2005-04-26 13:22:56 -04:00
|
|
|
/* SSL support via OpenSSL library.
|
2009-09-04 03:13:47 -04:00
|
|
|
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
|
2011-01-01 07:19:37 -05:00
|
|
|
2009, 2010, 2011 Free Software Foundation, Inc.
|
2005-04-26 13:22:56 -04:00
|
|
|
Originally contributed by Christian Fraenkel.
|
2000-12-05 18:26:13 -05:00
|
|
|
|
2001-05-27 15:35:15 -04:00
|
|
|
This file is part of GNU Wget.
|
2000-12-05 18:26:13 -05:00
|
|
|
|
2001-05-27 15:35:15 -04:00
|
|
|
GNU Wget is free software; you can redistribute it and/or modify
|
2000-12-05 18:26:13 -05:00
|
|
|
it under the terms of the GNU General Public License as published by
|
2007-07-10 01:53:22 -04:00
|
|
|
the Free Software Foundation; either version 3 of the License, or
|
2000-12-05 18:26:13 -05:00
|
|
|
(at your option) any later version.
|
|
|
|
|
2001-05-27 15:35:15 -04:00
|
|
|
GNU Wget is distributed in the hope that it will be useful,
|
2000-12-05 18:26:13 -05:00
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
2007-07-10 01:53:22 -04:00
|
|
|
along with Wget. If not, see <http://www.gnu.org/licenses/>.
|
2002-05-17 22:16:36 -04:00
|
|
|
|
2007-11-28 03:05:33 -05:00
|
|
|
Additional permission under GNU GPL version 3 section 7
|
|
|
|
|
|
|
|
If you modify this program, or any covered work, by linking or
|
|
|
|
combining it with the OpenSSL project's OpenSSL library (or a
|
|
|
|
modified version of that library), containing parts covered by the
|
|
|
|
terms of the OpenSSL or SSLeay licenses, the Free Software Foundation
|
|
|
|
grants you additional permission to convey the resulting work.
|
|
|
|
Corresponding Source for a non-source form of such a combination
|
|
|
|
shall include the source code for the parts of OpenSSL used as well
|
|
|
|
as that of the covered work. */
|
2000-12-05 18:26:13 -05:00
|
|
|
|
2007-10-18 23:50:40 -04:00
|
|
|
#include "wget.h"
|
2000-12-17 13:12:02 -05:00
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <errno.h>
|
2010-12-01 07:15:13 -05:00
|
|
|
#include <unistd.h>
|
2005-06-19 18:34:58 -04:00
|
|
|
#include <string.h>
|
2000-12-17 13:12:02 -05:00
|
|
|
|
2000-12-05 18:26:13 -05:00
|
|
|
#include <openssl/ssl.h>
|
2009-10-24 19:06:44 -04:00
|
|
|
#include <openssl/x509v3.h>
|
2000-12-05 18:26:13 -05:00
|
|
|
#include <openssl/err.h>
|
2001-11-23 11:18:41 -05:00
|
|
|
#include <openssl/rand.h>
|
2000-12-17 13:12:02 -05:00
|
|
|
|
2001-12-17 09:05:08 -05:00
|
|
|
#include "utils.h"
|
2000-12-05 18:26:13 -05:00
|
|
|
#include "connect.h"
|
2001-12-05 20:13:31 -05:00
|
|
|
#include "url.h"
|
2005-04-26 17:41:41 -04:00
|
|
|
#include "ssl.h"
|
2000-12-05 18:35:56 -05:00
|
|
|
|
2011-04-04 10:46:38 -04:00
|
|
|
#ifdef WINDOWS
|
|
|
|
# include <w32sock.h>
|
|
|
|
#endif
|
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Application-wide SSL context. This is common to all SSL
|
|
|
|
connections. */
|
2005-06-27 14:19:22 -04:00
|
|
|
static SSL_CTX *ssl_ctx;
|
2003-11-06 08:06:59 -05:00
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Initialize the SSL's PRNG using various methods. */
|
|
|
|
|
2003-11-06 08:06:59 -05:00
|
|
|
static void
|
2005-04-27 17:08:40 -04:00
|
|
|
init_prng (void)
|
2001-11-23 11:18:41 -05:00
|
|
|
{
|
2005-04-27 17:08:40 -04:00
|
|
|
char namebuf[256];
|
|
|
|
const char *random_file;
|
|
|
|
|
|
|
|
if (RAND_status ())
|
|
|
|
/* The PRNG has been seeded; no further action is necessary. */
|
|
|
|
return;
|
2001-12-05 20:13:31 -05:00
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Seed from a file specified by the user. This will be the file
|
|
|
|
specified with --random-file, $RANDFILE, if set, or ~/.rnd, if it
|
|
|
|
exists. */
|
|
|
|
if (opt.random_file)
|
|
|
|
random_file = opt.random_file;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Get the random file name using RAND_file_name. */
|
|
|
|
namebuf[0] = '\0';
|
|
|
|
random_file = RAND_file_name (namebuf, sizeof (namebuf));
|
|
|
|
}
|
2001-12-05 20:13:31 -05:00
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
if (random_file && *random_file)
|
|
|
|
/* Seed at most 16k (apparently arbitrary value borrowed from
|
|
|
|
curl) from random file. */
|
|
|
|
RAND_load_file (random_file, 16384);
|
2001-12-05 20:13:31 -05:00
|
|
|
|
|
|
|
if (RAND_status ())
|
|
|
|
return;
|
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Get random data from EGD if opt.egd_file was used. */
|
2005-04-26 13:22:56 -04:00
|
|
|
if (opt.egd_file && *opt.egd_file)
|
|
|
|
RAND_egd (opt.egd_file);
|
2001-12-05 20:13:31 -05:00
|
|
|
|
|
|
|
if (RAND_status ())
|
|
|
|
return;
|
|
|
|
|
|
|
|
#ifdef WINDOWS
|
|
|
|
/* Under Windows, we can try to seed the PRNG using screen content.
