static herror_t _hssl_server_context_init(void) { log_verbose3("enabled=%i, certificate=%p", enabled, certificate); if (!enabled || !certificate) return H_OK; if (!(context = SSL_CTX_new(SSLv23_method()))) { log_error1("Cannot create SSL context"); return herror_new("_hssl_server_context_init", HSSL_ERROR_CONTEXT, "Unable to create SSL context"); } if (!(SSL_CTX_use_certificate_file(context, certificate, SSL_FILETYPE_PEM))) { log_error2("Cannot read certificate file: \"%s\"", certificate); SSL_CTX_free(context); return herror_new("_hssl_server_context_init", HSSL_ERROR_CERTIFICATE, "Unable to use SSL certificate \"%s\"", certificate); } SSL_CTX_set_default_passwd_cb(context, _hssl_password_callback); if (!(SSL_CTX_use_PrivateKey_file(context, certificate, SSL_FILETYPE_PEM))) { log_error2("Cannot read key file: \"%s\"", certificate); SSL_CTX_free(context); return herror_new("_hssl_server_context_init", HSSL_ERROR_PEM, "Unable to use private key"); } if (ca_list != NULL && *ca_list != '\0') { if (!(SSL_CTX_load_verify_locations(context, ca_list, NULL))) { SSL_CTX_free(context); log_error2("Cannot read CA list: \"%s\"", ca_list); return herror_new("_hssl_server_context_init", HSSL_ERROR_CA_LIST, "Unable to read certification authorities \"%s\""); } SSL_CTX_set_client_CA_list(context, SSL_load_client_CA_file(ca_list)); log_verbose1("Certification authority contacted"); } SSL_CTX_set_verify(context, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, _hssl_cert_verify_callback); log_verbose1("Certificate verification callback registered"); SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY); SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF); _hssl_superseed(); return H_OK; }
void hpairnode_dump_deep(hpair_t * pair) { hpair_t *p; p = pair; log_verbose1("-- BEGIN dump hpairnode_t --"); while (p != NULL) { hpairnode_dump(p); p = p->next; } log_verbose1("-- END dump hpairnode_t --\n"); }
herror_t hssl_module_init(int argc, char **argv) { _hssl_parse_arguments(argc, argv); if (enabled) { _hssl_library_init(); log_verbose1("SSL enabled"); } else { log_verbose1("SSL _not_ enabled"); } return _hssl_server_context_init(); }
herror_t hssl_client_ssl(hsocket_t * sock) { SSL *ssl; int ret; log_verbose1("Starting SSL client initialization"); if (!(ssl = SSL_new(context))) { log_error1("Cannot create new SSL object"); return herror_new("hssl_client_ssl", HSSL_ERROR_CLIENT, "SSL_new failed"); } SSL_set_fd(ssl, sock->sock); if ((ret = SSL_connect(ssl)) <= 0) { herror_t err; log_error2("SSL connect error (%s)", _hssl_get_error(ssl, -1)); err = herror_new("hssl_client_ssl", HSSL_ERROR_CONNECT, "SSL_connect failed (%s)", _hssl_get_error(ssl, ret)); SSL_free(ssl); return err; } /* SSL_connect should take care of this for us. if (SSL_get_peer_certificate(ssl) == NULL) { log_error1("No certificate provided"); SSL_free(ssl); return herror_new("hssl_client_ssl", HSSL_ERROR_CERTIFICATE, "No certificate provided"); } if (SSL_get_verify_result(ssl) != X509_V_OK) { log_error1("Certificate did not verify"); SSL_free(ssl); return herror_new("hssl_client_ssl", HSSL_ERROR_CERTIFICATE, "Verfiy certificate failed"); } */ log_verbose1("SSL client initialization completed"); sock->ssl = ssl; return H_OK; }
void hpairnode_dump(hpair_t * pair) { if (pair == NULL) { log_verbose1("(NULL)[]"); return; } log_verbose5("(%p)['%s','%s','%p']", pair, SAVE_STR(pair->key), SAVE_STR(pair->value), pair->next); }
static int _hssl_dummy_verify_cert(X509 * cert) { /* TODO: Make sure that the client is providing a client cert, or that the Module is providing the Module cert */ /* connect to anyone */ log_verbose1("Validating certificate."); return 1; }
xmlNodePtr soap_env_get_method(SoapEnv * env) { xmlNodePtr body; if (!(body = soap_env_get_body(env))) { log_verbose1("SoapEnv contains no Body"); return NULL; } /* method is the first child */ return soap_xml_get_children(body); }
/** Send boundary and part header and continue with next part */ herror_t httpc_mime_send_file(httpc_conn_t * conn, const char *content_id, const char *content_type, const char *transfer_encoding, const char *filename) { herror_t status; FILE *fd = fopen(filename, "rb"); byte_t buffer[MAX_FILE_BUFFER_SIZE]; size_t size; if (fd == NULL) return herror_new("httpc_mime_send_file", FILE_ERROR_OPEN, "Can not open file '%s'", filename); status = httpc_mime_next(conn, content_id, content_type, transfer_encoding); if (status != H_OK) { fclose(fd); return status; } while (!feof(fd)) { size = fread(buffer, 1, MAX_FILE_BUFFER_SIZE, fd); if (size == -1) { fclose(fd); return herror_new("httpc_mime_send_file", FILE_ERROR_READ, "Can not read from file '%s'", filename); } if (size > 0) { /* DEBUG: fwrite(buffer, 1, size, stdout); */ status = http_output_stream_write(conn->out, buffer, size); if (status != H_OK) { fclose(fd); return status; } } } fclose(fd); log_verbose1("file sent!"); return H_OK; }
