43 	void *ctx;
56 	int (*cert_cb)(void *ctx, struct http_cert *cert);
70 static void clear_curl(struct http_ctx *ctx)
72 	if (ctx->curl) {
73 		curl_easy_cleanup(ctx->curl);
74 		ctx->curl = NULL;
76 	if (ctx->curl_hdr) {
77 		curl_slist_free_all(ctx->curl_hdr);
78 		ctx->curl_hdr = NULL;
93 static void debug_dump(struct http_ctx *ctx, const char *title,
127 	struct http_ctx *ctx = userdata;
130 		debug_dump(ctx, "CURLINFO_TEXT", buf, len);
133 		debug_dump(ctx, "CURLINFO_HEADER_IN", buf, len);
136 		debug_dump(ctx, "CURLINFO_HEADER_OUT", buf, len);
139 		debug_dump(ctx, "CURLINFO_DATA_IN", buf, len);
142 		debug_dump(ctx, "CURLINFO_DATA_OUT", buf, len);
164 	struct http_ctx *ctx = userdata;
166 	n = os_realloc(ctx->curl_buf, ctx->curl_buf_len + size * nmemb + 1);
169 	ctx->curl_buf = n;
170 	os_memcpy(n + ctx->curl_buf_len, ptr, size * nmemb);
171 	n[ctx->curl_buf_len + size * nmemb] = '\0';
172 	ctx->curl_buf_len += size * nmemb;
204 static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert,
236 static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert,
257 static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert,
262 		add_alt_name_othername(ctx, cert, name->d.otherName);
265 		add_alt_name_dns(ctx, cert, name->d.dNSName);
271 static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,
280 		add_alt_name(ctx, cert, name);
478 static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,
526 static void add_logo_direct(struct http_ctx *ctx, struct http_cert *hcert,
577 			add_logo(ctx, hcert, found_hash, uri);
583 static void add_logo_indirect(struct http_ctx *ctx, struct http_cert *hcert,
601 		add_logo(ctx, hcert, hash, uri);
799 static void add_logotype_ext(struct http_ctx *ctx, struct http_cert *hcert,
858 			add_logo_direct(ctx, hcert, info->d.direct);
861 			add_logo_indirect(ctx, hcert, info->d.indirect);
870 static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
877 		add_alt_names(ctx, hcert, *names);
879 	add_logotype_ext(ctx, hcert, cert);
906 static int validate_server_cert(struct http_ctx *ctx, X509 *cert)
912 	if (ctx->cert_cb == NULL) {
924 	parse_cert(ctx, &hcert, cert, &names);
925 	ret = ctx->cert_cb(ctx->cert_cb_ctx, &hcert);
932 void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname)
962 	parse_cert(ctx, &hcert, cert, &names);
995 	struct http_ctx *ctx;
1007 	ctx = SSL_CTX_get_app_data(ssl_ctx);
1018 		ctx->last_err = "No server certificate available";
1023 		ctx->peer_cert = cert;
1025 		ctx->peer_issuer = cert;
1027 		ctx->peer_issuer_issuer = cert;
1035 	if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0)
1039 	if (depth == 0 && ctx->ocsp != NO_OCSP && preverify_ok) {
1042 		res = check_ocsp_resp(ssl_ctx, ssl, cert, ctx->peer_issuer,
1043 				      ctx->peer_issuer_issuer);
1050 		} else if (res != OCSP_GOOD && (ctx->ocsp == MANDATORY_OCSP)) {
1059 		ctx->last_err = "TLS validation failed";
1112 	struct http_ctx *ctx = arg;
1125 		if (ctx->ocsp == MANDATORY_OCSP)
1126 			ctx->last_err = "No OCSP response received";
1127 		return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;
1135 		ctx->last_err = "Failed to parse OCSP response";
1145 		ctx->last_err = "OCSP responder error";
1152 		ctx->last_err = "Could not find BasicOCSPResponse";
1157 	if (ctx->peer_issuer) {
1160 				ctx->peer_issuer);
1162 		if (X509_STORE_add_cert(store, ctx->peer_issuer) != 1) {
1169 			cert = X509_dup(ctx->peer_issuer);
1178 			if (certs && ctx->peer_issuer_issuer) {
1179 				cert = X509_dup(ctx->peer_issuer_issuer);
1197 		ctx->last_err = "OCSP response failed verification";
1203 	if (!ctx->peer_cert) {
1207 		ctx->last_err = "Peer certificate not available for OCSP status check";
1211 	if (!ctx->peer_issuer) {
1215 		ctx->last_err = "Peer issuer certificate not available for OCSP status check";
1219 	id = OCSP_cert_to_id(EVP_sha256(), ctx->peer_cert, ctx->peer_issuer);
1225 		ctx->last_err = "Could not create OCSP certificate identifier";
1232 		id = OCSP_cert_to_id(NULL, ctx->peer_cert, ctx->peer_issuer);
1238 			ctx->last_err =
1250 			   (ctx->ocsp == MANDATORY_OCSP) ? "" :
1255 		if (ctx->ocsp == MANDATORY_OCSP)
1257 			ctx->last_err = "Could not find current server certificate from OCSP response";
1258 		return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;
1266 		ctx->last_err = "OCSP status times invalid";
1279 		ctx->last_err = "Server certificate has been revoked";
1282 	if (ctx->ocsp == MANDATORY_OCSP) {
1284 		ctx->last_err = "OCSP status unknown";
1316 	struct http_ctx *ctx = parm;
1320 	SSL_CTX_set_app_data(ssl, ctx);
1324 	if (ctx->ocsp != NO_OCSP) {
1326 		SSL_CTX_set_tlsext_status_arg(ssl, ctx);
1348 static CURL * setup_curl_post(struct http_ctx *ctx, const char *address,