|
|
|
|
This may or may not work, depending on whether we'll calling Wget
|
|
|
|
interactively. */
|
|
|
|
|
|
|
|
RAND_screen ();
|
|
|
|
if (RAND_status ())
|
|
|
|
return;
|
|
|
|
#endif
|
|
|
|
|
2005-04-26 13:22:56 -04:00
|
|
|
#if 0 /* don't do this by default */
|
|
|
|
{
|
|
|
|
int maxrand = 500;
|
2003-11-18 17:28:01 -05:00
|
|
|
|
2005-04-26 13:22:56 -04:00
|
|
|
/* Still not random enough, presumably because neither /dev/random
|
|
|
|
nor EGD were available. Try to seed OpenSSL's PRNG with libc
|
|
|
|
PRNG. This is cryptographically weak and defeats the purpose
|
|
|
|
of using OpenSSL, which is why it is highly discouraged. */
|
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
logprintf (LOG_NOTQUIET, _("WARNING: using a weak random seed.\n"));
|
2005-04-26 13:22:56 -04:00
|
|
|
|
|
|
|
while (RAND_status () == 0 && maxrand-- > 0)
|
|
|
|
{
|
2007-08-02 23:38:21 -04:00
|
|
|
unsigned char rnd = random_number (256);
|
|
|
|
RAND_seed (&rnd, sizeof (rnd));
|
2005-04-26 13:22:56 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2001-11-23 11:18:41 -05:00
|
|
|
}
|
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Print errors in the OpenSSL error stack. */
|
2003-11-06 08:06:59 -05:00
|
|
|
|
2005-04-11 10:33:36 -04:00
|
|
|
static void
|
2009-09-21 23:39:44 -04:00
|
|
|
print_errors (void)
|
2001-02-10 17:33:31 -05:00
|
|
|
{
|
2005-07-03 17:20:33 -04:00
|
|
|
unsigned long err;
|
|
|
|
while ((err = ERR_get_error ()) != 0)
|
|
|
|
logprintf (LOG_NOTQUIET, "OpenSSL: %s\n", ERR_error_string (err, NULL));
|
2001-02-10 17:33:31 -05:00
|
|
|
}
|
|
|
|
|
2005-04-27 13:15:10 -04:00
|
|
|
/* Convert keyfile type as used by options.h to a type as accepted by
|
|
|
|
SSL_CTX_use_certificate_file and SSL_CTX_use_PrivateKey_file.
|
|
|
|
|
|
|
|
(options.h intentionally doesn't use values from openssl/ssl.h so
|
|
|
|
it doesn't depend specifically on OpenSSL for SSL functionality.) */
|
|
|
|
|
|
|
|
static int
|
|
|
|
key_type_to_ssl_type (enum keyfile_type type)
|
|
|
|
{
|
|
|
|
switch (type)
|
|
|
|
{
|
|
|
|
case keyfile_pem:
|
|
|
|
return SSL_FILETYPE_PEM;
|
|
|
|
case keyfile_asn1:
|
|
|
|
return SSL_FILETYPE_ASN1;
|
|
|
|
default:
|
|
|
|
abort ();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
/* Create an SSL Context and set default paths etc. Called the first
|
|
|
|
time an HTTP download is attempted.
|
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
Returns true on success, false otherwise. */
|
2005-04-27 17:08:40 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
bool
|
2003-11-06 08:06:59 -05:00
|
|
|
ssl_init ()
|
2002-04-20 22:26:48 -04:00
|
|
|
{
|
2007-08-30 00:31:01 -04:00
|
|
|
SSL_METHOD *meth;
|
2003-11-06 08:06:59 -05:00
|
|
|
|
|
|
|
if (ssl_ctx)
|
2005-04-27 17:08:40 -04:00
|
|
|
/* The SSL has already been initialized. */
|
2005-06-22 15:38:10 -04:00
|
|
|
return true;
|
2003-11-06 08:06:59 -05:00
|
|
|
|
|
|
|
/* Init the PRNG. If that fails, bail out. */
|
2005-04-27 17:08:40 -04:00
|
|
|
init_prng ();
|
|
|
|
if (RAND_status () != 1)
|
2003-11-06 08:06:59 -05:00
|
|
|
{
|
|
|
|
logprintf (LOG_NOTQUIET,
|
2007-08-02 23:38:21 -04:00
|
|
|
_("Could not seed PRNG; consider using --random-file.\n"));
|
2005-04-27 17:08:40 -04:00
|
|
|
goto error;
|
2003-11-06 08:06:59 -05:00
|
|
|
}
|
|
|
|
|
2002-04-20 22:26:48 -04:00
|
|
|
SSL_library_init ();
|
|
|
|
SSL_load_error_strings ();
|
|
|
|
SSLeay_add_all_algorithms ();
|
|
|
|
SSLeay_add_ssl_algorithms ();
|
2005-04-27 17:08:40 -04:00
|
|
|
|
2005-04-26 13:22:56 -04:00
|
|
|
switch (opt.secure_protocol)
|
2002-04-20 22:26:48 -04:00
|
|
|
{
|
2005-04-26 13:22:56 -04:00
|
|
|
case secure_protocol_auto:
|
|
|
|
meth = SSLv23_client_method ();
|
|
|
|
break;
|
2011-04-11 05:08:39 -04:00
|
|
|
#ifndef OPENSSL_NO_SSL2
|
2005-04-26 13:22:56 -04:00
|
|
|
case secure_protocol_sslv2:
|
|
|
|
meth = SSLv2_client_method ();
|
|
|
|
break;
|
2011-04-11 05:08:39 -04:00
|
|
|
#endif
|
2005-04-26 13:22:56 -04:00
|
|
|
case secure_protocol_sslv3:
|
|
|
|
meth = SSLv3_client_method ();
|
|
|
|
break;
|
|
|
|
case secure_protocol_tlsv1:
|
|
|
|
meth = TLSv1_client_method ();
|
|
|
|
break;
|
2005-04-27 13:15:10 -04:00
|
|
|
default:
|
|
|
|
abort ();
|
2002-04-20 22:26:48 -04:00
|
|
|
}
|
|
|
|
|
2003-11-06 08:06:59 -05:00
|
|
|
ssl_ctx = SSL_CTX_new (meth);
|
2005-04-27 17:08:40 -04:00
|
|
|
if (!ssl_ctx)
