1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extract

Use from qssl backend
This commit is contained in:
Patrick Monnerat 2013-07-15 18:16:13 +02:00
parent e839446c2a
commit 3a24cb7bc4
6 changed files with 1319 additions and 17 deletions

View File

@ -25,7 +25,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \
curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c \ curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c \
curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c \ curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c \
hostcheck.c bundles.c conncache.c pipeline.c dotdot.c hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
@ -44,4 +44,4 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \
curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h \ curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h \
curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h \ curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h \
multihandle.h setup-vms.h pipeline.h dotdot.h multihandle.h setup-vms.h pipeline.h dotdot.h x509asn1.h

View File

@ -22,8 +22,8 @@
#include "curl_setup.h" #include "curl_setup.h"
#if defined(USE_SSLEAY) || defined(USE_AXTLS) #if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL)
/* these two backends use functions from this file */ /* these backends use functions from this file */
#include "hostcheck.h" #include "hostcheck.h"
#include "rawstr.h" #include "rawstr.h"
@ -93,4 +93,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
return 0; return 0;
} }
#endif /* SSLEAY or AXTLS */ #endif /* SSLEAY or AXTLS or QSOSSL */

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -37,6 +37,7 @@
#include "sslgen.h" #include "sslgen.h"
#include "connect.h" /* for the connect timeout */ #include "connect.h" /* for the connect timeout */
#include "select.h" #include "select.h"
#include "x509asn1.h"
#include "curl_memory.h" #include "curl_memory.h"
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
@ -169,10 +170,7 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
SSLHandle * h = connssl->handle; SSLHandle * h = connssl->handle;
long timeout_ms; long timeout_ms;
h->exitPgm = NULL; h->exitPgm = data->set.ssl.verifypeer? NULL: Curl_qsossl_trap_cert;
if(!data->set.ssl.verifyhost)
h->exitPgm = Curl_qsossl_trap_cert;
/* figure out how long time we should wait at maximum */ /* figure out how long time we should wait at maximum */
timeout_ms = Curl_timeleft(data, NULL, TRUE); timeout_ms = Curl_timeleft(data, NULL, TRUE);
@ -208,6 +206,8 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
break; break;
} }
h->peerCert = NULL;
h->peerCertLen = 0;
rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT); rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
switch (rc) { switch (rc) {
@ -238,6 +238,23 @@ static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
/* Verify host. */
rc = Curl_verifyhost(conn, h->peerCert, h->peerCert + h->peerCertLen);
if(rc != CURLE_OK)
return rc;
/* Gather certificate info. */
if(data->set.ssl.certinfo) {
if(Curl_ssl_init_certinfo(data, 1))
return CURLE_OUT_OF_MEMORY;
if(h->peerCert) {
rc = Curl_extract_certinfo(conn, 0, h->peerCert,
h->peerCert + h->peerCertLen);
if(rc != CURLE_OK)
return rc;
}
}
return CURLE_OK; return CURLE_OK;
} }
@ -257,20 +274,23 @@ CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex)
if(rc == CURLE_OK) { if(rc == CURLE_OK) {
rc = Curl_qsossl_create(conn, sockindex); rc = Curl_qsossl_create(conn, sockindex);
if(rc == CURLE_OK) if(rc == CURLE_OK) {
rc = Curl_qsossl_handshake(conn, sockindex); rc = Curl_qsossl_handshake(conn, sockindex);
else { if(rc != CURLE_OK)
SSL_Destroy(connssl->handle); SSL_Destroy(connssl->handle);
}
}
if(rc == CURLE_OK) {
conn->recv[sockindex] = qsossl_recv;
conn->send[sockindex] = qsossl_send;
connssl->state = ssl_connection_complete;
}
else {
connssl->handle = NULL; connssl->handle = NULL;
connssl->use = FALSE; connssl->use = FALSE;
connssl->state = ssl_connection_none; connssl->state = ssl_connection_none;
} }
}
if(rc == CURLE_OK) {
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = qsossl_recv;
conn->send[sockindex] = qsossl_send;
}
return rc; return rc;
} }

