commit 94d0a870f5b0fbc2b3b9db8db5d2465fae5ed7ee
parent 68025ece18bb9acb4d63929a72698e69aeda982d
Author: ukai <ukai>
Date: Sat, 28 Sep 2002 16:30:07 +0000
Re: [w3m-dev 03320] Re: Passwords
* etc.c (dir_under): same path is ok
* file.c (loadGeneralFile): if missing, return NULL
ssl cert already checked
* html.h (URLFILE): add ssl_certificate
* istream.c (ssl_get_certificate): change args
* istream.h (ssl_get_certificate): ditto
* url.c (openSSLHandle): add p_cert
ssl certificate check here
(HTTPrequest): auth_cookie fix
From: AIDA Shinra <aida-s@jcom.home.ne.jp>
Diffstat:
7 files changed, 58 insertions(+), 23 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,16 @@
+2002-09-29 AIDA Shinra <aida-s@jcom.home.ne.jp>
+
+ * Re: [w3m-dev 03320] Re: Passwords
+ * etc.c (dir_under): same path is ok
+ * file.c (loadGeneralFile): if missing, return NULL
+ ssl cert already checked
+ * html.h (URLFILE): add ssl_certificate
+ * istream.c (ssl_get_certificate): change args
+ * istream.h (ssl_get_certificate): ditto
+ * url.c (openSSLHandle): add p_cert
+ ssl certificate check here
+ (HTTPrequest): auth_cookie fix
+
2002-09-25 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than reopened to /dev/null
diff --git a/etc.c b/etc.c
@@ -854,6 +854,8 @@ static int
dir_under(const char *x, const char *y)
{
size_t len = strlen(x);
+ if (strcmp(x, y) == 0)
+ return 1;
return x[len - 1] == '/'
&& strlen(y) >= len
&& y[len - 1] == '/' && strncasecmp(x, y, len) == 0;
diff --git a/file.c b/file.c
@@ -1582,6 +1582,11 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
return NULL;
}
+ if (status == HTST_MISSING) {
+ UFclose(&f);
+ return NULL;
+ }
+
/* openURL() succeeded */
if (SETJMP(AbortLoading) != 0) {
/* transfer interrupted */
@@ -1955,13 +1960,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
t_buf->bufferprop |= BP_FRAME;
}
#ifdef USE_SSL
- if (IStype(f.stream) == IST_SSL) {
- Str s = ssl_get_certificate(f.stream, pu.host);
- if (s == NULL)
- return NULL;
- else
- t_buf->ssl_certificate = s->ptr;
- }
+ if (IStype(f.stream) == IST_SSL)
+ t_buf->ssl_certificate = f.ssl_certificate;
#endif
frame_source = flag & RG_FRAME_SRC;
b = loadSomething(&f, pu.real_file ? pu.real_file : pu.file, proc, t_buf);
diff --git a/html.h b/html.h
@@ -69,6 +69,9 @@ typedef struct {
char *ext;
int compression;
char *guess_type;
+#ifdef USE_SSL
+ char *ssl_certificate;
+#endif
} URLFile;
#define CMP_NOCOMPRESS 0
diff --git a/istream.c b/istream.c
@@ -470,7 +470,7 @@ ssl_check_cert_ident(X509 * x, char *hostname)
}
Str
-ssl_get_certificate(InputStream stream, char *hostname)
+ssl_get_certificate(SSL * ssl, char *hostname)
{
BIO *bp;
X509 *x;
@@ -483,13 +483,9 @@ ssl_get_certificate(InputStream stream, char *hostname)
Str emsg;
char *ans;
- if (stream == NULL)
- return NULL;
- if (IStype(stream) != IST_SSL)
- return NULL;
- if (stream->ssl.handle == NULL)
+ if (ssl == NULL)
return NULL;
- x = SSL_get_peer_certificate(stream->ssl.handle->ssl);
+ x = SSL_get_peer_certificate(ssl);
if (x == NULL) {
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
@@ -521,7 +517,7 @@ ssl_get_certificate(InputStream stream, char *hostname)
*/
