winhttp: Implement WINHTTP_OPTION_SERVER_CERT_CONTEXT.

64a7d235 · Hans Leidekker · Alexandre Julliard · 3d8a9564 · 64a7d235 · 64a7d235
Commit 64a7d235 authored Sep 07, 2008 by Hans Leidekker Committed by Alexandre Julliard Sep 08, 2008
Showing with 65 additions and 0 deletions

Makefile.in dlls/winhttp/Makefile.in +1 -0

net.c dlls/winhttp/net.c +46 -0

session.c dlls/winhttp/session.c +17 -0

winhttp_private.h dlls/winhttp/winhttp_private.h +1 -0

No files found.
--- a/dlls/winhttp/Makefile.in
+++ b/dlls/winhttp/Makefile.in
@@ -5,6 +5,7 @@ VPATH     = @srcdir@
 MODULE    = winhttp.dll
 IMPORTLIB = winhttp
 IMPORTS   = wininet kernel32
+DELAYIMPORTS = crypt32

 C_SRCS = \
 	handle.c \

--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -48,6 +48,7 @@
 #include "windef.h"
 #include "winbase.h"
 #include "winhttp.h"
+#include "wincrypt.h"

 /* to avoid conflicts with the Unix socket headers */
 #define USE_WS_PREFIX
@@ -102,6 +103,7 @@ MAKE_FUNCPTR( SSL_get_peer_certificate );
 MAKE_FUNCPTR( SSL_CTX_get_timeout );
 MAKE_FUNCPTR( SSL_CTX_set_timeout );
 MAKE_FUNCPTR( SSL_CTX_set_default_verify_paths );
+MAKE_FUNCPTR( i2d_X509 );

 MAKE_FUNCPTR( BIO_new_fp );
 MAKE_FUNCPTR( ERR_get_error );
@@ -218,6 +220,7 @@ BOOL netconn_init( netconn_t *conn, BOOL secure )
    LOAD_FUNCPTR( SSL_CTX_get_timeout );
    LOAD_FUNCPTR( SSL_CTX_set_timeout );
    LOAD_FUNCPTR( SSL_CTX_set_default_verify_paths );
+    LOAD_FUNCPTR( i2d_X509 );
 #undef LOAD_FUNCPTR

 #define LOAD_FUNCPTR(x) \
@@ -616,3 +619,46 @@ BOOL netconn_resolve( WCHAR *hostnameW, INTERNET_PORT port, struct sockaddr_in *
 #endif
    return TRUE;
 }
+
+const void *netconn_get_certificate( netconn_t *conn )
+{
+#ifdef SONAME_LIBSSL
+    X509 *cert;
+    unsigned char *buffer, *p;
+    int len;
+    BOOL malloc = FALSE;
+    const CERT_CONTEXT *ret;
+
+    if (!conn->secure) return NULL;
+
+    if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) return NULL;
+    p = NULL;
+    if ((len = pi2d_X509( cert, &p )) < 0) return NULL;
+    /*
+     * SSL 0.9.7 and above malloc the buffer if it is null.
+     * however earlier version do not and so we would need to alloc the buffer.
+     *
+     * see the i2d_X509 man page for more details.
+     */
+    if (!p)
+    {
+        if (!(buffer = heap_alloc( len ))) return NULL;
+        p = buffer;
+        len = pi2d_X509( cert, &p );
+    }
+    else
+    {
+        buffer = p;
+        malloc = TRUE;
+    }
+
+    ret = CertCreateCertificateContext( X509_ASN_ENCODING, buffer, len );
+
+    if (malloc) free( buffer );
+    else heap_free( buffer );
+
+    return ret;
+#else
+    return NULL;
+#endif
+}
--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -25,6 +25,7 @@
 #include "windef.h"
 #include "winbase.h"
 #include "winhttp.h"
+#include "wincrypt.h"

 #include "winhttp_private.h"

@@ -264,6 +265,22 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf
        *buflen = sizeof(DWORD);
        return TRUE;
    }
+    case WINHTTP_OPTION_SERVER_CERT_CONTEXT:
+    {
+        const CERT_CONTEXT *cert;
+        request_t *request = (request_t *)hdr;
+
+        if (!(cert = netconn_get_certificate( &request->netconn ))) return FALSE;
+        memcpy( buffer, cert, sizeof(CERT_CONTEXT) );
+        *buflen = sizeof(cert);
+        return TRUE;
+    }
+    case WINHTTP_OPTION_SECURITY_KEY_BITNESS:
+    {
+        *(DWORD *)buffer = 128; /* FIXME */
+        *buflen = sizeof(DWORD);
+        return TRUE;
+    }
    default:
        FIXME("unimplemented option %u\n", option);
        return FALSE;

--- a/dlls/winhttp/winhttp_private.h
+++ b/dlls/winhttp/winhttp_private.h
@@ -143,6 +143,7 @@ BOOL netconn_recv( netconn_t *, void *, size_t, int, int * );
 BOOL netconn_resolve( WCHAR *, INTERNET_PORT, struct sockaddr_in * );
 BOOL netconn_secure_connect( netconn_t * );
 BOOL netconn_send( netconn_t *, const void *, size_t, int, int * );
+const void *netconn_get_certificate( netconn_t * );

 static inline void *heap_alloc( SIZE_T size )
 {