aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFumitoshi UKAI <ukai@debian.or.jp>2002-09-28 16:30:07 +0000
committerFumitoshi UKAI <ukai@debian.or.jp>2002-09-28 16:30:07 +0000
commitd4214f39a67ff2c931f661733fe35129b9818e2b (patch)
tree1643f41804ba7065d13411cae620ae8c296901b0
parent[w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than r... (diff)
downloadw3m-d4214f39a67ff2c931f661733fe35129b9818e2b.tar.gz
w3m-d4214f39a67ff2c931f661733fe35129b9818e2b.zip
Re: [w3m-dev 03320] Re: Passwords
* etc.c (dir_under): same path is ok * file.c (loadGeneralFile): if missing, return NULL ssl cert already checked * html.h (URLFILE): add ssl_certificate * istream.c (ssl_get_certificate): change args * istream.h (ssl_get_certificate): ditto * url.c (openSSLHandle): add p_cert ssl certificate check here (HTTPrequest): auth_cookie fix From: AIDA Shinra <aida-s@jcom.home.ne.jp>
Diffstat (limited to '')
-rw-r--r--ChangeLog15
-rw-r--r--etc.c4
-rw-r--r--file.c16
-rw-r--r--html.h5
-rw-r--r--istream.c14
-rw-r--r--istream.h4
-rw-r--r--url.c37
7 files changed, 65 insertions, 30 deletions
diff --git a/ChangeLog b/ChangeLog
index 61728f9..66da5c1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2002-09-29 AIDA Shinra <aida-s@jcom.home.ne.jp>
+
+ * Re: [w3m-dev 03320] Re: Passwords
+ * etc.c (dir_under): same path is ok
+ * file.c (loadGeneralFile): if missing, return NULL
+ ssl cert already checked
+ * html.h (URLFILE): add ssl_certificate
+ * istream.c (ssl_get_certificate): change args
+ * istream.h (ssl_get_certificate): ditto
+ * url.c (openSSLHandle): add p_cert
+ ssl certificate check here
+ (HTTPrequest): auth_cookie fix
+
2002-09-25 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than reopened to /dev/null
@@ -3827,4 +3840,4 @@
* release-0-2-1
* import w3m-0.2.1
-$Id: ChangeLog,v 1.430 2002/09/24 17:35:52 ukai Exp $
+$Id: ChangeLog,v 1.431 2002/09/28 16:30:07 ukai Exp $
diff --git a/etc.c b/etc.c
index 0879c4b..a8c716d 100644
--- a/etc.c
+++ b/etc.c
@@ -1,4 +1,4 @@
-/* $Id: etc.c,v 1.24 2002/09/24 17:35:52 ukai Exp $ */
+/* $Id: etc.c,v 1.25 2002/09/28 16:30:07 ukai Exp $ */
#include "fm.h"
#include <pwd.h>
#include "myctype.h"
@@ -854,6 +854,8 @@ static int
dir_under(const char *x, const char *y)
{
size_t len = strlen(x);
+ if (strcmp(x, y) == 0)
+ return 1;
return x[len - 1] == '/'
&& strlen(y) >= len
&& y[len - 1] == '/' && strncasecmp(x, y, len) == 0;
diff --git a/file.c b/file.c
index 7d4ef66..fc62f4f 100644
--- a/file.c
+++ b/file.c
@@ -1,4 +1,4 @@
-/* $Id: file.c,v 1.101 2002/09/24 16:35:02 ukai Exp $ */
+/* $Id: file.c,v 1.102 2002/09/28 16:30:07 ukai Exp $ */
#include "fm.h"
#include <sys/types.h>
#include "myctype.h"
@@ -1582,6 +1582,11 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
return NULL;
}
+ if (status == HTST_MISSING) {
+ UFclose(&f);
+ return NULL;
+ }
+
/* openURL() succeeded */
if (SETJMP(AbortLoading) != 0) {
/* transfer interrupted */
@@ -1955,13 +1960,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
t_buf->bufferprop |= BP_FRAME;
}
#ifdef USE_SSL
- if (IStype(f.stream) == IST_SSL) {
- Str s = ssl_get_certificate(f.stream, pu.host);
- if (s == NULL)
- return NULL;
- else
- t_buf->ssl_certificate = s->ptr;
- }
+ if (IStype(f.stream) == IST_SSL)
+ t_buf->ssl_certificate = f.ssl_certificate;
#endif
frame_source = flag & RG_FRAME_SRC;
b = loadSomething(&f, pu.real_file ? pu.real_file : pu.file, proc, t_buf);
diff --git a/html.h b/html.h
index 441ed92..971d8fa 100644
--- a/html.h
+++ b/html.h
@@ -1,4 +1,4 @@
-/* $Id: html.h,v 1.7 2002/02/05 12:31:27 ukai Exp $ */
+/* $Id: html.h,v 1.8 2002/09/28 16:30:07 ukai Exp $ */
#ifndef _HTML_H
#define _HTML_H
#ifdef USE_SSL
@@ -69,6 +69,9 @@ typedef struct {
char *ext;
int compression;
char *guess_type;
+#ifdef USE_SSL
+ char *ssl_certificate;
+#endif
} URLFile;
#define CMP_NOCOMPRESS 0
diff --git a/istream.c b/istream.c
index d7f23e2..45c5854 100644
--- a/istream.c
+++ b/istream.c
@@ -1,4 +1,4 @@
-/* $Id: istream.c,v 1.14 2002/02/07 14:02:12 ukai Exp $ */
+/* $Id: istream.c,v 1.15 2002/09/28 16:30:07 ukai Exp $ */
#include "fm.h"
#include "istream.h"
#include <signal.h>
@@ -470,7 +470,7 @@ ssl_check_cert_ident(X509 * x, char *hostname)
}
Str
-ssl_get_certificate(InputStream stream, char *hostname)