|
|
|
|
goto error;
|
|
|
|
|
2005-04-26 13:22:56 -04:00
|
|
|
SSL_CTX_set_default_verify_paths (ssl_ctx);
|
|
|
|
SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
|
2005-05-09 13:21:10 -04:00
|
|
|
|
2005-05-11 07:14:42 -04:00
|
|
|
/* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the
|
|
|
|
certificate is invalid. We verify the certificate separately in
|
2005-05-13 09:26:44 -04:00
|
|
|
ssl_check_certificate, which provides much better diagnostics
|
2005-05-11 07:14:42 -04:00
|
|
|
than examining the error stack after a failed SSL_connect. */
|
|
|
|
SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
|
2005-04-26 13:22:56 -04:00
|
|
|
|
2008-04-23 02:27:21 -04:00
|
|
|
/* Use the private key from the cert file unless otherwise specified. */
|
|
|
|
if (opt.cert_file && !opt.private_key)
|
|
|
|
{
|
|
|
|
opt.private_key = opt.cert_file;
|
|
|
|
opt.private_key_type = opt.cert_type;
|
|
|
|
}
|
|
|
|
|
2005-04-27 13:15:10 -04:00
|
|
|
if (opt.cert_file)
|
|
|
|
if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
|
2007-08-02 23:38:21 -04:00
|
|
|
key_type_to_ssl_type (opt.cert_type))
|
|
|
|
!= 1)
|
2005-04-27 17:08:40 -04:00
|
|
|
goto error;
|
2005-04-27 13:15:10 -04:00
|
|
|
if (opt.private_key)
|
|
|
|
if (SSL_CTX_use_PrivateKey_file (ssl_ctx, opt.private_key,
|
2007-08-02 23:38:21 -04:00
|
|
|
key_type_to_ssl_type (opt.private_key_type))
|
|
|
|
!= 1)
|
2005-04-27 17:08:40 -04:00
|
|
|
goto error;
|
|
|
|
|
2005-05-09 13:21:10 -04:00
|
|
|
/* Since fd_write unconditionally assumes partial writes (and
|
|
|
|
handles them correctly), allow them in OpenSSL. */
|
|
|
|
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
|
|
|
|
2005-08-26 06:42:31 -04:00
|
|
|
/* The OpenSSL library can handle renegotiations automatically, so
|
|
|
|
tell it to do so. */
|
|
|
|
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
|
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
return true;
|
2002-04-20 22:26:48 -04:00
|
|
|
|
2005-04-27 17:08:40 -04:00
|
|
|
error:
|
|
|
|
if (ssl_ctx)
|
|
|
|
SSL_CTX_free (ssl_ctx);
|
|
|
|
print_errors ();
|
2005-06-22 15:38:10 -04:00
|
|
|
return false;
|
2002-04-20 22:26:48 -04:00
|
|
|
}
|
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context {
|
2007-08-02 23:38:21 -04:00
|
|
|
SSL *conn; /* SSL connection handle */
|
|
|
|
char *last_error; /* last error printed with openssl_errstr */
|
2005-07-04 17:42:09 -04:00
|
|
|
};
|
|
|
|
|
2003-11-06 08:06:59 -05:00
|
|
|
static int
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_read (int fd, char *buf, int bufsize, void *arg)
|
2002-04-20 22:26:48 -04:00
|
|
|
{
|
2003-11-06 08:06:59 -05:00
|
|
|
int ret;
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
SSL *conn = ctx->conn;
|
2003-11-05 20:12:03 -05:00
|
|
|
do
|
2005-07-04 17:42:09 -04:00
|
|
|
ret = SSL_read (conn, buf, bufsize);
|
2003-11-06 08:06:59 -05:00
|
|
|
while (ret == -1
|
2011-04-04 10:56:51 -04:00
|
|
|
&& (SSL_get_error (conn, ret) == SSL_ERROR_WANT_READ
|
|
|
|
|| (SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
|
|
|
|
&& errno == EINTR)));
|
|
|
|
|
2003-11-06 08:06:59 -05:00
|
|
|
return ret;
|
2002-04-20 22:26:48 -04:00
|
|
|
}
|
|
|
|
|
2003-11-05 20:12:03 -05:00
|
|
|
static int
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_write (int fd, char *buf, int bufsize, void *arg)
|
2002-04-20 22:26:48 -04:00
|
|
|
{
|
2003-11-06 08:06:59 -05:00
|
|
|
int ret = 0;
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
SSL *conn = ctx->conn;
|
2003-11-05 20:12:03 -05:00
|
|
|
do
|
2005-07-04 17:42:09 -04:00
|
|
|
ret = SSL_write (conn, buf, bufsize);
|
2003-11-06 08:06:59 -05:00
|
|
|
while (ret == -1
|
2007-08-02 23:38:21 -04:00
|
|
|
&& SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
|
|
|
|
&& errno == EINTR);
|
2003-11-06 08:06:59 -05:00
|
|
|
return ret;
|
2002-04-20 22:26:48 -04:00
|
|
|
}
|
|
|
|
|
2003-11-05 20:12:03 -05:00
|
|
|
static int
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_poll (int fd, double timeout, int wait_for, void *arg)
|
2002-04-20 22:26:48 -04:00
|
|
|
{
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
SSL *conn = ctx->conn;
|
|
|
|
if (SSL_pending (conn))
|
2003-11-05 20:12:03 -05:00
|
|
|
return 1;
|
2011-04-13 07:57:37 -04:00
|
|
|
if (timeout == 0)
|
|
|
|
return 1;
|
2003-11-05 20:12:03 -05:00
|
|
|
return select_fd (fd, timeout, wait_for);
