int curl_win32_ascii_to_idn(const char *in, char **out) { int ret = 0; wchar_t *in_w = Curl_convert_UTF8_to_wchar(in); if(in_w) { wchar_t unicode[IDN_MAX_LENGTH]; int chars = IdnToUnicode(0, in_w, wcslen(in_w)+1, unicode, IDN_MAX_LENGTH); free(in_w); if(chars) { *out = Curl_convert_wchar_to_UTF8(unicode); if(*out) ret = 1; /* success */ } } return ret; }
int curl_win32_idn_to_ascii(const char *in, char **out) { int ret = 0; wchar_t *in_w = Curl_convert_UTF8_to_wchar(in); if(in_w) { wchar_t punycode[IDN_MAX_LENGTH]; int chars = IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH); free(in_w); if(chars) { *out = Curl_convert_wchar_to_UTF8(punycode); if(*out) ret = 1; /* success */ } } return ret; }
int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8) { (void)in_len; /* unused */ if(in) { WCHAR unicode[IDN_MAX_LENGTH]; if(IdnToUnicode(0, (wchar_t *)in, -1, unicode, IDN_MAX_LENGTH) == 0) { wprintf(L"ERROR %d converting to Punycode\n", GetLastError()); return 0; } else { *out_utf8 = Curl_convert_wchar_to_UTF8(unicode); if(!*out_utf8) return 0; } } return 1; }
int curl_win32_idn_to_ascii(const char *in, char **out) { wchar_t *in_w = Curl_convert_UTF8_to_wchar(in); if(in_w) { wchar_t punycode[IDN_MAX_LENGTH]; if(IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH) == 0) { wprintf(L"ERROR %d converting to Punycode\n", GetLastError()); free(in_w); return 0; } free(in_w); *out = Curl_convert_wchar_to_UTF8(punycode); if(!*out) return 0; } return 1; }
static CURLcode verify_certificate(struct connectdata *conn, int sockindex) { SECURITY_STATUS status; struct SessionHandle *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; CURLcode result = CURLE_OK; CERT_CONTEXT *pCertContextServer = NULL; const CERT_CHAIN_CONTEXT *pChainContext = NULL; status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); if((status != SEC_E_OK) || (pCertContextServer == NULL)) { failf(data, "schannel: Failed to read remote certificate context: %s", Curl_sspi_strerror(conn, status)); result = CURLE_PEER_FAILED_VERIFICATION; } if(result == CURLE_OK) { CERT_CHAIN_PARA ChainPara; memset(&ChainPara, 0, sizeof(ChainPara)); ChainPara.cbSize = sizeof(ChainPara); if(!CertGetCertificateChain(NULL, pCertContextServer, NULL, pCertContextServer->hCertStore, &ChainPara, 0, NULL, &pChainContext)) { failf(data, "schannel: CertGetCertificateChain failed: %s", Curl_sspi_strerror(conn, GetLastError())); pChainContext = NULL; result = CURLE_PEER_FAILED_VERIFICATION; } if(result == CURLE_OK) { CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0]; DWORD dwTrustErrorMask = ~(CERT_TRUST_IS_NOT_TIME_NESTED| CERT_TRUST_REVOCATION_STATUS_UNKNOWN); dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus; if(dwTrustErrorMask) { if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN) failf(data, "schannel: CertGetCertificateChain trust error" " CERT_TRUST_IS_PARTIAL_CHAIN"); if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT) failf(data, "schannel: CertGetCertificateChain trust error" " CERT_TRUST_IS_UNTRUSTED_ROOT"); if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID) failf(data, "schannel: CertGetCertificateChain trust error" " CERT_TRUST_IS_NOT_TIME_VALID"); failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x", dwTrustErrorMask); result = CURLE_PEER_FAILED_VERIFICATION; } } } if(result == CURLE_OK) { if(data->set.ssl.verifyhost == 1) { infof(data, "warning: ignoring unsupported value (1) ssl.verifyhost\n"); } else if(data->set.ssl.verifyhost == 2) { WCHAR cert_hostname[128]; WCHAR *hostname = Curl_convert_UTF8_to_wchar(conn->host.name); DWORD len; len = CertGetNameStringW(pCertContextServer, CERT_NAME_DNS_TYPE, 0, NULL, cert_hostname, 128); if(len > 0 && cert_hostname[0] == '*') { /* this is a wildcard cert. try matching the last len - 1 chars */ int hostname_len = strlen(conn->host.name); if(wcsicmp(cert_hostname + 1, hostname + hostname_len - len + 2) != 0) result = CURLE_PEER_FAILED_VERIFICATION; } else if(len == 0 || wcsicmp(hostname, cert_hostname) != 0) { result = CURLE_PEER_FAILED_VERIFICATION; } if(result == CURLE_PEER_FAILED_VERIFICATION) { const char *_cert_hostname; _cert_hostname = Curl_convert_wchar_to_UTF8(cert_hostname); failf(data, "schannel: CertGetNameString() certificate hostname " "(%s) did not match connection (%s)", _cert_hostname, conn->host.name); Curl_safefree((void *)_cert_hostname); } Curl_safefree(hostname); } } if(pChainContext) CertFreeCertificateChain(pChainContext); if(pCertContextServer) CertFreeCertificateContext(pCertContextServer); return result; }