SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
|
---|
567 | }
|
---|
568 |
|
---|
569 |
|
---|
570 | switch(file_type) {
|
---|
571 | case SSL_FILETYPE_PEM:
|
---|
572 | /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
|
---|
573 | if(SSL_CTX_use_certificate_chain_file(ctx,
|
---|
574 | cert_file) != 1) {
|
---|
575 | failf(data,
|
---|
576 | "could not load PEM client certificate, " OSSL_PACKAGE
|
---|
577 | " error %s, "
|
---|
578 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
579 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
580 | sizeof(error_buffer)) );
|
---|
581 | return 0;
|
---|
582 | }
|
---|
583 | break;
|
---|
584 |
|
---|
585 | case SSL_FILETYPE_ASN1:
|
---|
586 | /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
|
---|
587 | we use the case above for PEM so this can only be performed with
|
---|
588 | ASN1 files. */
|
---|
589 | if(SSL_CTX_use_certificate_file(ctx,
|
---|
590 | cert_file,
|
---|
591 | file_type) != 1) {
|
---|
592 | failf(data,
|
---|
593 | "could not load ASN1 client certificate, " OSSL_PACKAGE
|
---|
594 | " error %s, "
|
---|
595 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
596 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
597 | sizeof(error_buffer)) );
|
---|
598 | return 0;
|
---|
599 | }
|
---|
600 | break;
|
---|
601 | case SSL_FILETYPE_ENGINE:
|
---|
602 | #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
---|
603 | {
|
---|
604 | if(data->state.engine) {
|
---|
605 | const char *cmd_name = "LOAD_CERT_CTRL";
|
---|
606 | struct {
|
---|
607 | const char *cert_id;
|
---|
608 | X509 *cert;
|
---|
609 | } params;
|
---|
610 |
|
---|
611 | params.cert_id = cert_file;
|
---|
612 | params.cert = NULL;
|
---|
613 |
|
---|
614 | /* Does the engine supports LOAD_CERT_CTRL ? */
|
---|
615 | if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
|
---|
616 | 0, (void *)cmd_name, NULL)) {
|
---|
617 | failf(data, "ssl engine does not support loading certificates");
|
---|
618 | return 0;
|
---|
619 | }
|
---|
620 |
|
---|
621 | /* Load the certificate from the engine */
|
---|
622 | if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
|
---|
623 | 0, ¶ms, NULL, 1)) {
|
---|
624 | failf(data, "ssl engine cannot load client cert with id"
|
---|
625 | " '%s' [%s]", cert_file,
|
---|
626 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
627 | sizeof(error_buffer)));
|
---|
628 | return 0;
|
---|
629 | }
|
---|
630 |
|
---|
631 | if(!params.cert) {
|
---|
632 | failf(data, "ssl engine didn't initialized the certificate "
|
---|
633 | "properly.");
|
---|
634 | return 0;
|
---|
635 | }
|
---|
636 |
|
---|
637 | if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
|
---|
638 | failf(data, "unable to set client certificate");
|
---|
639 | X509_free(params.cert);
|
---|
640 | return 0;
|
---|
641 | }
|
---|
642 | X509_free(params.cert); /* we don't need the handle any more... */
|
---|
643 | }
|
---|
644 | else {
|
---|
645 | failf(data, "crypto engine not set, can't load certificate");
|
---|
646 | return 0;
|
---|
647 | }
|
---|
648 | }
|
---|
649 | break;
|
---|
650 | #else
|
---|
651 | failf(data, "file type ENG for certificate not implemented");
|
---|
652 | return 0;
|
---|
653 | #endif
|
---|
654 |
|
---|
655 | case SSL_FILETYPE_PKCS12:
|
---|
656 | {
|
---|
657 | #ifdef HAVE_PKCS12_SUPPORT
|
---|
658 | FILE *f;
|
---|
659 | PKCS12 *p12;
|
---|
660 | EVP_PKEY *pri;
|
---|
661 | STACK_OF(X509) *ca = NULL;
|
---|
662 |
|
---|
663 | f = fopen(cert_file, "rb");
|
---|
664 | if(!f) {
|
---|
665 | failf(data, "could not open PKCS12 file '%s'", cert_file);
|
---|
666 | return 0;
|
---|
667 | }
|
---|
668 | p12 = d2i_PKCS12_fp(f, NULL);
|
---|
669 | fclose(f);
|
---|
670 |
|
---|
671 | if(!p12) {
|
---|
672 | failf(data, "error reading PKCS12 file '%s'", cert_file);
|
---|
673 | return 0;
|
---|
674 | }
|
---|
675 |
|
---|
676 | PKCS12_PBE_add();
|
---|
677 |
|
---|
678 | if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
|
---|
679 | &ca)) {
|
---|
680 | failf(data,
|
---|
681 | "could not parse PKCS12 file, check password, " OSSL_PACKAGE
|
---|
682 | " error %s",
|
---|
683 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
684 | sizeof(error_buffer)) );
|
---|
685 | PKCS12_free(p12);
|
---|
686 | return 0;
|
---|
687 | }
|
---|
688 |
|
---|
689 | PKCS12_free(p12);
|
---|
690 |
|
---|
691 | if(SSL_CTX_use_certificate(ctx, x509) != 1) {
|
---|
692 | failf(data,
|
---|
693 | "could not load PKCS12 client certificate, " OSSL_PACKAGE
|
---|
694 | " error %s",
|
---|
695 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
696 | sizeof(error_buffer)) );
|
---|
697 | goto fail;
|
---|
698 | }
|
---|
699 |
|
---|
700 | if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
|
---|
701 | failf(data, "unable to use private key from PKCS12 file '%s'",
|
---|
702 | cert_file);
|
---|
703 | goto fail;
|
---|
704 | }
|
---|
705 |
|
---|
706 | if(!SSL_CTX_check_private_key (ctx)) {
|
---|
707 | failf(data, "private key from PKCS12 file '%s' "
|
---|
708 | "does not match certificate in same file", cert_file);
|
---|
709 | goto fail;
|
---|
710 | }
|
---|
711 | /* Set Certificate Verification chain */
|
---|
712 | if(ca) {
|
---|
713 | while(sk_X509_num(ca)) {
|
---|
714 | /*
|
---|
715 | * Note that sk_X509_pop() is used below to make sure the cert is
|
---|
716 | * removed from the stack properly before getting passed to
|
---|
717 | * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
|
---|
718 | * we used sk_X509_value() instead, but then we'd clean it in the
|
---|
719 | * subsequent sk_X509_pop_free() call.
|
---|
720 | */
|
---|
721 | X509 *x = sk_X509_pop(ca);
|
---|
722 | if(!SSL_CTX_add_client_CA(ctx, x)) {
|
---|
723 | X509_free(x);
|
---|
724 | failf(data, "cannot add certificate to client CA list");
|
---|
725 | goto fail;
|
---|
726 | }
|
---|
727 | if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
|
---|
728 | X509_free(x);
|
---|
729 | failf(data, "cannot add certificate to certificate chain");
|
---|
730 | goto fail;
|
---|
731 | }
|
---|
732 | }
|
---|
733 | }
|
---|
734 |
|
---|
735 | cert_done = 1;
|
---|
736 | fail:
|
---|
737 | EVP_PKEY_free(pri);
|
---|
738 | X509_free(x509);
|
---|
739 | sk_X509_pop_free(ca, X509_free);
|
---|
740 |
|
---|
741 | if(!cert_done)
|
---|
742 | return 0; /* failure! */
|
---|
743 | break;
|
---|
744 | #else
|
---|
745 | failf(data, "file type P12 for certificate not supported");
|
---|
746 | return 0;
|
---|
747 | #endif
|
---|
748 | }
|
---|
749 | default:
|
---|
750 | failf(data, "not supported file type '%s' for certificate", cert_type);
|
---|
751 | return 0;
|
---|
752 | }
|
---|
753 |
|
---|
754 | file_type = do_file_type(key_type);
|
---|
755 |
|
---|
756 | switch(file_type) {
|
---|
757 | case SSL_FILETYPE_PEM:
|
---|
758 | if(cert_done)
|
---|
759 | break;
|
---|
760 | if(!key_file)
|
---|
761 | /* cert & key can only be in PEM case in the same file */
|
---|
762 | key_file = cert_file;
|
---|
763 | /* FALLTHROUGH */
|
---|
764 | case SSL_FILETYPE_ASN1:
|
---|
765 | if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
|
---|
766 | failf(data, "unable to set private key file: '%s' type %s",
|
---|
767 | key_file, key_type?key_type:"PEM");
|
---|
768 | return 0;
|
---|
769 | }
|
---|
770 | break;
|
---|
771 | case SSL_FILETYPE_ENGINE:
|
---|
772 | #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_UI)
|
---|
773 | { /* XXXX still needs some work */
|
---|
774 | EVP_PKEY *priv_key = NULL;
|
---|
775 | if(data->state.engine) {
|
---|
776 | UI_METHOD *ui_method =
|
---|
777 | UI_create_method((char *)"curl user interface");
|
---|
778 | if(!ui_method) {
|
---|
779 | failf(data, "unable do create " OSSL_PACKAGE
|
---|
780 | " user-interface method");
|
---|
781 | return 0;
|
---|
782 | }
|
---|
783 | UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
|
---|
784 | UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
|
---|
785 | UI_method_set_reader(ui_method, ssl_ui_reader);
|
---|
786 | UI_method_set_writer(ui_method, ssl_ui_writer);
|
---|
787 | /* the typecast below was added to please mingw32 */
|
---|
788 | priv_key = (EVP_PKEY *)
|
---|
789 | ENGINE_load_private_key(data->state.engine, key_file,
|
---|
790 | ui_method,
|
---|
791 | key_passwd);
|
---|
792 | UI_destroy_method(ui_method);
|
---|
793 | if(!priv_key) {
|
---|
794 | failf(data, "failed to load private key from crypto engine");
|
---|
795 | return 0;
|
---|
796 | }
|
---|
797 | if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
|
---|
798 | failf(data, "unable to set private key");
|
---|
799 | EVP_PKEY_free(priv_key);
|
---|
800 | return 0;
|
---|
801 | }
|
---|
802 | EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
|
---|
803 | }
|
---|
804 | else {
|
---|
805 | failf(data, "crypto engine not set, can't load private key");
|
---|
806 | return 0;
|
---|
807 | }
|
---|
808 | }
|
---|
809 | break;
|
---|
810 | #else
|
---|
811 | failf(data, "file type ENG for private key not supported");
|
---|
812 | return 0;
|
---|
813 | #endif
|
---|
814 | case SSL_FILETYPE_PKCS12:
|
---|
815 | if(!cert_done) {
|
---|
816 | failf(data, "file type P12 for private key not supported");
|
---|
817 | return 0;
|
---|
818 | }
|
---|
819 | break;
|
---|
820 | default:
|
---|
821 | failf(data, "not supported file type for private key");
|
---|
822 | return 0;
|
---|
823 | }
|
---|
824 |
|
---|
825 | ssl = SSL_new(ctx);
|
---|
826 | if(!ssl) {
|
---|
827 | failf(data, "unable to create an SSL structure");
|
---|
828 | return 0;
|
---|
829 | }
|
---|
830 |
|
---|
831 | x509 = SSL_get_certificate(ssl);
|
---|
832 |
|
---|
833 | /* This version was provided by Evan Jordan and is supposed to not
|
---|
834 | leak memory as the previous version: */
|
---|
835 | if(x509) {
|
---|
836 | EVP_PKEY *pktmp = X509_get_pubkey(x509);
|
---|
837 | EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
|
---|
838 | EVP_PKEY_free(pktmp);
|
---|
839 | }
|
---|
840 |
|
---|
841 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
|
---|
842 | {
|
---|
843 | /* If RSA is used, don't check the private key if its flags indicate
|
---|
844 | * it doesn't support it. */
|
---|
845 | EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
|
---|
846 | int pktype;
|
---|
847 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
848 | pktype = EVP_PKEY_id(priv_key);
|
---|
849 | #else
|
---|
850 | pktype = priv_key->type;
|
---|
851 | #endif
|
---|
852 | if(pktype == EVP_PKEY_RSA) {
|
---|
853 | RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
|
---|
854 | if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
|
---|
855 | check_privkey = FALSE;
|
---|
856 | RSA_free(rsa); /* Decrement reference count */
|
---|
857 | }
|
---|
858 | }
|
---|
859 | #endif
|
---|
860 |
|
---|
861 | SSL_free(ssl);
|
---|
862 |
|
---|
863 | /* If we are using DSA, we can copy the parameters from
|
---|
864 | * the private key */
|
---|
865 |
|
---|
866 | if(check_privkey == TRUE) {
|
---|
867 | /* Now we know that a key and cert have been set against
|
---|
868 | * the SSL context */
|
---|
869 | if(!SSL_CTX_check_private_key(ctx)) {
|
---|
870 | failf(data, "Private key does not match the certificate public key");
|
---|
871 | return 0;
|
---|
872 | }
|
---|
873 | }
|
---|
874 | }
|
---|
875 | return 1;
|
---|
876 | }
|
---|
877 |
|
---|
878 | /* returns non-zero on failure */
|
---|
879 | static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
|
---|
880 | {
|
---|
881 | #if 0
|
---|
882 | return X509_NAME_oneline(a, buf, size);
|
---|
883 | #else
|
---|
884 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
885 | BUF_MEM *biomem;
|
---|
886 | int rc;
|
---|
887 |
|
---|
888 | if(!bio_out)
|
---|
889 | return 1; /* alloc failed! */
|
---|
890 |
|
---|
891 | rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
|
---|
892 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
893 |
|
---|
894 | if((size_t)biomem->length < size)
|
---|
895 | size = biomem->length;
|
---|
896 | else
|
---|
897 | size--; /* don't overwrite the buffer end */
|
---|
898 |
|
---|
899 | memcpy(buf, biomem->data, size);
|
---|
900 | buf[size] = 0;
|
---|
901 |
|
---|
902 | BIO_free(bio_out);
|
---|
903 |
|
---|
904 | return !rc;
|
---|
905 | #endif
|
---|
906 | }
|
---|
907 |
|
---|
908 | /**
|
---|
909 | * Global SSL init
|
---|
910 | *
|
---|
911 | * @retval 0 error initializing SSL
|
---|
912 | * @retval 1 SSL initialized successfully
|
---|
913 | */
|
---|
914 | static int Curl_ossl_init(void)
|
---|
915 | {
|
---|
916 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
917 | const char *keylog_file_name;
|
---|
918 | #endif
|
---|
919 |
|
---|
920 | OPENSSL_load_builtin_modules();
|
---|
921 |
|
---|
922 | #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
---|
923 | ENGINE_load_builtin_engines();
|
---|
924 | #endif
|
---|
925 |
|
---|
926 | /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
|
---|
927 | that function makes an exit() call on wrongly formatted config files
|
---|
928 | which makes it hard to use in some situations. OPENSSL_config() itself
|
---|
929 | calls CONF_modules_load_file() and we use that instead and we ignore
|
---|
930 | its return code! */
|
---|
931 |
|
---|
932 | /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
|
---|
933 | 0.9.8e */
|
---|
934 | #ifndef CONF_MFLAGS_DEFAULT_SECTION
|
---|
935 | #define CONF_MFLAGS_DEFAULT_SECTION 0x0
|
---|
936 | #endif
|
---|
937 |
|
---|
938 | CONF_modules_load_file(NULL, NULL,
|
---|
939 | CONF_MFLAGS_DEFAULT_SECTION|
|
---|
940 | CONF_MFLAGS_IGNORE_MISSING_FILE);
|
---|
941 |
|
---|
942 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
943 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
944 | /* OpenSSL 1.1.0+ takes care of initialization itself */
|
---|
945 | #else
|
---|
946 | /* Lets get nice error messages */
|
---|
947 | SSL_load_error_strings();
|
---|
948 |
|
---|
949 | /* Init the global ciphers and digests */
|
---|
950 | if(!SSLeay_add_ssl_algorithms())
|
---|
951 | return 0;
|
---|
952 |
|
---|
953 | OpenSSL_add_all_algorithms();
|
---|
954 | #endif
|
---|
955 |
|
---|
956 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
957 | keylog_file_name = curl_getenv("SSLKEYLOGFILE");
|
---|
958 | if(keylog_file_name && !keylog_file_fp) {
|
---|
959 | keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
|
---|
960 | if(keylog_file_fp) {
|
---|
961 | if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) {
|
---|
962 | fclose(keylog_file_fp);
|
---|
963 | keylog_file_fp = NULL;
|
---|
964 | }
|
---|
965 | }
|
---|
966 | }
|
---|
967 | #endif
|
---|
968 |
|
---|
969 | return 1;
|
---|
970 | }
|
---|
971 |
|
---|
972 | /* Global cleanup */
|
---|
973 | static void Curl_ossl_cleanup(void)
|
---|
974 | {
|
---|
975 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
976 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
977 | /* OpenSSL 1.1 deprecates all these cleanup functions and
|
---|
978 | turns them into no-ops in OpenSSL 1.0 compatibility mode */
|
---|
979 | #else
|
---|
980 | /* Free ciphers and digests lists */
|
---|
981 | EVP_cleanup();
|
---|
982 |
|
---|
983 | #ifdef HAVE_ENGINE_CLEANUP
|
---|
984 | /* Free engine list */
|
---|
985 | ENGINE_cleanup();
|
---|
986 | #endif
|
---|
987 |
|
---|
988 | /* Free OpenSSL error strings */
|
---|
989 | ERR_free_strings();
|
---|
990 |
|
---|
991 | /* Free thread local error state, destroying hash upon zero refcount */
|
---|
992 | #ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
---|
993 | ERR_remove_thread_state(NULL);
|
---|
994 | #else
|
---|
995 | ERR_remove_state(0);
|
---|
996 | #endif
|
---|
997 |
|
---|
998 | /* Free all memory allocated by all configuration modules */
|
---|
999 | CONF_modules_free();
|
---|
1000 |
|
---|
1001 | #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
|
---|
1002 | SSL_COMP_free_compression_methods();
|
---|
1003 | #endif
|
---|
1004 | #endif
|
---|
1005 |
|
---|
1006 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
1007 | if(keylog_file_fp) {
|
---|
1008 | fclose(keylog_file_fp);
|
---|
1009 | keylog_file_fp = NULL;
|
---|
1010 | }
|
---|
1011 | #endif
|
---|
1012 | }
|
---|
1013 |
|
---|
1014 | /*
|
---|
1015 | * This function is used to determine connection status.