|
2002-04-20 22:26:48 -04:00
|
|
|
}
|
|
|
|
|
2003-11-20 20:48:11 -05:00
|
|
|
static int
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_peek (int fd, char *buf, int bufsize, void *arg)
|
2003-11-20 20:48:11 -05:00
|
|
|
{
|
|
|
|
int ret;
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
SSL *conn = ctx->conn;
|
2011-04-13 07:57:37 -04:00
|
|
|
if (! openssl_poll (fd, 0.0, WAIT_FOR_READ, arg))
|
|
|
|
return 0;
|
2003-11-20 20:48:11 -05:00
|
|
|
do
|
2005-07-04 17:42:09 -04:00
|
|
|
ret = SSL_peek (conn, buf, bufsize);
|
2003-11-20 20:48:11 -05:00
|
|
|
while (ret == -1
|
2007-08-02 23:38:21 -04:00
|
|
|
&& SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
|
|
|
|
&& errno == EINTR);
|
2003-11-20 20:48:11 -05:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2005-07-03 17:20:33 -04:00
|
|
|
static const char *
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_errstr (int fd, void *arg)
|
2005-07-03 17:20:33 -04:00
|
|
|
{
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
unsigned long errcode;
|
|
|
|
char *errmsg = NULL;
|
|
|
|
int msglen = 0;
|
2005-07-03 17:20:33 -04:00
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
/* If there are no SSL-specific errors, just return NULL. */
|
|
|
|
if ((errcode = ERR_get_error ()) == 0)
|
2005-07-03 17:20:33 -04:00
|
|
|
return NULL;
|
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
/* Get rid of previous contents of ctx->last_error, if any. */
|
|
|
|
xfree_null (ctx->last_error);
|
|
|
|
|
|
|
|
/* Iterate over OpenSSL's error stack and accumulate errors in the
|
|
|
|
last_error buffer, separated by "; ". This is better than using
|
|
|
|
a static buffer, which *always* takes up space (and has to be
|
|
|
|
large, to fit more than one error message), whereas these
|
|
|
|
allocations are only performed when there is an actual error. */
|
|
|
|
|
|
|
|
for (;;)
|
2005-07-03 17:20:33 -04:00
|
|
|
{
|
2005-07-04 17:42:09 -04:00
|
|
|
const char *str = ERR_error_string (errcode, NULL);
|
|
|
|
int len = strlen (str);
|
|
|
|
|
|
|
|
/* Allocate space for the existing message, plus two more chars
|
2007-08-02 23:38:21 -04:00
|
|
|
for the "; " separator and one for the terminating \0. */
|
2005-07-04 17:42:09 -04:00
|
|
|
errmsg = xrealloc (errmsg, msglen + len + 2 + 1);
|
|
|
|
memcpy (errmsg + msglen, str, len);
|
|
|
|
msglen += len;
|
|
|
|
|
|
|
|
/* Get next error and bail out if there are no more. */
|
|
|
|
errcode = ERR_get_error ();
|
|
|
|
if (errcode == 0)
|
2007-08-02 23:38:21 -04:00
|
|
|
break;
|
2005-07-04 17:42:09 -04:00
|
|
|
|
|
|
|
errmsg[msglen++] = ';';
|
|
|
|
errmsg[msglen++] = ' ';
|
2005-07-03 17:20:33 -04:00
|
|
|
}
|
2005-07-04 17:42:09 -04:00
|
|
|
errmsg[msglen] = '\0';
|
2005-07-03 17:20:33 -04:00
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
/* Store the error in ctx->last_error where openssl_close will
|
|
|
|
eventually find it and free it. */
|
|
|
|
ctx->last_error = errmsg;
|
|
|
|
|
|
|
|
return errmsg;
|
2005-07-03 17:20:33 -04:00
|
|
|
}
|
|
|
|
|
2003-11-05 20:12:03 -05:00
|
|
|
static void
|
2005-07-04 17:42:09 -04:00
|
|
|
openssl_close (int fd, void *arg)
|
2000-12-05 18:26:13 -05:00
|
|
|
{
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = arg;
|
|
|
|
SSL *conn = ctx->conn;
|
|
|
|
|
|
|
|
SSL_shutdown (conn);
|
|
|
|
SSL_free (conn);
|
|
|
|
xfree_null (ctx->last_error);
|
|
|
|
xfree (ctx);
|
2003-11-05 20:12:03 -05:00
|
|
|
|
|
|
|
close (fd);
|
2000-12-05 18:26:13 -05:00
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
DEBUGP (("Closed %d/SSL 0x%0*lx\n", fd, PTR_FORMAT (conn)));
|
2000-12-05 18:26:13 -05:00
|
|
|
}
|
|
|
|
|
2005-07-03 17:20:33 -04:00
|
|
|
/* openssl_transport is the singleton that describes the SSL transport
|
|
|
|
methods provided by this file. */
|
|
|
|
|
|
|
|
static struct transport_implementation openssl_transport = {
|
|
|
|
openssl_read, openssl_write, openssl_poll,
|
|
|
|
openssl_peek, openssl_errstr, openssl_close
|
|
|
|
};
|
|
|
|
|
2005-05-11 07:14:42 -04:00
|
|
|
/* Perform the SSL handshake on file descriptor FD, which is assumed
|
|
|
|
to be connected to an SSL server. The SSL handle provided by
|
|
|
|
OpenSSL is registered with the file descriptor FD using
|
|
|
|
fd_register_transport, so that subsequent calls to fd_read,
|
|
|
|
fd_write, etc., will use the corresponding SSL functions.
