Newer
Older
failf(data, "server certificate expiration date has passed.");
Patrick Monnerat
committed
gnutls_x509_crt_deinit(x509_cert);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\t server certificate expiration date FAILED\n");
}
else
infof(data, "\t server certificate expiration date OK\n");
certclock = gnutls_x509_crt_get_activation_time(x509_cert);
failf(data, "server cert activation date verify failed");
Patrick Monnerat
committed
gnutls_x509_crt_deinit(x509_cert);
return CURLE_SSL_CONNECT_ERROR;
infof(data, "\t server certificate activation date verify FAILED\n");
}
else {
if(certclock > time(NULL)) {
if(data->set.ssl.verifypeer) {
failf(data, "server certificate not activated yet.");
Patrick Monnerat
committed
gnutls_x509_crt_deinit(x509_cert);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\t server certificate activation date FAILED\n");
}
else
infof(data, "\t server certificate activation date OK\n");
Patrick Monnerat
committed
ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
if(ptr) {
result = pkp_pin_peer_pubkey(x509_cert, ptr);
if(result != CURLE_OK) {
failf(data, "SSL: public key does not match pinned public key!");
gnutls_x509_crt_deinit(x509_cert);
return result;
}
Daniel Stenberg
committed
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
/* Show:
- subject
- start date
- expire date
- common name
- issuer
*/
/* public key algorithm's parameters */
algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
infof(data, "\t certificate public key: %s\n",
gnutls_pk_algorithm_get_name(algo));
/* version of the X.509 certificate. */
infof(data, "\t certificate version: #%d\n",
gnutls_x509_crt_get_version(x509_cert));
size = sizeof(certbuf);
gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
infof(data, "\t subject: %s\n", certbuf);
certclock = gnutls_x509_crt_get_activation_time(x509_cert);
showtime(data, "start date", certclock);
Daniel Stenberg
committed
certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
showtime(data, "expire date", certclock);
Daniel Stenberg
committed
size = sizeof(certbuf);
gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
infof(data, "\t issuer: %s\n", certbuf);
gnutls_x509_crt_deinit(x509_cert);
/* compression algorithm (if any) */
ptr = gnutls_compression_get_name(gnutls_compression_get(session));
/* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
infof(data, "\t compression: %s\n", ptr);
if(data->set.ssl_enable_alpn) {
rc = gnutls_alpn_get_selected_protocol(session, &proto);
if(rc == 0) {
infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
proto.data);
#ifdef USE_NGHTTP2
if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
NGHTTP2_PROTO_VERSION_ID_LEN)) {
conn->negnpn = CURL_HTTP_VERSION_2_0;
else
#endif
if(proto.size == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
infof(data, "ALPN, server did not agree to a protocol\n");
conn->ssl[sockindex].state = ssl_connection_complete;
conn->recv[sockindex] = gtls_recv;
conn->send[sockindex] = gtls_send;
Daniel Stenberg
committed
{
/* we always unconditionally get the session id here, as even if we
already got it from the cache and asked to use it in the connection, it
might've been rejected and then a new one is in use now and we need to
detect that. */
void *connect_sessionid;
size_t connect_idsize = 0;
Daniel Stenberg
committed
/* get the session ID data size */
gnutls_session_get_data(session, NULL, &connect_idsize);
connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
Daniel Stenberg
committed
if(connect_sessionid) {
Daniel Stenberg
committed
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL));
Daniel Stenberg
committed
/* there was one before in the cache, so instead of risking that the
previous one was rejected, we just kill that and store the new */
Curl_ssl_delsessionid(conn, ssl_sessionid);
Daniel Stenberg
committed
/* store this session id */
result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
if(result) {
free(connect_sessionid);
result = CURLE_OUT_OF_MEMORY;
}
Daniel Stenberg
committed
}
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
/*
* This function is called after the TCP connect has completed. Setup the TLS
* layer and do all necessary magic.
*/
/* We use connssl->connecting_state to keep track of the connection status;
there are three states: 'ssl_connect_1' (not started yet or complete),
'ssl_connect_2_reading' (waiting for data from server), and
'ssl_connect_2_writing' (waiting to be able to write).