static void _hssl_library_init(void) { static int initialized = 0; if (!initialized) { log_verbose1("Initializing library"); SSL_library_init(); SSL_load_error_strings(); ERR_load_crypto_strings(); OpenSSL_add_ssl_algorithms(); initialized = 1; } return; }
static int _hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx) { /* if ((X509_STORE_CTX_get_error(ctx) = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)) { log_verbose1("Self signed cert in chain"); return 1; } */ log_verbose2("Cert depth = %d", X509_STORE_CTX_get_error_depth(ctx)); if (X509_STORE_CTX_get_error_depth(ctx) == 0) { return _hssl_verify_cert(X509_STORE_CTX_get_current_cert(ctx)); } else { log_verbose1("Cert ok (prev)"); return prev_ok; } }
char * soap_env_find_urn(SoapEnv * env) { xmlNsPtr ns; xmlNodePtr body, node; if (!(body = soap_env_get_body(env))) { log_verbose1("body is NULL"); return 0; } /* node is the first child */ if (!(node = soap_xml_get_children(body))) { log_error1("No namespace found"); return 0; } /* if (node->ns && node->ns->prefix) MRC 1/25/2006 */ if (node->ns) { ns = xmlSearchNs(body->doc, node, node->ns->prefix); if (ns != NULL) { return((char *) ns->href); /* namespace found! */ } } else { static char *empty = ""; log_warn1("No namespace found"); return(empty); } return 0; }
/*-------------------------------------------------- FUNCTION: httpc_talk_to_server DESC: This function is the heart of the httpc module. It will send the request and process the response. Here the parameters: method: the request method. This can be HTTP_REQUEST_POST and HTTP_REQUEST_GET. conn: the connection object (created with httpc_new()) urlstr: the complete url in string format. http://<host>:<port>/<context> where <port> is not mendatory. start_cb: a callback function, which will be called when the response header is completely arrives. cb: a callback function, which will be called everytime when data arrives. content_size: size of content to send. (only if method is HTTP_REQUEST_POST) content: the content data to send. (only if method is HTTP_REQUEST_POST) userdata: a user define data, which will be passed to the start_cb and cb callbacks as a parameter. This can also be NULL. If success, this function will return 0. >0 otherwise. ----------------------------------------------------*/ static herror_t httpc_talk_to_server(hreq_method_t method, httpc_conn_t * conn, const char *urlstr) { hurl_t url; char buffer[4096]; herror_t status; int ssl; if (conn == NULL) { return herror_new("httpc_talk_to_server", GENERAL_INVALID_PARAM, "httpc_conn_t param is NULL"); } /* Build request header */ httpc_header_set_date(conn); if ((status = hurl_parse(&url, urlstr)) != H_OK) { log_error2("Can not parse URL '%s'", SAVE_STR(urlstr)); return status; } /* TODO (#1#): Check for HTTP protocol in URL */ /* Set hostname */ httpc_set_header(conn, HEADER_HOST, url.host); ssl = url.protocol == PROTOCOL_HTTPS ? 1 : 0; /* Open connection */ if ((status = hsocket_open(&conn->sock, url.host, url.port, ssl)) != H_OK) return status; switch(method) { case HTTP_REQUEST_GET: sprintf(buffer, "GET %s HTTP/%s\r\n", (url.context[0] != '\0') ? url.context : ("/"), (conn->version == HTTP_1_0) ? "1.0" : "1.1"); break; case HTTP_REQUEST_POST: sprintf(buffer, "POST %s HTTP/%s\r\n", (url.context[0] != '\0') ? url.context : ("/"), (conn->version == HTTP_1_0) ? "1.0" : "1.1"); break; default: log_error1("Unknown method type!"); return herror_new("httpc_talk_to_server", GENERAL_INVALID_PARAM, "hreq_method_t must be HTTP_REQUEST_GET or HTTP_REQUEST_POST"); } log_verbose1("Sending request..."); if ((status = hsocket_send(&(conn->sock), buffer)) != H_OK) { log_error2("Cannot send request (%s)", herror_message(status)); hsocket_close(&(conn->sock)); return status; } log_verbose1("Sending header..."); if ((status = httpc_send_header(conn)) != H_OK) { log_error2("Cannot send header (%s)", herror_message(status)); hsocket_close(&(conn->sock)); return status; } return H_OK; }