|
---|
1016 | *
|
---|
1017 | * Return codes:
|
---|
1018 | * 1 means the connection is still in place
|
---|
1019 | * 0 means the connection has been closed
|
---|
1020 | * -1 means the connection status is unknown
|
---|
1021 | */
|
---|
1022 | static int Curl_ossl_check_cxn(struct connectdata *conn)
|
---|
1023 | {
|
---|
1024 | /* SSL_peek takes data out of the raw recv buffer without peeking so we use
|
---|
1025 | recv MSG_PEEK instead. Bug #795 */
|
---|
1026 | #ifdef MSG_PEEK
|
---|
1027 | char buf;
|
---|
1028 | ssize_t nread;
|
---|
1029 | nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
|
---|
1030 | (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
|
---|
1031 | if(nread == 0)
|
---|
1032 | return 0; /* connection has been closed */
|
---|
1033 | if(nread == 1)
|
---|
1034 | return 1; /* connection still in place */
|
---|
1035 | else if(nread == -1) {
|
---|
1036 | int err = SOCKERRNO;
|
---|
1037 | if(err == EINPROGRESS ||
|
---|
1038 | #if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
|
---|
1039 | err == EAGAIN ||
|
---|
1040 | #endif
|
---|
1041 | err == EWOULDBLOCK)
|
---|
1042 | return 1; /* connection still in place */
|
---|
1043 | if(err == ECONNRESET ||
|
---|
1044 | #ifdef ECONNABORTED
|
---|
1045 | err == ECONNABORTED ||
|
---|
1046 | #endif
|
---|
1047 | #ifdef ENETDOWN
|
---|
1048 | err == ENETDOWN ||
|
---|
1049 | #endif
|
---|
1050 | #ifdef ENETRESET
|
---|
1051 | err == ENETRESET ||
|
---|
1052 | #endif
|
---|
1053 | #ifdef ESHUTDOWN
|
---|
1054 | err == ESHUTDOWN ||
|
---|
1055 | #endif
|
---|
1056 | #ifdef ETIMEDOUT
|
---|
1057 | err == ETIMEDOUT ||
|
---|
1058 | #endif
|
---|
1059 | err == ENOTCONN)
|
---|
1060 | return 0; /* connection has been closed */
|
---|
1061 | }
|
---|
1062 | #endif
|
---|
1063 | return -1; /* connection status unknown */
|
---|
1064 | }
|
---|
1065 |
|
---|
1066 | /* Selects an OpenSSL crypto engine
|
---|
1067 | */
|
---|
1068 | static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
---|
1069 | const char *engine)
|
---|
1070 | {
|
---|
1071 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
1072 | ENGINE *e;
|
---|
1073 |
|
---|
1074 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
1075 | e = ENGINE_by_id(engine);
|
---|
1076 | #else
|
---|
1077 | /* avoid memory leak */
|
---|
1078 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
1079 | const char *e_id = ENGINE_get_id(e);
|
---|
1080 | if(!strcmp(engine, e_id))
|
---|
1081 | break;
|
---|
1082 | }
|
---|
1083 | #endif
|
---|
1084 |
|
---|
1085 | if(!e) {
|
---|
1086 | failf(data, "SSL Engine '%s' not found", engine);
|
---|
1087 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
1088 | }
|
---|
1089 |
|
---|
1090 | if(data->state.engine) {
|
---|
1091 | ENGINE_finish(data->state.engine);
|
---|
1092 | ENGINE_free(data->state.engine);
|
---|
1093 | data->state.engine = NULL;
|
---|
1094 | }
|
---|
1095 | if(!ENGINE_init(e)) {
|
---|
1096 | char buf[256];
|
---|
1097 |
|
---|
1098 | ENGINE_free(e);
|
---|
1099 | failf(data, "Failed to initialise SSL Engine '%s':\n%s",
|
---|
1100 | engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
|
---|
1101 | return CURLE_SSL_ENGINE_INITFAILED;
|
---|
1102 | }
|
---|
1103 | data->state.engine = e;
|
---|
1104 | return CURLE_OK;
|
---|
1105 | #else
|
---|
1106 | (void)engine;
|
---|
1107 | failf(data, "SSL Engine not supported");
|
---|
1108 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
1109 | #endif
|
---|
1110 | }
|
---|
1111 |
|
---|
1112 | /* Sets engine as default for all SSL operations
|
---|
1113 | */
|
---|
1114 | static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
---|
1115 | {
|
---|
1116 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
1117 | if(data->state.engine) {
|
---|
1118 | if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
---|
1119 | infof(data, "set default crypto engine '%s'\n",
|
---|
1120 | ENGINE_get_id(data->state.engine));
|
---|
1121 | }
|
---|
1122 | else {
|
---|
1123 | failf(data, "set default crypto engine '%s' failed",
|
---|
1124 | ENGINE_get_id(data->state.engine));
|
---|
1125 | return CURLE_SSL_ENGINE_SETFAILED;
|
---|
1126 | }
|
---|
1127 | }
|
---|
1128 | #else
|
---|
1129 | (void) data;
|
---|
1130 | #endif
|
---|
1131 | return CURLE_OK;
|
---|
1132 | }
|
---|
1133 |
|
---|
1134 | /* Return list of OpenSSL crypto engine names.
|
---|
1135 | */
|
---|
1136 | static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
|
---|
1137 | {
|
---|
1138 | struct curl_slist *list = NULL;
|
---|
1139 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
1140 | struct curl_slist *beg;
|
---|
1141 | ENGINE *e;
|
---|
1142 |
|
---|
1143 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
1144 | beg = curl_slist_append(list, ENGINE_get_id(e));
|
---|
1145 | if(!beg) {
|
---|
1146 | curl_slist_free_all(list);
|
---|
1147 | return NULL;
|
---|
1148 | }
|
---|
1149 | list = beg;
|
---|
1150 | }
|
---|
1151 | #endif
|
---|
1152 | (void) data;
|
---|
1153 | return list;
|
---|
1154 | }
|
---|
1155 |
|
---|
1156 |
|
---|
1157 | static void ossl_close(struct ssl_connect_data *connssl)
|
---|
1158 | {
|
---|
1159 | if(BACKEND->handle) {
|
---|
1160 | (void)SSL_shutdown(BACKEND->handle);
|
---|
1161 | SSL_set_connect_state(BACKEND->handle);
|
---|
1162 |
|
---|
1163 | SSL_free(BACKEND->handle);
|
---|
1164 | BACKEND->handle = NULL;
|
---|
1165 | }
|
---|
1166 | if(BACKEND->ctx) {
|
---|
1167 | SSL_CTX_free(BACKEND->ctx);
|
---|
1168 | BACKEND->ctx = NULL;
|
---|
1169 | }
|
---|
1170 | }
|
---|
1171 |
|
---|
1172 | /*
|
---|
1173 | * This function is called when an SSL connection is closed.
|
---|
1174 | */
|
---|
1175 | static void Curl_ossl_close(struct connectdata *conn, int sockindex)
|
---|
1176 | {
|
---|
1177 | ossl_close(&conn->ssl[sockindex]);
|
---|
1178 | ossl_close(&conn->proxy_ssl[sockindex]);
|
---|
1179 | }
|
---|
1180 |
|
---|
1181 | /*
|
---|
1182 | * This function is called to shut down the SSL layer but keep the
|
---|
1183 | * socket open (CCC - Clear Command Channel)
|
---|
1184 | */
|
---|
1185 | static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
|
---|
1186 | {
|
---|
1187 | int retval = 0;
|
---|
1188 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
1189 | struct Curl_easy *data = conn->data;
|
---|
1190 | char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
|
---|
1191 | to be at least 256 bytes long. */
|
---|
1192 | unsigned long sslerror;
|
---|
1193 | ssize_t nread;
|
---|
1194 | int buffsize;
|
---|
1195 | int err;
|
---|
1196 | int done = 0;
|
---|
1197 |
|
---|
1198 | /* This has only been tested on the proftpd server, and the mod_tls code
|
---|
1199 | sends a close notify alert without waiting for a close notify alert in
|
---|
1200 | response. Thus we wait for a close notify alert from the server, but
|
---|
1201 | we do not send one. Let's hope other servers do the same... */
|
---|
1202 |
|
---|
1203 | if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
---|
1204 | (void)SSL_shutdown(BACKEND->handle);
|
---|
1205 |
|
---|
1206 | if(BACKEND->handle) {
|
---|
1207 | buffsize = (int)sizeof(buf);
|
---|
1208 | while(!done) {
|
---|
1209 | int what = SOCKET_READABLE(conn->sock[sockindex],
|
---|
1210 | SSL_SHUTDOWN_TIMEOUT);
|
---|
1211 | if(what > 0) {
|
---|
1212 | ERR_clear_error();
|
---|
1213 |
|
---|
1214 | /* Something to read, let's do it and hope that it is the close
|
---|
1215 | notify alert from the server */
|
---|
1216 | nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
|
---|
1217 | err = SSL_get_error(BACKEND->handle, (int)nread);
|
---|
1218 |
|
---|
1219 | switch(err) {
|
---|
1220 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
1221 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
1222 | /* This is the expected response. There was no data but only
|
---|
1223 | the close notify alert */
|
---|
1224 | done = 1;
|
---|
1225 | break;
|
---|
1226 | case SSL_ERROR_WANT_READ:
|
---|
1227 | /* there's data pending, re-invoke SSL_read() */
|
---|
1228 | infof(data, "SSL_ERROR_WANT_READ\n");
|
---|
1229 | break;
|
---|
1230 | case SSL_ERROR_WANT_WRITE:
|
---|
1231 | /* SSL wants a write. Really odd. Let's bail out. */
|
---|
1232 | infof(data, "SSL_ERROR_WANT_WRITE\n");
|
---|
1233 | done = 1;
|
---|
1234 | break;
|
---|
1235 | default:
|
---|
1236 | /* openssl/ssl.h says "look at error stack/return value/errno" */
|
---|
1237 | sslerror = ERR_get_error();
|
---|
1238 | failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
|
---|
1239 | (sslerror ?
|
---|
1240 | ossl_strerror(sslerror, buf, sizeof(buf)) :
|
---|
1241 | SSL_ERROR_to_str(err)),
|
---|
1242 | SOCKERRNO);
|
---|
1243 | done = 1;
|
---|
1244 | break;
|
---|
1245 | }
|
---|
1246 | }
|
---|
1247 | else if(0 == what) {
|
---|
1248 | /* timeout */
|
---|
1249 | failf(data, "SSL shutdown timeout");
|
---|
1250 | done = 1;
|
---|
1251 | }
|
---|
1252 | else {
|
---|
1253 | /* anything that gets here is fatally bad */
|
---|
1254 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
1255 | retval = -1;
|
---|
1256 | done = 1;
|
---|
1257 | }
|
---|
1258 | } /* while()-loop for the select() */
|
---|
1259 |
|
---|
1260 | if(data->set.verbose) {
|
---|
1261 | #ifdef HAVE_SSL_GET_SHUTDOWN
|
---|
1262 | switch(SSL_get_shutdown(BACKEND->handle)) {
|
---|
1263 | case SSL_SENT_SHUTDOWN:
|
---|
1264 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
|
---|
1265 | break;
|
---|
1266 | case SSL_RECEIVED_SHUTDOWN:
|
---|
1267 | infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
|
---|
1268 | break;
|
---|
1269 | case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
|
---|
1270 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
|
---|
1271 | "SSL_RECEIVED__SHUTDOWN\n");
|
---|
1272 | break;
|
---|
1273 | }
|
---|
1274 | #endif
|
---|
1275 | }
|
---|
1276 |
|
---|
1277 | SSL_free(BACKEND->handle);
|
---|
1278 | BACKEND->handle = NULL;
|
---|
1279 | }
|
---|
1280 | return retval;
|
---|
1281 | }
|
---|
1282 |
|
---|
1283 | static void Curl_ossl_session_free(void *ptr)
|
---|
1284 | {
|
---|
1285 | /* free the ID */
|
---|
1286 | SSL_SESSION_free(ptr);
|
---|
1287 | }
|
---|
1288 |
|
---|
1289 | /*
|
---|
1290 | * This function is called when the 'data' struct is going away. Close
|
---|
1291 | * down everything and free all resources!
|
---|
1292 | */
|
---|
1293 | static void Curl_ossl_close_all(struct Curl_easy *data)
|
---|
1294 | {
|
---|
1295 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
1296 | if(data->state.engine) {
|
---|
1297 | ENGINE_finish(data->state.engine);
|
---|
1298 | ENGINE_free(data->state.engine);
|
---|
1299 | data->state.engine = NULL;
|
---|
1300 | }
|
---|
1301 | #else
|
---|
1302 | (void)data;
|
---|
1303 | #endif
|
---|
1304 | #if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
|
---|
1305 | defined(HAVE_ERR_REMOVE_THREAD_STATE)
|
---|
1306 | /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
|
---|
1307 | so we need to clean it here in case the thread will be killed. All OpenSSL
|
---|
1308 | code should extract the error in association with the error so clearing
|
---|
1309 | this queue here should be harmless at worst. */
|
---|
1310 | ERR_remove_thread_state(NULL);
|
---|
1311 | #endif
|
---|
1312 | }
|
---|
1313 |
|
---|
1314 | /* ====================================================== */
|
---|
1315 |
|
---|
1316 |
|
---|
1317 | /* Quote from RFC2818 section 3.1 "Server Identity"
|
---|
1318 |
|
---|
1319 | If a subjectAltName extension of type dNSName is present, that MUST
|
---|
1320 | be used as the identity. Otherwise, the (most specific) Common Name
|
---|
1321 | field in the Subject field of the certificate MUST be used. Although
|
---|
1322 | the use of the Common Name is existing practice, it is deprecated and
|
---|
1323 | Certification Authorities are encouraged to use the dNSName instead.
|
---|
1324 |
|
---|
1325 | Matching is performed using the matching rules specified by
|
---|
1326 | [RFC2459]. If more than one identity of a given type is present in
|
---|
1327 | the certificate (e.g., more than one dNSName name, a match in any one
|
---|
1328 | of the set is considered acceptable.) Names may contain the wildcard
|
---|
1329 | character * which is considered to match any single domain name
|
---|
1330 | component or component fragment. E.g., *.a.com matches foo.a.com but
|
---|
1331 | not bar.foo.a.com. f*.com matches foo.com but not bar.com.
|
---|
1332 |
|
---|
1333 | In some cases, the URI is specified as an IP address rather than a
|
---|
1334 | hostname. In this case, the iPAddress subjectAltName must be present
|
---|
1335 | in the certificate and must exactly match the IP in the URI.
|
---|
1336 |
|
---|
1337 | */
|
---|
1338 | static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
|
---|
1339 | {
|
---|
1340 | bool matched = FALSE;
|
---|
1341 | int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
|
---|
1342 | size_t addrlen = 0;
|
---|
1343 | struct Curl_easy *data = conn->data;
|
---|
1344 | STACK_OF(GENERAL_NAME) *altnames;
|
---|
1345 | #ifdef ENABLE_IPV6
|
---|
1346 | struct in6_addr addr;
|
---|
1347 | #else
|
---|
1348 | struct in_addr addr;
|
---|
1349 | #endif
|
---|
1350 | CURLcode result = CURLE_OK;
|
---|
1351 | bool dNSName = FALSE; /* if a dNSName field exists in the cert */
|
---|
1352 | bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
|
---|
1353 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
---|
1354 | conn->host.name;
|
---|
1355 | const char * const dispname = SSL_IS_PROXY() ?
