From e754c99b46a6a699d116f62d97603e20bdb4b265 Mon Sep 17 00:00:00 2001 From: hniksic Date: Tue, 5 Dec 2000 15:35:56 -0800 Subject: [PATCH] [svn] Cosmetic cleanup of SSL stuff. --- src/ChangeLog | 11 +++ src/gen_sslfunc.c | 82 ++++++++++++--------- src/gen_sslfunc.h | 14 ++-- src/http.c | 184 ++++++++++++++++++---------------------------- 4 files changed, 136 insertions(+), 155 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 1ad37a12..aca13ab3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,14 @@ +2000-12-06 Hrvoje Niksic + + * gen_sslfunc.h: Use ansi2knr style function declarations. + + * gen_sslfunc.c: Reformat according to the GNU coding standards. + More should be done. + + * http.c (persistent_available_p): Place the cheap SSL test nearer + the top of the function. + (CLOSE_FINISH, CLOSE_INVALIDATE): Define only one version of each. + 2000-12-03 Christian Fraenkel * Makefile.in: added gen_sslfunc object diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c index 6fc0de15..44ff5022 100644 --- a/src/gen_sslfunc.c +++ b/src/gen_sslfunc.c @@ -30,61 +30,71 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include #include "wget.h" #include "connect.h" -int verify_callback(int ok, X509_STORE_CTX *ctx); + +/* #### Shouldn't this be static? --hniksic */ +int verify_callback PARAMS ((int, X509_STORE_CTX *)); /* Creates a SSL Context and sets some defaults for it */ -int init_ssl(SSL_CTX **ctx) +int +init_ssl (SSL_CTX **ctx) { -SSL_METHOD *meth=NULL; -int verify=SSL_VERIFY_NONE; - SSL_library_init(); - SSL_load_error_strings(); - SSLeay_add_all_algorithms(); - SSLeay_add_ssl_algorithms(); - meth = SSLv23_client_method(); - *ctx = SSL_CTX_new(meth); - SSL_CTX_set_verify(*ctx,verify,verify_callback); - if (*ctx==NULL) return SSL_ERR_CTX_CREATION; -return 0; /* Succeded */ + SSL_METHOD *meth = NULL; + int verify = SSL_VERIFY_NONE; + SSL_library_init (); + SSL_load_error_strings (); + SSLeay_add_all_algorithms (); + SSLeay_add_ssl_algorithms (); + meth = SSLv23_client_method (); + *ctx = SSL_CTX_new (meth); + SSL_CTX_set_verify (*ctx, verify, verify_callback); + if (*ctx == NULL) return SSL_ERR_CTX_CREATION; + return 0; /* Succeded */ } /* Sets up a SSL structure and performs the handshake on fd Returns 0 if everything went right - Returns 1 if something went wrong ----- TODO: More exit codes + Returns 1 if something went wrong ----- TODO: More exit codes */ -int connect_ssl (SSL **con, SSL_CTX *ctx, int fd) +int +connect_ssl (SSL **con, SSL_CTX *ctx, int fd) { - *con=(SSL *)SSL_new(ctx); - SSL_set_fd(*con,fd); - SSL_set_connect_state(*con); - SSL_connect(*con); - if ((*con)->state !=SSL_ST_OK) + *con = (SSL *)SSL_new (ctx); + SSL_set_fd (*con, fd); + SSL_set_connect_state (*con); + SSL_connect (*con); + if ((*con)->state != SSL_ST_OK) return 1; -return 0; + return 0; } -void shutdown_ssl (SSL* con) +void +shutdown_ssl (SSL* con) { - SSL_shutdown(con); - if (con != NULL) SSL_free(con); + SSL_shutdown (con); + if (con != NULL) + SSL_free (con); } -void free_ssl_ctx (SSL_CTX * ctx) { - SSL_CTX_free(ctx); +void +free_ssl_ctx (SSL_CTX * ctx) +{ + SSL_CTX_free (ctx); } -int verify_callback(int ok, X509_STORE_CTX *ctx){ -char *s,buf[256]; - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); +int +verify_callback (int ok, X509_STORE_CTX *ctx) +{ + char *s, buf[256]; + s = X509_NAME_oneline (X509_get_subject_name (ctx->current_cert), buf, 256); if (ok == 0) { switch (ctx->error) { - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - ok=1; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + ok = 1; } } - return(ok); + return ok; } /* SSL version of iread. Only exchanged read for SSL_read @@ -98,7 +108,7 @@ ssl_iread (SSL *con, char *buf, int len) { int res; int fd; - BIO_get_fd(con->rbio,&fd); + BIO_get_fd (con->rbio, &fd); do { #ifdef HAVE_SELECT @@ -138,7 +148,7 @@ ssl_iwrite (SSL *con, char *buf, int len) { int res = 0; int fd; - BIO_get_fd(con->rbio,&fd); + BIO_get_fd (con->rbio, &fd); /* `write' may write less than LEN bytes, thus the outward loop keeps trying it until all was written, or an error occurred. The inner loop is reserved for the usual EINTR f*kage, and the diff --git a/src/gen_sslfunc.h b/src/gen_sslfunc.h index 9aae4f3b..066ebfed 100644 --- a/src/gen_sslfunc.h +++ b/src/gen_sslfunc.h @@ -21,11 +21,11 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ # include #endif -int init_ssl(SSL_CTX **ctx); -int connect_ssl (SSL **con, SSL_CTX *ctx, int fd); -void shutdown_ssl (SSL* con); -void free_ssl_ctx (SSL_CTX * ctx); -int verify_callback(int ok, X509_STORE_CTX *ctx); -int ssl_iread (SSL *con, char *buf, int len); -int ssl_iwrite (SSL *con, char *buf, int len); +int init_ssl PARAMS ((SSL_CTX **)); +int connect_ssl PARAMS ((SSL **, SSL_CTX *, int)); +void shutdown_ssl PARAMS ((SSL*)); +void free_ssl_ctx PARAMS ((SSL_CTX *)); +int verify_callback PARAMS ((int, X509_STORE_CTX *)); +int ssl_iread PARAMS ((SSL *, char *, int)); +int ssl_iwrite PARAMS ((SSL *, char *, int)); diff --git a/src/http.c b/src/http.c index 71706e1d..0c4ca9a7 100644 --- a/src/http.c +++ b/src/http.c @@ -311,11 +311,11 @@ invalidate_persistent (void) If a previous connection was persistent, it is closed. */ static void -#ifndef HAVE_SSL -register_persistent (const char *host, unsigned short port, int fd) -#else -register_persistent (const char *host, unsigned short port, int fd, SSL* ssl) -#endif /* HAVE_SSL */ +register_persistent (const char *host, unsigned short port, int fd +#ifdef HAVE_SSL + , SSL *ssl +#endif + ) { int success; @@ -335,9 +335,11 @@ register_persistent (const char *host, unsigned short port, int fd, SSL* ssl) different host, and try to register a persistent connection to that one. */ #ifdef HAVE_SSL - /* the ssl disconnect has to take place before the closing of pc_last_fd */ - if (pc_last_ssl) shutdown_ssl(pc_last_ssl); -#endif /* HAVE_SSL */ + /* The ssl disconnect has to take place before the closing + of pc_last_fd. */ + if (pc_last_ssl) + shutdown_ssl(pc_last_ssl); +#endif CLOSE (pc_last_fd); invalidate_persistent (); } @@ -351,9 +353,9 @@ register_persistent (const char *host, unsigned short port, int fd, SSL* ssl) pc_last_fd = fd; pc_active_p = 1; #ifdef HAVE_SSL - pc_last_ssl=ssl; - pc_active_ssl= ssl ? 1 : 0; -#endif /* HAVE_SSL */ + pc_last_ssl = ssl; + pc_active_ssl = ssl ? 1 : 0; +#endif DEBUGP (("Registered fd %d for persistent reuse.\n", fd)); } @@ -361,11 +363,11 @@ register_persistent (const char *host, unsigned short port, int fd, SSL* ssl) connecting to HOST:PORT. */ static int -#ifndef HAVE_SSL -persistent_available_p (const char *host, unsigned short port) -#else -persistent_available_p (const char *host, unsigned short port,int ssl) -#endif /* HAVE_SSL */ +persistent_available_p (const char *host, unsigned short port +#ifdef HAVE_SSL + int ssl +#endif + ) { unsigned char this_host[4]; /* First, check whether a persistent connection is active at all. */ @@ -375,6 +377,15 @@ persistent_available_p (const char *host, unsigned short port,int ssl) (HOST, PORT) ordered pair. */ if (port != pc_last_port) return 0; +#ifdef HAVE_SSL + /* Second, a): check if current connection is (not) ssl, too. This + test is unlikely to fail because HTTP and HTTPS typicaly use + different ports. Yet it is possible, or so I [Christian + Fraenkel] have been told, to run HTTPS and HTTP simultaneus on + the same port. */ + if (ssl != pc_active_ssl) + return 0; +#endif /* HAVE_SSL */ if (!store_hostaddress (this_host, host)) return 0; if (memcmp (pc_last_host, this_host, 4)) @@ -394,18 +405,18 @@ persistent_available_p (const char *host, unsigned short port,int ssl) invalidate_persistent (); return 0; } -#ifdef HAVE_SSL - /* Fourth: check if current connection is (not) ssl, too. - This test is unlikely to fail because HTTP and HTTPS - typicaly use different ports. Yet it is possible (or so - I have been told) to run HTTPS and HTTP simultaneus on - the same port. */ - if (ssl!=pc_active_ssl) - return 0; -#endif /* HAVE_SSL */ return 1; } +#ifdef HAVE_SSL +# define SHUTDOWN_SSL(ssl) do { \ + if (ssl) \ + shutdown_ssl (ssl); \ +} while (0) +#else +# define SHUTDOWN_SSL(ssl) +#endif + /* The idea behind these two CLOSE macros is to distinguish between two cases: one when the job we've been doing is finished, and we want to close the connection and leave, and two when something is @@ -421,10 +432,10 @@ persistent_available_p (const char *host, unsigned short port,int ssl) `pc_active_p && (fd) == pc_last_fd' is "we're *now* using an active, registered connection". */ -#ifndef HAVE_SSL #define CLOSE_FINISH(fd) do { \ if (!keep_alive) \ { \ + SHUTDOWN_SSL (ssl); \ CLOSE (fd); \ if (pc_active_p && (fd) == pc_last_fd) \ invalidate_persistent (); \ @@ -432,30 +443,11 @@ persistent_available_p (const char *host, unsigned short port,int ssl) } while (0) #define CLOSE_INVALIDATE(fd) do { \ + SHUTDOWN_SSL (ssl); \ CLOSE (fd); \ if (pc_active_p && (fd) == pc_last_fd) \ invalidate_persistent (); \ } while (0) - -#else - -#define CLOSE_FINISH(fd,ssl) do { \ - if (!keep_alive) \ - { \ - if (ssl) shutdown_ssl(ssl); \ - CLOSE (fd); \ - if (pc_active_p && (fd) == pc_last_fd) \ - invalidate_persistent (); \ - } \ -} while (0) - -#define CLOSE_INVALIDATE(fd,ssl) do { \ - if (ssl) shutdown_ssl(ssl); \ - CLOSE (fd); \ - if (pc_active_p && (fd) == pc_last_fd) \ - invalidate_persistent (); \ -} while (0) -#endif /* HAVE_SSL */ struct http_stat { @@ -525,8 +517,8 @@ gethttp (struct urlinfo *u, struct http_stat *hs, int *dt) int auth_tried_already; struct rbuf rbuf; #ifdef HAVE_SSL - static SSL_CTX *ssl_ctx=NULL; - SSL *ssl=NULL; + static SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; #endif /* HAVE_SSL */ /* Whether this connection will be kept alive after the HTTP request @@ -542,7 +534,8 @@ gethttp (struct urlinfo *u, struct http_stat *hs, int *dt) #ifdef HAVE_SSL /* initialize ssl_ctx on first run */ - if (!ssl_ctx) init_ssl(&ssl_ctx); + if (!ssl_ctx) + init_ssl (&ssl_ctx); #endif /* HAVE_SSL */ if (!(*dt & HEAD_ONLY)) @@ -579,11 +572,13 @@ gethttp (struct urlinfo *u, struct http_stat *hs, int *dt) /* First: establish the connection. */ if (inhibit_keep_alive + || #ifndef HAVE_SSL - || !persistent_available_p (u->host, u->port)) + !persistent_available_p (u->host, u->port) #else - || !persistent_available_p (u->host, u->port, (u->proto==URLHTTPS ? 1 : 0))) + !persistent_available_p (u->host, u->port, (u->proto==URLHTTPS ? 1 : 0)) #endif /* HAVE_SSL */ + ) { logprintf (LOG_VERBOSE, _("Connecting to %s:%hu... "), u->host, u->port); err = make_connection (&sock, u->host, u->port); @@ -620,12 +615,14 @@ gethttp (struct urlinfo *u, struct http_stat *hs, int *dt) break; } #ifdef HAVE_SSL - if (u->proto==URLHTTPS) if (connect_ssl(&ssl,ssl_ctx,sock)!=0) { - logputs (LOG_VERBOSE, "\n"); - logprintf (LOG_NOTQUIET, _("Unable to establish SSL connection.\n")); - CLOSE (sock); - return CONSSLERR; - } + if (u->proto == URLHTTPS) + if (connect_ssl (&ssl, ssl_ctx,sock) != 0) + { + logputs (LOG_VERBOSE, "\n"); + logprintf (LOG_NOTQUIET, _("Unable to establish SSL connection.\n")); + CLOSE (sock); + return CONSSLERR; + } #endif /* HAVE_SSL */ } else @@ -798,23 +795,17 @@ Accept: %s\r\n\ /* Send the request to server. */ #ifdef HAVE_SSL - if (u->proto==URLHTTPS) { - num_written = ssl_iwrite (ssl, request, strlen (request)); - } else { -#endif /* HAVE_SSL */ - num_written = iwrite (sock, request, strlen (request)); -#ifdef HAVE_SSL - } + if (u->proto == URLHTTPS) + num_written = ssl_iwrite (ssl, request, strlen (request)); + else #endif /* HAVE_SSL */ + num_written = iwrite (sock, request, strlen (request)); + if (num_written < 0) { logprintf (LOG_VERBOSE, _("Failed writing HTTP request: %s.\n"), strerror (errno)); -#ifndef HAVE_SSL - CLOSE_INVALIDATE (sock); -#else - CLOSE_INVALIDATE (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_INVALIDATE (sock); return WRITEFAILED; } logprintf (LOG_VERBOSE, _("%s request sent, awaiting response... "), @@ -827,9 +818,10 @@ Accept: %s\r\n\ /* Before reading anything, initialize the rbuf. */ rbuf_initialize (&rbuf, sock); #ifdef HAVE_SSL - if (u->proto == URLHTTPS) { - rbuf.ssl=ssl; - } else { rbuf.ssl=NULL; } + if (u->proto == URLHTTPS) + rbuf.ssl = ssl; + else + rbuf.ssl = NULL; #endif /* HAVE_SSL */ all_headers = NULL; all_length = 0; @@ -865,11 +857,7 @@ Accept: %s\r\n\ FREE_MAYBE (type); FREE_MAYBE (hs->newloc); FREE_MAYBE (all_headers); -#ifndef HAVE_SSL - CLOSE_INVALIDATE (sock); -#else - CLOSE_INVALIDATE (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_INVALIDATE (sock); return HEOF; } else if (status == HG_ERROR) @@ -881,11 +869,7 @@ Accept: %s\r\n\ FREE_MAYBE (type); FREE_MAYBE (hs->newloc); FREE_MAYBE (all_headers); -#ifndef HAVE_SSL - CLOSE_INVALIDATE (sock); -#else - CLOSE_INVALIDATE (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_INVALIDATE (sock); return HERR; } @@ -1038,11 +1022,7 @@ Accept: %s\r\n\ FREE_MAYBE (type); type = NULL; FREEHSTAT (*hs); -#ifndef HAVE_SSL - CLOSE_FINISH (sock); -#else - CLOSE_FINISH (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_FINISH (sock); if (auth_tried_already) { /* If we have tried it already, then there is not point @@ -1118,11 +1098,7 @@ Accept: %s\r\n\ FREE_MAYBE (type); FREE_MAYBE (hs->newloc); FREE_MAYBE (all_headers); -#ifndef HAVE_SSL - CLOSE_INVALIDATE (sock); -#else - CLOSE_INVALIDATE (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_INVALIDATE (sock); return RANGEERR; } @@ -1152,11 +1128,7 @@ Accept: %s\r\n\ _("Location: %s%s\n"), hs->newloc ? hs->newloc : _("unspecified"), hs->newloc ? _(" [following]") : ""); -#ifndef HAVE_SSL - CLOSE_FINISH (sock); -#else - CLOSE_FINISH (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_FINISH (sock); FREE_MAYBE (type); FREE_MAYBE (all_headers); return NEWLOCATION; @@ -1197,11 +1169,7 @@ Accept: %s\r\n\ hs->res = 0; FREE_MAYBE (type); FREE_MAYBE (all_headers); -#ifndef HAVE_SSL - CLOSE_FINISH (sock); -#else - CLOSE_FINISH (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_FINISH (sock); return RETRFINISHED; } @@ -1215,11 +1183,7 @@ Accept: %s\r\n\ if (!fp) { logprintf (LOG_NOTQUIET, "%s: %s\n", u->local, strerror (errno)); -#ifndef HAVE_SSL - CLOSE_FINISH (sock); -#else - CLOSE_FINISH (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_FINISH (sock); FREE_MAYBE (all_headers); return FOPENERR; } @@ -1259,11 +1223,7 @@ Accept: %s\r\n\ hs->res = -2; } FREE_MAYBE (all_headers); -#ifndef HAVE_SSL - CLOSE_FINISH (sock); -#else - CLOSE_FINISH (sock,ssl); -#endif /* HAVE_SSL */ + CLOSE_FINISH (sock); if (hs->res == -2) return FWRITEERR; return RETRFINISHED;