diff options
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | configure.ac | 14 | ||||
| -rw-r--r-- | src/IO/IO.c | 10 | ||||
| -rw-r--r-- | src/IO/Makefile.am | 4 | ||||
| -rw-r--r-- | src/IO/http.c | 42 | ||||
| -rw-r--r-- | src/IO/ssl.h | 47 | ||||
| -rw-r--r-- | src/IO/tls.c (renamed from src/IO/ssl.c) | 170 | ||||
| -rw-r--r-- | src/IO/tls.h | 47 | ||||
| -rw-r--r-- | src/dillo.cc | 6 |
9 files changed, 171 insertions, 171 deletions
@@ -87,5 +87,5 @@ Non-Dillo code: * src/md5.[ch] contain code by L. Peter Deutsch whose copyright is held by Aladdin Enterprises. * src/tipwin.cc contains code by Greg Ercolano. -* src/IO/ssl.c contains code from wget whose copyright is held by the +* src/IO/tls.c contains code from wget whose copyright is held by the Free Software Foundation. diff --git a/configure.ac b/configure.ac index b574f8d6..aee37a47 100644 --- a/configure.ac +++ b/configure.ac @@ -22,10 +22,10 @@ AC_ARG_ENABLE(gprof, [ --enable-gprof Try to compile and run with pro , enable_gprof=no) AC_ARG_ENABLE(insure, [ --enable-insure Try to compile and run with Insure++], , enable_insure=no) -AC_ARG_ENABLE(ssl, [ --enable-ssl Enable ssl, https (ALPHA CODE)], +AC_ARG_ENABLE(ssl, [ --enable-ssl Enable SSL/HTTPS/TLS (EXPERIMENTAL CODE)], , enable_ssl=no) -AC_ARG_WITH(ca-certs-file, [ --with-ca-certs-file=FILE Specify where to find a bundle of trusted CA certificates for SSL], CA_CERTS_FILE=$withval) -AC_ARG_WITH(ca-certs-dir, [ --with-ca-certs-dir=DIR Specify where to find a directory containing trusted CA certificates for SSL], CA_CERTS_DIR=$withval) +AC_ARG_WITH(ca-certs-file, [ --with-ca-certs-file=FILE Specify where to find a bundle of trusted CA certificates for TLS], CA_CERTS_FILE=$withval) +AC_ARG_WITH(ca-certs-dir, [ --with-ca-certs-dir=DIR Specify where to find a directory containing trusted CA certificates for TLS], CA_CERTS_DIR=$withval) AC_ARG_ENABLE(ipv6, [ --enable-ipv6 Build with support for IPv6], , ) AC_ARG_ENABLE(cookies,[ --disable-cookies Don't compile support for cookies], , enable_cookies=yes) @@ -285,7 +285,7 @@ if test "x$enable_gif" = "xyes"; then fi dnl -------------------------- -dnl Test for support for SSL +dnl Test for support for SSL/TLS dnl -------------------------- dnl if test "x$enable_ssl" = "xyes"; then @@ -299,14 +299,14 @@ if test "x$enable_ssl" = "xyes"; then if test "x$ssl_ok" = "xyes"; then LIBSSL_LIBS="-lcrypto -lssl" - AC_MSG_WARN([*** Enabling ssl support. THIS IS ALPHA CODE!***]) + AC_MSG_WARN([*** Enabling SSL/HTTPS/TLS support. THIS IS EXPERIMENTAL CODE ***]) else - AC_MSG_WARN([*** No libssl found. Disabling ssl support.***]) + AC_MSG_WARN([*** No libssl found. Disabling SSL/HTTPS/TLS support. ***]) fi fi if test "x$ssl_ok" = "xyes"; then - AC_DEFINE([ENABLE_SSL], [1], [Enable SSL support]) + AC_DEFINE([ENABLE_SSL], [1], [Enable SSL/HTTPS/TLS support]) fi dnl -------------------------------------------------------------- diff --git a/src/IO/IO.c b/src/IO/IO.c index e5c5fc79..0cdb9499 100644 --- a/src/IO/IO.c +++ b/src/IO/IO.c @@ -21,7 +21,7 @@ #include "../klist.h" #include "IO.h" #include "iowatch.hh" -#include "ssl.h" +#include "tls.h" /* * Symbolic defines for shutdown() function @@ -163,7 +163,7 @@ static bool_t IO_read(IOData_t *io) ssize_t St; bool_t ret = FALSE; int io_key = io->Key; - void *conn = a_Ssl_connection(io->FD); + void *conn = a_Tls_connection(io->FD); _MSG(" IO_read\n"); @@ -172,7 +172,7 @@ static bool_t IO_read(IOData_t *io) io->Status = 0; while (1) { - St = conn ? a_Ssl_read(conn, Buf, IOBufLen) + St = conn ? a_Tls_read(conn, Buf, IOBufLen) : read(io->FD, Buf, IOBufLen); if (St > 