|
---|
1356 | conn->http_proxy.host.dispname : conn->host.dispname;
|
---|
1357 |
|
---|
1358 | #ifdef ENABLE_IPV6
|
---|
1359 | if(conn->bits.ipv6_ip &&
|
---|
1360 | Curl_inet_pton(AF_INET6, hostname, &addr)) {
|
---|
1361 | target = GEN_IPADD;
|
---|
1362 | addrlen = sizeof(struct in6_addr);
|
---|
1363 | }
|
---|
1364 | else
|
---|
1365 | #endif
|
---|
1366 | if(Curl_inet_pton(AF_INET, hostname, &addr)) {
|
---|
1367 | target = GEN_IPADD;
|
---|
1368 | addrlen = sizeof(struct in_addr);
|
---|
1369 | }
|
---|
1370 |
|
---|
1371 | /* get a "list" of alternative names */
|
---|
1372 | altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
|
---|
1373 |
|
---|
1374 | if(altnames) {
|
---|
1375 | int numalts;
|
---|
1376 | int i;
|
---|
1377 | bool dnsmatched = FALSE;
|
---|
1378 | bool ipmatched = FALSE;
|
---|
1379 |
|
---|
1380 | /* get amount of alternatives, RFC2459 claims there MUST be at least
|
---|
1381 | one, but we don't depend on it... */
|
---|
1382 | numalts = sk_GENERAL_NAME_num(altnames);
|
---|
1383 |
|
---|
1384 | /* loop through all alternatives - until a dnsmatch */
|
---|
1385 | for(i = 0; (i < numalts) && !dnsmatched; i++) {
|
---|
1386 | /* get a handle to alternative name number i */
|
---|
1387 | const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
|
---|
1388 |
|
---|
1389 | if(check->type == GEN_DNS)
|
---|
1390 | dNSName = TRUE;
|
---|
1391 | else if(check->type == GEN_IPADD)
|
---|
1392 | iPAddress = TRUE;
|
---|
1393 |
|
---|
1394 | /* only check alternatives of the same type the target is */
|
---|
1395 | if(check->type == target) {
|
---|
1396 | /* get data and length */
|
---|
1397 | const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
|
---|
1398 | size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
|
---|
1399 |
|
---|
1400 | switch(target) {
|
---|
1401 | case GEN_DNS: /* name/pattern comparison */
|
---|
1402 | /* The OpenSSL man page explicitly says: "In general it cannot be
|
---|
1403 | assumed that the data returned by ASN1_STRING_data() is null
|
---|
1404 | terminated or does not contain embedded nulls." But also that
|
---|
1405 | "The actual format of the data will depend on the actual string
|
---|
1406 | type itself: for example for and IA5String the data will be ASCII"
|
---|
1407 |
|
---|
1408 | Gisle researched the OpenSSL sources:
|
---|
1409 | "I checked the 0.9.6 and 0.9.8 sources before my patch and
|
---|
1410 | it always 0-terminates an IA5String."
|
---|
1411 | */
|
---|
1412 | if((altlen == strlen(altptr)) &&
|
---|
1413 | /* if this isn't true, there was an embedded zero in the name
|
---|
1414 | string and we cannot match it. */
|
---|
1415 | Curl_cert_hostcheck(altptr, hostname)) {
|
---|
1416 | dnsmatched = TRUE;
|
---|
1417 | infof(data,
|
---|
1418 | " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
|
---|
1419 | dispname, altptr);
|
---|
1420 | }
|
---|
1421 | break;
|
---|
1422 |
|
---|
1423 | case GEN_IPADD: /* IP address comparison */
|
---|
1424 | /* compare alternative IP address if the data chunk is the same size
|
---|
1425 | our server IP address is */
|
---|
1426 | if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
|
---|
1427 | ipmatched = TRUE;
|
---|
1428 | infof(data,
|
---|
1429 | " subjectAltName: host \"%s\" matched cert's IP address!\n",
|
---|
1430 | dispname);
|
---|
1431 | }
|
---|
1432 | break;
|
---|
1433 | }
|
---|
1434 | }
|
---|
1435 | }
|
---|
1436 | GENERAL_NAMES_free(altnames);
|
---|
1437 |
|
---|
1438 | if(dnsmatched || ipmatched)
|
---|
1439 | matched = TRUE;
|
---|
1440 | }
|
---|
1441 |
|
---|
1442 | if(matched)
|
---|
1443 | /* an alternative name matched */
|
---|
1444 | ;
|
---|
1445 | else if(dNSName || iPAddress) {
|
---|
1446 | infof(data, " subjectAltName does not match %s\n", dispname);
|
---|
1447 | failf(data, "SSL: no alternative certificate subject name matches "
|
---|
1448 | "target host name '%s'", dispname);
|
---|
1449 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
1450 | }
|
---|
1451 | else {
|
---|
1452 | /* we have to look to the last occurrence of a commonName in the
|
---|
1453 | distinguished one to get the most significant one. */
|
---|
1454 | int j, i = -1;
|
---|
1455 |
|
---|
1456 | /* The following is done because of a bug in 0.9.6b */
|
---|
1457 |
|
---|
1458 | unsigned char *nulstr = (unsigned char *)"";
|
---|
1459 | unsigned char *peer_CN = nulstr;
|
---|
1460 |
|
---|
1461 | X509_NAME *name = X509_get_subject_name(server_cert);
|
---|
1462 | if(name)
|
---|
1463 | while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
|
---|
1464 | i = j;
|
---|
1465 |
|
---|
1466 | /* we have the name entry and we will now convert this to a string
|
---|
1467 | that we can use for comparison. Doing this we support BMPstring,
|
---|
1468 | UTF8 etc. */
|
---|
1469 |
|
---|
1470 | if(i >= 0) {
|
---|
1471 | ASN1_STRING *tmp =
|
---|
1472 | X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
|
---|
1473 |
|
---|
1474 | /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
|
---|
1475 | is already UTF-8 encoded. We check for this case and copy the raw
|
---|
1476 | string manually to avoid the problem. This code can be made
|
---|
1477 | conditional in the future when OpenSSL has been fixed. Work-around
|
---|
1478 | brought by Alexis S. L. Carvalho. */
|
---|
1479 | if(tmp) {
|
---|
1480 | if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
|
---|
1481 | j = ASN1_STRING_length(tmp);
|
---|
1482 | if(j >= 0) {
|
---|
1483 | peer_CN = OPENSSL_malloc(j + 1);
|
---|
1484 | if(peer_CN) {
|
---|
1485 | memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
|
---|
1486 | peer_CN[j] = '\0';
|
---|
1487 | }
|
---|
1488 | }
|
---|
1489 | }
|
---|
1490 | else /* not a UTF8 name */
|
---|
1491 | j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
|
---|
1492 |
|
---|
1493 | if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
|
---|
1494 | /* there was a terminating zero before the end of string, this
|
---|
1495 | cannot match and we return failure! */
|
---|
1496 | failf(data, "SSL: illegal cert name field");
|
---|
1497 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
1498 | }
|
---|
1499 | }
|
---|
1500 | }
|
---|
1501 |
|
---|
1502 | if(peer_CN == nulstr)
|
---|
1503 | peer_CN = NULL;
|
---|
1504 | else {
|
---|
1505 | /* convert peer_CN from UTF8 */
|
---|
1506 | CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
|
---|
1507 | strlen((char *)peer_CN));
|
---|
1508 | /* Curl_convert_from_utf8 calls failf if unsuccessful */
|
---|
1509 | if(rc) {
|
---|
1510 | OPENSSL_free(peer_CN);
|
---|
1511 | return rc;
|
---|
1512 | }
|
---|
1513 | }
|
---|
1514 |
|
---|
1515 | if(result)
|
---|
1516 | /* error already detected, pass through */
|
---|
1517 | ;
|
---|
1518 | else if(!peer_CN) {
|
---|
1519 | failf(data,
|
---|
1520 | "SSL: unable to obtain common name from peer certificate");
|
---|
1521 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
1522 | }
|
---|
1523 | else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
|
---|
1524 | failf(data, "SSL: certificate subject name '%s' does not match "
|
---|
1525 | "target host name '%s'", peer_CN, dispname);
|
---|
1526 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
1527 | }
|
---|
1528 | else {
|
---|
1529 | infof(data, " common name: %s (matched)\n", peer_CN);
|
---|
1530 | }
|
---|
1531 | if(peer_CN)
|
---|
1532 | OPENSSL_free(peer_CN);
|
---|
1533 | }
|
---|
1534 |
|
---|
1535 | return result;
|
---|
1536 | }
|
---|
1537 |
|
---|
1538 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
1539 | !defined(OPENSSL_NO_OCSP)
|
---|
1540 | static CURLcode verifystatus(struct connectdata *conn,
|
---|
1541 | struct ssl_connect_data *connssl)
|
---|
1542 | {
|
---|
1543 | int i, ocsp_status;
|
---|
1544 | const unsigned char *p;
|
---|
1545 | CURLcode result = CURLE_OK;
|
---|
1546 | struct Curl_easy *data = conn->data;
|
---|
1547 |
|
---|
1548 | OCSP_RESPONSE *rsp = NULL;
|
---|
1549 | OCSP_BASICRESP *br = NULL;
|
---|
1550 | X509_STORE *st = NULL;
|
---|
1551 | STACK_OF(X509) *ch = NULL;
|
---|
1552 |
|
---|
1553 | long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
|
---|
1554 |
|
---|
1555 | if(!p) {
|
---|
1556 | failf(data, "No OCSP response received");
|
---|
1557 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1558 | goto end;
|
---|
1559 | }
|
---|
1560 |
|
---|
1561 | rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
|
---|
1562 | if(!rsp) {
|
---|
1563 | failf(data, "Invalid OCSP response");
|
---|
1564 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1565 | goto end;
|
---|
1566 | }
|
---|
1567 |
|
---|
1568 | ocsp_status = OCSP_response_status(rsp);
|
---|
1569 | if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
|
---|
1570 | failf(data, "Invalid OCSP response status: %s (%d)",
|
---|
1571 | OCSP_response_status_str(ocsp_status), ocsp_status);
|
---|
1572 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1573 | goto end;
|
---|
1574 | }
|
---|
1575 |
|
---|
1576 | br = OCSP_response_get1_basic(rsp);
|
---|
1577 | if(!br) {
|
---|
1578 | failf(data, "Invalid OCSP response");
|
---|
1579 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1580 | goto end;
|
---|
1581 | }
|
---|
1582 |
|
---|
1583 | ch = SSL_get_peer_cert_chain(BACKEND->handle);
|
---|
1584 | st = SSL_CTX_get_cert_store(BACKEND->ctx);
|
---|
1585 |
|
---|
1586 | #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
|
---|
1587 | (defined(LIBRESSL_VERSION_NUMBER) && \
|
---|
1588 | LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
|
---|
1589 | /* The authorized responder cert in the OCSP response MUST be signed by the
|
---|
1590 | peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
|
---|
1591 | no problem, but if it's an intermediate cert OpenSSL has a bug where it
|
---|
1592 | expects this issuer to be present in the chain embedded in the OCSP
|
---|
1593 | response. So we add it if necessary. */
|
---|
1594 |
|
---|
1595 | /* First make sure the peer cert chain includes both a peer and an issuer,
|
---|
1596 | and the OCSP response contains a responder cert. */
|
---|
1597 | if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
|
---|
1598 | X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
|
---|
1599 |
|
---|
1600 | /* Find issuer of responder cert and add it to the OCSP response chain */
|
---|
1601 | for(i = 0; i < sk_X509_num(ch); i++) {
|
---|
1602 | X509 *issuer = sk_X509_value(ch, i);
|
---|
1603 | if(X509_check_issued(issuer, responder) == X509_V_OK) {
|
---|
1604 | if(!OCSP_basic_add1_cert(br, issuer)) {
|
---|
1605 | failf(data, "Could not add issuer cert to OCSP response");
|
---|
1606 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1607 | goto end;
|
---|
1608 | }
|
---|
1609 | }
|
---|
1610 | }
|
---|
1611 | }
|
---|
1612 | #endif
|
---|
1613 |
|
---|
1614 | if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
|
---|
1615 | failf(data, "OCSP response verification failed");
|
---|
1616 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1617 | goto end;
|
---|
1618 | }
|
---|
1619 |
|
---|
1620 | for(i = 0; i < OCSP_resp_count(br); i++) {
|
---|
1621 | int cert_status, crl_reason;
|
---|
1622 | OCSP_SINGLERESP *single = NULL;
|
---|
1623 |
|
---|
1624 | ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
|
---|
1625 |
|
---|
1626 | single = OCSP_resp_get0(br, i);
|
---|
1627 | if(!single)
|
---|
1628 | continue;
|
---|
1629 |
|
---|
1630 | cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
|
---|
1631 | &thisupd, &nextupd);
|
---|
1632 |
|
---|
1633 | if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
|
---|
1634 | failf(data, "OCSP response has expired");
|
---|
1635 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1636 | goto end;
|
---|
1637 | }
|
---|
1638 |
|
---|
1639 | infof(data, "SSL certificate status: %s (%d)\n",
|
---|
1640 | OCSP_cert_status_str(cert_status), cert_status);
|
---|
1641 |
|
---|
1642 | switch(cert_status) {
|
---|
1643 | case V_OCSP_CERTSTATUS_GOOD:
|
---|
1644 | break;
|
---|
1645 |
|
---|
1646 | case V_OCSP_CERTSTATUS_REVOKED:
|
---|
1647 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1648 |
|
---|
1649 | failf(data, "SSL certificate revocation reason: %s (%d)",
|
---|
1650 | OCSP_crl_reason_str(crl_reason), crl_reason);
|
---|
1651 | goto end;
|
---|
1652 |
|
---|
1653 | case V_OCSP_CERTSTATUS_UNKNOWN:
|
---|
1654 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
1655 | goto end;
|
---|
1656 | }
|
---|
1657 | }
|
---|
1658 |
|
---|
1659 | end:
|
---|
1660 | if(br) OCSP_BASICRESP_free(br);
|
---|
1661 | OCSP_RESPONSE_free(rsp);
|
---|
1662 |
|
---|
1663 | return result;
|
---|
1664 | }
|
---|
1665 | #endif
|
---|
1666 |
|
---|
1667 | #endif /* USE_OPENSSL */
|
---|
1668 |
|
---|
1669 | /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
|
---|
1670 | and thus this cannot be done there. */
|
---|
1671 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
1672 |
|
---|
1673 | static const char *ssl_msg_type(int ssl_ver, int msg)
|
---|
1674 | {
|
---|
1675 | #ifdef SSL2_VERSION_MAJOR
|
---|
1676 | if(ssl_ver == SSL2_VERSION_MAJOR) {
|
---|
1677 | switch(msg) {
|
---|
1678 | case SSL2_MT_ERROR:
|
---|
1679 | return "Error";
|
---|
1680 | case SSL2_MT_CLIENT_HELLO:
|
---|
1681 | return "Client hello";
|
---|
1682 | case SSL2_MT_CLIENT_MASTER_KEY:
|
---|
1683 | return "Client key";
|
---|
1684 | case SSL2_MT_CLIENT_FINISHED:
|
---|
1685 | return "Client finished";
|
---|
1686 | case SSL2_MT_SERVER_HELLO:
|
---|
1687 | return "Server hello";
|
---|
1688 | case SSL2_MT_SERVER_VERIFY:
|
---|
1689 | return "Server verify";
|
---|
1690 | case SSL2_MT_SERVER_FINISHED:
|
---|
1691 | return "Server finished";
|
---|
1692 | case SSL2_MT_REQUEST_CERTIFICATE:
|
---|
1693 | return "Request CERT";
|
---|
1694 | case SSL2_MT_CLIENT_CERTIFICATE:
|
---|
1695 | return "Client CERT";
|
---|
1696 | }
|
---|
1697 | }
|
---|
1698 | else
|
---|
1699 | #endif
|
---|
1700 | if(ssl_ver == SSL3_VERSION_MAJOR) {
|
---|
1701 | switch(msg) {
|
---|
1702 | case SSL3_MT_HELLO_REQUEST:
|
---|
1703 | return "Hello request";
|
---|
1704 | case SSL3_MT_CLIENT_HELLO:
|
---|
1705 | return "Client hello";
|
---|
1706 | case SSL3_MT_SERVER_HELLO:
|
---|
1707 | return "Server hello";
|
---|
1708 | #ifdef SSL3_MT_NEWSESSION_TICKET
|
---|
1709 | case SSL3_MT_NEWSESSION_TICKET:
|
---|
1710 | return "Newsession Ticket";
|
---|
1711 | #endif
|
---|
1712 | case SSL3_MT_CERTIFICATE:
|
---|
1713 | return "Certificate";
|
---|
1714 | case SSL3_MT_SERVER_KEY_EXCHANGE:
|
---|
1715 | return "Server key exchange";
|
---|
1716 | case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
---|
1717 | return "Client key exchange";
|
---|
1718 | case SSL3_MT_CERTIFICATE_REQUEST:
|
---|
1719 | return "Request CERT";
|
---|
1720 | case SSL3_MT_SERVER_DONE:
|
---|
1721 | return "Server finished";
|
---|
1722 | case SSL3_MT_CERTIFICATE_VERIFY:
|
---|
1723 | return "CERT verify";
|
---|
1724 | case SSL3_MT_FINISHED:
|
---|
1725 | return "Finished";
|
---|
1726 | #ifdef SSL3_MT_CERTIFICATE_STATUS
|
---|
1727 | case SSL3_MT_CERTIFICATE_STATUS:
|
---|
1728 | return "Certificate Status";
|
---|
1729 | #endif
|
---|
1730 | }
|
---|
1731 | }
|
---|
1732 | return "Unknown";
|
---|
1733 | }
|
---|
1734 |
|
---|
1735 | static const char *tls_rt_type(int type)
|
---|
1736 | {
|
---|
1737 | switch(type) {
|
---|
1738 | #ifdef SSL3_RT_HEADER
|
---|
1739 | case SSL3_RT_HEADER:
|
---|
1740 | return "TLS header";
|
---|
1741 | #endif
|
---|
1742 | case SSL3_RT_CHANGE_CIPHER_SPEC:
|
---|
1743 | return "TLS change cipher";
|
---|
1744 | case SSL3_RT_ALERT:
|
---|
1745 | return "TLS alert";
|
---|
1746 | case SSL3_RT_HANDSHAKE:
|
---|
1747 | return "TLS handshake";
|
---|
1748 | case SSL3_RT_APPLICATION_DATA:
|
---|
1749 | return "TLS app data";
|
---|
1750 | default:
|
---|
1751 | return "TLS Unknown";
|
---|
1752 | }
|
---|
1753 | }
|
---|
1754 |
|
---|
1755 |
|
---|
1756 | /*
|
---|
1757 | * Our callback from the SSL/TLS layers.