if (ssl_verify_server) {
long verr;
- if ((verr = SSL_get_verify_result(stream->ssl.handle->ssl))
+ if ((verr = SSL_get_verify_result(ssl))
!= X509_V_OK) {
const char *em = X509_verify_cert_error_string(verr);
if (accept_this_site
diff --git a/istream.h b/istream.h
@@ -126,7 +126,7 @@ extern int ISfileno(InputStream stream);
extern int ISeos(InputStream stream);
#ifdef USE_SSL
extern void ssl_accept_this_site(char *hostname);
-extern Str ssl_get_certificate(InputStream stream, char *hostname);
+extern Str ssl_get_certificate(SSL *ssl, char *hostname);
#endif
#define IST_BASIC 0
diff --git a/url.c b/url.c
@@ -276,7 +276,7 @@ init_PRNG()
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
static SSL *
-openSSLHandle(int sock, char *hostname)
+openSSLHandle(int sock, char *hostname, char **p_cert)
{
SSL *handle = NULL;
static char *old_ssl_forbid_method = NULL;
@@ -362,8 +362,16 @@ openSSLHandle(int sock, char *hostname)
#if SSLEAY_VERSION_NUMBER >= 0x00905100
init_PRNG();
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
- if (SSL_connect(handle) > 0)
- return handle;
+ if (SSL_connect(handle) > 0) {
+ Str serv_cert = ssl_get_certificate(handle, hostname);
+ if (serv_cert) {
+ *p_cert = serv_cert->ptr;
+ return handle;
+ }
+ close(sock);
+ SSL_free(handle);
+ return NULL;
+ }
eend:
close(sock);
if (handle)
@@ -1312,8 +1320,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)
if (!seen_www_auth) {
Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL);
- if (!auth_cookie && proxy_auth_cookie)
- auth_cookie = proxy_auth_cookie;
if (auth_cookie)
Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr,
"\r\n", NULL);
@@ -1323,6 +1329,8 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)
ParsedURL *proxy_pu = schemeToProxy(pu->scheme);
Str auth_cookie = find_auth_cookie(
proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL);
+ if (!auth_cookie && proxy_auth_cookie)
+ auth_cookie = proxy_auth_cookie;
if (auth_cookie)
Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr,
"\r\n", NULL);
@@ -1580,7 +1588,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
#ifdef USE_SSL
if (pu->scheme == SCM_HTTPS && *status == HTST_CONNECT) {
sock = ssl_socket_of(ouf->stream);
- if (!(sslh = openSSLHandle(sock, pu->host))) {
+ if (!(sslh = openSSLHandle(sock, pu->host,
+ &uf.ssl_certificate))) {
*status = HTST_MISSING;
return uf;
}
@@ -1634,7 +1643,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
}
#ifdef USE_SSL
if (pu->scheme == SCM_HTTPS) {
- if (!(sslh = openSSLHandle(sock, pu->host))) {
+ if (!(sslh = openSSLHandle(sock, pu->host,
+ &uf.ssl_certificate))) {
*status = HTST_MISSING;
return uf;
}
@@ -1651,6 +1661,17 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
SSL_write(sslh, tmp->ptr, tmp->length);
else
write(sock, tmp->ptr, tmp->length);
+#ifdef HTTP_DEBUG
+ {
+ FILE *ff = fopen("zzrequest", "a");
+ if (sslh)
+ fputs("HTTPS: request via SSL\n", ff);
+ else
+ fputs("HTTPS: request without SSL\n", ff);
+ fwrite(tmp->ptr, sizeof(char), tmp->length, ff);
+ fclose(ff);
+ }
+#endif /* HTTP_DEBUG */
if (hr->command == HR_COMMAND_POST &&
request->enctype == FORM_ENCTYPE_MULTIPART) {
if (sslh)