0) { dStr_append_l(io->Buf, Buf, St); @@ -217,13 +217,13 @@ static bool_t IO_write(IOData_t *io) { ssize_t St; bool_t ret = FALSE; - void *conn = a_Ssl_connection(io->FD); + void *conn = a_Tls_connection(io->FD); _MSG(" IO_write\n"); io->Status = 0; while (1) { - St = conn ? a_Ssl_write(conn, io->Buf->str, io->Buf->len) + St = conn ? a_Tls_write(conn, io->Buf->str, io->Buf->len) : write(io->FD, io->Buf->str, io->Buf->len); if (St < 0) { /* Error */ diff --git a/src/IO/Makefile.am b/src/IO/Makefile.am index ff600521..d8fed40a 100644 --- a/src/IO/Makefile.am +++ b/src/IO/Makefile.am @@ -15,8 +15,8 @@ libDiof_a_SOURCES = \ about.c \ Url.h \ http.c \ - ssl.h \ - ssl.c \ + tls.h \ + tls.c \ dpi.c \ IO.c \ iowatch.cc \ diff --git a/src/IO/http.c b/src/IO/http.c index 22b2eaa6..7deab2e4 100644 --- a/src/IO/http.c +++ b/src/IO/http.c @@ -27,7 +27,7 @@ #include <arpa/inet.h> /* for inet_ntop */ #include "IO.h" -#include "ssl.h" +#include "tls.h" #include "Url.h" #include "../msg.h" #include "../klist.h" @@ -52,7 +52,7 @@ D_STMT_START { \ static const int HTTP_SOCKET_USE_PROXY = 0x1; static const int HTTP_SOCKET_QUEUED = 0x2; static const int HTTP_SOCKET_TO_BE_FREED = 0x4; -static const int HTTP_SOCKET_SSL = 0x8; +static const int HTTP_SOCKET_TLS = 0x8; /* 'web' is just a reference (no need to deallocate it here). */ typedef struct { @@ -251,16 +251,16 @@ static void Http_connect_queued_sockets(Server_t *srv) sd = dList_nth_data(srv->queue, i); if (!(sd->flags & HTTP_SOCKET_TO_BE_FREED)) { - int connect_ready = SSL_CONNECT_READY; + int connect_ready = TLS_CONNECT_READY; - if (sd->flags & HTTP_SOCKET_SSL) - connect_ready = a_Ssl_connect_ready(sd->url); + if (sd->flags & HTTP_SOCKET_TLS) + connect_ready = a_Tls_connect_ready(sd->url); - if (connect_ready == SSL_CONNECT_NEVER || !a_Web_valid(sd->web)) { + if (connect_ready == TLS_CONNECT_NEVER || !a_Web_valid(sd->web)) { int SKey = VOIDP2INT(sd->Info->LocalKey); Http_socket_free(SKey); - } else if (connect_ready == SSL_CONNECT_READY) { + } else if (connect_ready == TLS_CONNECT_READY) { i--; Http_socket_activate(srv, sd); Http_connect_socket(sd->Info); @@ -295,12 +295,12 @@ static void Http_socket_free(int SKey) } else { if (S->SockFD != -1) Http_fd_map_remove_entry(S->SockFD); - a_Ssl_reset_server_state(S->url); + a_Tls_reset_server_state(S->url); if (S->connected_to) { - a_Ssl_close_by_fd(S->SockFD); + a_Tls_close_by_fd(S->SockFD); Server_t *srv = Http_server_get(S->connected_to, S->connect_port, - (S->flags & HTTP_SOCKET_SSL)); + (S->flags & HTTP_SOCKET_TLS)); srv->active_conns--; Http_connect_queued_sockets(srv); if (srv->active_conns == 0) @@ -484,9 +484,9 @@ static void Http_send_query(SocketData_t *S) /* * Prepare an HTTPS connection. If necessary, tunnel it through a proxy. - * Then perform the SSL handshake. + * Then perform the TLS handshake. */ -static void Http_connect_ssl(ChainLink *info) +static void Http_connect_tls(ChainLink *info) { int SKey = VOIDP2INT(info->LocalKey); SocketData_t *S = a_Klist_get_data(ValidSocks, SKey); @@ -502,7 +502,7 @@ static void Http_connect_ssl(ChainLink *info) dFree(dbuf); dFree(connect_str); } else { - a_Ssl_handshake(S->SockFD, S->url); + a_Tls_handshake(S->SockFD, S->url); } } @@ -573,8 +573,8 @@ static void Http_connect_socket(ChainLink *Info) if (status == -1 && errno != EINPROGRESS) { MSG("Http_connect_socket ERROR: %s\n", dStrerror(errno)); a_Http_connect_done(S->SockFD, FALSE); - } else if (S->flags & HTTP_SOCKET_SSL) { - Http_connect_ssl(Info); + } else if (S->flags & HTTP_SOCKET_TLS) { + Http_connect_tls(Info); } else { a_Http_connect_done(S->SockFD, TRUE); } @@ -677,7 +677,7 @@ static