|
2005-04-11 10:33:36 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
Returns true on success, false on failure. */
|
2002-04-14 01:19:27 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
bool
|
2009-09-21 23:39:44 -04:00
|
|
|
ssl_connect_wget (int fd)
|
2000-12-05 18:26:13 -05:00
|
|
|
{
|
2005-07-04 17:42:09 -04:00
|
|
|
SSL *conn;
|
|
|
|
struct openssl_transport_context *ctx;
|
2003-11-06 08:06:59 -05:00
|
|
|
|
2005-05-14 15:36:30 -04:00
|
|
|
DEBUGP (("Initiating SSL handshake.\n"));
|
|
|
|
|
2003-11-06 08:06:59 -05:00
|
|
|
assert (ssl_ctx != NULL);
|
2005-07-04 17:42:09 -04:00
|
|
|
conn = SSL_new (ssl_ctx);
|
|
|
|
if (!conn)
|
2005-05-10 11:17:37 -04:00
|
|
|
goto error;
|
2010-05-07 07:27:11 -04:00
|
|
|
#ifndef FD_TO_SOCKET
|
2010-06-15 07:03:13 -04:00
|
|
|
# define FD_TO_SOCKET(X) (X)
|
2010-05-07 07:27:11 -04:00
|
|
|
#endif
|
|
|
|
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
|
2005-05-10 11:17:37 -04:00
|
|
|
goto error;
|
2005-07-04 17:42:09 -04:00
|
|
|
SSL_set_connect_state (conn);
|
|
|
|
if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)
|
2005-05-10 11:17:37 -04:00
|
|
|
goto error;
|
2003-11-05 20:12:03 -05:00
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
ctx = xnew0 (struct openssl_transport_context);
|
|
|
|
ctx->conn = conn;
|
|
|
|
|
2005-05-11 07:14:42 -04:00
|
|
|
/* Register FD with Wget's transport layer, i.e. arrange that our
|
|
|
|
functions are used for reading, writing, and polling. */
|
2005-07-04 17:42:09 -04:00
|
|
|
fd_register_transport (fd, &openssl_transport, ctx);
|
2005-05-14 15:36:30 -04:00
|
|
|
DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n",
|
2007-08-02 23:38:21 -04:00
|
|
|
fd, PTR_FORMAT (conn)));
|
2005-06-22 15:38:10 -04:00
|
|
|
return true;
|
2003-11-05 20:12:03 -05:00
|
|
|
|
2005-05-10 11:17:37 -04:00
|
|
|
error:
|
2005-05-14 15:36:30 -04:00
|
|
|
DEBUGP (("SSL handshake failed.\n"));
|
2005-04-27 17:08:40 -04:00
|
|
|
print_errors ();
|
2005-07-04 17:42:09 -04:00
|
|
|
if (conn)
|
|
|
|
SSL_free (conn);
|
2005-06-22 15:38:10 -04:00
|
|
|
return false;
|
2003-11-05 20:12:03 -05:00
|
|
|
}
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2007-08-02 23:38:21 -04:00
|
|
|
#define ASTERISK_EXCLUDES_DOT /* mandated by rfc2818 */
|
2005-05-13 07:54:53 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
/* Return true is STRING (case-insensitively) matches PATTERN, false
|
2005-05-11 03:58:57 -04:00
|
|
|
otherwise. The recognized wildcard character is "*", which matches
|
|
|
|
any character in STRING except ".". Any number of the "*" wildcard
|
|
|
|
may be present in the pattern.
|
|
|
|
|
|
|
|
This is used to match of hosts as indicated in rfc2818: "Names may
|
|
|
|
contain the wildcard character * which is considered to match any
|
|
|
|
single domain name component or component fragment. E.g., *.a.com
|
|
|
|
matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but
|
2005-05-13 07:54:53 -04:00
|
|
|
not bar.com [or foo.bar.com]."