|
---|
1758 | */
|
---|
1759 | static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
---|
1760 | const void *buf, size_t len, SSL *ssl,
|
---|
1761 | void *userp)
|
---|
1762 | {
|
---|
1763 | struct Curl_easy *data;
|
---|
1764 | const char *msg_name, *tls_rt_name;
|
---|
1765 | char ssl_buf[1024];
|
---|
1766 | char unknown[32];
|
---|
1767 | int msg_type, txt_len;
|
---|
1768 | const char *verstr = NULL;
|
---|
1769 | struct connectdata *conn = userp;
|
---|
1770 |
|
---|
1771 | if(!conn || !conn->data || !conn->data->set.fdebug ||
|
---|
1772 | (direction != 0 && direction != 1))
|
---|
1773 | return;
|
---|
1774 |
|
---|
1775 | data = conn->data;
|
---|
1776 |
|
---|
1777 | switch(ssl_ver) {
|
---|
1778 | #ifdef SSL2_VERSION /* removed in recent versions */
|
---|
1779 | case SSL2_VERSION:
|
---|
1780 | verstr = "SSLv2";
|
---|
1781 | break;
|
---|
1782 | #endif
|
---|
1783 | #ifdef SSL3_VERSION
|
---|
1784 | case SSL3_VERSION:
|
---|
1785 | verstr = "SSLv3";
|
---|
1786 | break;
|
---|
1787 | #endif
|
---|
1788 | case TLS1_VERSION:
|
---|
1789 | verstr = "TLSv1.0";
|
---|
1790 | break;
|
---|
1791 | #ifdef TLS1_1_VERSION
|
---|
1792 | case TLS1_1_VERSION:
|
---|
1793 | verstr = "TLSv1.1";
|
---|
1794 | break;
|
---|
1795 | #endif
|
---|
1796 | #ifdef TLS1_2_VERSION
|
---|
1797 | case TLS1_2_VERSION:
|
---|
1798 | verstr = "TLSv1.2";
|
---|
1799 | break;
|
---|
1800 | #endif
|
---|
1801 | #ifdef TLS1_3_VERSION
|
---|
1802 | case TLS1_3_VERSION:
|
---|
1803 | verstr = "TLSv1.3";
|
---|
1804 | break;
|
---|
1805 | #endif
|
---|
1806 | case 0:
|
---|
1807 | break;
|
---|
1808 | default:
|
---|
1809 | snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
---|
1810 | verstr = unknown;
|
---|
1811 | break;
|
---|
1812 | }
|
---|
1813 |
|
---|
1814 | if(ssl_ver) {
|
---|
1815 | /* the info given when the version is zero is not that useful for us */
|
---|
1816 |
|
---|
1817 | ssl_ver >>= 8; /* check the upper 8 bits only below */
|
---|
1818 |
|
---|
1819 | /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
---|
1820 | * always pass-up content-type as 0. But the interesting message-type
|
---|
1821 | * is at 'buf[0]'.
|
---|
1822 | */
|
---|
1823 | if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
---|
1824 | tls_rt_name = tls_rt_type(content_type);
|
---|
1825 | else
|
---|
1826 | tls_rt_name = "";
|
---|
1827 |
|
---|
1828 | msg_type = *(char *)buf;
|
---|
1829 | msg_name = ssl_msg_type(ssl_ver, msg_type);
|
---|
1830 |
|
---|
1831 | txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
---|
1832 | verstr, direction?"OUT":"IN",
|
---|
1833 | tls_rt_name, msg_name, msg_type);
|
---|
1834 | Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
---|
1835 | }
|
---|
1836 |
|
---|
1837 | Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
---|
1838 | CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
---|
1839 | (void) ssl;
|
---|
1840 | }
|
---|
1841 | #endif
|
---|
1842 |
|
---|
1843 | #ifdef USE_OPENSSL
|
---|
1844 | /* ====================================================== */
|
---|
1845 |
|
---|
1846 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
1847 | # define use_sni(x) sni = (x)
|
---|
1848 | #else
|
---|
1849 | # define use_sni(x) Curl_nop_stmt
|
---|
1850 | #endif
|
---|
1851 |
|
---|
1852 | /* Check for OpenSSL 1.0.2 which has ALPN support. */
|
---|
1853 | #undef HAS_ALPN
|
---|
1854 | #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
|
---|
1855 | && !defined(OPENSSL_NO_TLSEXT)
|
---|
1856 | # define HAS_ALPN 1
|
---|
1857 | #endif
|
---|
1858 |
|
---|
1859 | /* Check for OpenSSL 1.0.1 which has NPN support. */
|
---|
1860 | #undef HAS_NPN
|
---|
1861 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L \
|
---|
1862 | && !defined(OPENSSL_NO_TLSEXT) \
|
---|
1863 | && !defined(OPENSSL_NO_NEXTPROTONEG)
|
---|
1864 | # define HAS_NPN 1
|
---|
1865 | #endif
|
---|
1866 |
|
---|
1867 | #ifdef HAS_NPN
|
---|
1868 |
|
---|
1869 | /*
|
---|
1870 | * in is a list of length prefixed strings. this function has to select
|
---|
1871 | * the protocol we want to use from the list and write its string into out.
|
---|
1872 | */
|
---|
1873 |
|
---|
1874 | static int
|
---|
1875 | select_next_protocol(unsigned char **out, unsigned char *outlen,
|
---|
1876 | const unsigned char *in, unsigned int inlen,
|
---|
1877 | const char *key, unsigned int keylen)
|
---|
1878 | {
|
---|
1879 | unsigned int i;
|
---|
1880 | for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
|
---|
1881 | if(memcmp(&in[i + 1], key, keylen) == 0) {
|
---|
1882 | *out = (unsigned char *) &in[i + 1];
|
---|
1883 | *outlen = in[i];
|
---|
1884 | return 0;
|
---|
1885 | }
|
---|
1886 | }
|
---|
1887 | return -1;
|
---|
1888 | }
|
---|
1889 |
|
---|
1890 | static int
|
---|
1891 | select_next_proto_cb(SSL *ssl,
|
---|
1892 | unsigned char **out, unsigned char *outlen,
|
---|
1893 | const unsigned char *in, unsigned int inlen,
|
---|
1894 | void *arg)
|
---|
1895 | {
|
---|
1896 | struct connectdata *conn = (struct connectdata*) arg;
|
---|
1897 |
|
---|
1898 | (void)ssl;
|
---|
1899 |
|
---|
1900 | #ifdef USE_NGHTTP2
|
---|
1901 | if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
1902 | !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
|
---|
1903 | NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
---|
1904 | infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
|
---|
1905 | NGHTTP2_PROTO_VERSION_ID);
|
---|
1906 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
1907 | return SSL_TLSEXT_ERR_OK;
|
---|
1908 | }
|
---|
1909 | #endif
|
---|
1910 |
|
---|
1911 | if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
|
---|
1912 | ALPN_HTTP_1_1_LENGTH)) {
|
---|
1913 | infof(conn->data, "NPN, negotiated HTTP1.1\n");
|
---|
1914 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
1915 | return SSL_TLSEXT_ERR_OK;
|
---|
1916 | }
|
---|
1917 |
|
---|
1918 | infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
|
---|
1919 | *out = (unsigned char *)ALPN_HTTP_1_1;
|
---|
1920 | *outlen = ALPN_HTTP_1_1_LENGTH;
|
---|
1921 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
1922 |
|
---|
1923 | return SSL_TLSEXT_ERR_OK;
|
---|
1924 | }
|
---|
1925 | #endif /* HAS_NPN */
|
---|
1926 |
|
---|
1927 | static const char *
|
---|
1928 | get_ssl_version_txt(SSL *ssl)
|
---|
1929 | {
|
---|
1930 | if(!ssl)
|
---|
1931 | return "";
|
---|
1932 |
|
---|
1933 | switch(SSL_version(ssl)) {
|
---|
1934 | #ifdef TLS1_3_VERSION
|
---|
1935 | case TLS1_3_VERSION:
|
---|
1936 | return "TLSv1.3";
|
---|
1937 | #endif
|
---|
1938 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
1939 | case TLS1_2_VERSION:
|
---|
1940 | return "TLSv1.2";
|
---|
1941 | case TLS1_1_VERSION:
|
---|
1942 | return "TLSv1.1";
|
---|
1943 | #endif
|
---|
1944 | case TLS1_VERSION:
|
---|
1945 | return "TLSv1.0";
|
---|
1946 | case SSL3_VERSION:
|
---|
1947 | return "SSLv3";
|
---|
1948 | case SSL2_VERSION:
|
---|
1949 | return "SSLv2";
|
---|
1950 | }
|
---|
1951 | return "unknown";
|
---|
1952 | }
|
---|
1953 |
|
---|
1954 | static CURLcode
|
---|
1955 | set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
|
---|
1956 | int sockindex)
|
---|
1957 | {
|
---|
1958 | #if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
|
---|
1959 | /* convoluted #if condition just to avoid compiler warnings on unused
|
---|
1960 | variable */
|
---|
1961 | struct Curl_easy *data = conn->data;
|
---|
1962 | #endif
|
---|
1963 | long ssl_version = SSL_CONN_CONFIG(version);
|
---|
1964 | long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
---|
1965 |
|
---|
1966 | if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
|
---|
1967 | ssl_version_max = ssl_version << 16;
|
---|
1968 | }
|
---|
1969 |
|
---|
1970 | switch(ssl_version) {
|
---|
1971 | case CURL_SSLVERSION_TLSv1_3:
|
---|
1972 | #ifdef TLS1_3_VERSION
|
---|
1973 | {
|
---|
1974 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
1975 | SSL_CTX_set_max_proto_version(BACKEND->ctx, TLS1_3_VERSION);
|
---|
1976 | *ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
1977 | }
|
---|
1978 | #else
|
---|
1979 | (void)sockindex;
|
---|
1980 | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
---|
1981 | return CURLE_NOT_BUILT_IN;
|
---|
1982 | #endif
|
---|
1983 | /* FALLTHROUGH */
|
---|
1984 | case CURL_SSLVERSION_TLSv1_2:
|
---|
1985 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
1986 | *ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
1987 | #else
|
---|
1988 | failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
|
---|
1989 | return CURLE_NOT_BUILT_IN;
|
---|
1990 | #endif
|
---|
1991 | /* FALLTHROUGH */
|
---|
1992 | case CURL_SSLVERSION_TLSv1_1:
|
---|
1993 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
1994 | *ctx_options |= SSL_OP_NO_TLSv1;
|
---|
1995 | #else
|
---|
1996 | failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
|
---|
1997 | return CURLE_NOT_BUILT_IN;
|
---|
1998 | #endif
|
---|
1999 | /* FALLTHROUGH */
|
---|
2000 | case CURL_SSLVERSION_TLSv1_0:
|
---|
2001 | *ctx_options |= SSL_OP_NO_SSLv2;
|
---|
2002 | *ctx_options |= SSL_OP_NO_SSLv3;
|
---|
2003 | break;
|
---|
2004 | }
|
---|
2005 |
|
---|
2006 | switch(ssl_version_max) {
|
---|
2007 | case CURL_SSLVERSION_MAX_TLSv1_0:
|
---|
2008 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
2009 | *ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
2010 | #endif
|
---|
2011 | /* FALLTHROUGH */
|
---|
2012 | case CURL_SSLVERSION_MAX_TLSv1_1:
|
---|
2013 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
2014 | *ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
2015 | #endif
|
---|
2016 | /* FALLTHROUGH */
|
---|
2017 | case CURL_SSLVERSION_MAX_TLSv1_2:
|
---|
2018 | case CURL_SSLVERSION_MAX_DEFAULT:
|
---|
2019 | #ifdef TLS1_3_VERSION
|
---|
2020 | *ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
2021 | #endif
|
---|
2022 | break;
|
---|
2023 | case CURL_SSLVERSION_MAX_TLSv1_3:
|
---|
2024 | #ifdef TLS1_3_VERSION
|
---|
2025 | break;
|
---|
2026 | #else
|
---|
2027 | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
---|
2028 | return CURLE_NOT_BUILT_IN;
|
---|
2029 | #endif
|
---|
2030 | }
|
---|
2031 | return CURLE_OK;
|
---|
2032 | }
|
---|
2033 |
|
---|
2034 | static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
---|
2035 | {
|
---|
2036 | CURLcode result = CURLE_OK;
|
---|
2037 | char *ciphers;
|
---|
2038 | struct Curl_easy *data = conn->data;
|
---|
2039 | SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
|
---|
2040 | X509_LOOKUP *lookup = NULL;
|
---|
2041 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
2042 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2043 | long ctx_options = 0;
|
---|
2044 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
2045 | bool sni;
|
---|
2046 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
---|
2047 | conn->host.name;
|
---|
2048 | #ifdef ENABLE_IPV6
|
---|
2049 | struct in6_addr addr;
|
---|
2050 | #else
|
---|
2051 | struct in_addr addr;
|
---|
2052 | #endif
|
---|
2053 | #endif
|
---|
2054 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
2055 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
2056 | const long int ssl_version = SSL_CONN_CONFIG(version);
|
---|
2057 | #ifdef USE_TLS_SRP
|
---|
2058 | const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
|
---|
2059 | #endif
|
---|
2060 | char * const ssl_cert = SSL_SET_OPTION(cert);
|
---|
2061 | const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
|
---|
2062 | const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
---|
2063 | const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
---|
2064 | const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
---|
2065 | const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
|
---|
2066 | char error_buffer[256];
|
---|
2067 |
|
---|
2068 | DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
---|
2069 |
|
---|
2070 | /* Make funny stuff to get random input */
|
---|
2071 | result = Curl_ossl_seed(data);
|
---|
2072 | if(result)
|
---|
2073 | return result;
|
---|
2074 |
|
---|
2075 | *certverifyresult = !X509_V_OK;
|
---|
2076 |
|
---|
2077 | /* check to see if we've been told to use an explicit SSL/TLS version */
|
---|
2078 |
|
---|
2079 | switch(ssl_version) {
|
---|
2080 | case CURL_SSLVERSION_DEFAULT:
|
---|
2081 | case CURL_SSLVERSION_TLSv1:
|
---|
2082 | case CURL_SSLVERSION_TLSv1_0:
|
---|
2083 | case CURL_SSLVERSION_TLSv1_1:
|
---|
2084 | case CURL_SSLVERSION_TLSv1_2:
|
---|
2085 | case CURL_SSLVERSION_TLSv1_3:
|
---|
2086 | /* it will be handled later with the context options */
|
---|
2087 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
2088 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
2089 | req_method = TLS_client_method();
|
---|
2090 | #else
|
---|
2091 | req_method = SSLv23_client_method();
|
---|
2092 | #endif
|
---|
2093 | use_sni(TRUE);
|
---|
2094 | break;
|
---|
2095 | case CURL_SSLVERSION_SSLv2:
|
---|
2096 | #ifdef OPENSSL_NO_SSL2
|
---|
2097 | failf(data, OSSL_PACKAGE " was built without SSLv2 support");
|
---|
2098 | return CURLE_NOT_BUILT_IN;
|
---|
2099 | #else
|
---|
2100 | #ifdef USE_TLS_SRP
|
---|
2101 | if(ssl_authtype == CURL_TLSAUTH_SRP)
|
---|
2102 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2103 | #endif
|
---|
2104 | req_method = SSLv2_client_method();
|
---|
2105 | use_sni(FALSE);
|
---|
2106 | break;
|
---|
2107 | #endif
|
---|
2108 | case CURL_SSLVERSION_SSLv3:
|
---|
2109 | #ifdef OPENSSL_NO_SSL3_METHOD
|
---|
2110 | failf(data, OSSL_PACKAGE " was built without SSLv3 support");
|
---|
2111 | return CURLE_NOT_BUILT_IN;
|
---|
2112 | #else
|
---|
2113 | #ifdef USE_TLS_SRP
|
---|
2114 | if(ssl_authtype == CURL_TLSAUTH_SRP)
|
---|
2115 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2116 | #endif
|
---|
2117 | req_method = SSLv3_client_method();
|
---|
2118 | use_sni(FALSE);
|
---|
2119 | break;
|
---|
2120 | #endif
|
---|
2121 | default:
|
---|
2122 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
---|
2123 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2124 | }
|
---|
2125 |
|
---|
2126 | if(BACKEND->ctx)
|
---|
2127 | SSL_CTX_free(BACKEND->ctx);
|
---|
2128 | BACKEND->ctx = SSL_CTX_new(req_method);
|
---|
2129 |
|
---|
2130 | if(!BACKEND->ctx) {
|
---|
2131 | failf(data, "SSL: couldn't create a context: %s",
|
---|
2132 | ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
|
---|
2133 | return CURLE_OUT_OF_MEMORY;
|
---|
2134 | }
|
---|
2135 |
|
---|
2136 | #ifdef SSL_MODE_RELEASE_BUFFERS
|
---|
2137 | SSL_CTX_set_mode(BACKEND->ctx, SSL_MODE_RELEASE_BUFFERS);
|
---|
2138 | #endif
|
---|
2139 |
|
---|
2140 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
2141 | if(data->set.fdebug && data->set.verbose) {
|
---|
2142 | /* the SSL trace callback is only used for verbose logging */
|
---|
2143 | SSL_CTX_set_msg_callback(BACKEND->ctx, ssl_tls_trace);
|
---|
2144 | SSL_CTX_set_msg_callback_arg(BACKEND->ctx, conn);
|
---|
2145 | }
|
---|
2146 | #endif
|
---|
2147 |
|
---|
2148 | /* OpenSSL contains code to work-around lots of bugs and flaws in various
|
---|
2149 | SSL-implementations. SSL_CTX_set_options() is used to enabled those
|
---|
2150 | work-arounds. The man page for this option states that SSL_OP_ALL enables
|
---|
2151 | all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
|
---|
2152 | enable the bug workaround options if compatibility with somewhat broken
|
---|
2153 | implementations is desired."
