ChangeSet ID: 21496 CVSROOT: /opt/cvs-commit Module name: wine Changes by: julliard@winehq.org 2005/11/28 05:07:24
Modified files: dlls/wininet : http.c internet.h netconnection.c
Log message: Robert Shearman rob@codeweavers.com Move the initiation of the SSL connection into a separate function.
Patch: http://cvs.winehq.org/patch.py?id=21496
Old revision New revision Changes Path 1.121 1.122 +9 -0 wine/dlls/wininet/http.c 1.44 1.45 +1 -0 wine/dlls/wininet/internet.h 1.15 1.16 +38 -25 wine/dlls/wininet/netconnection.c
Index: wine/dlls/wininet/http.c diff -u -p wine/dlls/wininet/http.c:1.121 wine/dlls/wininet/http.c:1.122 --- wine/dlls/wininet/http.c:1.121 28 Nov 2005 11: 7:24 -0000 +++ wine/dlls/wininet/http.c 28 Nov 2005 11: 7:24 -0000 @@ -2186,6 +2186,15 @@ static BOOL HTTP_OpenConnection(LPWININE goto lend; }
+ if (lpwhr->hdr.dwFlags & INTERNET_FLAG_SECURE) + { + if (!NETCON_secure_connect(&lpwhr->netConnection, lpwhs->lpszHostName)) + { + WARN("Couldn't connect securely to host\n"); + goto lend; + } + } + SendAsyncCallback(&lpwhr->hdr, lpwhr->hdr.dwContext, INTERNET_STATUS_CONNECTED_TO_SERVER, &(lpwhs->socketAddress), Index: wine/dlls/wininet/internet.h diff -u -p wine/dlls/wininet/internet.h:1.44 wine/dlls/wininet/internet.h:1.45 --- wine/dlls/wininet/internet.h:1.44 28 Nov 2005 11: 7:24 -0000 +++ wine/dlls/wininet/internet.h 28 Nov 2005 11: 7:24 -0000 @@ -468,6 +468,7 @@ BOOL NETCON_create(WININET_NETCONNECTION BOOL NETCON_close(WININET_NETCONNECTION *connection); BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr, unsigned int addrlen); +BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname); BOOL NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags, int *sent /* out */); BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags, Index: wine/dlls/wininet/netconnection.c diff -u -p wine/dlls/wininet/netconnection.c:1.15 wine/dlls/wininet/netconnection.c:1.16 --- wine/dlls/wininet/netconnection.c:1.15 28 Nov 2005 11: 7:24 -0000 +++ wine/dlls/wininet/netconnection.c 28 Nov 2005 11: 7:24 -0000 @@ -96,9 +96,9 @@ MAKE_FUNCPTR(BIO_new_fp);
void NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL) { - connection->useSSL = useSSL; + connection->useSSL = FALSE; connection->socketFD = -1; - if (connection->useSSL) + if (useSSL) { #ifdef HAVE_OPENSSL_SSL_H TRACE("using SSL connection\n"); @@ -161,7 +161,6 @@ void NETCON_init(WININET_NETCONNECTION * pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
meth = pSSLv23_method(); - /* FIXME: SECURITY PROBLEM! WE ARN'T VERIFYING THE HOSTS CERTIFICATES OR ANYTHING */ connection->peek_msg = NULL; connection->peek_msg_mem = NULL; #else @@ -181,8 +180,7 @@ BOOL NETCON_connected(WININET_NETCONNECT
/****************************************************************************** * NETCON_create - * Basically calls 'socket()' unless useSSL is supplised, - * in which case we do other things. + * Basically calls 'socket()' */ BOOL NETCON_create(WININET_NETCONNECTION *connection, int domain, int type, int protocol) @@ -218,7 +216,8 @@ BOOL NETCON_close(WININET_NETCONNECTION connection->peek_msg = NULL; connection->peek_msg_mem = NULL; /* FIXME should we call SSL_shutdown here?? Probably on whatever is the - * opposite of NETCON_init.... */ + * opposite of NETCON_secure_connect.... */ + connection->useSSL = FALSE; } #endif
@@ -228,8 +227,40 @@ BOOL NETCON_close(WININET_NETCONNECTION }
/****************************************************************************** + * NETCON_secure_connect + * Initiates a secure connection over an existing plaintext connection. + */ +BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname) +{ +#ifdef HAVE_OPENSSL_SSL_H + BIO *sbio; + + /* nothing to do if we are already connected */ + if (connection->useSSL) + return FALSE; + + ctx = pSSL_CTX_new(meth); + connection->ssl_s = pSSL_new(ctx); + + sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE); + pSSL_set_bio(connection->ssl_s, sbio, sbio); + if (pSSL_connect(connection->ssl_s) <= 0) + { + ERR("ssl couldn't connect\n"); + return FALSE; + } + /* FIXME: verify the security of the connection and that the + * hostname of the certificate matches */ + connection->useSSL = TRUE; + return TRUE; +#else + return FALSE; +#endif +} + +/****************************************************************************** * NETCON_connect - * Basically calls 'connect()' unless we should use SSL + * Connects to the specified address. */ BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr, unsigned int addrlen) @@ -246,24 +277,6 @@ BOOL NETCON_connect(WININET_NETCONNECTIO return FALSE; }
-#ifdef HAVE_OPENSSL_SSL_H - if (connection->useSSL) - { - BIO *sbio; - - ctx = pSSL_CTX_new(meth); - connection->ssl_s = pSSL_new(ctx); - - sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE); - pSSL_set_bio(connection->ssl_s, sbio, sbio); - if (pSSL_connect(connection->ssl_s) <= 0) - { - ERR("ssl couldn't connect\n"); - return FALSE; - } - } -#endif - return TRUE; }