View File

@ -1900,6 +1900,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
*/ */
data->set.ssl.fsslctxp = va_arg(param, void *); data->set.ssl.fsslctxp = va_arg(param, void *);
break; break;
#endif
#if defined(USE_SSLEAY) || defined(USE_QSOSSL)
case CURLOPT_CERTINFO: case CURLOPT_CERTINFO:
data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE; data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;
break; break;

1151
lib/x509asn1.c Normal file

File diff suppressed because it is too large Load Diff

129
lib/x509asn1.h Normal file
View File

@ -0,0 +1,129 @@
#ifndef HEADER_CURL_X509ASN1_H
#define HEADER_CURL_X509ASN1_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "curl_setup.h"
#if defined(USE_QSOSSL)
#include "urldata.h"
/*
* Constants.
*/
/* ASN.1 classes. */
#define CURL_ASN1_UNIVERSAL 0
#define CURL_ASN1_APPLICATION 1
#define CURL_ASN1_CONTEXT_SPECIFIC 2
#define CURL_ASN1_PRIVATE 3
/* ASN.1 types. */
#define CURL_ASN1_BOOLEAN 1
#define CURL_ASN1_INTEGER 2
#define CURL_ASN1_BIT_STRING 3
#define CURL_ASN1_OCTET_STRING 4
#define CURL_ASN1_NULL 5
#define CURL_ASN1_OBJECT_IDENTIFIER 6
#define CURL_ASN1_OBJECT_DESCRIPTOR 7
#define CURL_ASN1_INSTANCE_OF 8
#define CURL_ASN1_REAL 9
#define CURL_ASN1_ENUMERATED 10
#define CURL_ASN1_EMBEDDED 11
#define CURL_ASN1_UTF8_STRING 12
#define CURL_ASN1_RELATIVE_OID 13
#define CURL_ASN1_SEQUENCE 16
#define CURL_ASN1_SET 17
#define CURL_ASN1_NUMERIC_STRING 18
#define CURL_ASN1_PRINTABLE_STRING 19
#define CURL_ASN1_TELETEX_STRING 20
#define CURL_ASN1_VIDEOTEX_STRING 21
#define CURL_ASN1_IA5_STRING 22
#define CURL_ASN1_UTC_TIME 23
#define CURL_ASN1_GENERALIZED_TIME 24
#define CURL_ASN1_GRAPHIC_STRING 25
#define CURL_ASN1_VISIBLE_STRING 26
#define CURL_ASN1_GENERAL_STRING 27
#define CURL_ASN1_UNIVERSAL_STRING 28
#define CURL_ASN1_CHARACTER_STRING 29
#define CURL_ASN1_BMP_STRING 30
/*
* Types.
*/
/* ASN.1 parsed element. */
typedef struct {
const char * beg; /* Pointer to element data. */
const char * end; /* Pointer to 1st byte after element data. */
unsigned char class; /* ASN.1 element class. */
unsigned char tag; /* ASN.1 element tag. */
bool constructed; /* Element is constructed. */
} curl_asn1Element;
/* ASN.1 OID table entry. */
typedef struct {
const char * numoid; /* Dotted-numeric OID. */
const char * textoid; /* OID name. */
} curl_OID;
/* X509 certificate: RFC 5280. */
typedef struct {
curl_asn1Element certificate;
curl_asn1Element version;
curl_asn1Element serialNumber;
curl_asn1Element signatureAlgorithm;
curl_asn1Element signature;
curl_asn1Element issuer;
curl_asn1Element notBefore;
curl_asn1Element notAfter;
curl_asn1Element subject;
curl_asn1Element subjectPublicKeyAlgorithm;
curl_asn1Element subjectPublicKey;
curl_asn1Element issuerUniqueID;
curl_asn1Element subjectUniqueID;
curl_asn1Element extensions;
} curl_X509certificate;
/*
* Prototypes.
*/
const char * Curl_getASN1Element(curl_asn1Element * elem,
const char * beg, const char * end);
const char * Curl_ASN1tostr(curl_asn1Element * elem, int type);
const char * Curl_DNtostr(curl_asn1Element * dn);
void Curl_parseX509(curl_X509certificate * cert,
const char * beg, const char * end);
CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
const char * beg, const char * end);
CURLcode Curl_verifyhost(struct connectdata * conn,
const char * beg, const char * end);
#endif /* USE_QSOSSL */
#endif /* HEADER_CURL_X509ASN1_H */