|
---|
2154 |
|
---|
2155 | The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
|
---|
2156 | disable "rfc4507bis session ticket support". rfc4507bis was later turned
|
---|
2157 | into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
|
---|
2158 |
|
---|
2159 | The enabled extension concerns the session management. I wonder how often
|
---|
2160 | libcurl stops a connection and then resumes a TLS session. also, sending
|
---|
2161 | the session data is some overhead. .I suggest that you just use your
|
---|
2162 | proposed patch (which explicitly disables TICKET).
|
---|
2163 |
|
---|
2164 | If someone writes an application with libcurl and openssl who wants to
|
---|
2165 | enable the feature, one can do this in the SSL callback.
|
---|
2166 |
|
---|
2167 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
|
---|
2168 | interoperability with web server Netscape Enterprise Server 2.0.1 which
|
---|
2169 | was released back in 1996.
|
---|
2170 |
|
---|
2171 | Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
|
---|
2172 | become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
|
---|
2173 | CVE-2010-4180 when using previous OpenSSL versions we no longer enable
|
---|
2174 | this option regardless of OpenSSL version and SSL_OP_ALL definition.
|
---|
2175 |
|
---|
2176 | OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
|
---|
2177 | (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
|
---|
2178 | SSL_OP_ALL that _disables_ that work-around despite the fact that
|
---|
2179 | SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
|
---|
2180 | keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
|
---|
2181 | must not be set.
|
---|
2182 | */
|
---|
2183 |
|
---|
2184 | ctx_options = SSL_OP_ALL;
|
---|
2185 |
|
---|
2186 | #ifdef SSL_OP_NO_TICKET
|
---|
2187 | ctx_options |= SSL_OP_NO_TICKET;
|
---|
2188 | #endif
|
---|
2189 |
|
---|
2190 | #ifdef SSL_OP_NO_COMPRESSION
|
---|
2191 | ctx_options |= SSL_OP_NO_COMPRESSION;
|
---|
2192 | #endif
|
---|
2193 |
|
---|
2194 | #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
---|
2195 | /* mitigate CVE-2010-4180 */
|
---|
2196 | ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
---|
2197 | #endif
|
---|
2198 |
|
---|
2199 | #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
---|
2200 | /* unless the user explicitly ask to allow the protocol vulnerability we
|
---|
2201 | use the work-around */
|
---|
2202 | if(!SSL_SET_OPTION(enable_beast))
|
---|
2203 | ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
---|
2204 | #endif
|
---|
2205 |
|
---|
2206 | switch(ssl_version) {
|
---|
2207 | case CURL_SSLVERSION_SSLv3:
|
---|
2208 | #ifdef USE_TLS_SRP
|
---|
2209 | if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
---|
2210 | infof(data, "Set version TLSv1.x for SRP authorisation\n");
|
---|
2211 | }
|
---|
2212 | #endif
|
---|
2213 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
2214 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
2215 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
2216 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
2217 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
2218 | #ifdef TLS1_3_VERSION
|
---|
2219 | ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
2220 | #endif
|
---|
2221 | #endif
|
---|
2222 | break;
|
---|
2223 |
|
---|
2224 | case CURL_SSLVERSION_DEFAULT:
|
---|
2225 | case CURL_SSLVERSION_TLSv1:
|
---|
2226 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
2227 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
2228 | break;
|
---|
2229 |
|
---|
2230 | case CURL_SSLVERSION_TLSv1_0:
|
---|
2231 | case CURL_SSLVERSION_TLSv1_1:
|
---|
2232 | case CURL_SSLVERSION_TLSv1_2:
|
---|
2233 | case CURL_SSLVERSION_TLSv1_3:
|
---|
2234 | result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
|
---|
2235 | if(result != CURLE_OK)
|
---|
2236 | return result;
|
---|
2237 | break;
|
---|
2238 |
|
---|
2239 | case CURL_SSLVERSION_SSLv2:
|
---|
2240 | #ifndef OPENSSL_NO_SSL2
|
---|
2241 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
2242 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
2243 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
2244 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
2245 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
2246 | #ifdef TLS1_3_VERSION
|
---|
2247 | ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
2248 | #endif
|
---|
2249 | #endif
|
---|
2250 | break;
|
---|
2251 | #else
|
---|
2252 | failf(data, OSSL_PACKAGE " was built without SSLv2 support");
|
---|
2253 | return CURLE_NOT_BUILT_IN;
|
---|
2254 | #endif
|
---|
2255 |
|
---|
2256 | default:
|
---|
2257 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
---|
2258 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2259 | }
|
---|
2260 |
|
---|
2261 | SSL_CTX_set_options(BACKEND->ctx, ctx_options);
|
---|
2262 |
|
---|
2263 | #ifdef HAS_NPN
|
---|
2264 | if(conn->bits.tls_enable_npn)
|
---|
2265 | SSL_CTX_set_next_proto_select_cb(BACKEND->ctx, select_next_proto_cb, conn);
|
---|
2266 | #endif
|
---|
2267 |
|
---|
2268 | #ifdef HAS_ALPN
|
---|
2269 | if(conn->bits.tls_enable_alpn) {
|
---|
2270 | int cur = 0;
|
---|
2271 | unsigned char protocols[128];
|
---|
2272 |
|
---|
2273 | #ifdef USE_NGHTTP2
|
---|
2274 | if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
2275 | (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
|
---|
2276 | protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
2277 |
|
---|
2278 | memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
---|
2279 | NGHTTP2_PROTO_VERSION_ID_LEN);
|
---|
2280 | cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
2281 | infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
---|
2282 | }
|
---|
2283 | #endif
|
---|
2284 |
|
---|
2285 | protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
---|
2286 | memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
|
---|
2287 | cur += ALPN_HTTP_1_1_LENGTH;
|
---|
2288 | infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
|
---|
2289 |
|
---|
2290 | /* expects length prefixed preference ordered list of protocols in wire
|
---|
2291 | * format
|
---|
2292 | */
|
---|
2293 | SSL_CTX_set_alpn_protos(BACKEND->ctx, protocols, cur);
|
---|
2294 | }
|
---|
2295 | #endif
|
---|
2296 |
|
---|
2297 | if(ssl_cert || ssl_cert_type) {
|
---|
2298 | if(!cert_stuff(conn, BACKEND->ctx, ssl_cert, ssl_cert_type,
|
---|
2299 | SSL_SET_OPTION(key), SSL_SET_OPTION(key_type),
|
---|
2300 | SSL_SET_OPTION(key_passwd))) {
|
---|
2301 | /* failf() is already done in cert_stuff() */
|
---|
2302 | return CURLE_SSL_CERTPROBLEM;
|
---|
2303 | }
|
---|
2304 | }
|
---|
2305 |
|
---|
2306 | ciphers = SSL_CONN_CONFIG(cipher_list);
|
---|
2307 | if(!ciphers)
|
---|
2308 | ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
---|
2309 | if(ciphers) {
|
---|
2310 | if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
|
---|
2311 | failf(data, "failed setting cipher list: %s", ciphers);
|
---|
2312 | return CURLE_SSL_CIPHER;
|
---|
2313 | }
|
---|
2314 | infof(data, "Cipher selection: %s\n", ciphers);
|
---|
2315 | }
|
---|
2316 |
|
---|
2317 | #ifdef USE_TLS_SRP
|
---|
2318 | if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
---|
2319 | char * const ssl_username = SSL_SET_OPTION(username);
|
---|
2320 |
|
---|
2321 | infof(data, "Using TLS-SRP username: %s\n", ssl_username);
|
---|
2322 |
|
---|
2323 | if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
|
---|
2324 | failf(data, "Unable to set SRP user name");
|
---|
2325 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
2326 | }
|
---|
2327 | if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
|
---|
2328 | failf(data, "failed setting SRP password");
|
---|
2329 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
2330 | }
|
---|
2331 | if(!SSL_CONN_CONFIG(cipher_list)) {
|
---|
2332 | infof(data, "Setting cipher list SRP\n");
|
---|
2333 |
|
---|
2334 | if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "SRP")) {
|
---|
2335 | failf(data, "failed setting SRP cipher list");
|
---|
2336 | return CURLE_SSL_CIPHER;
|
---|
2337 | }
|
---|
2338 | }
|
---|
2339 | }
|
---|
2340 | #endif
|
---|
2341 |
|
---|
2342 | if(ssl_cafile || ssl_capath) {
|
---|
2343 | /* tell SSL where to find CA certificates that are used to verify
|
---|
2344 | the servers certificate. */
|
---|
2345 | if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
|
---|
2346 | if(verifypeer) {
|
---|
2347 | /* Fail if we insist on successfully verifying the server. */
|
---|
2348 | failf(data, "error setting certificate verify locations:\n"
|
---|
2349 | " CAfile: %s\n CApath: %s",
|
---|
2350 | ssl_cafile ? ssl_cafile : "none",
|
---|
2351 | ssl_capath ? ssl_capath : "none");
|
---|
2352 | return CURLE_SSL_CACERT_BADFILE;
|
---|
2353 | }
|
---|
2354 | /* Just continue with a warning if no strict certificate verification
|
---|
2355 | is required. */
|
---|
2356 | infof(data, "error setting certificate verify locations,"
|
---|
2357 | " continuing anyway:\n");
|
---|
2358 | }
|
---|
2359 | else {
|
---|
2360 | /* Everything is fine. */
|
---|
2361 | infof(data, "successfully set certificate verify locations:\n");
|
---|
2362 | }
|
---|
2363 | infof(data,
|
---|
2364 | " CAfile: %s\n"
|
---|
2365 | " CApath: %s\n",
|
---|
2366 | ssl_cafile ? ssl_cafile : "none",
|
---|
2367 | ssl_capath ? ssl_capath : "none");
|
---|
2368 | }
|
---|
2369 | #ifdef CURL_CA_FALLBACK
|
---|
2370 | else if(verifypeer) {
|
---|
2371 | /* verfying the peer without any CA certificates won't
|
---|
2372 | work so use openssl's built in default as fallback */
|
---|
2373 | SSL_CTX_set_default_verify_paths(BACKEND->ctx);
|
---|
2374 | }
|
---|
2375 | #endif
|
---|
2376 |
|
---|
2377 | if(ssl_crlfile) {
|
---|
2378 | /* tell SSL where to find CRL file that is used to check certificate
|
---|
2379 | * revocation */
|
---|
2380 | lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
2381 | X509_LOOKUP_file());
|
---|
2382 | if(!lookup ||
|
---|
2383 | (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
|
---|
2384 | failf(data, "error loading CRL file: %s", ssl_crlfile);
|
---|
2385 | return CURLE_SSL_CRL_BADFILE;
|
---|
2386 | }
|
---|
2387 | /* Everything is fine. */
|
---|
2388 | infof(data, "successfully load CRL file:\n");
|
---|
2389 | X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
2390 | X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
|
---|
2391 |
|
---|
2392 | infof(data, " CRLfile: %s\n", ssl_crlfile);
|
---|
2393 | }
|
---|
2394 |
|
---|
2395 | /* Try building a chain using issuers in the trusted store first to avoid
|
---|
2396 | problems with server-sent legacy intermediates.
|
---|
2397 | Newer versions of OpenSSL do alternate chain checking by default which
|
---|
2398 | gives us the same fix without as much of a performance hit (slight), so we
|
---|
2399 | prefer that if available.
|
---|
2400 | https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
---|
2401 | */
|
---|
2402 | #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
|
---|
2403 | if(verifypeer) {
|
---|
2404 | X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
2405 | X509_V_FLAG_TRUSTED_FIRST);
|
---|
2406 | }
|
---|
2407 | #endif
|
---|
2408 |
|
---|
2409 | /* SSL always tries to verify the peer, this only says whether it should
|
---|
2410 | * fail to connect if the verification fails, or if it should continue
|
---|
2411 | * anyway. In the latter case the result of the verification is checked with
|
---|
2412 | * SSL_get_verify_result() below. */
|
---|
2413 | SSL_CTX_set_verify(BACKEND->ctx,
|
---|
2414 | verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
|
---|
2415 |
|
---|
2416 | /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
|
---|
2417 | #if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK)
|
---|
2418 | if(keylog_file) {
|
---|
2419 | SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback);
|
---|
2420 | }
|
---|
2421 | #endif
|
---|
2422 |
|
---|
2423 | /* give application a chance to interfere with SSL set up. */
|
---|
2424 | if(data->set.ssl.fsslctx) {
|
---|
2425 | result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,
|
---|
2426 | data->set.ssl.fsslctxp);
|
---|
2427 | if(result) {
|
---|
2428 | failf(data, "error signaled by ssl ctx callback");
|
---|
2429 | return result;
|
---|
2430 | }
|
---|
2431 | }
|
---|
2432 |
|
---|
2433 | /* Lets make an SSL structure */
|
---|
2434 | if(BACKEND->handle)
|
---|
2435 | SSL_free(BACKEND->handle);
|
---|
2436 | BACKEND->handle = SSL_new(BACKEND->ctx);
|
---|
2437 | if(!BACKEND->handle) {
|
---|
2438 | failf(data, "SSL: couldn't create a context (handle)!");
|
---|
2439 | return CURLE_OUT_OF_MEMORY;
|
---|
2440 | }
|
---|
2441 |
|
---|
2442 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
2443 | !defined(OPENSSL_NO_OCSP)
|
---|
2444 | if(SSL_CONN_CONFIG(verifystatus))
|
---|
2445 | SSL_set_tlsext_status_type(BACKEND->handle, TLSEXT_STATUSTYPE_ocsp);
|
---|
2446 | #endif
|
---|
2447 |
|
---|
2448 | SSL_set_connect_state(BACKEND->handle);
|
---|
2449 |
|
---|
2450 | BACKEND->server_cert = 0x0;
|
---|
2451 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
2452 | if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
---|
2453 | #ifdef ENABLE_IPV6
|
---|
2454 | (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
|
---|
2455 | #endif
|
---|
2456 | sni &&
|
---|
2457 | !SSL_set_tlsext_host_name(BACKEND->handle, hostname))
|
---|
2458 | infof(data, "WARNING: failed to configure server name indication (SNI) "
|
---|
2459 | "TLS extension\n");
|
---|
2460 | #endif
|
---|
2461 |
|
---|
2462 | /* Check if there's a cached ID we can/should use here! */
|
---|
2463 | if(SSL_SET_OPTION(primary.sessionid)) {
|
---|
2464 | void *ssl_sessionid = NULL;
|
---|
2465 |
|
---|
2466 | Curl_ssl_sessionid_lock(conn);
|
---|
2467 | if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
|
---|
2468 | /* we got a session id, use it! */
|
---|
2469 | if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
|
---|
2470 | Curl_ssl_sessionid_unlock(conn);
|
---|
2471 | failf(data, "SSL: SSL_set_session failed: %s",
|
---|
2472 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
2473 | sizeof(error_buffer)));
|
---|
2474 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2475 | }
|
---|
2476 | /* Informational message */
|
---|
2477 | infof(data, "SSL re-using session ID\n");
|
---|
2478 | }
|
---|
2479 | Curl_ssl_sessionid_unlock(conn);
|
---|
2480 | }
|
---|
2481 |
|
---|
2482 | if(conn->proxy_ssl[sockindex].use) {
|
---|
2483 | BIO *const bio = BIO_new(BIO_f_ssl());
|
---|
2484 | SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
|
---|
2485 | DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
---|
2486 | DEBUGASSERT(handle != NULL);
|
---|
2487 | DEBUGASSERT(bio != NULL);
|
---|
2488 | BIO_set_ssl(bio, handle, FALSE);
|
---|
2489 | SSL_set_bio(BACKEND->handle, bio, bio);
|
---|
2490 | }
|
---|
2491 | else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
|
---|
2492 | /* pass the raw socket into the SSL layers */
|
---|
2493 | failf(data, "SSL: SSL_set_fd failed: %s",
|
---|
2494 | ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
|
---|
2495 | return CURLE_SSL_CONNECT_ERROR;
|
---|
2496 | }
|
---|
2497 |
|
---|
2498 | connssl->connecting_state = ssl_connect_2;
|
---|
2499 |
|
---|
2500 | return CURLE_OK;
|
---|
2501 | }
|
---|
2502 |
|
---|
2503 | static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
---|
2504 | {
|
---|
2505 | struct Curl_easy *data = conn->data;
|
---|
2506 | int err;
|
---|
2507 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2508 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
2509 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
2510 | DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|
---|
2511 | || ssl_connect_2_reading == connssl->connecting_state
|
---|
2512 | || ssl_connect_2_writing == connssl->connecting_state);
|
---|
2513 |
|
---|
2514 | ERR_clear_error();
|
---|
2515 |
|
---|
2516 | err = SSL_connect(BACKEND->handle);
|
---|
2517 | /* If keylogging is enabled but the keylog callback is not supported then log
|
---|
2518 | secrets here, immediately after SSL_connect by using tap_ssl_key. */
|
---|
2519 | #if defined(ENABLE_SSLKEYLOGFILE) && !defined(HAVE_KEYLOG_CALLBACK)
|
---|
2520 | tap_ssl_key(BACKEND->handle, &BACKEND->tap_state);
|
---|
2521 | #endif
|
---|
2522 |
|
---|
2523 | /* 1 is fine
|
---|
2524 | 0 is "not successful but was shut down controlled"
|
---|
2525 | <0 is "handshake was not successful, because a fatal error occurred" */
|
---|
2526 | if(1 != err) {
|
---|
2527 | int detail = SSL_get_error(BACKEND->handle, err);
|
---|
2528 |
|
---|
2529 | if(SSL_ERROR_WANT_READ == detail) {
|
---|
2530 | connssl->connecting_state = ssl_connect_2_reading;
|
---|
2531 | return CURLE_OK;
|
---|
2532 | }
|
---|
2533 | if(SSL_ERROR_WANT_WRITE == detail) {
|
---|
2534 | connssl->connecting_state = ssl_connect_2_writing;
|
---|
2535 | return CURLE_OK;
|
---|
2536 | }
|
---|
2537 | else {
|
---|
2538 | /* untreated error */
|
---|
2539 | unsigned long errdetail;
|
---|
2540 | char error_buffer[256]="";
|
---|
2541 | CURLcode result;
|
---|
2542 | long lerr;
|
---|
2543 | int lib;
|
---|
2544 | int reason;
|
---|
2545 |
|
---|
2546 | /* the connection failed, we're not waiting for anything else. */
|
---|
2547 | connssl->connecting_state = ssl_connect_2;
|
---|
2548 |
|
---|
2549 | /* Get the earliest error code from the thread's error queue and removes
|
---|
2550 | the entry. */
|
---|
2551 | errdetail = ERR_get_error();
|
---|
2552 |
|
---|
2553 | /* Extract which lib and reason */
|
---|
2554 | lib = ERR_GET_LIB(errdetail);
|
---|
2555 | reason = ERR_GET_REASON(errdetail);
|
---|
2556 |
|
---|
2557 | if((lib == ERR_LIB_SSL) &&
|
---|
2558 | (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
|
---|
2559 | result = CURLE_SSL_CACERT;
|
---|
2560 |
|
---|
2561 | lerr = SSL_get_verify_result(BACKEND->handle);
|
---|
2562 | if(lerr != X509_V_OK) {
|
---|
2563 | *certverifyresult = lerr;
|
---|
2564 | snprintf(error_buffer, sizeof(error_buffer),
|
---|
2565 | "SSL certificate problem: %s",
|
---|
2566 | X509_verify_cert_error_string(lerr));
|
---|
2567 | }
|
---|
2568 | else
|
---|
2569 | /* strcpy() is fine here as long as the string fits within
|
---|
2570 | error_buffer */
|
---|
2571 | strcpy(error_buffer, "SSL certificate verification failed");
|
---|
2572 | }
|
---|
2573 | else {
|
---|
2574 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
2575 | ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
---|
2576 | }
|
---|
2577 |
|
---|
2578 | /* detail is already set to the SSL error above */
|
---|
2579 |
|
---|
2580 | /* If we e.g. use SSLv2 request-method and the server doesn't like us
|
---|
2581 | * (RST connection etc.), OpenSSL gives no explanation whatsoever and
|
---|
2582 | * the SO_ERROR is also lost.