void Http_dns_cb(int Status, Dlist *addr_list, void *data) S->addr_list = addr_list; clean_up = FALSE; srv = Http_server_get(host, S->connect_port, - (S->flags & HTTP_SOCKET_SSL)); + (S->flags & HTTP_SOCKET_TLS)); Http_socket_enqueue(srv, S); Http_connect_queued_sockets(srv); } else { @@ -725,7 +725,7 @@ static int Http_get(ChainLink *Info, void *Data1) S->connect_port = URL_PORT(url); S->url = a_Url_dup(S->web->url); if (!dStrAsciiCasecmp(URL_SCHEME(S->url), "https")) - S->flags |= HTTP_SOCKET_SSL; + S->flags |= HTTP_SOCKET_TLS; /* Let the user know what we'll do */ MSG_BW(S->web, 1, "DNS resolving %s", hostname); @@ -748,11 +748,11 @@ static bool_t Http_socket_reuse_compatible(SocketData_t *old, SocketData_t *new) { /* - * If we are using SSL through a proxy, we need to ensure that old and new + * If we are using TLS through a proxy, we need to ensure that old and new * are going through to the same host:port. */ if (a_Web_valid(new->web) && - ((old->flags & HTTP_SOCKET_SSL) == 0 || + ((old->flags & HTTP_SOCKET_TLS) == 0 || (old->flags & HTTP_SOCKET_USE_PROXY) == 0 || ((URL_PORT(old->url) == URL_PORT(new->url)) && !dStrAsciiCasecmp(URL_HOST(old->url), URL_HOST(new->url))))) @@ -771,7 +771,7 @@ static void Http_socket_reuse(int SKey) if (old_sd) { Server_t *srv = Http_server_get(old_sd->connected_to, old_sd->connect_port, - (old_sd->flags & HTTP_SOCKET_SSL)); + (old_sd->flags & HTTP_SOCKET_TLS)); int i, n = dList_length(srv->queue); for (i = 0; i < n; i++) { @@ -874,7 +874,7 @@ void a_Http_ccc(int Op, int Branch, int Dir, ChainLink *Info, sd->https_proxy_reply->str); dStr_free(sd->https_proxy_reply, 1); sd->https_proxy_reply = NULL; - a_Ssl_handshake(sd->SockFD, sd->url); + a_Tls_handshake(sd->SockFD, sd->url); } else { MSG_BW(sd->web, 1, "Can't connect through proxy to %s", URL_HOST(sd->url)); diff --git a/src/IO/ssl.h b/src/IO/ssl.h deleted file mode 100644 index f55479b2..00000000 --- a/src/IO/ssl.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef __SSL_H__ -#define __SSL_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "../url.h" - -#define SSL_CONNECT_NEVER -1 -#define SSL_CONNECT_NOT_YET 0 -#define SSL_CONNECT_READY 1 - -void a_Ssl_init(); - - -#ifdef ENABLE_SSL -int a_Ssl_connect_ready(const DilloUrl *url); -void a_Ssl_reset_server_state(const DilloUrl *url); - -/* Use to initiate a SSL connection. */ -void a_Ssl_handshake(int fd, const DilloUrl *url); - -void *a_Ssl_connection(int fd); - -void a_Ssl_freeall(); - -void a_Ssl_close_by_fd(int fd); -int a_Ssl_read(void *conn, void *buf, size_t len); -int a_Ssl_write(void *conn, void *buf, size_t len); -#else - -#define a_Ssl_connect_ready(url) SSL_CONNECT_NEVER -#define a_Ssl_reset_server_state(url) ; -#define a_Ssl_handshake(fd, url) ; -#define a_Ssl_connection(fd) NULL -#define a_Ssl_freeall() ; -#define a_Ssl_close_by_fd(fd) ; -#define a_Ssl_read(conn, buf, len) 0 -#define a_Ssl_write(conn, buf, len) 0 -#endif -#ifdef __cplusplus -} -#endif - -#endif /* __SSL_H__ */ - diff --git a/src/IO/ssl.c b/src/IO/tls.c index 856d94b5..39252635 100644 --- a/src/IO/ssl.c +++ b/src/IO/tls.c @@ -1,5 +1,5 @@ /* - * File: ssl.c + * File: tls.c * * Copyright 2004 Garrett Kajmowicz <gkajmowi@tbaytel.net> * (for some bits derived from the https dpi, e.g., certificate handling) @@ -33,9 +33,9 @@ #ifndef ENABLE_SSL -void a_Ssl_init() +void a_Tls_init() { - MSG("SSL: Disabled at compilation time.\n"); + MSG("TLS: Disabled at compilation time.