+ssl_get_certificate(SSL * ssl, char *hostname)
{
BIO *bp;
X509 *x;
@@ -483,13 +483,9 @@ ssl_get_certificate(InputStream stream, char *hostname)
Str emsg;
char *ans;
- if (stream == NULL)
- return NULL;
- if (IStype(stream) != IST_SSL)
- return NULL;
- if (stream->ssl.handle == NULL)
+ if (ssl == NULL)
return NULL;
- x = SSL_get_peer_certificate(stream->ssl.handle->ssl);
+ x = SSL_get_peer_certificate(ssl);
if (x == NULL) {
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
@@ -521,7 +517,7 @@ ssl_get_certificate(InputStream stream, char *hostname)
*/
if (ssl_verify_server) {
long verr;
- if ((verr = SSL_get_verify_result(stream->ssl.handle->ssl))
+ if ((verr = SSL_get_verify_result(ssl))
!= X509_V_OK) {
const char *em = X509_verify_cert_error_string(verr);
if (accept_this_site
diff --git a/istream.h b/istream.h
index 4be203f..fa91d9b 100644
--- a/istream.h
+++ b/istream.h
@@ -1,4 +1,4 @@
-/* $Id: istream.h,v 1.8 2002/01/12 13:33:47 ukai Exp $ */
+/* $Id: istream.h,v 1.9 2002/09/28 16:30:07 ukai Exp $ */
#ifndef IO_STREAM_H
#define IO_STREAM_H
@@ -126,7 +126,7 @@ extern int ISfileno(InputStream stream);
extern int ISeos(InputStream stream);
#ifdef USE_SSL
extern void ssl_accept_this_site(char *hostname);
-extern Str ssl_get_certificate(InputStream stream, char *hostname);
+extern Str ssl_get_certificate(SSL *ssl, char *hostname);
#endif
#define IST_BASIC 0
diff --git a/url.c b/url.c
index 619e683..a3b2539 100644
--- a/url.c
+++ b/url.c
@@ -1,4 +1,4 @@
-/* $Id: url.c,v 1.50 2002/09/24 17:06:05 ukai Exp $ */
+/* $Id: url.c,v 1.51 2002/09/28 16:30:07 ukai Exp $ */
#include "fm.h"
#include <sys/types.h>
#include <sys/socket.h>
@@ -276,7 +276,7 @@ init_PRNG()
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
static SSL *
-openSSLHandle(int sock, char *hostname)
+openSSLHandle(int sock, char *hostname, char **p_cert)
{
SSL *handle = NULL;
static char *old_ssl_forbid_method = NULL;
@@ -362,8 +362,16 @@ openSSLHandle(int sock, char *hostname)
#if SSLEAY_VERSION_NUMBER >= 0x00905100
init_PRNG();
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
- if (SSL_connect(handle) > 0)
- return handle;
+ if (SSL_connect(handle) > 0) {
+ Str serv_cert = ssl_get_certificate(handle, hostname);
+ if (serv_cert) {
+ *p_cert = serv_cert->ptr;
+ return handle;
+ }
+ close(sock);
+ SSL_free(handle);
+ return NULL;
+ }
eend:
close(sock);
if (handle)
@@ -1312,8 +1320,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)
if (!seen_www_auth) {
Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL);
- if (!auth_cookie && proxy_auth_cookie)
- auth_cookie = proxy_auth_cookie;
if (auth_cookie)
Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr,
"\r\n", NULL);
@@ -1323,6 +1329,8 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)
ParsedURL *proxy_pu = schemeToProxy(pu->scheme);
Str auth_cookie = find_auth_cookie(
proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL);
+ if (!auth_cookie && proxy_auth_cookie)
+ auth_cookie = proxy_auth_cookie;
if (auth_cookie)
Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr,
"\r\n", NULL);
@@ -1580,7 +1588,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
#ifdef USE_SSL
if (pu->scheme == SCM_HTTPS && *status == HTST_CONNECT) {
sock = ssl_socket_of(ouf->stream);
- if (!(sslh = openSSLHandle(sock, pu->host))) {
+ if (!(sslh = openSSLHandle(sock, pu->host,
+ &uf.ssl_certificate))) {
*status = HTST_MISSING;
return uf;
}
@@ -1634,7 +1643,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
}
#ifdef USE_SSL
if (pu->scheme == SCM_HTTPS) {
- if (!(sslh = openSSLHandle(sock, pu->host))) {
+ if (!(sslh = openSSLHandle(sock, pu->host,
+ &uf.ssl_certificate))) {
*status = HTST_MISSING;
return uf;
}
@@ -1651,6 +1661,17 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
SSL_write(sslh, tmp->ptr, tmp->length);
else
write(sock, tmp->ptr, tmp->length);
+#ifdef HTTP_DEBUG
+ {
+ FILE *ff = fopen("zzrequest", "a");
+ if (sslh)
+ fputs("HTTPS: request via SSL\n", ff);
+ else
+ fputs("HTTPS: request without SSL\n", ff);
+ fwrite(tmp->ptr, sizeof(char), tmp->length, ff);
+ fclose(ff);
+ }
+#endif /* HTTP_DEBUG */
if (hr->command == HR_COMMAND_POST &&
request->enctype == FORM_ENCTYPE_MULTIPART) {
if (sslh)