|
---|
2583 | */
|
---|
2584 | if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
|
---|
2585 | const char * const hostname = SSL_IS_PROXY() ?
|
---|
2586 | conn->http_proxy.host.name : conn->host.name;
|
---|
2587 | const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
|
---|
2588 | failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
|
---|
2589 | SSL_ERROR_to_str(detail), hostname, port);
|
---|
2590 | return result;
|
---|
2591 | }
|
---|
2592 |
|
---|
2593 | /* Could be a CERT problem */
|
---|
2594 | failf(data, "%s", error_buffer);
|
---|
2595 |
|
---|
2596 | return result;
|
---|
2597 | }
|
---|
2598 | }
|
---|
2599 | else {
|
---|
2600 | /* we have been connected fine, we're not waiting for anything else. */
|
---|
2601 | connssl->connecting_state = ssl_connect_3;
|
---|
2602 |
|
---|
2603 | /* Informational message */
|
---|
2604 | infof(data, "SSL connection using %s / %s\n",
|
---|
2605 | get_ssl_version_txt(BACKEND->handle),
|
---|
2606 | SSL_get_cipher(BACKEND->handle));
|
---|
2607 |
|
---|
2608 | #ifdef HAS_ALPN
|
---|
2609 | /* Sets data and len to negotiated protocol, len is 0 if no protocol was
|
---|
2610 | * negotiated
|
---|
2611 | */
|
---|
2612 | if(conn->bits.tls_enable_alpn) {
|
---|
2613 | const unsigned char *neg_protocol;
|
---|
2614 | unsigned int len;
|
---|
2615 | SSL_get0_alpn_selected(BACKEND->handle, &neg_protocol, &len);
|
---|
2616 | if(len != 0) {
|
---|
2617 | infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
---|
2618 |
|
---|
2619 | #ifdef USE_NGHTTP2
|
---|
2620 | if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
---|
2621 | !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
|
---|
2622 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
2623 | }
|
---|
2624 | else
|
---|
2625 | #endif
|
---|
2626 | if(len == ALPN_HTTP_1_1_LENGTH &&
|
---|
2627 | !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
|
---|
2628 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
2629 | }
|
---|
2630 | }
|
---|
2631 | else
|
---|
2632 | infof(data, "ALPN, server did not agree to a protocol\n");
|
---|
2633 | }
|
---|
2634 | #endif
|
---|
2635 |
|
---|
2636 | return CURLE_OK;
|
---|
2637 | }
|
---|
2638 | }
|
---|
2639 |
|
---|
2640 | static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
|
---|
2641 | {
|
---|
2642 | int i, ilen;
|
---|
2643 |
|
---|
2644 | ilen = (int)len;
|
---|
2645 | if(ilen < 0)
|
---|
2646 | return 1; /* buffer too big */
|
---|
2647 |
|
---|
2648 | i = i2t_ASN1_OBJECT(buf, ilen, a);
|
---|
2649 |
|
---|
2650 | if(i >= ilen)
|
---|
2651 | return 1; /* buffer too small */
|
---|
2652 |
|
---|
2653 | return 0;
|
---|
2654 | }
|
---|
2655 |
|
---|
2656 | #define push_certinfo(_label, _num) \
|
---|
2657 | do { \
|
---|
2658 | long info_len = BIO_get_mem_data(mem, &ptr); \
|
---|
2659 | Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
|
---|
2660 | if(1 != BIO_reset(mem)) \
|
---|
2661 | break; \
|
---|
2662 | } WHILE_FALSE
|
---|
2663 |
|
---|
2664 | static void pubkey_show(struct Curl_easy *data,
|
---|
2665 | BIO *mem,
|
---|
2666 | int num,
|
---|
2667 | const char *type,
|
---|
2668 | const char *name,
|
---|
2669 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
2670 | const
|
---|
2671 | #endif
|
---|
2672 | BIGNUM *bn)
|
---|
2673 | {
|
---|
2674 | char *ptr;
|
---|
2675 | char namebuf[32];
|
---|
2676 |
|
---|
2677 | snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
|
---|
2678 |
|
---|
2679 | if(bn)
|
---|
2680 | BN_print(mem, bn);
|
---|
2681 | push_certinfo(namebuf, num);
|
---|
2682 | }
|
---|
2683 |
|
---|
2684 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
2685 | #define print_pubkey_BN(_type, _name, _num) \
|
---|
2686 | pubkey_show(data, mem, _num, #_type, #_name, _name)
|
---|
2687 |
|
---|
2688 | #else
|
---|
2689 | #define print_pubkey_BN(_type, _name, _num) \
|
---|
2690 | do { \
|
---|
2691 | if(_type->_name) { \
|
---|
2692 | pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
|
---|
2693 | } \
|
---|
2694 | } WHILE_FALSE
|
---|
2695 | #endif
|
---|
2696 |
|
---|
2697 | static int X509V3_ext(struct Curl_easy *data,
|
---|
2698 | int certnum,
|
---|
2699 | CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
|
---|
2700 | {
|
---|
2701 | int i;
|
---|
2702 | size_t j;
|
---|
2703 |
|
---|
2704 | if((int)sk_X509_EXTENSION_num(exts) <= 0)
|
---|
2705 | /* no extensions, bail out */
|
---|
2706 | return 1;
|
---|
2707 |
|
---|
2708 | for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
|
---|
2709 | ASN1_OBJECT *obj;
|
---|
2710 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
|
---|
2711 | BUF_MEM *biomem;
|
---|
2712 | char buf[512];
|
---|
2713 | char *ptr = buf;
|
---|
2714 | char namebuf[128];
|
---|
2715 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
2716 |
|
---|
2717 | if(!bio_out)
|
---|
2718 | return 1;
|
---|
2719 |
|
---|
2720 | obj = X509_EXTENSION_get_object(ext);
|
---|
2721 |
|
---|
2722 | asn1_object_dump(obj, namebuf, sizeof(namebuf));
|
---|
2723 |
|
---|
2724 | if(!X509V3_EXT_print(bio_out, ext, 0, 0))
|
---|
2725 | ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
|
---|
2726 |
|
---|
2727 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
2728 |
|
---|
2729 | for(j = 0; j < (size_t)biomem->length; j++) {
|
---|
2730 | const char *sep = "";
|
---|
2731 | if(biomem->data[j] == '\n') {
|
---|
2732 | sep = ", ";
|
---|
2733 | j++; /* skip the newline */
|
---|
2734 | };
|
---|
2735 | while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
|
---|
2736 | j++;
|
---|
2737 | if(j<(size_t)biomem->length)
|
---|
2738 | ptr += snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
|
---|
2739 | biomem->data[j]);
|
---|
2740 | }
|
---|
2741 |
|
---|
2742 | Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
|
---|
2743 |
|
---|
2744 | BIO_free(bio_out);
|
---|
2745 |
|
---|
2746 | }
|
---|
2747 | return 0; /* all is fine */
|
---|
2748 | }
|
---|
2749 |
|
---|
2750 | static CURLcode get_cert_chain(struct connectdata *conn,
|
---|
2751 | struct ssl_connect_data *connssl)
|
---|
2752 |
|
---|
2753 | {
|
---|
2754 | CURLcode result;
|
---|
2755 | STACK_OF(X509) *sk;
|
---|
2756 | int i;
|
---|
2757 | struct Curl_easy *data = conn->data;
|
---|
2758 | int numcerts;
|
---|
2759 | BIO *mem;
|
---|
2760 |
|
---|
2761 | sk = SSL_get_peer_cert_chain(BACKEND->handle);
|
---|
2762 | if(!sk) {
|
---|
2763 | return CURLE_OUT_OF_MEMORY;
|
---|
2764 | }
|
---|
2765 |
|
---|
2766 | numcerts = sk_X509_num(sk);
|
---|
2767 |
|
---|
2768 | result = Curl_ssl_init_certinfo(data, numcerts);
|
---|
2769 | if(result) {
|
---|
2770 | return result;
|
---|
2771 | }
|
---|
2772 |
|
---|
2773 | mem = BIO_new(BIO_s_mem());
|
---|
2774 |
|
---|
2775 | for(i = 0; i < numcerts; i++) {
|
---|
2776 | ASN1_INTEGER *num;
|
---|
2777 | X509 *x = sk_X509_value(sk, i);
|
---|
2778 | EVP_PKEY *pubkey = NULL;
|
---|
2779 | int j;
|
---|
2780 | char *ptr;
|
---|
2781 | const ASN1_BIT_STRING *psig = NULL;
|
---|
2782 |
|
---|
2783 | X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
|
---|
2784 | push_certinfo("Subject", i);
|
---|
2785 |
|
---|
2786 | X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
|
---|
2787 | push_certinfo("Issuer", i);
|
---|
2788 |
|
---|
2789 | BIO_printf(mem, "%lx", X509_get_version(x));
|
---|
2790 | push_certinfo("Version", i);
|
---|
2791 |
|
---|
2792 | num = X509_get_serialNumber(x);
|
---|
2793 | if(num->type == V_ASN1_NEG_INTEGER)
|
---|
2794 | BIO_puts(mem, "-");
|
---|
2795 | for(j = 0; j < num->length; j++)
|
---|
2796 | BIO_printf(mem, "%02x", num->data[j]);
|
---|
2797 | push_certinfo("Serial Number", i);
|
---|
2798 |
|
---|
2799 | #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
|
---|
2800 | {
|
---|
2801 | const X509_ALGOR *palg = NULL;
|
---|
2802 | ASN1_STRING *a = ASN1_STRING_new();
|
---|
2803 | if(a) {
|
---|
2804 | X509_get0_signature(&psig, &palg, x);
|
---|
2805 | X509_signature_print(mem, palg, a);
|
---|
2806 | ASN1_STRING_free(a);
|
---|
2807 |
|
---|
2808 | if(palg) {
|
---|
2809 | i2a_ASN1_OBJECT(mem, palg->algorithm);
|
---|
2810 | push_certinfo("Public Key Algorithm", i);
|
---|
2811 | }
|
---|
2812 | }
|
---|
2813 | X509V3_ext(data, i, X509_get0_extensions(x));
|
---|
2814 | }
|
---|
2815 | #else
|
---|
2816 | {
|
---|
2817 | /* before OpenSSL 1.0.2 */
|
---|
2818 | X509_CINF *cinf = x->cert_info;
|
---|
2819 |
|
---|
2820 | i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
|
---|
2821 | push_certinfo("Signature Algorithm", i);
|
---|
2822 |
|
---|
2823 | i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
|
---|
2824 | push_certinfo("Public Key Algorithm", i);
|
---|
2825 |
|
---|
2826 | X509V3_ext(data, i, cinf->extensions);
|
---|
2827 |
|
---|
2828 | psig = x->signature;
|
---|
2829 | }
|
---|
2830 | #endif
|
---|
2831 |
|
---|
2832 | ASN1_TIME_print(mem, X509_get0_notBefore(x));
|
---|
2833 | push_certinfo("Start date", i);
|
---|
2834 |
|
---|
2835 | ASN1_TIME_print(mem, X509_get0_notAfter(x));
|
---|
2836 | push_certinfo("Expire date", i);
|
---|
2837 |
|
---|
2838 | pubkey = X509_get_pubkey(x);
|
---|
2839 | if(!pubkey)
|
---|
2840 | infof(data, " Unable to load public key\n");
|
---|
2841 | else {
|
---|
2842 | int pktype;
|
---|
2843 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
2844 | pktype = EVP_PKEY_id(pubkey);
|
---|
2845 | #else
|
---|
2846 | pktype = pubkey->type;
|
---|
2847 | #endif
|
---|
2848 | switch(pktype) {
|
---|
2849 | case EVP_PKEY_RSA:
|
---|
2850 | {
|
---|
2851 | RSA *rsa;
|
---|
2852 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
2853 | rsa = EVP_PKEY_get0_RSA(pubkey);
|
---|
2854 | #else
|
---|
2855 | rsa = pubkey->pkey.rsa;
|
---|
2856 | #endif
|
---|
2857 |
|
---|
2858 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
2859 | {
|
---|
2860 | const BIGNUM *n;
|
---|
2861 | const BIGNUM *e;
|
---|
2862 |
|
---|
2863 | RSA_get0_key(rsa, &n, &e, NULL);
|
---|
2864 | BN_print(mem, n);
|
---|
2865 | push_certinfo("RSA Public Key", i);
|
---|
2866 | print_pubkey_BN(rsa, n, i);
|
---|
2867 | print_pubkey_BN(rsa, e, i);
|
---|
2868 | }
|
---|
2869 | #else
|
---|
2870 | BIO_printf(mem, "%d", BN_num_bits(rsa->n));
|
---|
2871 | push_certinfo("RSA Public Key", i);
|
---|
2872 | print_pubkey_BN(rsa, n, i);
|
---|
2873 | print_pubkey_BN(rsa, e, i);
|
---|
2874 | #endif
|
---|
2875 |
|
---|
2876 | break;
|
---|
2877 | }
|
---|
2878 | case EVP_PKEY_DSA:
|
---|
2879 | {
|
---|
2880 | #ifndef OPENSSL_NO_DSA
|
---|
2881 | DSA *dsa;
|
---|
2882 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
2883 | dsa = EVP_PKEY_get0_DSA(pubkey);
|
---|
2884 | #else
|
---|
2885 | dsa = pubkey->pkey.dsa;
|
---|
2886 | #endif
|
---|
2887 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
2888 | {
|
---|
2889 | const BIGNUM *p;
|
---|
2890 | const BIGNUM *q;
|
---|
2891 | const BIGNUM *g;
|
---|
2892 | const BIGNUM *pub_key;
|
---|
2893 |
|
---|
2894 | DSA_get0_pqg(dsa, &p, &q, &g);
|
---|
2895 | DSA_get0_key(dsa, &pub_key, NULL);
|
---|
2896 |
|
---|
2897 | print_pubkey_BN(dsa, p, i);
|
---|
2898 | print_pubkey_BN(dsa, q, i);
|
---|
2899 | print_pubkey_BN(dsa, g, i);
|
---|
2900 | print_pubkey_BN(dsa, pub_key, i);
|
---|
2901 | }
|
---|
2902 | #else
|
---|
2903 | print_pubkey_BN(dsa, p, i);
|
---|
2904 | print_pubkey_BN(dsa, q, i);
|
---|
2905 | print_pubkey_BN(dsa, g, i);
|
---|
2906 | print_pubkey_BN(dsa, pub_key, i);
|
---|
2907 | #endif
|
---|
2908 | #endif /* !OPENSSL_NO_DSA */
|
---|
2909 | break;
|
---|
2910 | }
|
---|
2911 | case EVP_PKEY_DH:
|
---|
2912 | {
|
---|
2913 | DH *dh;
|
---|
2914 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
2915 | dh = EVP_PKEY_get0_DH(pubkey);
|
---|
2916 | #else
|
---|
2917 | dh = pubkey->pkey.dh;
|
---|
2918 | #endif
|
---|
2919 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
2920 | {
|
---|
2921 | const BIGNUM *p;
|
---|
2922 | const BIGNUM *q;
|
---|
2923 | const BIGNUM *g;
|
---|
2924 | const BIGNUM *pub_key;
|
---|
2925 | DH_get0_pqg(dh, &p, &q, &g);
|
---|
2926 | DH_get0_key(dh, &pub_key, NULL);
|
---|
2927 | print_pubkey_BN(dh, p, i);
|
---|
2928 | print_pubkey_BN(dh, q, i);
|
---|
2929 | print_pubkey_BN(dh, g, i);
|
---|
2930 | print_pubkey_BN(dh, pub_key, i);
|
---|
2931 | }
|
---|
2932 | #else
|
---|
2933 | print_pubkey_BN(dh, p, i);
|
---|
2934 | print_pubkey_BN(dh, g, i);
|
---|
2935 | print_pubkey_BN(dh, pub_key, i);
|
---|
2936 | #endif
|
---|
2937 | break;
|
---|
2938 | }
|
---|
2939 | #if 0
|
---|
2940 | case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
|
---|
2941 | /* left TODO */
|
---|
2942 | break;
|
---|
2943 | #endif
|
---|
2944 | }
|
---|
2945 | EVP_PKEY_free(pubkey);
|
---|
2946 | }
|
---|
2947 |
|
---|
2948 | if(psig) {
|
---|
2949 | for(j = 0; j < psig->length; j++)
|
---|
2950 | BIO_printf(mem, "%02x:", psig->data[j]);
|
---|
2951 | push_certinfo("Signature", i);
|
---|
2952 | }
|
---|
2953 |
|
---|
2954 | PEM_write_bio_X509(mem, x);
|
---|
2955 | push_certinfo("Cert", i);
|
---|
2956 | }
|
---|
2957 |
|
---|
2958 | BIO_free(mem);
|
---|
2959 |
|
---|
2960 | return CURLE_OK;
|
---|
2961 | }
|
---|
2962 |
|
---|
2963 | /*
|
---|
2964 | * Heavily modified from:
|
---|
2965 | * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
|
---|
2966 | */
|
---|
2967 | static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
|
---|
2968 | const char *pinnedpubkey)
|
---|
2969 | {
|
---|
2970 | /* Scratch */
|
---|
2971 | int len1 = 0, len2 = 0;
|
---|
2972 | unsigned char *buff1 = NULL, *temp = NULL;
|
---|
2973 |
|
---|
2974 | /* Result is returned to caller */
|
---|
2975 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
---|
2976 |
|
---|
2977 | /* if a path wasn't specified, don't pin */
|
---|
2978 | if(!pinnedpubkey)
|
---|
2979 | return CURLE_OK;
|
---|
2980 |
|
---|
2981 | if(!cert)
|
---|
2982 | return result;
|
---|
2983 |
|
---|
2984 | do {
|
---|
2985 | /* Begin Gyrations to get the subjectPublicKeyInfo */
|
---|
2986 | /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
|
---|
2987 |
|
---|
2988 | /* https://groups.google.com/group/mailing.openssl.users/browse_thread
|
---|
2989 | /thread/d61858dae102c6c7 */
|
---|
2990 | len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
|
---|
2991 | if(len1 < 1)
|
---|
2992 | break; /* failed */
|
---|
2993 |
|
---|
2994 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
2995 | buff1 = temp = malloc(len1);
|
---|
2996 | if(!buff1)
|
---|
2997 | break; /* failed */
|
---|
2998 |
|
---|
2999 | /* https://www.openssl.org/docs/crypto/d2i_X509.html */
|
---|
3000 | len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
|
---|
3001 |
|
---|
3002 | /*
|
---|
3003 | * These checks are verifying we got back the same values as when we
|
---|
3004 | * sized the buffer. It's pretty weak since they should always be the
|
---|
3005 | * same. But it gives us something to test.