\n"); } #else @@ -52,7 +52,7 @@ void a_Ssl_init() #include "../dialog.hh" #include "../klist.h" #include "iowatch.hh" -#include "ssl.h" +#include "tls.h" #include "Url.h" #include <openssl/ssl.h> @@ -78,7 +78,7 @@ typedef struct { } FdMapEntry_t; /* - * Data type for SSL connection information + * Data type for TLS connection information */ typedef struct { int fd; @@ -87,22 +87,22 @@ typedef struct { bool_t connecting; } Conn_t; -/* List of active SSL connections */ +/* List of active TLS connections */ static Klist_t *conn_list = NULL; /* - * If ssl_context is still NULL, this corresponds to SSL being disabled. + * If ssl_context is still NULL, this corresponds to TLS being disabled. */ static SSL_CTX *ssl_context; static Dlist *servers; static Dlist *fd_map; -static void Ssl_connect_cb(int fd, void *vssl); +static void Tls_connect_cb(int fd, void *vconnkey); /* * Compare by FD. */ -static int Ssl_fd_map_cmp(const void *v1, const void *v2) +static int Tls_fd_map_cmp(const void *v1, const void *v2) { int fd = VOIDP2INT(v2); const FdMapEntry_t *e = v1; @@ -110,14 +110,14 @@ static int Ssl_fd_map_cmp(const void *v1, const void *v2) return (fd != e->fd); } -static void Ssl_fd_map_add_entry(int fd, int connkey) +static void Tls_fd_map_add_entry(int fd, int connkey) { FdMapEntry_t *e = dNew0(FdMapEntry_t, 1); e->fd = fd; e->connkey = connkey; - if (dList_find_custom(fd_map, INT2VOIDP(e->fd), Ssl_fd_map_cmp)) { - MSG_ERR("SSL FD ENTRY ALREADY FOUND FOR %d\n", e->fd); + if (dList_find_custom(fd_map, INT2VOIDP(e->fd), Tls_fd_map_cmp)) { + MSG_ERR("TLS FD ENTRY ALREADY FOUND FOR %d\n", e->fd); assert(0); } @@ -128,30 +128,30 @@ static void Ssl_fd_map_add_entry(int fd, int connkey) /* * Remove and free entry from fd_map. */ -static void Ssl_fd_map_remove_entry(int fd) +static void Tls_fd_map_remove_entry(int fd) { - void *data = dList_find_custom(fd_map, INT2VOIDP(fd), Ssl_fd_map_cmp); + void *data = dList_find_custom(fd_map, INT2VOIDP(fd), Tls_fd_map_cmp); //MSG("REMOVE ENTRY %d\n", fd); if (data) { dList_remove_fast(fd_map, data); dFree(data); } else { - MSG("SSL FD ENTRY NOT FOUND FOR %d\n", fd); + MSG("TLS FD ENTRY NOT FOUND FOR %d\n", fd); } } /* - * Return SSL connection information for a given file - * descriptor, or NULL if no SSL connection was found. + * Return TLS connection information for a given file + * descriptor, or NULL if no TLS connection was found. */ -void *a_Ssl_connection(int fd) +void *a_Tls_connection(int fd) { Conn_t *conn; if (fd_map) { FdMapEntry_t *fme = dList_find_custom(fd_map, INT2VOIDP(fd), - Ssl_fd_map_cmp); + Tls_fd_map_cmp); if (fme && (conn = a_Klist_get_data(conn_list, fme->connkey))) return conn; @@ -160,9 +160,9 @@ void *a_Ssl_connection(int fd) } /* - * Add a new SSL connection information node. + * Add a new TLS connection information node. */ -static int Ssl_conn_new(int fd, const DilloUrl *url, SSL *ssl) +static int Tls_conn_new(int fd, const DilloUrl *url, SSL *ssl) { int key; @@ -174,18 +174,18 @@ static int Ssl_conn_new(int fd, const DilloUrl *url, SSL *ssl) key = a_Klist_insert(&conn_list, conn); - Ssl_fd_map_add_entry(fd, key); + Tls_fd_map_add_entry(fd, key); return key; } /* - * Let's monitor for ssl alerts. + * Let's monitor for TLS alerts. */ -static void Ssl_info_cb(const SSL *ssl, int where, int ret) +static void Tls_info_cb(const SSL *ssl, int where, int ret) { if (where & SSL_CB_ALERT) { - MSG("SSL ALERT on %s: %s\n", (where & SSL_CB_READ) ? "read" : "write", + MSG("TLS ALERT on %s: %s\n", (where & SSL_CB_READ) ? "read" : "write", SSL_alert_desc_string_long(ret)); } } @@ -197,7 +197,7 @@ static void Ssl_info_cb(const SSL *ssl, int where, int ret) * abysmal openssl documentation, this was worked out from reading discussion * on the web and then reading openssl source to see what it normally