|
|
|
|
|
|
|
|
If the pattern contain no wildcards, pattern_match(a, b) is
|
|
|
|
equivalent to !strcasecmp(a, b). */
|
2005-05-11 03:58:57 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
static bool
|
2005-05-11 03:58:57 -04:00
|
|
|
pattern_match (const char *pattern, const char *string)
|
|
|
|
{
|
|
|
|
const char *p = pattern, *n = string;
|
|
|
|
char c;
|
2007-10-14 17:46:24 -04:00
|
|
|
for (; (c = c_tolower (*p++)) != '\0'; n++)
|
2005-05-11 03:58:57 -04:00
|
|
|
if (c == '*')
|
|
|
|
{
|
2007-10-14 17:46:24 -04:00
|
|
|
for (c = c_tolower (*p); c == '*'; c = c_tolower (*++p))
|
2007-08-02 23:38:21 -04:00
|
|
|
;
|
|
|
|
for (; *n != '\0'; n++)
|
2007-10-14 17:46:24 -04:00
|
|
|
if (c_tolower (*n) == c && pattern_match (p, n))
|
2007-08-02 23:38:21 -04:00
|
|
|
return true;
|
2005-05-13 07:54:53 -04:00
|
|
|
#ifdef ASTERISK_EXCLUDES_DOT
|
2007-08-02 23:38:21 -04:00
|
|
|
else if (*n == '.')
|
|
|
|
return false;
|
2005-05-13 07:54:53 -04:00
|
|
|
#endif
|
2007-08-02 23:38:21 -04:00
|
|
|
return c == '\0';
|
2005-05-11 03:58:57 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-10-14 17:46:24 -04:00
|
|
|
if (c != c_tolower (*n))
|
2007-08-02 23:38:21 -04:00
|
|
|
return false;
|
2005-05-11 03:58:57 -04:00
|
|
|
}
|
|
|
|
return *n == '\0';
|
|
|
|
}
|
|
|
|
|
2005-05-11 11:52:27 -04:00
|
|
|
/* Verify the validity of the certificate presented by the server.
|
|
|
|
Also check that the "common name" of the server, as presented by
|
|
|
|
its certificate, corresponds to HOST. (HOST typically comes from
|
|
|
|
the URL and is what the user thinks he's connecting to.)
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2008-04-22 17:48:36 -04:00
|
|
|
This assumes that ssl_connect_wget has successfully finished, i.e. that
|
2005-05-11 11:52:27 -04:00
|
|
|
the SSL handshake has been performed and that FD is connected to an
|
|
|
|
SSL handle.
|
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
If opt.check_cert is true (the default), this returns 1 if the
|
2005-05-11 11:52:27 -04:00
|
|
|
certificate is valid, 0 otherwise. If opt.check_cert is 0, the
|
|
|
|
function always returns 1, but should still be called because it
|
|
|
|
warns the user about any problems with the certificate. */
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2005-06-22 15:38:10 -04:00
|
|
|
bool
|
2005-05-11 11:52:27 -04:00
|
|
|
ssl_check_certificate (int fd, const char *host)
|
2005-05-10 11:17:37 -04:00
|
|
|
{
|
2005-05-11 11:52:27 -04:00
|
|
|
X509 *cert;
|
2009-10-24 19:06:44 -04:00
|
|
|
GENERAL_NAMES *subjectAltNames;
|
2005-05-11 11:52:27 -04:00
|
|
|
char common_name[256];
|
2005-05-10 11:17:37 -04:00
|
|
|
long vresult;
|
2005-06-22 15:38:10 -04:00
|
|
|
bool success = true;
|
2009-10-24 19:06:44 -04:00
|
|
|
bool alt_name_checked = false;
|
2005-05-10 11:17:37 -04:00
|
|
|
|
|
|
|
/* If the user has specified --no-check-cert, we still want to warn
|
|
|
|
him about problems with the server's certificate. */
|
|
|
|
const char *severity = opt.check_cert ? _("ERROR") : _("WARNING");
|
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
struct openssl_transport_context *ctx = fd_transport_context (fd);
|
|
|
|
SSL *conn = ctx->conn;
|
|
|
|
assert (conn != NULL);
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
cert = SSL_get_peer_certificate (conn);
|
2005-05-11 11:52:27 -04:00
|
|
|
if (!cert)
|
2005-05-10 11:17:37 -04:00
|
|
|
{
|
|
|
|
logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"),
|
2008-04-26 08:34:30 -04:00
|
|
|
severity, quotearg_style (escape_quoting_style, host));
|
2005-06-22 15:38:10 -04:00
|
|
|
success = false;
|
2007-08-02 23:38:21 -04:00
|
|
|
goto no_cert; /* must bail out since CERT is NULL */
|
2005-05-10 11:17:37 -04:00
|
|
|
}
|
|
|
|
|
2005-06-21 21:26:22 -04:00
|
|
|
IF_DEBUG
|
2005-05-10 17:16:00 -04:00
|
|
|
{
|
2005-05-11 11:52:27 -04:00
|
|
|
char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0);
|
|
|
|
char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
|
2005-05-10 17:16:00 -04:00
|
|
|
DEBUGP (("certificate:\n subject: %s\n issuer: %s\n",
|
2009-09-22 12:16:43 -04:00
|
|
|
quotearg_n_style (0, escape_quoting_style, subject),
|
|
|
|