|
---|
3006 | */
|
---|
3007 | if((len1 != len2) || !temp || ((temp - buff1) != len1))
|
---|
3008 | break; /* failed */
|
---|
3009 |
|
---|
3010 | /* End Gyrations */
|
---|
3011 |
|
---|
3012 | /* The one good exit point */
|
---|
3013 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
|
---|
3014 | } while(0);
|
---|
3015 |
|
---|
3016 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
3017 | if(buff1)
|
---|
3018 | free(buff1);
|
---|
3019 |
|
---|
3020 | return result;
|
---|
3021 | }
|
---|
3022 |
|
---|
3023 | /*
|
---|
3024 | * Get the server cert, verify it and show it etc, only call failf() if the
|
---|
3025 | * 'strict' argument is TRUE as otherwise all this is for informational
|
---|
3026 | * purposes only!
|
---|
3027 | *
|
---|
3028 | * We check certificates to authenticate the server; otherwise we risk
|
---|
3029 | * man-in-the-middle attack.
|
---|
3030 | */
|
---|
3031 | static CURLcode servercert(struct connectdata *conn,
|
---|
3032 | struct ssl_connect_data *connssl,
|
---|
3033 | bool strict)
|
---|
3034 | {
|
---|
3035 | CURLcode result = CURLE_OK;
|
---|
3036 | int rc;
|
---|
3037 | long lerr, len;
|
---|
3038 | struct Curl_easy *data = conn->data;
|
---|
3039 | X509 *issuer;
|
---|
3040 | FILE *fp;
|
---|
3041 | char buffer[2048];
|
---|
3042 | const char *ptr;
|
---|
3043 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
3044 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
3045 | BIO *mem = BIO_new(BIO_s_mem());
|
---|
3046 |
|
---|
3047 | if(data->set.ssl.certinfo)
|
---|
3048 | /* we've been asked to gather certificate info! */
|
---|
3049 | (void)get_cert_chain(conn, connssl);
|
---|
3050 |
|
---|
3051 | BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
|
---|
3052 | if(!BACKEND->server_cert) {
|
---|
3053 | BIO_free(mem);
|
---|
3054 | if(!strict)
|
---|
3055 | return CURLE_OK;
|
---|
3056 |
|
---|
3057 | failf(data, "SSL: couldn't get peer certificate!");
|
---|
3058 | return CURLE_PEER_FAILED_VERIFICATION;
|
---|
3059 | }
|
---|
3060 |
|
---|
3061 | infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
|
---|
3062 |
|
---|
3063 | rc = x509_name_oneline(X509_get_subject_name(BACKEND->server_cert),
|
---|
3064 | buffer, sizeof(buffer));
|
---|
3065 | infof(data, " subject: %s\n", rc?"[NONE]":buffer);
|
---|
3066 |
|
---|
3067 | ASN1_TIME_print(mem, X509_get0_notBefore(BACKEND->server_cert));
|
---|
3068 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
3069 | infof(data, " start date: %.*s\n", len, ptr);
|
---|
3070 | (void)BIO_reset(mem);
|
---|
3071 |
|
---|
3072 | ASN1_TIME_print(mem, X509_get0_notAfter(BACKEND->server_cert));
|
---|
3073 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
3074 | infof(data, " expire date: %.*s\n", len, ptr);
|
---|
3075 | (void)BIO_reset(mem);
|
---|
3076 |
|
---|
3077 | BIO_free(mem);
|
---|
3078 |
|
---|
3079 | if(SSL_CONN_CONFIG(verifyhost)) {
|
---|
3080 | result = verifyhost(conn, BACKEND->server_cert);
|
---|
3081 | if(result) {
|
---|
3082 | X509_free(BACKEND->server_cert);
|
---|
3083 | BACKEND->server_cert = NULL;
|
---|
3084 | return result;
|
---|
3085 | }
|
---|
3086 | }
|
---|
3087 |
|
---|
3088 | rc = x509_name_oneline(X509_get_issuer_name(BACKEND->server_cert),
|
---|
3089 | buffer, sizeof(buffer));
|
---|
3090 | if(rc) {
|
---|
3091 | if(strict)
|
---|
3092 | failf(data, "SSL: couldn't get X509-issuer name!");
|
---|
3093 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
3094 | }
|
---|
3095 | else {
|
---|
3096 | infof(data, " issuer: %s\n", buffer);
|
---|
3097 |
|
---|
3098 | /* We could do all sorts of certificate verification stuff here before
|
---|
3099 | deallocating the certificate. */
|
---|
3100 |
|
---|
3101 | /* e.g. match issuer name with provided issuer certificate */
|
---|
3102 | if(SSL_SET_OPTION(issuercert)) {
|
---|
3103 | fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
|
---|
3104 | if(!fp) {
|
---|
3105 | if(strict)
|
---|
3106 | failf(data, "SSL: Unable to open issuer cert (%s)",
|
---|
3107 | SSL_SET_OPTION(issuercert));
|
---|
3108 | X509_free(BACKEND->server_cert);
|
---|
3109 | BACKEND->server_cert = NULL;
|
---|
3110 | return CURLE_SSL_ISSUER_ERROR;
|
---|
3111 | }
|
---|
3112 |
|
---|
3113 | issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
|
---|
3114 | if(!issuer) {
|
---|
3115 | if(strict)
|
---|
3116 | failf(data, "SSL: Unable to read issuer cert (%s)",
|
---|
3117 | SSL_SET_OPTION(issuercert));
|
---|
3118 | X509_free(BACKEND->server_cert);
|
---|
3119 | X509_free(issuer);
|
---|
3120 | fclose(fp);
|
---|
3121 | return CURLE_SSL_ISSUER_ERROR;
|
---|
3122 | }
|
---|
3123 |
|
---|
3124 | fclose(fp);
|
---|
3125 |
|
---|
3126 | if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
|
---|
3127 | if(strict)
|
---|
3128 | failf(data, "SSL: Certificate issuer check failed (%s)",
|
---|
3129 | SSL_SET_OPTION(issuercert));
|
---|
3130 | X509_free(BACKEND->server_cert);
|
---|
3131 | X509_free(issuer);
|
---|
3132 | BACKEND->server_cert = NULL;
|
---|
3133 | return CURLE_SSL_ISSUER_ERROR;
|
---|
3134 | }
|
---|
3135 |
|
---|
3136 | infof(data, " SSL certificate issuer check ok (%s)\n",
|
---|
3137 | SSL_SET_OPTION(issuercert));
|
---|
3138 | X509_free(issuer);
|
---|
3139 | }
|
---|
3140 |
|
---|
3141 | lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);
|
---|
3142 |
|
---|
3143 | if(*certverifyresult != X509_V_OK) {
|
---|
3144 | if(SSL_CONN_CONFIG(verifypeer)) {
|
---|
3145 | /* We probably never reach this, because SSL_connect() will fail
|
---|
3146 | and we return earlier if verifypeer is set? */
|
---|
3147 | if(strict)
|
---|
3148 | failf(data, "SSL certificate verify result: %s (%ld)",
|
---|
3149 | X509_verify_cert_error_string(lerr), lerr);
|
---|
3150 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
3151 | }
|
---|
3152 | else
|
---|
3153 | infof(data, " SSL certificate verify result: %s (%ld),"
|
---|
3154 | " continuing anyway.\n",
|
---|
3155 | X509_verify_cert_error_string(lerr), lerr);
|
---|
3156 | }
|
---|
3157 | else
|
---|
3158 | infof(data, " SSL certificate verify ok.\n");
|
---|
3159 | }
|
---|
3160 |
|
---|
3161 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
3162 | !defined(OPENSSL_NO_OCSP)
|
---|
3163 | if(SSL_CONN_CONFIG(verifystatus)) {
|
---|
3164 | result = verifystatus(conn, connssl);
|
---|
3165 | if(result) {
|
---|
3166 | X509_free(BACKEND->server_cert);
|
---|
3167 | BACKEND->server_cert = NULL;
|
---|
3168 | return result;
|
---|
3169 | }
|
---|
3170 | }
|
---|
3171 | #endif
|
---|
3172 |
|
---|
3173 | if(!strict)
|
---|
3174 | /* when not strict, we don't bother about the verify cert problems */
|
---|
3175 | result = CURLE_OK;
|
---|
3176 |
|
---|
3177 | ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
|
---|
3178 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
---|
3179 | if(!result && ptr) {
|
---|
3180 | result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr);
|
---|
3181 | if(result)
|
---|
3182 | failf(data, "SSL: public key does not match pinned public key!");
|
---|
3183 | }
|
---|
3184 |
|
---|
3185 | X509_free(BACKEND->server_cert);
|
---|
3186 | BACKEND->server_cert = NULL;
|
---|
3187 | connssl->connecting_state = ssl_connect_done;
|
---|
3188 |
|
---|
3189 | return result;
|
---|
3190 | }
|
---|
3191 |
|
---|
3192 | static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
|
---|
3193 | {
|
---|
3194 | CURLcode result = CURLE_OK;
|
---|
3195 | struct Curl_easy *data = conn->data;
|
---|
3196 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
3197 |
|
---|
3198 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
---|
3199 |
|
---|
3200 | if(SSL_SET_OPTION(primary.sessionid)) {
|
---|
3201 | bool incache;
|
---|
3202 | SSL_SESSION *our_ssl_sessionid;
|
---|
3203 | void *old_ssl_sessionid = NULL;
|
---|
3204 |
|
---|
3205 | our_ssl_sessionid = SSL_get1_session(BACKEND->handle);
|
---|
3206 |
|
---|
3207 | /* SSL_get1_session() will increment the reference count and the session
|
---|
3208 | will stay in memory until explicitly freed with SSL_SESSION_free(3),
|
---|
3209 | regardless of its state. */
|
---|
3210 |
|
---|
3211 | Curl_ssl_sessionid_lock(conn);
|
---|
3212 | incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
|
---|
3213 | sockindex));
|
---|
3214 | if(incache) {
|
---|
3215 | if(old_ssl_sessionid != our_ssl_sessionid) {
|
---|
3216 | infof(data, "old SSL session ID is stale, removing\n");
|
---|
3217 | Curl_ssl_delsessionid(conn, old_ssl_sessionid);
|
---|
3218 | incache = FALSE;
|
---|
3219 | }
|
---|
3220 | }
|
---|
3221 |
|
---|
3222 | if(!incache) {
|
---|
3223 | result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
|
---|
3224 | 0 /* unknown size */, sockindex);
|
---|
3225 | if(result) {
|
---|
3226 | Curl_ssl_sessionid_unlock(conn);
|
---|
3227 | failf(data, "failed to store ssl session");
|
---|
3228 | return result;
|
---|
3229 | }
|
---|
3230 | }
|
---|
3231 | else {
|
---|
3232 | /* Session was incache, so refcount already incremented earlier.
|
---|
3233 | * Avoid further increments with each SSL_get1_session() call.
|
---|
3234 | * This does not free the session as refcount remains > 0
|
---|
3235 | */
|
---|
3236 | SSL_SESSION_free(our_ssl_sessionid);
|
---|
3237 | }
|
---|
3238 | Curl_ssl_sessionid_unlock(conn);
|
---|
3239 | }
|
---|
3240 |
|
---|
3241 | /*
|
---|
3242 | * We check certificates to authenticate the server; otherwise we risk
|
---|
3243 | * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
|
---|
3244 | * verify the peer ignore faults and failures from the server cert
|
---|
3245 | * operations.