does. */ -static void Ssl_load_certificates() +static void Tls_load_certificates() { /* curl-7.37.1 says that the following bundle locations are used on "Debian * systems", "Redhat and Mandriva", "old(er) Redhat", "FreeBSD", and @@ -247,7 +247,7 @@ static void Ssl_load_certificates() /* * Initialize the OpenSSL library. */ -void a_Ssl_init(void) +void a_Tls_init(void) { SSL_library_init(); SSL_load_error_strings(); @@ -266,7 +266,7 @@ void a_Ssl_init(void) return; } - SSL_CTX_set_info_callback(ssl_context, Ssl_info_cb); + SSL_CTX_set_info_callback(ssl_context, Tls_info_cb); /* Don't want: eNULL, which has no encryption; aNULL, which has no * authentication; LOW, which as of 2014 use 64 or 56-bit encryption; @@ -285,7 +285,7 @@ void a_Ssl_init(void) /* This lets us deal with self-signed certificates */ SSL_CTX_set_verify(ssl_context, SSL_VERIFY_NONE, NULL); - Ssl_load_certificates(); + Tls_load_certificates(); fd_map = dList_new(20); servers = dList_new(8); @@ -295,7 +295,7 @@ void a_Ssl_init(void) * Save certificate with a hashed filename. * Return: 0 on success, 1 on failure. */ -static int Ssl_save_certificate_home(X509 * cert) +static int Tls_save_certificate_home(X509 * cert) { char buf[4096]; @@ -340,7 +340,7 @@ static int Ssl_save_certificate_home(X509 * cert) /* * Test whether a URL corresponds to a server. */ -static int Ssl_servers_cmp(const void *v1, const void *v2) +static int Tls_servers_cmp(const void *v1, const void *v2) { Server_t *s = (Server_t *)v1; const DilloUrl *url = (const DilloUrl *)v2; @@ -358,15 +358,15 @@ static int Ssl_servers_cmp(const void *v1, const void *v2) * Return: 1 means yes, 0 means not yet, -1 means never. * TODO: Something clearer or different. */ -int a_Ssl_connect_ready(const DilloUrl *url) +int a_Tls_connect_ready(const DilloUrl *url) { Server_t *s; int i, len; const char *host = URL_HOST(url); const int port = URL_PORT(url); - int ret = SSL_CONNECT_READY; + int ret = TLS_CONNECT_READY; - dReturn_val_if_fail(ssl_context, SSL_CONNECT_NEVER); + dReturn_val_if_fail(ssl_context, TLS_CONNECT_NEVER); len = dList_length(servers); @@ -375,9 +375,9 @@ int a_Ssl_connect_ready(const DilloUrl *url) if (!dStrAsciiCasecmp(s->hostname, host) && (port == s->port)) { if (s->cert_status == CERT_STATUS_RECEIVING) - ret = SSL_CONNECT_NOT_YET; + ret = TLS_CONNECT_NOT_YET; else if (s->cert_status == CERT_STATUS_BAD) - ret = SSL_CONNECT_NEVER; + ret = TLS_CONNECT_NEVER; if (s->cert_status == CERT_STATUS_NONE) s->cert_status = CERT_STATUS_RECEIVING; @@ -397,9 +397,9 @@ int a_Ssl_connect_ready(const DilloUrl *url) * Did we find problems with the certificate, and did the user proceed to * reject the connection? */ -static int Ssl_user_said_no(const DilloUrl *url) +static int Tls_user_said_no(const DilloUrl *url) { - Server_t *s = dList_find_custom(servers, url, Ssl_servers_cmp); + Server_t *s = dList_find_custom(servers, url, Tls_servers_cmp); if (!s) return FALSE; @@ -411,9 +411,9 @@ static int Ssl_user_said_no(const DilloUrl *url) * Did we find problems with the certificate, and did the user proceed to * accept the connection anyway? */ -static int Ssl_user_said_yes(const DilloUrl *url) +static int Tls_user_said_yes(const DilloUrl *url) { - Server_t *s = dList_find_custom(servers, url, Ssl_servers_cmp); + Server_t *s = dList_find_custom(servers, url, Tls_servers_cmp); if (!s) return FALSE; @@ -466,7 +466,7 @@ static bool_t pattern_match (const char *pattern, const char *string) return *n == '\0'; } -static bool_t Ssl_check_cert_hostname(X509 *cert, const DilloUrl *url, +static bool_t Tls_check_cert_hostname(X509 *cert, const DilloUrl *url, int *choice) { dReturn_val_if_fail(cert && url, -1); @@ -551,7 +551,7 @@ static bool_t Ssl_check_cert_hostname(X509 *cert, const DilloUrl *url, success = FALSE; msg = dStrconcat("No certificate subject alternative name matches" " requested host name \n", host, NULL); - *choice = a_Dialog_choice("Dillo SSL security warning", + *choice = a_Dialog_choice("Dillo TLS security warning", msg, "Continue", "Cancel", NULL); dFree(msg); @@ -580,7 +580,7 @@ static bool_t Ssl_check_cert_hostname(X509 *cert, const DilloUrl *url, success = FALSE; msg = dStrconcat("Certificate common name ", common_name, " doesn't match requested host name ", host, NULL); - *choice = a_Dialog_choice("Dillo SSL security warning", + *choice = a_Dialog_choice("Dillo TLS security warning", msg, "Continue", "Cancel", NULL); dFree(msg); @@ -626,7 +626,7 @@ static bool_t Ssl_check_cert_hostname(X509 *cert, const DilloUrl *url, "character). This may be an indication that the " "host is not who it claims to be -- that is, not " "the real ", host, NULL); - *choice = a_Dialog_choice("Dillo SSL security warning", + *choice = a_Dialog_choice("Dillo TLS security warning", msg, "Continue", "Cancel", NULL); dFree(msg); @@ -652,14 +652,14 @@ static bool_t Ssl_check_cert_hostname(X509 *cert, const DilloUrl *url, * to do. * Return: -1 if connection should be canceled, or 0 if it should continue. */ -static int Ssl_examine_certificate(SSL *ssl, const DilloUrl *url) +static int Tls_examine_certificate(SSL *ssl, const DilloUrl *url) { X509 *remote_cert; long st; char buf[4096], *cn, *msg; int choice = -1, ret = -1; - char *title = dStrconcat("Dillo SSL security warning: ",URL_HOST(url),NULL); - Server_t *srv = dList_find_custom(servers, url, Ssl_servers_cmp); + char *title = dStrconcat("Dillo TLS security warning: ",URL_HOST(url),NULL); + Server_t *srv = dList_find_custom(servers, url, Tls_servers_cmp); remote_cert = SSL_get_peer_certificate(ssl); if (remote_cert == NULL){ @@ -674,7 +674,7 @@ static int Ssl_examine_certificate(SSL *ssl, const DilloUrl *url) ret = 0; } - } else if (Ssl_check_cert_hostname(remote_cert, url, &choice)) { + } else if (Tls_check_cert_hostname(remote_cert, url, &choice)) { /* Figure out if (and why) the remote system can't be trusted */ st = SSL_get_verify_result(ssl); switch (st) { @@ -713,7 +713,7 @@ static int Ssl_examine_certificate(SSL *ssl, const DilloUrl *url) /* Save certificate to a file here and recheck the chain */ /* Potential security problems because we are writing * to the filesystem */ - Ssl_save_certificate_home(remote_cert); + Tls_save_certificate_home(remote_cert); ret = 1; break; default: @@ -859,10 +859,10 @@ static int Ssl_examine_certificate(SSL *ssl, const DilloUrl *url) * If the connection was closed before we got the certificate, we need to * reset state so that we'll try again. */ -void a_Ssl_reset_server_state(const DilloUrl *url) +void a_Tls_reset_server_state(const DilloUrl *url) { if (servers) { - Server_t *s = dList_find_custom(servers, url, Ssl_servers_cmp); + Server_t *s = dList_find_custom(servers, url, Tls_servers_cmp); if (s && s->cert_status == CERT_STATUS_RECEIVING) s->cert_status = CERT_STATUS_NONE; @@ -870,14 +870,14 @@ void a_Ssl_reset_server_state(const DilloUrl *url) } /* - * Close an open SSL connection. + * Close an open TLS connection. */ -static void Ssl_close_by_key(int connkey) +static void Tls_close_by_key(int connkey) { Conn_t *c; if ((c = a_Klist_get_data(conn_list, connkey))) { - a_Ssl_reset_server_state(c->url); + a_Tls_reset_server_state(c->url); if (c->connecting) { a_IOwatch_remove_fd(c->fd, -1); dClose(c->fd); @@ -886,7 +886,7 @@ static void Ssl_close_by_key(int connkey) SSL_free(c->ssl); a_Url_free(c->url); - Ssl_fd_map_remove_entry(c->fd); + Tls_fd_map_remove_entry(c->fd); a_Klist_remove(conn_list, connkey); dFree(c); } @@ -896,14 +896,14 @@ static void Ssl_close_by_key(int connkey) * Connect, set a callback if it's still not completed. If completed, check * the certificate and report back to http. */ -static void Ssl_connect(int fd, int connkey) +static void Tls_connect(int fd, int connkey) { int ret; bool_t ongoing = FALSE, failed = TRUE; Conn_t *conn; if (!