From d4214f39a67ff2c931f661733fe35129b9818e2b Mon Sep 17 00:00:00 2001 From: Fumitoshi UKAI Date: Sat, 28 Sep 2002 16:30:07 +0000 Subject: Re: [w3m-dev 03320] Re: Passwords * etc.c (dir_under): same path is ok * file.c (loadGeneralFile): if missing, return NULL ssl cert already checked * html.h (URLFILE): add ssl_certificate * istream.c (ssl_get_certificate): change args * istream.h (ssl_get_certificate): ditto * url.c (openSSLHandle): add p_cert ssl certificate check here (HTTPrequest): auth_cookie fix From: AIDA Shinra --- ChangeLog | 15 ++++++++++++++- etc.c | 4 +++- file.c | 16 ++++++++-------- html.h | 5 ++++- istream.c | 14 +++++--------- istream.h | 4 ++-- url.c | 37 +++++++++++++++++++++++++++++-------- 7 files changed, 65 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61728f9..66da5c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2002-09-29 AIDA Shinra + + * Re: [w3m-dev 03320] Re: Passwords + * etc.c (dir_under): same path is ok + * file.c (loadGeneralFile): if missing, return NULL + ssl cert already checked + * html.h (URLFILE): add ssl_certificate + * istream.c (ssl_get_certificate): change args + * istream.h (ssl_get_certificate): ditto + * url.c (openSSLHandle): add p_cert + ssl certificate check here + (HTTPrequest): auth_cookie fix + 2002-09-25 Fumitoshi UKAI * [w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than reopened to /dev/null @@ -3827,4 +3840,4 @@ * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.430 2002/09/24 17:35:52 ukai Exp $ +$Id: ChangeLog,v 1.431 2002/09/28 16:30:07 ukai Exp $ diff --git a/etc.c b/etc.c index 0879c4b..a8c716d 100644 --- a/etc.c +++ b/etc.c @@ -1,4 +1,4 @@ -/* $Id: etc.c,v 1.24 2002/09/24 17:35:52 ukai Exp $ */ +/* $Id: etc.c,v 1.25 2002/09/28 16:30:07 ukai Exp $ */ #include "fm.h" #include #include "myctype.h" @@ -854,6 +854,8 @@ static int dir_under(const char *x, const char *y) { size_t len = strlen(x); + if (strcmp(x, y) == 0) + return 1; return x[len - 1] == '/' && strlen(y) >= len && y[len - 1] == '/' && strncasecmp(x, y, len) == 0; diff --git a/file.c b/file.c index 7d4ef66..fc62f4f 100644 --- a/file.c +++ b/file.c @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.101 2002/09/24 16:35:02 ukai Exp $ */ +/* $Id: file.c,v 1.102 2002/09/28 16:30:07 ukai Exp $ */ #include "fm.h" #include #include "myctype.h" @@ -1582,6 +1582,11 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, return NULL; } + if (status == HTST_MISSING) { + UFclose(&f); + return NULL; + } + /* openURL() succeeded */ if (SETJMP(AbortLoading) != 0) { /* transfer interrupted */ @@ -1955,13 +1960,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, t_buf->bufferprop |= BP_FRAME; } #ifdef USE_SSL - if (IStype(f.stream) == IST_SSL) { - Str s = ssl_get_certificate(f.stream, pu.host); - if (s == NULL) - return NULL; - else - t_buf->ssl_certificate = s->ptr; - } + if (IStype(f.stream) == IST_SSL) + t_buf->ssl_certificate = f.ssl_certificate; #endif frame_source = flag & RG_FRAME_SRC; b = loadSomething(&f, pu.real_file ? pu.real_file : pu.file, proc, t_buf); diff --git a/html.h b/html.h index 441ed92..971d8fa 100644 --- a/html.h +++ b/html.h @@ -1,4 +1,4 @@ -/* $Id: html.h,v 1.7 2002/02/05 12:31:27 ukai Exp $ */ +/* $Id: html.h,v 1.8 2002/09/28 16:30:07 ukai Exp $ */ #ifndef _HTML_H #define _HTML_H #ifdef USE_SSL @@ -69,6 +69,9 @@ typedef struct { char *ext; int compression; char *guess_type; +#ifdef USE_SSL + char *ssl_certificate; +#endif } URLFile; #define CMP_NOCOMPRESS 0 diff --git a/istream.c b/istream.c index d7f23e2..45c5854 100644 --- a/istream.c +++ b/istream.c @@ -1,4 +1,4 @@ -/* $Id: istream.c,v 1.14 2002/02/07 14:02:12 ukai Exp $ */ +/* $Id: istream.c,v 1.15 2002/09/28 16:30:07 ukai Exp $ */ #include "fm.h" #include "istream.h" #include @@ -470,7 +470,7 @@ ssl_check_cert_ident(X509 * x, char *hostname) } Str -ssl_get_certificate(InputStream stream, char *hostname) +ssl_get_certificate(SSL * ssl, char *hostname) { BIO *bp; X509 *x; @@ -483,13 +483,9 @@ ssl_get_certificate(InputStream stream, char *hostname) Str