quotearg_n_style (1, escape_quoting_style, issuer)));
|
2005-05-10 17:16:00 -04:00
|
|
|
OPENSSL_free (subject);
|
|
|
|
OPENSSL_free (issuer);
|
|
|
|
}
|
|
|
|
|
2005-07-04 17:42:09 -04:00
|
|
|
vresult = SSL_get_verify_result (conn);
|
2005-05-10 11:17:37 -04:00
|
|
|
if (vresult != X509_V_OK)
|
|
|
|
{
|
2005-07-07 11:31:37 -04:00
|
|
|
char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
|
2005-05-10 11:17:37 -04:00
|
|
|
logprintf (LOG_NOTQUIET,
|
2008-04-16 06:23:31 -04:00
|
|
|
_("%s: cannot verify %s's certificate, issued by %s:\n"),
|
2009-09-22 12:16:43 -04:00
|
|
|
severity, quotearg_n_style (0, escape_quoting_style, host),
|
|
|
|
quote_n (1, issuer));
|
2005-07-07 11:31:37 -04:00
|
|
|
/* Try to print more user-friendly (and translated) messages for
|
2007-08-02 23:38:21 -04:00
|
|
|
the frequent verification errors. */
|
2005-07-07 11:31:37 -04:00
|
|
|
switch (vresult)
|
2007-08-02 23:38:21 -04:00
|
|
|
{
|
|
|
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
|
|
|
logprintf (LOG_NOTQUIET,
|
|
|
|
_(" Unable to locally verify the issuer's authority.\n"));
|
|
|
|
break;
|
|
|
|
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
|
|
|
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
2009-10-24 19:06:44 -04:00
|
|
|
logprintf (LOG_NOTQUIET,
|
|
|
|
_(" Self-signed certificate encountered.\n"));
|
2007-08-02 23:38:21 -04:00
|
|
|
break;
|
|
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
|
|
logprintf (LOG_NOTQUIET, _(" Issued certificate not yet valid.\n"));
|
|
|
|
break;
|
|
|
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
|
|
logprintf (LOG_NOTQUIET, _(" Issued certificate has expired.\n"));
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* For the less frequent error strings, simply provide the
|
|
|
|
OpenSSL error message. */
|
|
|
|
logprintf (LOG_NOTQUIET, " %s\n",
|
|
|
|
X509_verify_cert_error_string (vresult));
|
|
|
|
}
|
2005-06-22 15:38:10 -04:00
|
|
|
success = false;
|
2005-05-16 16:32:55 -04:00
|
|
|
/* Fall through, so that the user is warned about *all* issues
|
2007-08-02 23:38:21 -04:00
|
|
|
with the cert (important with --no-check-certificate.) */
|
2005-05-10 11:17:37 -04:00
|
|
|
}
|
|
|
|
|
2005-05-13 15:07:47 -04:00
|
|
|
/* Check that HOST matches the common name in the certificate.
|
|
|
|
#### The following remains to be done:
|
2005-05-10 17:16:00 -04:00
|
|
|
|
2005-05-11 03:58:57 -04:00
|
|
|
- When matching against common names, it should loop over all
|
2005-05-11 04:47:18 -04:00
|
|
|
common names and choose the most specific one, i.e. the last
|
2005-05-11 11:52:27 -04:00
|
|
|
one, not the first one, which the current code picks.
|
|
|
|
|
2005-05-25 11:48:16 -04:00
|
|
|
- Ensure that ASN1 strings from the certificate are encoded as
|
|
|
|
UTF-8 which can be meaningfully compared to HOST. */
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2009-10-24 19:06:44 -04:00
|
|
|
subjectAltNames = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
|
2009-08-19 03:44:22 -04:00
|
|
|
|
2009-10-24 19:06:44 -04:00
|
|
|
if (subjectAltNames)
|
2005-05-10 11:17:37 -04:00
|
|
|
{
|
2009-10-24 19:06:44 -04:00
|
|
|
/* Test subject alternative names */
|
|
|
|
|
|
|
|
/* Do we want to check for dNSNAmes or ipAddresses (see RFC 2818)?
|
|
|
|
* Signal it by host_in_octet_string. */
|
2010-01-13 23:41:15 -05:00
|
|
|
ASN1_OCTET_STRING *host_in_octet_string = a2i_IPADDRESS (host);
|
2009-10-24 19:06:44 -04:00
|
|
|
|
|
|
|
int numaltnames = sk_GENERAL_NAME_num (subjectAltNames);
|
|
|
|
int i;
|
|
|
|
for (i=0; i < numaltnames; i++)
|
|
|
|
{
|
|
|
|
const GENERAL_NAME *name =
|
|
|
|
sk_GENERAL_NAME_value (subjectAltNames, i);
|
|
|
|
if (name)
|
|
|
|
{
|
|
|
|
if (host_in_octet_string)
|
|
|
|
{
|
|
|
|
if (name->type == GEN_IPADD)
|
|
|
|
{
|
|
|
|
/* Check for ipAddress */
|
|
|
|
/* TODO: Should we convert between IPv4-mapped IPv6
|
|
|
|
* addresses and IPv4 addresses? */
|
|
|
|
alt_name_checked = true;
|
|
|
|
if (!ASN1_STRING_cmp (host_in_octet_string,
|
|
|
|
name->d.iPAddress))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (name->type == GEN_DNS)
|
|
|
|
{
|
|
|
|
/* dNSName should be IA5String (i.e. ASCII), however who
|
|
|