*/
static CURLcode
gtls_connect_common(struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
int rc;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
/* Initiate the connection, if not already done */
if(ssl_connect_1==connssl->connecting_state) {
rc = gtls_connect_step1 (conn, sockindex);
if(rc)
return rc;
Daniel Stenberg
committed
}
rc = handshake(conn, sockindex, TRUE, nonblocking);
if(rc)
/* handshake() sets its own error message with failf() */
return rc;
/* Finish connecting once the handshake is done */
if(ssl_connect_1==connssl->connecting_state) {
rc = gtls_connect_step3(conn, sockindex);
if(rc)
return rc;
}
*done = ssl_connect_1==connssl->connecting_state;
Daniel Stenberg
committed
return CURLE_OK;
}
CURLcode
Curl_gtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
{
return gtls_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_gtls_connect(struct connectdata *conn,
int sockindex)
{
bool done = FALSE;
result = gtls_connect_common(conn, sockindex, FALSE, &done);
if(result)
return result;
DEBUGASSERT(done);
return CURLE_OK;
}
Daniel Stenberg
committed
static ssize_t gtls_send(struct connectdata *conn,
int sockindex,
const void *mem,
size_t len,
CURLcode *curlcode)
Daniel Stenberg
committed
{
Daniel Stenberg
committed
ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
Daniel Stenberg
committed
*curlcode = (rc == GNUTLS_E_AGAIN)
: CURLE_SEND_ERROR;
rc = -1;
Daniel Stenberg
committed
return rc;
}
static void close_one(struct connectdata *conn,
Daniel Stenberg
committed
{
if(conn->ssl[idx].session) {
gnutls_bye(conn->ssl[idx].session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn->ssl[idx].session);
conn->ssl[idx].session = NULL;
Daniel Stenberg
committed
}
if(conn->ssl[idx].cred) {
gnutls_certificate_free_credentials(conn->ssl[idx].cred);
conn->ssl[idx].cred = NULL;
Daniel Stenberg
committed
}
if(conn->ssl[idx].srp_client_cred) {
gnutls_srp_free_client_credentials(conn->ssl[idx].srp_client_cred);
conn->ssl[idx].srp_client_cred = NULL;
}
#endif
Daniel Stenberg
committed
}
Daniel Stenberg
committed
void Curl_gtls_close(struct connectdata *conn, int sockindex)
Daniel Stenberg
committed
{
Daniel Stenberg
committed
close_one(conn, sockindex);
Daniel Stenberg
committed
}
Daniel Stenberg
committed
/*
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{
ssize_t result;
Daniel Stenberg
committed
int retval = 0;
struct SessionHandle *data = conn->data;
int done = 0;
char buf[120];
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
response. Thus we wait for a close notify alert from the server, but
we do not send one. Let's hope other servers do the same... */
Linus Nielsen
committed
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
gnutls_bye(conn->ssl[sockindex].session, GNUTLS_SHUT_WR);
Daniel Stenberg
committed
if(conn->ssl[sockindex].session) {
while(!done) {
int what = Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
Daniel Stenberg
committed
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
if(what > 0) {
/* Something to read, let's do it and hope that it is the close
notify alert from the server */
result = gnutls_record_recv(conn->ssl[sockindex].session,
buf, sizeof(buf));
switch(result) {
case 0:
/* This is the expected response. There was no data but only
the close notify alert */
done = 1;
break;
case GNUTLS_E_AGAIN:
case GNUTLS_E_INTERRUPTED:
infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
break;
default:
retval = -1;
done = 1;
break;
}
}
else if(0 == what) {
/* timeout */
failf(data, "SSL shutdown timeout");
done = 1;
break;
}
else {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
Daniel Stenberg
committed
retval = -1;
done = 1;
}
}
gnutls_deinit(conn->ssl[sockindex].session);
}
gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);
#ifdef USE_TLS_SRP
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
&& data->set.ssl.username != NULL)
gnutls_srp_free_client_credentials(conn->ssl[sockindex].srp_client_cred);
#endif
Daniel Stenberg
committed
conn->ssl[sockindex].cred = NULL;
Daniel Stenberg
committed
conn->ssl[sockindex].session = NULL;
return retval;
}
static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
int num, /* socketindex */
char *buf, /* store read data here */
size_t buffersize, /* max amount to read */
CURLcode *curlcode)
Daniel Stenberg
committed
{
ssize_t ret;
ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize);
if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
*curlcode = CURLE_AGAIN;
Daniel Stenberg
committed
return -1;
}
if(ret == GNUTLS_E_REHANDSHAKE) {
/* BLOCKING call, this is bad but a work-around for now. Fixing this "the
proper way" takes a whole lot of work. */
CURLcode result = handshake(conn, num, FALSE, FALSE);
if(result)
/* handshake() writes error message on its own */
*curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */
return -1;
}
Daniel Stenberg
committed
failf(conn->data, "GnuTLS recv error (%d): %s",
(int)ret, gnutls_strerror((int)ret));
*curlcode = CURLE_RECV_ERROR;
Daniel Stenberg
committed
return -1;
}
return ret;
}
void Curl_gtls_session_free(void *ptr)
{
free(ptr);
}
size_t Curl_gtls_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
Daniel Stenberg
committed
}
#ifndef USE_GNUTLS_NETTLE
static int Curl_gtls_seed(struct SessionHandle *data)
{
/* we have the "SSL is seeded" boolean static to prevent multiple
time-consuming seedings in vain */
static bool ssl_seeded = FALSE;
/* Quickly add a bit of entropy */
gcry_fast_random_poll();
if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
data->set.str[STRING_SSL_EGDSOCKET]) {
/* TODO: to a good job seeding the RNG
This may involve the gcry_control function and these options:
GCRYCTL_SET_RANDOM_SEED_FILE
GCRYCTL_SET_RNDEGD_SOCKET
*/
ssl_seeded = TRUE;
}
return 0;
}
/* data might be NULL! */
int Curl_gtls_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
#if defined(USE_GNUTLS_NETTLE)
(void)data;
gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
#elif defined(USE_GNUTLS)
if(data)
Curl_gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
#endif
return 0;
}
void Curl_gtls_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
#if defined(USE_GNUTLS_NETTLE)
struct md5_ctx MD5pw;
md5_init(&MD5pw);
md5_update(&MD5pw, (unsigned int)tmplen, tmp);
md5_digest(&MD5pw, (unsigned int)md5len, md5sum);
#elif defined(USE_GNUTLS)
gcry_md_hd_t MD5pw;
gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
gcry_md_write(MD5pw, tmp, tmplen);
memcpy(md5sum, gcry_md_read (MD5pw, 0), md5len);
gcry_md_close(MD5pw);
#endif
}
bool Curl_gtls_cert_status_request(void)
{
#ifdef HAS_OCSP
return TRUE;
#else
return FALSE;
#endif
}
Daniel Stenberg
committed
#endif /* USE_GNUTLS */