1374 		curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx);
1382 		if (ctx->ocsp != NO_OCSP)
1397 	curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);
1399 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, ctx);
1411 static int post_init_client(struct http_ctx *ctx, const char *address,
1419 	clone_str(&ctx->svc_address, address);
1420 	clone_str(&ctx->svc_ca_fname, ca_fname);
1421 	clone_str(&ctx->svc_username, username);
1422 	clone_str(&ctx->svc_password, password);
1423 	clone_str(&ctx->svc_client_cert, client_cert);
1424 	clone_str(&ctx->svc_client_key, client_key);
1430 	for (count = 0, pos = ctx->svc_address; count < 3 && pos && *pos;
1437 	ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username,
1439 	if (ctx->curl == NULL)
1446 int soap_init_client(struct http_ctx *ctx, const char *address,
1451 	if (post_init_client(ctx, address, ca_fname, username, password,
1455 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr,
1457 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "SOAPAction: ");
1458 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "Expect:");
1459 	curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, ctx->curl_hdr);
1465 int soap_reinit_client(struct http_ctx *ctx)
1475 	clear_curl(ctx);
1477 	clone_str(&address, ctx->svc_address);
1478 	clone_str(&ca_fname, ctx->svc_ca_fname);
1479 	clone_str(&username, ctx->svc_username);
1480 	clone_str(&password, ctx->svc_password);
1481 	clone_str(&client_cert, ctx->svc_client_cert);
1482 	clone_str(&client_key, ctx->svc_client_key);
1484 	ret = soap_init_client(ctx, address, ca_fname, username, password,
1496 static void free_curl_buf(struct http_ctx *ctx)
1498 	os_free(ctx->curl_buf);
1499 	ctx->curl_buf = NULL;
1500 	ctx->curl_buf_len = 0;
1504 xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node)
1511 	ctx->last_err = NULL;
1514 	envelope = soap_build_envelope(ctx->xml, node);
1515 	str = xml_node_to_str(ctx->xml, envelope);
1516 	xml_node_free(ctx->xml, envelope);
1519 	curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, str);
1520 	free_curl_buf(ctx);
1522 	res = curl_easy_perform(ctx->curl);
1524 		if (!ctx->last_err)
1525 			ctx->last_err = curl_easy_strerror(res);
1527 			   ctx->last_err);
1529 		free_curl_buf(ctx);
1534 	curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &http);
1537 		ctx->last_err = "HTTP download failed";
1539 		free_curl_buf(ctx);
1543 	if (ctx->curl_buf == NULL)
1546 	wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ctx->curl_buf);
1547 	resp = xml_node_from_buf(ctx->xml, ctx->curl_buf);
1548 	free_curl_buf(ctx);
1551 		ctx->last_err = "Could not parse SOAP response";
1555 	ret = soap_get_body(ctx->xml, resp);
1558 		ctx->last_err = "Could not get SOAP body";
1563 		   xml_node_get_localname(ctx->xml, ret));
1564 	n = xml_node_copy(ctx->xml, ret);
1565 	xml_node_free(ctx->xml, resp);
1573 	struct http_ctx *ctx;
1575 	ctx = os_zalloc(sizeof(*ctx));
1576 	if (ctx == NULL)
1578 	ctx->ctx = upper_ctx;
1579 	ctx->xml = xml_ctx;
1580 	ctx->ocsp = OPTIONAL_OCSP;
1584 	return ctx;
1588 void http_ocsp_set(struct http_ctx *ctx, int val)
1591 		ctx->ocsp = NO_OCSP;
1593 		ctx->ocsp = OPTIONAL_OCSP;
1595 		ctx->ocsp = MANDATORY_OCSP;
1599 void http_deinit_ctx(struct http_ctx *ctx)
1601 	clear_curl(ctx);
1602 	os_free(ctx->curl_buf);
1605 	os_free(ctx->svc_address);
1606 	os_free(ctx->svc_ca_fname);
1607 	str_clear_free(ctx->svc_username);
1608 	str_clear_free(ctx->svc_password);
1609 	os_free(ctx->svc_client_cert);
1610 	os_free(ctx->svc_client_key);
1612 	os_free(ctx);
1616 int http_download_file(struct http_ctx *ctx, const char *url,
1624 	ctx->last_err = NULL;
1647 	curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);
1654 		if (!ctx->last_err)
1655 			ctx->last_err = curl_easy_strerror(res);
1657 			   ctx->last_err);
1666 		ctx->last_err = "HTTP download failed";
1680 char * http_post(struct http_ctx *ctx, const char *url, const char *data,
1693 	ctx->last_err = NULL;
1695 	curl = setup_curl_post(ctx, url, ca_fname, username, password,
1710 	free_curl_buf(ctx);
1714 		if (!ctx->last_err)
1715 			ctx->last_err = curl_easy_strerror(res);
1717 			   ctx->last_err);
1718 		free_curl_buf(ctx);
1725 		ctx->last_err = "HTTP POST failed";
1727 		free_curl_buf(ctx);
1731 	if (ctx->curl_buf == NULL)
1734 	ret = ctx->curl_buf;
1736 		*resp_len = ctx->curl_buf_len;
1737 	ctx->curl_buf = NULL;
1738 	ctx->curl_buf_len = 0;
1746 void http_set_cert_cb(struct http_ctx *ctx,
1747 		      int (*cb)(void *ctx, struct http_cert *cert),
1750 	ctx->cert_cb = cb;
1751 	ctx->cert_cb_ctx = cb_ctx;
1755 const char * http_get_err(struct http_ctx *ctx)
1757 	return ctx->last_err;

Indexes created Thu May 30 22:23:56 MDT 2024