Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
48a75801
Commit
48a75801
authored
Dec 02, 2009
by
Juan Lang
Committed by
Alexandre Julliard
Dec 04, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
winhttp: Set callback to verify hostname with peer's certificate.
parent
be8f2ae9
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
33 additions
and
8 deletions
+33
-8
net.c
dlls/winhttp/net.c
+33
-8
No files found.
dlls/winhttp/net.c
View file @
48a75801
...
...
@@ -110,9 +110,12 @@ MAKE_FUNCPTR( SSL_read );
MAKE_FUNCPTR
(
SSL_get_ex_new_index
);
MAKE_FUNCPTR
(
SSL_get_ex_data
);
MAKE_FUNCPTR
(
SSL_set_ex_data
);
MAKE_FUNCPTR
(
SSL_get_ex_data_X509_STORE_CTX_idx
);
MAKE_FUNCPTR
(
SSL_get_verify_result
);
MAKE_FUNCPTR
(
SSL_get_peer_certificate
);
MAKE_FUNCPTR
(
SSL_CTX_set_default_verify_paths
);
MAKE_FUNCPTR
(
SSL_CTX_set_verify
);
MAKE_FUNCPTR
(
X509_STORE_CTX_get_ex_data
);
MAKE_FUNCPTR
(
BIO_new_fp
);
MAKE_FUNCPTR
(
CRYPTO_num_locks
);
...
...
@@ -208,6 +211,19 @@ static int sock_get_error( int err )
return
err
;
}
#ifdef SONAME_LIBSSL
static
int
netconn_secure_verify
(
int
preverify_ok
,
X509_STORE_CTX
*
ctx
)
{
SSL
*
ssl
;
WCHAR
*
server
;
ssl
=
pX509_STORE_CTX_get_ex_data
(
ctx
,
pSSL_get_ex_data_X509_STORE_CTX_idx
()
);
server
=
pSSL_get_ex_data
(
ssl
,
hostname_idx
);
FIXME
(
"verify %s
\n
"
,
debugstr_w
(
server
));
return
preverify_ok
;
}
#endif
BOOL
netconn_init
(
netconn_t
*
conn
,
BOOL
secure
)
{
#if defined(SONAME_LIBSSL) && defined(SONAME_LIBCRYPTO)
...
...
@@ -261,9 +277,12 @@ BOOL netconn_init( netconn_t *conn, BOOL secure )
LOAD_FUNCPTR
(
SSL_get_ex_new_index
);
LOAD_FUNCPTR
(
SSL_get_ex_data
);
LOAD_FUNCPTR
(
SSL_set_ex_data
);
LOAD_FUNCPTR
(
SSL_get_ex_data_X509_STORE_CTX_idx
);
LOAD_FUNCPTR
(
SSL_get_verify_result
);
LOAD_FUNCPTR
(
SSL_get_peer_certificate
);
LOAD_FUNCPTR
(
SSL_CTX_set_default_verify_paths
);
LOAD_FUNCPTR
(
SSL_CTX_set_verify
);
LOAD_FUNCPTR
(
X509_STORE_CTX_get_ex_data
);
#undef LOAD_FUNCPTR
#define LOAD_FUNCPTR(x) \
...
...
@@ -297,6 +316,14 @@ BOOL netconn_init( netconn_t *conn, BOOL secure )
return
FALSE
;
}
hostname_idx
=
pSSL_get_ex_new_index
(
0
,
(
void
*
)
"hostname index"
,
NULL
,
NULL
,
NULL
);
if
(
hostname_idx
==
-
1
)
{
ERR
(
"SSL_get_ex_new_index failed: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
set_last_error
(
ERROR_OUTOFMEMORY
);
LeaveCriticalSection
(
&
init_ssl_cs
);
return
FALSE
;
}
pSSL_CTX_set_verify
(
ctx
,
SSL_VERIFY_PEER
,
netconn_secure_verify
);
pCRYPTO_set_id_callback
(
ssl_thread_id
);
num_ssl_locks
=
pCRYPTO_num_locks
();
...
...
@@ -429,7 +456,6 @@ BOOL netconn_connect( netconn_t *conn, const struct sockaddr *sockaddr, unsigned
BOOL
netconn_secure_connect
(
netconn_t
*
conn
,
WCHAR
*
hostname
)
{
#ifdef SONAME_LIBSSL
X509
*
cert
;
long
res
;
if
(
!
(
conn
->
ssl_conn
=
pSSL_new
(
ctx
)))
...
...
@@ -438,22 +464,21 @@ BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname )
set_last_error
(
ERROR_OUTOFMEMORY
);
goto
fail
;
}
if
(
!
pSSL_set_
fd
(
conn
->
ssl_conn
,
conn
->
socket
))
if
(
!
pSSL_set_
ex_data
(
conn
->
ssl_conn
,
hostname_idx
,
hostname
))
{
ERR
(
"SSL_set_
fd
failed: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
ERR
(
"SSL_set_
ex_data
failed: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
set_last_error
(
ERROR_WINHTTP_SECURE_CHANNEL_ERROR
);
goto
fail
;
}
if
(
pSSL_connect
(
conn
->
ssl_conn
)
<=
0
)
if
(
!
pSSL_set_fd
(
conn
->
ssl_conn
,
conn
->
socket
)
)
{
ERR
(
"SSL_
connect
failed: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
ERR
(
"SSL_
set_fd
failed: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
set_last_error
(
ERROR_WINHTTP_SECURE_CHANNEL_ERROR
);
goto
fail
;
}
pSSL_set_ex_data
(
conn
->
ssl_conn
,
hostname_idx
,
hostname
);
if
(
!
(
cert
=
pSSL_get_peer_certificate
(
conn
->
ssl_conn
)))
if
(
pSSL_connect
(
conn
->
ssl_conn
)
<=
0
)
{
ERR
(
"
No certificate for server
: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
ERR
(
"
SSL_connect failed
: %s
\n
"
,
pERR_error_string
(
pERR_get_error
(),
0
));
set_last_error
(
ERROR_WINHTTP_SECURE_CHANNEL_ERROR
);
goto
fail
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment