/*
* This is the main global destructor for the app. Call this after
* _all_ libcurl usage is done.
*/
static void main_free(struct GlobalConfig *config)
{
/* Cleanup the easy handle */
curl_easy_cleanup(config->easy);
config->easy = NULL;
/* Main cleanup */
curl_global_cleanup();
convert_cleanup();
metalink_cleanup();
#ifdef USE_NSS
if(PR_Initialized()) {
/* prevent valgrind from reporting still reachable mem from NSRP arenas */
PL_ArenaFinish();
/* prevent valgrind from reporting possibly lost memory (fd cache, ...) */
PR_Cleanup();
}
#endif
free_config_fields(config);
/* Free the config structures */
config_free(config->last);
config->first = NULL;
config->last = NULL;
}
static void atexit_handler(void) {
if (PR_Initialized())
PR_Cleanup();
if (fclose(stdout)!=0) {
fprintf(stderr,"Can't close stdout!\n");
exit(1);
}
}
void
SEC_Init(void)
{
/* PR_Init() must be called before SEC_Init() */
#if !defined(SERVER_BUILD)
PORT_Assert(PR_Initialized() == PR_TRUE);
#endif
if (sec_inited)
return;
sec_inited = 1;
}
int main(int argc, char **argv)
{
char *URL;
int result;
#ifdef O_BINARY
# ifdef __HIGHC__
_setmode(stdout, O_BINARY);
# else
setmode(fileno(stdout), O_BINARY);
# endif
#endif
memory_tracking_init();
/*
* Setup proper locale from environment. This is needed to enable locale-
* specific behaviour by the C library in order to test for undesired side
* effects that could cause in libcurl.
*/
#ifdef HAVE_SETLOCALE
setlocale(LC_ALL, "");
#endif
if(argc< 2) {
fprintf(stderr, "Pass URL as argument please\n");
return 1;
}
test_argc = argc;
test_argv = argv;
if(argc>2)
libtest_arg2 = argv[2];
if(argc>3)
libtest_arg3 = argv[3];
URL = argv[1]; /* provide this to the rest */
fprintf(stderr, "URL: %s\n", URL);
result = test(URL);
#ifdef USE_NSS
if(PR_Initialized())
/* prevent valgrind from reporting possibly lost memory (fd cache, ...) */
PR_Cleanup();
#endif
return result;
}
NSAPI_PUBLIC void systhread_init(char *name)
{
if (!PR_Initialized()) {
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
}
// XXX: ruslan - this bug can potentially exist on all plafroms due to
// possible priority inversion on NSPR spin locks. This code will
// need to be remove as we get new NSPR drop
// <WORKAROUND>
/* VB: This is to fix bug# 364813 coupled with NSPR not wanting to patch
their problems. The fix is to prevent NSPR itself from
using atomic stacks.
*/
// ruslan: this problem exists on DEC also. We will roll it back when
// we have the right fix from NSPR group. It has smth. to do with
// atomic operations on DEC, it's an assembly code which is different
// for every platform. NSPR_FD_CACHE_SIZE_HIGH env var will cause the
// same effect as this fix. Debug version of NSPR always works as it doesn't
// have FD stack.
int maxPRFdCache = 8192;
PR_SetFDCacheSize(0, maxPRFdCache);
// </WORKAROUND>
}
int
__pmSecureServerInit(void)
{
const PRUint16 *cipher;
SECStatus secsts;
int pathSpecified;
int sts = 0;
PM_INIT_LOCKS();
PM_LOCK(secureserver_lock);
/* Only attempt this once. */
if (secure_server.initialized)
goto done;
secure_server.initialized = 1;
if (PR_Initialized() != PR_TRUE)
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* Configure optional (cmdline) password file in case DB locked */
PK11_SetPasswordFunc(certificate_database_password);
/*
* Configure location of the NSS database with a sane default.
* For servers, we default to the shared (sql) system-wide database.
* If command line db specified, pass it directly through - allowing
* any old database format, at the users discretion.
*/
if (!secure_server.database_path[0]) {
const char *path;
pathSpecified = 0;
path = serverdb(secure_server.database_path, MAXPATHLEN, "sql:");
/* this is the default case on some platforms, so no log spam */
if (access(path, R_OK|X_OK) < 0) {
if (pmDebugOptions.context)
pmNotifyErr(LOG_INFO,
"Cannot access system security database: %s",
secure_server.database_path);
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
}
}
else
pathSpecified = 1;
/*
* pmproxy acts as both a client and server. Since the
* server init path happens first, the db previously
* got opened readonly. Instead try to open RW.
* Fallback if there is an error.
*/
secsts = NSS_InitReadWrite(secure_server.database_path);
if( secsts != SECSuccess )
secsts = NSS_Init(secure_server.database_path);
if (secsts != SECSuccess && !pathSpecified) {
/* fallback, older versions of NSS do not support sql: */
serverdb(secure_server.database_path, MAXPATHLEN, "");
secsts = NSS_Init(secure_server.database_path);
}
if (secsts != SECSuccess) {
pmNotifyErr(LOG_ERR, "Cannot setup certificate DB (%s): %s",
secure_server.database_path,
pmErrStr(__pmSecureSocketsError(PR_GetError())));
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
}
/* Some NSS versions don't do this correctly in NSS_SetDomesticPolicy. */
for (cipher = SSL_GetImplementedCiphers(); *cipher != 0; ++cipher)
SSL_CipherPolicySet(*cipher, SSL_ALLOWED);
/* Configure SSL session cache for multi-process server, using defaults */
secsts = SSL_ConfigMPServerSIDCache(1, 0, 0, NULL);
if (secsts != SECSuccess) {
pmNotifyErr(LOG_ERR, "Unable to configure SSL session ID cache: %s",
pmErrStr(__pmSecureSocketsError(PR_GetError())));
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
} else {
secure_server.ssl_session_cache_setup = 1;
}
/*
* Iterate over any/all PCP Collector nickname certificates,
* seeking one valid certificate. No-such-nickname is not an
* error (not configured by admin at all) but anything else is.
*/
CERTCertList *certlist;
CERTCertDBHandle *nssdb = CERT_GetDefaultCertDB();
CERTCertificate *dbcert = PK11_FindCertFromNickname(secure_server.cert_nickname, NULL);
if (dbcert) {
PRTime now = PR_Now();
SECItem *name = &dbcert->derSubject;
CERTCertListNode *node;
certlist = CERT_CreateSubjectCertList(NULL, nssdb, name, now, PR_FALSE);
if (certlist) {
for (node = CERT_LIST_HEAD(certlist);
!CERT_LIST_END(node, certlist);
node = CERT_LIST_NEXT (node)) {
if (pmDebugOptions.context)
__pmDumpCertificate(stderr, secure_server.cert_nickname, node->cert);
if (!__pmValidCertificate(nssdb, node->cert, now))
continue;
secure_server.certificate_verified = 1;
break;
}
CERT_DestroyCertList(certlist);
}
if (secure_server.certificate_verified) {
secure_server.certificate_KEA = NSS_FindCertKEAType(dbcert);
secure_server.private_key = PK11_FindKeyByAnyCert(dbcert, NULL);
if (!secure_server.private_key) {
pmNotifyErr(LOG_ERR, "Unable to extract %s private key",
secure_server.cert_nickname);
CERT_DestroyCertificate(dbcert);
secure_server.certificate_verified = 0;
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
}
} else {
pmNotifyErr(LOG_ERR, "Unable to find a valid %s", secure_server.cert_nickname);
CERT_DestroyCertificate(dbcert);
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
}
}
if (! secure_server.certificate_verified) {
if (pmDebugOptions.context) {
pmNotifyErr(LOG_INFO, "No valid %s in security database: %s",
secure_server.cert_nickname, secure_server.database_path);
}
sts = -EOPNOTSUPP; /* not fatal - just no secure connections */
secure_server.init_failed = 1;
goto done;
}
secure_server.certificate = dbcert;
secure_server.init_failed = 0;
sts = 0;
done:
PM_UNLOCK(secureserver_lock);
return sts;
}