Commit 1394cad3 authored by Oscar Koeroo's avatar Oscar Koeroo Committed by Daniel Stenberg
Browse files

SSL: Several SSL-backend related fixes 

axTLS:

This will make the axTLS backend perform the RFC2818 checks, honoring
the VERIFYHOST setting similar to the OpenSSL backend.

Generic for OpenSSL and axTLS:

Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
files to make them genericly available for both the OpenSSL, axTLS and
other SSL backends. They are now in the new lib/hostcheck.c file.

CyaSSL:

CyaSSL now also has the RFC2818 checks enabled by default. There is a
limitation that the verifyhost can not be enabled exclusively on the
Subject CN field comparison. This SSL backend will thus behave like the
NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
too.

Schannel:

Updated the schannel information messages: Split the IP address usage
message from the verifyhost setting and changed the message about
disabling SNI (Server Name Indication, used in HTTP virtual hosting)
into a message stating that the Subject Alternative Names checks are
being disabled when verifyhost is set to 0 or 1. As a side effect of
switching off the RFC2818 related servername checks with
SCH_CRED_NO_SERVERNAME_CHECK
(http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
is being disabled. This effect is not documented in MSDN, but Wireshark
output clearly shows the effect (details on the libcurl maillist).

PolarSSL:

Fix the prototype change in PolarSSL of ssl_set_session() and the move
of the peer_cert from the ssl_context to the ssl_session. Found this
change in the PolarSSL SVN between r1316 and r1317 where the
POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
PolarSSL version 1.1.4 the check is to discriminate between lower then
PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
trunk jumped from version 1.1.1 to 1.2.0.

Generic:

All the SSL backends are fixed and checked to work with the
ssl.verifyhost as a boolean, which is an internal API change.
parent 18c0e9bd

lib/Makefile.inc

+3 −2
Original line number Diff line number Diff line
@@ -24,7 +24,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ 
  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\

  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\

  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c	\

  curl_multibyte.c curl_darwinssl.c

  curl_multibyte.c curl_darwinssl.c hostcheck.c



HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\

  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -41,4 +41,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ 
  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\

  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h	\

  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h	\

  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h
 
  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h	\

  hostcheck.h

lib/axtls.c

+59 −7
Original line number Diff line number Diff line
@@ -47,6 +47,8 @@ 
#include "curl_memory.h"

/* The last #include file should be: */

#include "memdebug.h"

#include "hostcheck.h"





/* SSL_read is opied from axTLS compat layer */

static int SSL_read(SSL *ssl, void *buf, int num)
@@ -150,7 +152,11 @@ Curl_axtls_connect(struct connectdata *conn, 
  int i, ssl_fcn_return;

  const uint8_t *ssl_sessionid;

  size_t ssl_idsize;

  const char *x509;

  const char *peer_CN;

  uint32_t dns_altname_index;

  const char *dns_altname;

  int8_t found_subject_alt_names = 0;

  int8_t found_subject_alt_name_matching_conn = 0;



  /* Assuming users will not compile in custom key/cert to axTLS */

  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
@@ -296,19 +302,65 @@ Curl_axtls_connect(struct connectdata *conn, 
  /* Here, gtls.c does issuer verification. axTLS has no straightforward

   * equivalent, so omitting for now.*/



  /* See if common name was set in server certificate */

  x509 = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);

  if(x509 == NULL)

    infof(data, "error fetching CN from cert\n");



  /* Here, gtls.c does the following

   * 1) x509 hostname checking per RFC2818.  axTLS doesn't support this, but

   *    it seems useful.  Omitting for now.

   *    it seems useful. This is now implemented, by Oscar Koeroo

   * 2) checks cert validity based on time.  axTLS does this in ssl_verify_cert

   * 3) displays a bunch of cert information.  axTLS doesn't support most of

   *    this, but a couple fields are available.

   */





  /* There is no (DNS) Altnames count in the version 1.4.8 API. There is a

     risk of an inifite loop */

  for(dns_altname_index = 0; ; dns_altname_index++) {

    dns_altname = ssl_get_cert_subject_alt_dnsname(ssl, dns_altname_index);

    if(dns_altname == NULL) {

      break;

    }

    found_subject_alt_names = 1;



    infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",

          dns_altname, conn->host.name);

    if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {

      found_subject_alt_name_matching_conn = 1;

      break;

    }

  }



  /* RFC2818 checks */

  if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {

    /* Break connection ! */

    Curl_axtls_close(conn, sockindex);

    failf(data, "\tsubjectAltName(s) do not match %s\n", conn->host.dispname);

    return CURLE_PEER_FAILED_VERIFICATION;

  }

  else if(found_subject_alt_names == 0) {

    /* Per RFC2818, when no Subject Alt Names were available, examine the peer

       CN as a legacy fallback */

    peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);

    if(peer_CN == NULL) {

      /* Similar behaviour to the OpenSSL interface */

      Curl_axtls_close(conn, sockindex);

      failf(data, "unable to obtain common name from peer certificate");

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    else {

      if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {

        if(data->set.ssl.verifyhost) {

          /* Break connection ! */

          Curl_axtls_close(conn, sockindex);

          failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",

                peer_CN, conn->host.dispname);

          return CURLE_PEER_FAILED_VERIFICATION;

        }

        else

          infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",

                peer_CN, conn->host.dispname);

      }

    }

  }



  /* General housekeeping */

  conn->ssl[sockindex].state = ssl_connection_complete;

  conn->ssl[sockindex].ssl = ssl;

lib/curl_darwinssl.c

+7 −3
Original line number Diff line number Diff line
@@ -803,6 +803,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, 
  }

#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */



  /* If this is a domain name and not an IP address, then configure SNI.