(conn = a_Klist_get_data(conn_list, connkey))) { - MSG("Ssl_connect: conn for fd %d not valid\n", fd); + MSG("Tls_connect: conn for fd %d not valid\n", fd); return; } @@ -917,10 +917,10 @@ static void Ssl_connect(int fd, int connkey) err1_ret == SSL_ERROR_WANT_WRITE) { int want = err1_ret == SSL_ERROR_WANT_READ ? DIO_READ : DIO_WRITE; - _MSG("iowatching fd %d for ssl -- want %s\n", fd, + _MSG("iowatching fd %d for tls -- want %s\n", fd, err1_ret == SSL_ERROR_WANT_READ ? "read" : "write"); a_IOwatch_remove_fd(fd, -1); - a_IOwatch_add_fd(fd, want, Ssl_connect_cb, INT2VOIDP(connkey)); + a_IOwatch_add_fd(fd, want, Tls_connect_cb, INT2VOIDP(connkey)); ongoing = TRUE; failed = FALSE; } else if (err1_ret == SSL_ERROR_SYSCALL || err1_ret == SSL_ERROR_SSL) { @@ -934,14 +934,14 @@ static void Ssl_connect(int fd, int connkey) } else { /* nothing in the error queue */ if (ret == 0) { - MSG("SSL connect error: \"an EOF was observed that violates " + MSG("TLS connect error: \"an EOF was observed that violates " "the protocol\"\n"); /* * I presume we took too long on our side and the server grew * impatient. */ } else if (ret == -1) { - MSG("SSL connect error: %s\n", dStrerror(errno)); + MSG("TLS connect error: %s\n", dStrerror(errno)); /* If the following can happen, I'll add code to handle it, but * I don't want to add code blindly if it isn't getting used @@ -956,8 +956,8 @@ static void Ssl_connect(int fd, int connkey) MSG("SSL_get_error() returned %d on a connect.\n", err1_ret); } } else { - if (Ssl_user_said_yes(conn->url) || - (Ssl_examine_certificate(conn->ssl, conn->url) != -1)) + if (Tls_user_said_yes(conn->url) || + (Tls_examine_certificate(conn->ssl, conn->url) != -1)) failed = FALSE; } @@ -970,7 +970,7 @@ static void Ssl_connect(int fd, int connkey) if (a_Klist_get_data(conn_list, connkey)) { conn->connecting = FALSE; if (failed) { - Ssl_close_by_key(connkey); + Tls_close_by_key(connkey); } a_IOwatch_remove_fd(fd, DIO_READ|DIO_WRITE); a_Http_connect_done(fd, failed ? FALSE : TRUE); @@ -980,15 +980,15 @@ static void Ssl_connect(int fd, int connkey) } } -static void Ssl_connect_cb(int fd, void *vconnkey) +static void Tls_connect_cb(int fd, void *vconnkey) { - Ssl_connect(fd, VOIDP2INT(vconnkey)); + Tls_connect(fd, VOIDP2INT(vconnkey)); } /* - * Perform the SSL handshake on an open socket. + * Perform the TLS handshake on an open socket. */ -void a_Ssl_handshake(int fd, const DilloUrl *url) +void a_Tls_handshake(int fd, const DilloUrl *url) { SSL *ssl; bool_t success = TRUE; @@ -997,7 +997,7 @@ void a_Ssl_handshake(int fd, const DilloUrl *url) if (!ssl_context) success = FALSE; - if (success && Ssl_user_said_no(url)) { + if (success && Tls_user_said_no(url)) { success = FALSE; } @@ -1011,7 +1011,7 @@ void a_Ssl_handshake(int fd, const DilloUrl *url) success = FALSE; } - /* assign SSL connection to this file descriptor */ + /* assign TLS connection to this file descriptor */ if (success && !SSL_set_fd(ssl, fd)) { unsigned long err_ret = ERR_get_error(); do { @@ -1021,7 +1021,7 @@ void a_Ssl_handshake(int fd, const DilloUrl *url) } if (success) - connkey = Ssl_conn_new(fd, url, ssl); + connkey = Tls_conn_new(fd, url, ssl); #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME /* Server Name Indication. From the openssl changelog, it looks like this @@ -1032,42 +1032,42 @@ void a_Ssl_handshake(int fd, const DilloUrl *url) #endif if (!success) { - a_Ssl_reset_server_state(url); + a_Tls_reset_server_state(url); a_Http_connect_done(fd, success); } else { - Ssl_connect(fd, connkey); + Tls_connect(fd, connkey); } } /* - * Read data from an open SSL connection. + * Read data from an open TLS connection. */ -int a_Ssl_read(void *conn, void *buf, size_t len) +int a_Tls_read(void *conn, void *buf, size_t len) { Conn_t *c = (Conn_t*)conn; return SSL_read(c->ssl, buf, len); } /* - * Write data to an open SSL connection. + * Write data to an open TLS connection. */ -int a_Ssl_write(void *conn, void *buf, size_t len) +int a_Tls_write(void *conn, void *buf, size_t len) { Conn_t *c = (Conn_t*)conn; return SSL_write(c->ssl, buf, len); } -void a_Ssl_close_by_fd(int fd) +void a_Tls_close_by_fd(int fd) { FdMapEntry_t *fme = dList_find_custom(fd_map, INT2VOIDP(fd), - Ssl_fd_map_cmp); + Tls_fd_map_cmp); if (fme) { - Ssl_close_by_key(fme->connkey); + Tls_close_by_key(fme->connkey); } } -static void Ssl_servers_freeall() +static void Tls_servers_freeall() { if (servers) { Server_t *s; @@ -1082,7 +1082,7 @@ static void Ssl_servers_freeall() } } -static void Ssl_fd_map_remove_all() +static void Tls_fd_map_remove_all() { if (fd_map) { FdMapEntry_t *fme; @@ -1099,12 +1099,12 @@ static void Ssl_fd_map_remove_all() /* * Clean up the OpenSSL library */ -void a_Ssl_freeall(void) +void a_Tls_freeall(void) { if (ssl_context) SSL_CTX_free(ssl_context); - Ssl_fd_map_remove_all(); - Ssl_servers_freeall(); + Tls_fd_map_remove_all(); + Tls_servers_freeall(); } #endif /* ENABLE_SSL */ diff --git a/src/IO/tls.h b/src/IO/tls.h new file mode 100644 index 00000000..e3892cb2 --- /dev/null +++ b/src/IO/tls.h @@ -0,0 +1,47 @@ +#ifndef __TLS_H__ +#define __TLS_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "../url.h" + +#define TLS_CONNECT_NEVER -1 +#define TLS_CONNECT_NOT_YET 0 +#define TLS_CONNECT_READY 1 + +void a_Tls_init(); + + +#ifdef ENABLE_SSL +int a_Tls_connect_ready(const DilloUrl *url); +void a_Tls_reset_server_state(const DilloUrl *url); + +/* Use to initiate a TLS connection. */ +void a_Tls_handshake(int fd, const DilloUrl *url); + +void *a_Tls_connection(int fd); + +void a_Tls_freeall(); + +void a_Tls_close_by_fd(int fd); +int a_Tls_read(void *conn, void *buf, size_t len); +int a_Tls_write(void *conn, void *buf, size_t len); +#else + +#define a_Tls_connect_ready(url) TLS_CONNECT_NEVER +#define a_Tls_reset_server_state(url) ; +#define a_Tls_handshake(fd, url) ; +#define a_Tls_connection(fd) NULL +#define a_Tls_freeall() ; +#define a_Tls_close_by_fd(fd) ; +#define a_Tls_read(conn, buf, len) 0 +#define a_Tls_write(conn, buf, len) 0 +#endif +#ifdef __cplusplus +} +#endif + +#endif /* __TLS_H__ */ + diff --git a/src/dillo.cc b/src/dillo.cc index 2bfab238..6e28f155 100644 --- a/src/dillo.cc +++ b/src/dillo.cc @@ -45,7 +45,7 @@ #include "dns.h" #include "web.hh" -#include "IO/ssl.h" +#include "IO/tls.h" #include "IO/Url.h" #include "IO/mime.h" #include "capi.h" @@ -477,7 +477,7 @@ int main(int argc, char **argv) a_Dns_init(); a_Web_init(); a_Http_init(); - a_Ssl_init(); + a_Tls_init(); a_Mime_init(); a_Capi_init(); a_Dicache_init(); @@ -599,7 +599,7 @@ int main(int argc, char **argv) a_Cache_freeall(); a_Dicache_freeall(); a_Http_freeall(); - a_Ssl_freeall(); + a_Tls_freeall(); a_Dns_freeall(); a_History_freeall(); a_Prefs_freeall(); |