w3m

Unnamed repository; edit this file to name it for gitweb.
git clone https://logand.com/git/w3m.git/
Log | Files | Refs | README

commit 94d0a870f5b0fbc2b3b9db8db5d2465fae5ed7ee
parent 68025ece18bb9acb4d63929a72698e69aeda982d
Author: ukai <ukai>
Date:   Sat, 28 Sep 2002 16:30:07 +0000

Re: [w3m-dev 03320] Re: Passwords
* etc.c (dir_under): same path is ok
* file.c (loadGeneralFile): if missing, return NULL
	ssl cert already checked
* html.h (URLFILE): add ssl_certificate
* istream.c (ssl_get_certificate): change args
* istream.h (ssl_get_certificate): ditto
* url.c (openSSLHandle): add p_cert
	ssl certificate check here
	(HTTPrequest): auth_cookie fix
From: AIDA Shinra <aida-s@jcom.home.ne.jp>

Diffstat:
MChangeLog | 13+++++++++++++
Metc.c | 2++
Mfile.c | 14+++++++-------
Mhtml.h | 3+++
Mistream.c | 12++++--------
Mistream.h | 2+-
Murl.c | 35++++++++++++++++++++++++++++-------
7 files changed, 58 insertions(+), 23 deletions(-)

diff --git a/ChangeLog b/ChangeLog @@ -1,3 +1,16 @@ +2002-09-29 AIDA Shinra <aida-s@jcom.home.ne.jp> + + * Re: [w3m-dev 03320] Re: Passwords + * etc.c (dir_under): same path is ok + * file.c (loadGeneralFile): if missing, return NULL + ssl cert already checked + * html.h (URLFILE): add ssl_certificate + * istream.c (ssl_get_certificate): change args + * istream.h (ssl_get_certificate): ditto + * url.c (openSSLHandle): add p_cert + ssl certificate check here + (HTTPrequest): auth_cookie fix + 2002-09-25 Fumitoshi UKAI <ukai@debian.or.jp> * [w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than reopened to /dev/null diff --git a/etc.c b/etc.c @@ -854,6 +854,8 @@ static int dir_under(const char *x, const char *y) { size_t len = strlen(x); + if (strcmp(x, y) == 0) + return 1; return x[len - 1] == '/' && strlen(y) >= len && y[len - 1] == '/' && strncasecmp(x, y, len) == 0; diff --git a/file.c b/file.c @@ -1582,6 +1582,11 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, return NULL; } + if (status == HTST_MISSING) { + UFclose(&f); + return NULL; + } + /* openURL() succeeded */ if (SETJMP(AbortLoading) != 0) { /* transfer interrupted */ @@ -1955,13 +1960,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, t_buf->bufferprop |= BP_FRAME; } #ifdef USE_SSL - if (IStype(f.stream) == IST_SSL) { - Str s = ssl_get_certificate(f.stream, pu.host); - if (s == NULL) - return NULL; - else - t_buf->ssl_certificate = s->ptr; - } + if (IStype(f.stream) == IST_SSL) + t_buf->ssl_certificate = f.ssl_certificate; #endif frame_source = flag & RG_FRAME_SRC; b = loadSomething(&f, pu.real_file ? pu.real_file : pu.file, proc, t_buf); diff --git a/html.h b/html.h @@ -69,6 +69,9 @@ typedef struct { char *ext; int compression; char *guess_type; +#ifdef USE_SSL + char *ssl_certificate; +#endif } URLFile; #define CMP_NOCOMPRESS 0 diff --git a/istream.c b/istream.c @@ -470,7 +470,7 @@ ssl_check_cert_ident(X509 * x, char *hostname) } Str -ssl_get_certificate(InputStream stream, char *hostname) +ssl_get_certificate(SSL * ssl, char *hostname) { BIO *bp; X509 *x; @@ -483,13 +483,9 @@ ssl_get_certificate(InputStream stream, char *hostname) Str emsg; char *ans; - if (stream == NULL) - return NULL; - if (IStype(stream) != IST_SSL) - return NULL; - if (stream->ssl.handle == NULL) + if (ssl == NULL) return NULL; - x = SSL_get_peer_certificate(stream->ssl.handle->ssl); + x = SSL_get_peer_certificate(ssl); if (x == NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) @@ -521,7 +517,7 @@ ssl_get_certificate(InputStream stream, char *hostname) */ if (ssl_verify_server) { long verr; - if ((verr = SSL_get_verify_result(stream->ssl.handle->ssl)) + if ((verr = SSL_get_verify_result(ssl)) != X509_V_OK) { const char *em = X509_verify_cert_error_string(verr); if (accept_this_site diff --git a/istream.h b/istream.h @@ -126,7 +126,7 @@ extern int ISfileno(InputStream stream); extern int ISeos(InputStream stream); #ifdef USE_SSL extern void ssl_accept_this_site(char *hostname); -extern Str ssl_get_certificate(InputStream stream, char *hostname); +extern Str ssl_get_certificate(SSL *ssl, char *hostname); #endif #define IST_BASIC 0 diff --git a/url.c b/url.c @@ -276,7 +276,7 @@ init_PRNG() #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ static SSL * -openSSLHandle(int sock, char *hostname) +openSSLHandle(int sock, char *hostname, char **p_cert) { SSL *handle = NULL; static char *old_ssl_forbid_method = NULL; @@ -362,8 +362,16 @@ openSSLHandle(int sock, char *hostname) #if SSLEAY_VERSION_NUMBER >= 0x00905100 init_PRNG(); #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ - if (SSL_connect(handle) > 0) - return handle; + if (SSL_connect(handle) > 0) { + Str serv_cert = ssl_get_certificate(handle, hostname); + if (serv_cert) { + *p_cert = serv_cert->ptr; + return handle; + } + close(sock); + SSL_free(handle); + return NULL; + } eend: close(sock); if (handle) @@ -1312,8 +1320,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) if (!seen_www_auth) { Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL); - if (!auth_cookie && proxy_auth_cookie) - auth_cookie = proxy_auth_cookie; if (auth_cookie) Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr, "\r\n", NULL); @@ -1323,6 +1329,8 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) ParsedURL *proxy_pu = schemeToProxy(pu->scheme); Str auth_cookie = find_auth_cookie( proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL); + if (!auth_cookie && proxy_auth_cookie) + auth_cookie = proxy_auth_cookie; if (auth_cookie) Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr, "\r\n", NULL); @@ -1580,7 +1588,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, #ifdef USE_SSL if (pu->scheme == SCM_HTTPS && *status == HTST_CONNECT) { sock = ssl_socket_of(ouf->stream); - if (!(sslh = openSSLHandle(sock, pu->host))) { + if (!(sslh = openSSLHandle(sock, pu->host, + &uf.ssl_certificate))) { *status = HTST_MISSING; return uf; } @@ -1634,7 +1643,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, } #ifdef USE_SSL if (pu->scheme == SCM_HTTPS) { - if (!(sslh = openSSLHandle(sock, pu->host))) { + if (!(sslh = openSSLHandle(sock, pu->host, + &uf.ssl_certificate))) { *status = HTST_MISSING; return uf; } @@ -1651,6 +1661,17 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, SSL_write(sslh, tmp->ptr, tmp->length); else write(sock, tmp->ptr, tmp->length); +#ifdef HTTP_DEBUG + { + FILE *ff = fopen("zzrequest", "a"); + if (sslh) + fputs("HTTPS: request via SSL\n", ff); + else + fputs("HTTPS: request without SSL\n", ff); + fwrite(tmp->ptr, sizeof(char), tmp->length, ff); + fclose(ff); + } +#endif /* HTTP_DEBUG */ if (hr->command == HR_COMMAND_POST && request->enctype == FORM_ENCTYPE_MULTIPART) { if (sslh)