   * Also: the verifyhost setting influences SNI usage */

  /* If this is a domain name and not an IP address, then configure SNI: */

  if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&

#ifdef ENABLE_IPV6
@@ -862,7 +864,6 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) 
        connssl->connecting_state = connssl->ssl_direction ?

            ssl_connect_2_writing : ssl_connect_2_reading;

        return CURLE_OK;

        break;



      case errSSLServerAuthCompleted:

        /* the documentation says we need to call SSLHandshake() again */
@@ -874,13 +875,16 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) 
      case errSSLCertExpired:

        failf(data, "SSL certificate problem: OSStatus %d", err);

        return CURLE_SSL_CACERT;

        break;



      case errSSLHostNameMismatch:

        failf(data, "SSL certificate peer verification failed, the "

              "certificate did not match \"%s\"\n", conn->host.dispname);

        return CURLE_PEER_FAILED_VERIFICATION;



      default:

        failf(data, "Unknown SSL protocol error in connection to %s:%d",

              conn->host.name, err);

        return CURLE_SSL_CONNECT_ERROR;

        break;

    }

  }

  else {

lib/curl_schannel.c

+13 −5
Original line number Diff line number Diff line
@@ -156,14 +156,22 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) 
      infof(data, "schannel: disable server certificate revocation checks\n");

    }



    if(Curl_inet_pton(AF_INET, conn->host.name, &addr) ||

    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)

#ifdef ENABLE_IPV6

       Curl_inet_pton(AF_INET6, conn->host.name, &addr6) ||

       || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)

#endif

       !data->set.ssl.verifyhost) {

      ) {

      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;

      infof(data, "schannel: using IP address, disable SNI servername "

            "check\n");

      infof(data, "schannel: using IP address, SNI is being disabled by "

                  "disabling the servername check against the "

                  "subject names in server certificates.\n");

    }



    if(!data->set.ssl.verifyhost) {

      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;

      infof(data, "schannel: verifyhost setting prevents Schannel from "

                  "comparing the supplied target name with the subject "

                  "names in server certificates. Also disables SNI.\n");

    }



    switch(data->set.ssl.version) {

lib/cyassl.c

+42 −5
Original line number Diff line number Diff line
@@ -53,6 +53,8 @@ 
#include "curl_memory.h"

/* The last #include file should be: */

#include "memdebug.h"

#include <cyassl/ssl.h>

#include <cyassl/error.h>





static Curl_recv cyassl_recv;
@@ -237,6 +239,13 @@ cyassl_connect_step2(struct connectdata *conn, 
  conn->recv[sockindex] = cyassl_recv;

  conn->send[sockindex] = cyassl_send;



  /* Enable RFC2818 checks */

  if(data->set.ssl.verifyhost) {

    ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);

    if(ret == SSL_FAILURE)

      return CURLE_OUT_OF_MEMORY;

  }



  ret = SSL_connect(conssl->handle);

  if(ret != 1) {

    char error_buffer[80];
@@ -246,16 +255,44 @@ cyassl_connect_step2(struct connectdata *conn, 
      conssl->connecting_state = ssl_connect_2_reading;

      return CURLE_OK;

    }



    if(SSL_ERROR_WANT_WRITE == detail) {

    else if(SSL_ERROR_WANT_WRITE == detail) {

      conssl->connecting_state = ssl_connect_2_writing;

      return CURLE_OK;

    }



    /* There is no easy way to override only the CN matching.

     * This will enable the override of both mismatching SubjectAltNames

     * as also mismatching CN fields */

    else if(DOMAIN_NAME_MISMATCH == detail) {

#if 1

      failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",

            conn->host.dispname);

      return CURLE_PEER_FAILED_VERIFICATION;

#else

      /* When the CyaSSL_check_domain_name() is used and you desire to continue

       * on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',

       * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only

       * way to do this is currently to switch the CyaSSL_check_domain_name()

       * in and out based on the 'data->set.ssl.verifyhost' value. */

      if(data->set.ssl.verifyhost) {

        failf(data,

              "\tsubject alt name(s) or common name do not match \"%s\"\n",

              conn->host.dispname);

        return CURLE_PEER_FAILED_VERIFICATION;

      }

      else {

        infof(data,

              "\tsubject alt name(s) and/or common name do not match \"%s\"\n",

              conn->host.dispname);

        return CURLE_OK;

      }

#endif

    }

    else {

      failf(data, "SSL_connect failed with error %d: %s", detail,

          ERR_error_string(detail, error_buffer));

      return CURLE_SSL_CONNECT_ERROR;

    }

  }



  conssl->connecting_state = ssl_connect_3;

  infof(data, "SSL connected\n");