Module: wine Branch: master Commit: 48a7580135b03c270c2a6328cc4ba1df7b40fc2c URL: http://source.winehq.org/git/wine.git/?a=commit;h=48a7580135b03c270c2a6328cc...
Author: Juan Lang juan.lang@gmail.com Date: Wed Dec 2 16:56:40 2009 -0800
winhttp: Set callback to verify hostname with peer's certificate.
---
dlls/winhttp/net.c | 41 +++++++++++++++++++++++++++++++++-------- 1 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index cf83f20..a86a5a6 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -110,9 +110,12 @@ MAKE_FUNCPTR( SSL_read ); MAKE_FUNCPTR( SSL_get_ex_new_index ); MAKE_FUNCPTR( SSL_get_ex_data ); MAKE_FUNCPTR( SSL_set_ex_data ); +MAKE_FUNCPTR( SSL_get_ex_data_X509_STORE_CTX_idx ); MAKE_FUNCPTR( SSL_get_verify_result ); MAKE_FUNCPTR( SSL_get_peer_certificate ); MAKE_FUNCPTR( SSL_CTX_set_default_verify_paths ); +MAKE_FUNCPTR( SSL_CTX_set_verify ); +MAKE_FUNCPTR( X509_STORE_CTX_get_ex_data );
MAKE_FUNCPTR( BIO_new_fp ); MAKE_FUNCPTR( CRYPTO_num_locks ); @@ -208,6 +211,19 @@ static int sock_get_error( int err ) return err; }
+#ifdef SONAME_LIBSSL +static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) +{ + SSL *ssl; + WCHAR *server; + + ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() ); + server = pSSL_get_ex_data( ssl, hostname_idx ); + FIXME("verify %s\n", debugstr_w(server)); + return preverify_ok; +} +#endif + BOOL netconn_init( netconn_t *conn, BOOL secure ) { #if defined(SONAME_LIBSSL) && defined(SONAME_LIBCRYPTO) @@ -261,9 +277,12 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) LOAD_FUNCPTR( SSL_get_ex_new_index ); LOAD_FUNCPTR( SSL_get_ex_data ); LOAD_FUNCPTR( SSL_set_ex_data ); + LOAD_FUNCPTR( SSL_get_ex_data_X509_STORE_CTX_idx ); LOAD_FUNCPTR( SSL_get_verify_result ); LOAD_FUNCPTR( SSL_get_peer_certificate ); LOAD_FUNCPTR( SSL_CTX_set_default_verify_paths ); + LOAD_FUNCPTR( SSL_CTX_set_verify ); + LOAD_FUNCPTR( X509_STORE_CTX_get_ex_data ); #undef LOAD_FUNCPTR
#define LOAD_FUNCPTR(x) \ @@ -297,6 +316,14 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) return FALSE; } hostname_idx = pSSL_get_ex_new_index( 0, (void *)"hostname index", NULL, NULL, NULL ); + if (hostname_idx == -1) + { + ERR("SSL_get_ex_new_index failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + set_last_error( ERROR_OUTOFMEMORY ); + LeaveCriticalSection( &init_ssl_cs ); + return FALSE; + } + pSSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, netconn_secure_verify );
pCRYPTO_set_id_callback(ssl_thread_id); num_ssl_locks = pCRYPTO_num_locks(); @@ -429,7 +456,6 @@ BOOL netconn_connect( netconn_t *conn, const struct sockaddr *sockaddr, unsigned BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) { #ifdef SONAME_LIBSSL - X509 *cert; long res;
if (!(conn->ssl_conn = pSSL_new( ctx ))) @@ -438,22 +464,21 @@ BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) set_last_error( ERROR_OUTOFMEMORY ); goto fail; } - if (!pSSL_set_fd( conn->ssl_conn, conn->socket )) + if (!pSSL_set_ex_data( conn->ssl_conn, hostname_idx, hostname )) { - ERR("SSL_set_fd failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_set_ex_data failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; } - if (pSSL_connect( conn->ssl_conn ) <= 0) + if (!pSSL_set_fd( conn->ssl_conn, conn->socket )) { - ERR("SSL_connect failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_set_fd failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; } - pSSL_set_ex_data( conn->ssl_conn, hostname_idx, hostname ); - if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) + if (pSSL_connect( conn->ssl_conn ) <= 0) { - ERR("No certificate for server: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_connect failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; }
-
Alexandre Julliard