|
---|
3246 | */
|
---|
3247 |
|
---|
3248 | result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
|
---|
3249 | SSL_CONN_CONFIG(verifyhost)));
|
---|
3250 |
|
---|
3251 | if(!result)
|
---|
3252 | connssl->connecting_state = ssl_connect_done;
|
---|
3253 |
|
---|
3254 | return result;
|
---|
3255 | }
|
---|
3256 |
|
---|
3257 | static Curl_recv ossl_recv;
|
---|
3258 | static Curl_send ossl_send;
|
---|
3259 |
|
---|
3260 | static CURLcode ossl_connect_common(struct connectdata *conn,
|
---|
3261 | int sockindex,
|
---|
3262 | bool nonblocking,
|
---|
3263 | bool *done)
|
---|
3264 | {
|
---|
3265 | CURLcode result;
|
---|
3266 | struct Curl_easy *data = conn->data;
|
---|
3267 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
3268 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
3269 | time_t timeout_ms;
|
---|
3270 | int what;
|
---|
3271 |
|
---|
3272 | /* check if the connection has already been established */
|
---|
3273 | if(ssl_connection_complete == connssl->state) {
|
---|
3274 | *done = TRUE;
|
---|
3275 | return CURLE_OK;
|
---|
3276 | }
|
---|
3277 |
|
---|
3278 | if(ssl_connect_1 == connssl->connecting_state) {
|
---|
3279 | /* Find out how much more time we're allowed */
|
---|
3280 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
3281 |
|
---|
3282 | if(timeout_ms < 0) {
|
---|
3283 | /* no need to continue if time already is up */
|
---|
3284 | failf(data, "SSL connection timeout");
|
---|
3285 | return CURLE_OPERATION_TIMEDOUT;
|
---|
3286 | }
|
---|
3287 |
|
---|
3288 | result = ossl_connect_step1(conn, sockindex);
|
---|
3289 | if(result)
|
---|
3290 | return result;
|
---|
3291 | }
|
---|
3292 |
|
---|
3293 | while(ssl_connect_2 == connssl->connecting_state ||
|
---|
3294 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
3295 | ssl_connect_2_writing == connssl->connecting_state) {
|
---|
3296 |
|
---|
3297 | /* check allowed time left */
|
---|
3298 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
3299 |
|
---|
3300 | if(timeout_ms < 0) {
|
---|
3301 | /* no need to continue if time already is up */
|
---|
3302 | failf(data, "SSL connection timeout");
|
---|
3303 | return CURLE_OPERATION_TIMEDOUT;
|
---|
3304 | }
|
---|
3305 |
|
---|
3306 | /* if ssl is expecting something, check if it's available. */
|
---|
3307 | if(connssl->connecting_state == ssl_connect_2_reading ||
|
---|
3308 | connssl->connecting_state == ssl_connect_2_writing) {
|
---|
3309 |
|
---|
3310 | curl_socket_t writefd = ssl_connect_2_writing ==
|
---|
3311 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
3312 | curl_socket_t readfd = ssl_connect_2_reading ==
|
---|
3313 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
3314 |
|
---|
3315 | what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
|
---|
3316 | nonblocking?0:timeout_ms);
|
---|
3317 | if(what < 0) {
|
---|
3318 | /* fatal error */
|
---|
3319 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
3320 | return CURLE_SSL_CONNECT_ERROR;
|
---|
3321 | }
|
---|
3322 | if(0 == what) {
|
---|
3323 | if(nonblocking) {
|
---|
3324 | *done = FALSE;
|
---|
3325 | return CURLE_OK;
|
---|
3326 | }
|
---|
3327 | /* timeout */
|
---|
3328 | failf(data, "SSL connection timeout");
|
---|
3329 | return CURLE_OPERATION_TIMEDOUT;
|
---|
3330 | }
|
---|
3331 | /* socket is readable or writable */
|
---|
3332 | }
|
---|
3333 |
|
---|
3334 | /* Run transaction, and return to the caller if it failed or if this
|
---|
3335 | * connection is done nonblocking and this loop would execute again. This
|
---|
3336 | * permits the owner of a multi handle to abort a connection attempt
|
---|
3337 | * before step2 has completed while ensuring that a client using select()
|
---|
3338 | * or epoll() will always have a valid fdset to wait on.
|
---|
3339 | */
|
---|
3340 | result = ossl_connect_step2(conn, sockindex);
|
---|
3341 | if(result || (nonblocking &&
|
---|
3342 | (ssl_connect_2 == connssl->connecting_state ||
|
---|
3343 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
3344 | ssl_connect_2_writing == connssl->connecting_state)))
|
---|
3345 | return result;
|
---|
3346 |
|
---|
3347 | } /* repeat step2 until all transactions are done. */
|
---|
3348 |
|
---|
3349 | if(ssl_connect_3 == connssl->connecting_state) {
|
---|
3350 | result = ossl_connect_step3(conn, sockindex);
|
---|
3351 | if(result)
|
---|
3352 | return result;
|
---|
3353 | }
|
---|
3354 |
|
---|
3355 | if(ssl_connect_done == connssl->connecting_state) {
|
---|
3356 | connssl->state = ssl_connection_complete;
|
---|
3357 | conn->recv[sockindex] = ossl_recv;
|
---|
3358 | conn->send[sockindex] = ossl_send;
|
---|
3359 | *done = TRUE;
|
---|
3360 | }
|
---|
3361 | else
|
---|
3362 | *done = FALSE;
|
---|
3363 |
|
---|
3364 | /* Reset our connect state machine */
|
---|
3365 | connssl->connecting_state = ssl_connect_1;
|
---|
3366 |
|
---|
3367 | return CURLE_OK;
|
---|
3368 | }
|
---|
3369 |
|
---|
3370 | static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
|
---|
3371 | int sockindex,
|
---|
3372 | bool *done)
|
---|
3373 | {
|
---|
3374 | return ossl_connect_common(conn, sockindex, TRUE, done);
|
---|
3375 | }
|
---|
3376 |
|
---|
3377 | static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
|
---|
3378 | {
|
---|
3379 | CURLcode result;
|
---|
3380 | bool done = FALSE;
|
---|
3381 |
|
---|
3382 | result = ossl_connect_common(conn, sockindex, FALSE, &done);
|
---|
3383 | if(result)
|
---|
3384 | return result;
|
---|
3385 |
|
---|
3386 | DEBUGASSERT(done);
|
---|
3387 |
|
---|
3388 | return CURLE_OK;
|
---|
3389 | }
|
---|
3390 |
|
---|
3391 | static bool Curl_ossl_data_pending(const struct connectdata *conn,
|
---|
3392 | int connindex)
|
---|
3393 | {
|
---|
3394 | const struct ssl_connect_data *connssl = &conn->ssl[connindex];
|
---|
3395 | const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
|
---|
3396 | if(BACKEND->handle)
|
---|
3397 | /* SSL is in use */
|
---|
3398 | return (0 != SSL_pending(BACKEND->handle) ||
|
---|
3399 | (proxyssl->backend->handle &&
|
---|
3400 | 0 != SSL_pending(proxyssl->backend->handle))) ?
|
---|
3401 | TRUE : FALSE;
|
---|
3402 | return FALSE;
|
---|
3403 | }
|
---|
3404 |
|
---|
3405 | static size_t Curl_ossl_version(char *buffer, size_t size);
|
---|
3406 |
|
---|
3407 | static ssize_t ossl_send(struct connectdata *conn,
|
---|
3408 | int sockindex,
|
---|
3409 | const void *mem,
|
---|
3410 | size_t len,
|
---|
3411 | CURLcode *curlcode)
|
---|
3412 | {
|
---|
3413 | /* SSL_write() is said to return 'int' while write() and send() returns
|
---|
3414 | 'size_t' */
|
---|
3415 | int err;
|
---|
3416 | char error_buffer[256];
|
---|
3417 | unsigned long sslerror;
|
---|
3418 | int memlen;
|
---|
3419 | int rc;
|
---|
3420 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
3421 |
|
---|
3422 | ERR_clear_error();
|
---|
3423 |
|
---|
3424 | memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
|
---|
3425 | rc = SSL_write(BACKEND->handle, mem, memlen);
|
---|
3426 |
|
---|
3427 | if(rc <= 0) {
|
---|
3428 | err = SSL_get_error(BACKEND->handle, rc);
|
---|
3429 |
|
---|
3430 | switch(err) {
|
---|
3431 | case SSL_ERROR_WANT_READ:
|
---|
3432 | case SSL_ERROR_WANT_WRITE:
|
---|
3433 | /* The operation did not complete; the same TLS/SSL I/O function
|
---|
3434 | should be called again later. This is basically an EWOULDBLOCK
|
---|
3435 | equivalent. */
|
---|
3436 | *curlcode = CURLE_AGAIN;
|
---|
3437 | return -1;
|
---|
3438 | case SSL_ERROR_SYSCALL:
|
---|
3439 | failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
|
---|
3440 | SOCKERRNO);
|
---|
3441 | *curlcode = CURLE_SEND_ERROR;
|
---|
3442 | return -1;
|
---|
3443 | case SSL_ERROR_SSL:
|
---|
3444 | /* A failure in the SSL library occurred, usually a protocol error.
|
---|
3445 | The OpenSSL error queue contains more information on the error. */
|
---|
3446 | sslerror = ERR_get_error();
|
---|
3447 | if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
|
---|
3448 | ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
|
---|
3449 | conn->ssl[sockindex].state == ssl_connection_complete &&
|
---|
3450 | conn->proxy_ssl[sockindex].state == ssl_connection_complete) {
|
---|
3451 | char ver[120];
|
---|
3452 | Curl_ossl_version(ver, 120);
|
---|
3453 | failf(conn->data, "Error: %s does not support double SSL tunneling.",
|
---|
3454 | ver);
|
---|
3455 | }
|
---|
3456 | else
|
---|
3457 | failf(conn->data, "SSL_write() error: %s",
|
---|
3458 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
|
---|
3459 | *curlcode = CURLE_SEND_ERROR;
|
---|
3460 | return -1;
|
---|
3461 | }
|
---|
3462 | /* a true error */
|
---|
3463 | failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
|
---|
3464 | SSL_ERROR_to_str(err), SOCKERRNO);
|
---|
3465 | *curlcode = CURLE_SEND_ERROR;
|
---|
3466 | return -1;
|
---|
3467 | }
|
---|
3468 | *curlcode = CURLE_OK;
|
---|
3469 | return (ssize_t)rc; /* number of bytes */
|
---|
3470 | }
|
---|
3471 |
|
---|
3472 | static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
|
---|
3473 | int num, /* socketindex */
|
---|
3474 | char *buf, /* store read data here */
|
---|
3475 | size_t buffersize, /* max amount to read */
|
---|
3476 | CURLcode *curlcode)
|
---|
3477 | {
|
---|
3478 | char error_buffer[256];
|
---|
3479 | unsigned long sslerror;
|
---|
3480 | ssize_t nread;
|
---|
3481 | int buffsize;
|
---|
3482 | struct ssl_connect_data *connssl = &conn->ssl[num];
|
---|
3483 |
|
---|
3484 | ERR_clear_error();
|
---|
3485 |
|
---|
3486 | buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
|
---|
3487 | nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
|
---|
3488 | if(nread <= 0) {
|
---|
3489 | /* failed SSL_read */
|
---|
3490 | int err = SSL_get_error(BACKEND->handle, (int)nread);
|
---|
3491 |
|
---|
3492 | switch(err) {
|
---|
3493 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
3494 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
3495 | break;
|
---|
3496 | case SSL_ERROR_WANT_READ:
|
---|
3497 | case SSL_ERROR_WANT_WRITE:
|
---|
3498 | /* there's data pending, re-invoke SSL_read() */
|
---|
3499 | *curlcode = CURLE_AGAIN;
|
---|
3500 | return -1;
|
---|
3501 | default:
|
---|
3502 | /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
|
---|
3503 | value/errno" */
|
---|
3504 | /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
|
---|
3505 | sslerror = ERR_get_error();
|
---|
3506 | if((nread < 0) || sslerror) {
|
---|
3507 | /* If the return code was negative or there actually is an error in the
|
---|
3508 | queue */
|
---|
3509 | failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
|
---|
3510 | (sslerror ?
|
---|
3511 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)) :
|
---|
3512 | SSL_ERROR_to_str(err)),
|
---|
3513 | SOCKERRNO);
|
---|
3514 | *curlcode = CURLE_RECV_ERROR;
|
---|
3515 | return -1;
|
---|
3516 | }
|
---|
3517 | }
|
---|
3518 | }
|
---|
3519 | return nread;
|
---|
3520 | }
|
---|
3521 |
|
---|
3522 | static size_t Curl_ossl_version(char *buffer, size_t size)
|
---|
3523 | {
|
---|
3524 | #ifdef OPENSSL_IS_BORINGSSL
|
---|
3525 | return snprintf(buffer, size, OSSL_PACKAGE);
|
---|
3526 | #else /* OPENSSL_IS_BORINGSSL */
|
---|
3527 | char sub[3];
|
---|
3528 | unsigned long ssleay_value;
|
---|
3529 | sub[2]='\0';
|
---|
3530 | sub[1]='\0';
|
---|
3531 | ssleay_value = OpenSSL_version_num();
|
---|
3532 | if(ssleay_value < 0x906000) {
|
---|
3533 | ssleay_value = SSLEAY_VERSION_NUMBER;
|
---|
3534 | sub[0]='\0';
|
---|
3535 | }
|
---|
3536 | else {
|
---|
3537 | if(ssleay_value&0xff0) {
|
---|
3538 | int minor_ver = (ssleay_value >> 4) & 0xff;
|
---|
3539 | if(minor_ver > 26) {
|
---|
3540 | /* handle extended version introduced for 0.9.8za */
|
---|
3541 | sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
|
---|
3542 | sub[0] = 'z';
|
---|
3543 | }
|
---|
3544 | else {
|
---|
3545 | sub[0] = (char) (minor_ver + 'a' - 1);
|
---|
3546 | }
|
---|
3547 | }
|
---|
3548 | else
|
---|
3549 | sub[0]='\0';
|
---|
3550 | }
|
---|
3551 |
|
---|
3552 | return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
|
---|
3553 | OSSL_PACKAGE,
|
---|
3554 | (ssleay_value>>28)&0xf,
|
---|
3555 | (ssleay_value>>20)&0xff,
|
---|
3556 | (ssleay_value>>12)&0xff,
|
---|
3557 | sub);
|
---|
3558 | #endif /* OPENSSL_IS_BORINGSSL */
|
---|
3559 | }
|
---|
3560 |
|
---|
3561 | /* can be called with data == NULL */
|
---|
3562 | static CURLcode Curl_ossl_random(struct Curl_easy *data,
|
---|
3563 | unsigned char *entropy, size_t length)
|
---|
3564 | {
|
---|
3565 | int rc;
|
---|
3566 | if(data) {
|
---|
3567 | if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
|
---|
3568 | return CURLE_FAILED_INIT; /* couldn't seed for some reason */
|
---|
3569 | }
|
---|
3570 | else {
|
---|
3571 | if(!rand_enough())
|
---|
3572 | return CURLE_FAILED_INIT;
|
---|
3573 | }
|
---|
3574 | /* RAND_bytes() returns 1 on success, 0 otherwise. */
|
---|
3575 | rc = RAND_bytes(entropy, curlx_uztosi(length));
|
---|
3576 | return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
|
---|
3577 | }
|
---|
3578 |
|
---|
3579 | static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
---|
3580 | size_t tmplen,
|
---|
3581 | unsigned char *md5sum /* output */,
|
---|
3582 | size_t unused)
|
---|
3583 | {
|
---|
3584 | MD5_CTX MD5pw;
|
---|
3585 | (void)unused;
|
---|
3586 | MD5_Init(&MD5pw);
|
---|
3587 | MD5_Update(&MD5pw, tmp, tmplen);
|
---|
3588 | MD5_Final(md5sum, &MD5pw);
|
---|
3589 | return CURLE_OK;
|
---|
3590 | }
|
---|
3591 |
|
---|
3592 | #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
---|
3593 | static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
---|
3594 | size_t tmplen,
|
---|
3595 | unsigned char *sha256sum /* output */,
|
---|
3596 | size_t unused)
|
---|
3597 | {
|
---|
3598 | SHA256_CTX SHA256pw;
|
---|
3599 | (void)unused;
|
---|
3600 | SHA256_Init(&SHA256pw);
|
---|
3601 | SHA256_Update(&SHA256pw, tmp, tmplen);
|
---|
3602 | SHA256_Final(sha256sum, &SHA256pw);
|
---|
3603 | }
|
---|
3604 | #endif
|
---|
3605 |
|
---|
3606 | static bool Curl_ossl_cert_status_request(void)
|
---|
3607 | {
|
---|
3608 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
3609 | !defined(OPENSSL_NO_OCSP)
|
---|
3610 | return TRUE;
|
---|
3611 | #else
|
---|
3612 | return FALSE;
|
---|
3613 | #endif
|
---|
3614 | }
|
---|
3615 |
|
---|
3616 | static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
|
---|
3617 | CURLINFO info)
|
---|
3618 | {
|
---|
3619 | /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
|
---|
3620 | return info == CURLINFO_TLS_SESSION ?
|
---|
3621 | (void *)BACKEND->ctx : (void *)BACKEND->handle;
|
---|
3622 | }
|
---|
3623 |
|
---|
3624 | const struct Curl_ssl Curl_ssl_openssl = {
|
---|
3625 | { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
|
---|
3626 |
|
---|
3627 | 1, /* have_ca_path */
|
---|
3628 | 1, /* have_certinfo */
|
---|
3629 | 1, /* have_pinnedpubkey */
|
---|
3630 | 1, /* have_ssl_ctx */
|
---|
3631 | 1, /* support_https_proxy */
|
---|
3632 |
|
---|
3633 | sizeof(struct ssl_backend_data),
|
---|
3634 |
|
---|
3635 | Curl_ossl_init, /* init */
|
---|
3636 | Curl_ossl_cleanup, /* cleanup */
|
---|
3637 | Curl_ossl_version, /* version */
|
---|
3638 | Curl_ossl_check_cxn, /* check_cxn */
|
---|
3639 | Curl_ossl_shutdown, /* shutdown */
|
---|
3640 | Curl_ossl_data_pending, /* data_pending */
|
---|
3641 | Curl_ossl_random, /* random */
|
---|
3642 | Curl_ossl_cert_status_request, /* cert_status_request */
|
---|
3643 | Curl_ossl_connect, /* connect */
|
---|
3644 | Curl_ossl_connect_nonblocking, /* connect_nonblocking */
|
---|
3645 | Curl_ossl_get_internals, /* get_internals */
|
---|
3646 | Curl_ossl_close, /* close_one */
|
---|
3647 | Curl_ossl_close_all, /* close_all */
|
---|
3648 | Curl_ossl_session_free, /* session_free */
|
---|
3649 | Curl_ossl_set_engine, /* set_engine */
|
---|
3650 | Curl_ossl_set_engine_default, /* set_engine_default */
|
---|
3651 | Curl_ossl_engines_list, /* engines_list */
|
---|
3652 | Curl_none_false_start, /* false_start */
|
---|
3653 | Curl_ossl_md5sum, /* md5sum */
|
---|
3654 | #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
---|
3655 | Curl_ossl_sha256sum /* sha256sum */
|
---|
3656 | #else
|
---|
3657 | NULL /* sha256sum */
|
---|
3658 | #endif
|
---|
3659 | };
|
---|
3660 |
|
---|
3661 | #endif /* USE_OPENSSL */
|
---|