emsg; char *ans; - if (stream == NULL) - return NULL; - if (IStype(stream) != IST_SSL) - return NULL; - if (stream->ssl.handle == NULL) + if (ssl == NULL) return NULL; - x = SSL_get_peer_certificate(stream->ssl.handle->ssl); + x = SSL_get_peer_certificate(ssl); if (x == NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) @@ -521,7 +517,7 @@ ssl_get_certificate(InputStream stream, char *hostname) */ if (ssl_verify_server) { long verr; - if ((verr = SSL_get_verify_result(stream->ssl.handle->ssl)) + if ((verr = SSL_get_verify_result(ssl)) != X509_V_OK) { const char *em = X509_verify_cert_error_string(verr); if (accept_this_site diff --git a/istream.h b/istream.h index 4be203f..fa91d9b 100644 --- a/istream.h +++ b/istream.h @@ -1,4 +1,4 @@ -/* $Id: istream.h,v 1.8 2002/01/12 13:33:47 ukai Exp $ */ +/* $Id: istream.h,v 1.9 2002/09/28 16:30:07 ukai Exp $ */ #ifndef IO_STREAM_H #define IO_STREAM_H @@ -126,7 +126,7 @@ extern int ISfileno(InputStream stream); extern int ISeos(InputStream stream); #ifdef USE_SSL extern void ssl_accept_this_site(char *hostname); -extern Str ssl_get_certificate(InputStream stream, char *hostname); +extern Str ssl_get_certificate(SSL *ssl, char *hostname); #endif #define IST_BASIC 0 diff --git a/url.c b/url.c index 619e683..a3b2539 100644 --- a/url.c +++ b/url.c @@ -1,4 +1,4 @@ -/* $Id: url.c,v 1.50 2002/09/24 17:06:05 ukai Exp $ */ +/* $Id: url.c,v 1.51 2002/09/28 16:30:07 ukai Exp $ */ #include "fm.h" #include #include @@ -276,7 +276,7 @@ init_PRNG() #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ static SSL * -openSSLHandle(int sock, char *hostname) +openSSLHandle(int sock, char *hostname, char **p_cert) { SSL *handle = NULL; static char *old_ssl_forbid_method = NULL; @@ -362,8 +362,16 @@ openSSLHandle(int sock, char *hostname) #if SSLEAY_VERSION_NUMBER >= 0x00905100 init_PRNG(); #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ - if (SSL_connect(handle) > 0) - return handle; + if (SSL_connect(handle) > 0) { + Str serv_cert = ssl_get_certificate(handle, hostname); + if (serv_cert) { + *p_cert = serv_cert->ptr; + return handle; + } + close(sock); + SSL_free(handle); + return NULL; + } eend: close(sock); if (handle) @@ -1312,8 +1320,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) if (!seen_www_auth) { Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL); - if (!auth_cookie && proxy_auth_cookie) - auth_cookie = proxy_auth_cookie; if (auth_cookie) Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr, "\r\n", NULL); @@ -1323,6 +1329,8 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) ParsedURL *proxy_pu = schemeToProxy(pu->scheme); Str auth_cookie = find_auth_cookie( proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL); + if (!auth_cookie && proxy_auth_cookie) + auth_cookie = proxy_auth_cookie; if (auth_cookie) Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr, "\r\n", NULL); @@ -1580,7 +1588,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, #ifdef USE_SSL if (pu->scheme == SCM_HTTPS && *status == HTST_CONNECT) { sock = ssl_socket_of(ouf->stream); - if (!(sslh = openSSLHandle(sock, pu->host))) { + if (!(sslh = openSSLHandle(sock, pu->host, + &uf.ssl_certificate))) { *status = HTST_MISSING; return uf; } @@ -1634,7 +1643,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, } #ifdef USE_SSL if (pu->scheme == SCM_HTTPS) { - if (!(sslh = openSSLHandle(sock, pu->host))) { + if (!(sslh = openSSLHandle(sock, pu->host, + &uf.ssl_certificate))) { *status = HTST_MISSING; return uf; } @@ -1651,6 +1661,17 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, SSL_write(sslh, tmp->ptr, tmp->length); else write(sock, tmp->ptr, tmp->length); +#ifdef HTTP_DEBUG + { + FILE *ff = fopen("zzrequest", "a"); + if (sslh) + fputs("HTTPS: request via SSL\n", ff); + else + fputs("HTTPS: request without SSL\n", ff); + fwrite(tmp->ptr, sizeof(char), tmp->length, ff); + fclose(ff); + } +#endif /* HTTP_DEBUG */ if (hr->command == HR_COMMAND_POST && request->enctype == FORM_ENCTYPE_MULTIPART) { if (sslh) -- cgit v1.2.3