|
* does trust CA? Convert it into UTF-8 for sure. */
|
|
|
|
unsigned char *name_in_utf8 = NULL;
|
2010-01-13 23:41:15 -05:00
|
|
|
|
|
|
|
/* Check for dNSName */
|
|
|
|
alt_name_checked = true;
|
|
|
|
|
2009-10-24 19:06:44 -04:00
|
|
|
if (0 <= ASN1_STRING_to_UTF8 (&name_in_utf8, name->d.dNSName))
|
|
|
|
{
|
|
|
|
/* Compare and check for NULL attack in ASN1_STRING */
|
|
|
|
if (pattern_match ((char *)name_in_utf8, host) &&
|
|
|
|
(strlen ((char *)name_in_utf8) ==
|
|
|
|
ASN1_STRING_length (name->d.dNSName)))
|
|
|
|
{
|
|
|
|
OPENSSL_free (name_in_utf8);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
OPENSSL_free (name_in_utf8);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sk_GENERAL_NAME_free (subjectAltNames);
|
|
|
|
if (host_in_octet_string)
|
|
|
|
ASN1_OCTET_STRING_free(host_in_octet_string);
|
|
|
|
|
|
|
|
if (alt_name_checked == true && i >= numaltnames)
|
|
|
|
{
|
|
|
|
logprintf (LOG_NOTQUIET,
|
|
|
|
_("%s: no certificate subject alternative name matches\n"
|
|
|
|
"\trequested host name %s.\n"),
|
|
|
|
severity, quote_n (1, host));
|
|
|
|
success = false;
|
|
|
|
}
|
2005-05-10 11:17:37 -04:00
|
|
|
}
|
2009-10-24 19:06:44 -04:00
|
|
|
|
|
|
|
if (alt_name_checked == false)
|
2009-08-19 04:15:27 -04:00
|
|
|
{
|
2009-10-24 19:06:44 -04:00
|
|
|
/* Test commomName */
|
|
|
|
X509_NAME *xname = X509_get_subject_name(cert);
|
|
|
|
common_name[0] = '\0';
|
|
|
|
X509_NAME_get_text_by_NID (xname, NID_commonName, common_name,
|
|
|
|
sizeof (common_name));
|
2009-08-19 04:15:27 -04:00
|
|
|
|
2009-10-24 19:06:44 -04:00
|
|
|
if (!pattern_match (common_name, host))
|
2009-08-19 04:15:27 -04:00
|
|
|
{
|
|
|
|
logprintf (LOG_NOTQUIET, _("\
|
2009-10-24 19:06:44 -04:00
|
|
|
%s: certificate common name %s doesn't match requested host name %s.\n"),
|
|
|
|
severity, quote_n (0, common_name), quote_n (1, host));
|
2009-08-19 04:15:27 -04:00
|
|
|
success = false;
|
|
|
|
}
|
2009-10-24 19:06:44 -04:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* We now determine the length of the ASN1 string. If it
|
|
|
|
* differs from common_name's length, then there is a \0
|
|
|
|
* before the string terminates. This can be an instance of a
|
|
|
|
* null-prefix attack.
|
|
|
|
*
|
|
|
|
* https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
|
|
|
|
* */
|
|
|
|
|
|
|
|
int i = -1, j;
|
|
|
|
X509_NAME_ENTRY *xentry;
|
|
|
|
ASN1_STRING *sdata;
|
|
|
|
|
|
|
|
if (xname) {
|
|
|
|
for (;;)
|
|
|
|
{
|
|
|
|
j = X509_NAME_get_index_by_NID (xname, NID_commonName, i);
|
|
|
|
if (j == -1) break;
|
|
|
|
i = j;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
xentry = X509_NAME_get_entry(xname,i);
|
|
|
|
sdata = X509_NAME_ENTRY_get_data(xentry);
|
|
|
|
if (strlen (common_name) != ASN1_STRING_length (sdata))
|
|
|
|
{
|
|
|
|
logprintf (LOG_NOTQUIET, _("\
|
|
|
|
%s: certificate common name is invalid (contains a NUL character).\n\
|
|
|
|
This may be an indication that the host is not who it claims to be\n\
|
|
|
|
(that is, it is not the real %s).\n"),
|
|
|
|
severity, quote (host));
|
|
|
|
success = false;
|
|
|
|
}
|
|
|
|
}
|
2009-08-19 04:15:27 -04:00
|
|
|
}
|
2009-09-21 23:39:44 -04:00
|
|
|
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2005-05-16 16:32:55 -04:00
|
|
|
if (success)
|
|
|
|
DEBUGP (("X509 certificate successfully verified and matches host %s\n",
|
2008-04-26 08:34:30 -04:00
|
|
|
quotearg_style (escape_quoting_style, host)));
|
2005-05-16 16:52:28 -04:00
|
|
|
X509_free (cert);
|
2005-05-10 11:17:37 -04:00
|
|
|
|
2005-05-25 11:48:16 -04:00
|
|
|
no_cert:
|
2005-05-11 11:52:27 -04:00
|
|
|
if (opt.check_cert && !success)
|
|
|
|
logprintf (LOG_NOTQUIET, _("\
|
|
|
|
To connect to %s insecurely, use `--no-check-certificate'.\n"),
|
2008-04-26 08:34:30 -04:00
|
|
|
quotearg_style (escape_quoting_style, host));
|
2005-05-10 11:17:37 -04:00
|
|
|
|
|
|
|
/* Allow --no-check-cert to disable certificate checking. */
|
2005-06-22 15:38:10 -04:00
|
|
|
return opt.check_cert ? success : true;
|
2005-05-10 11:17:37 -04:00
|
|
|
}
|
2009-10-24 19:06:44 -04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* vim: tabstop=2 shiftwidth=2 softtabstop=2
|
|
|
|
*/
|