Fossil SCM
Make format parameter in socket_set_errmsg() and ssl_set_errmsg() functions a const.
Commit
cfb8d6604f8a159e8a5c1fa8843be12060f0fff4
Parent
68ce1305b106050…
2 files changed
+2
-2
+16
-16
+2
-2
| --- src/http_socket.c | ||
| +++ src/http_socket.c | ||
| @@ -20,11 +20,11 @@ | ||
| 20 | 20 | ** |
| 21 | 21 | ** This file implements a singleton. A single client socket may be active |
| 22 | 22 | ** at a time. State information is stored in static variables. The identity |
| 23 | 23 | ** of the server is held in global variables that are set by url_parse(). |
| 24 | 24 | ** |
| 25 | -** Low-level sockets are abstracted out into this module because they | |
| 25 | +** Low-level sockets are abstracted out into this module because they | |
| 26 | 26 | ** are handled different on Unix and windows. |
| 27 | 27 | */ |
| 28 | 28 | |
| 29 | 29 | #include "config.h" |
| 30 | 30 | #include "http_socket.h" |
| @@ -63,11 +63,11 @@ | ||
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | /* |
| 66 | 66 | ** Set the socket error message. |
| 67 | 67 | */ |
| 68 | -void socket_set_errmsg(char *zFormat, ...){ | |
| 68 | +void socket_set_errmsg(const char *zFormat, ...){ | |
| 69 | 69 | va_list ap; |
| 70 | 70 | socket_clear_errmsg(); |
| 71 | 71 | va_start(ap, zFormat); |
| 72 | 72 | socketErrMsg = vmprintf(zFormat, ap); |
| 73 | 73 | va_end(ap); |
| 74 | 74 |
| --- src/http_socket.c | |
| +++ src/http_socket.c | |
| @@ -20,11 +20,11 @@ | |
| 20 | ** |
| 21 | ** This file implements a singleton. A single client socket may be active |
| 22 | ** at a time. State information is stored in static variables. The identity |
| 23 | ** of the server is held in global variables that are set by url_parse(). |
| 24 | ** |
| 25 | ** Low-level sockets are abstracted out into this module because they |
| 26 | ** are handled different on Unix and windows. |
| 27 | */ |
| 28 | |
| 29 | #include "config.h" |
| 30 | #include "http_socket.h" |
| @@ -63,11 +63,11 @@ | |
| 63 | } |
| 64 | |
| 65 | /* |
| 66 | ** Set the socket error message. |
| 67 | */ |
| 68 | void socket_set_errmsg(char *zFormat, ...){ |
| 69 | va_list ap; |
| 70 | socket_clear_errmsg(); |
| 71 | va_start(ap, zFormat); |
| 72 | socketErrMsg = vmprintf(zFormat, ap); |
| 73 | va_end(ap); |
| 74 |
| --- src/http_socket.c | |
| +++ src/http_socket.c | |
| @@ -20,11 +20,11 @@ | |
| 20 | ** |
| 21 | ** This file implements a singleton. A single client socket may be active |
| 22 | ** at a time. State information is stored in static variables. The identity |
| 23 | ** of the server is held in global variables that are set by url_parse(). |
| 24 | ** |
| 25 | ** Low-level sockets are abstracted out into this module because they |
| 26 | ** are handled different on Unix and windows. |
| 27 | */ |
| 28 | |
| 29 | #include "config.h" |
| 30 | #include "http_socket.h" |
| @@ -63,11 +63,11 @@ | |
| 63 | } |
| 64 | |
| 65 | /* |
| 66 | ** Set the socket error message. |
| 67 | */ |
| 68 | void socket_set_errmsg(const char *zFormat, ...){ |
| 69 | va_list ap; |
| 70 | socket_clear_errmsg(); |
| 71 | va_start(ap, zFormat); |
| 72 | socketErrMsg = vmprintf(zFormat, ap); |
| 73 | va_end(ap); |
| 74 |
+16
-16
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -58,11 +58,11 @@ | ||
| 58 | 58 | } |
| 59 | 59 | |
| 60 | 60 | /* |
| 61 | 61 | ** Set the SSL error message. |
| 62 | 62 | */ |
| 63 | -void ssl_set_errmsg(char *zFormat, ...){ | |
| 63 | +void ssl_set_errmsg(const char *zFormat, ...){ | |
| 64 | 64 | va_list ap; |
| 65 | 65 | ssl_clear_errmsg(); |
| 66 | 66 | va_start(ap, zFormat); |
| 67 | 67 | sslErrMsg = vmprintf(zFormat, ap); |
| 68 | 68 | va_end(ap); |
| @@ -82,30 +82,30 @@ | ||
| 82 | 82 | static int ssl_client_cert_callback(SSL *ssl, X509 **x509, EVP_PKEY **pkey){ |
| 83 | 83 | fossil_warning("The remote server requested a client certificate for " |
| 84 | 84 | "authentication. Specify the pathname to a file containing the PEM " |
| 85 | 85 | "encoded certificate and private key with the --ssl-identity option " |
| 86 | 86 | "or the ssl-identity setting."); |
| 87 | - return 0; /* no cert available */ | |
| 87 | + return 0; /* no cert available */ | |
| 88 | 88 | } |
| 89 | 89 | |
| 90 | 90 | /* |
| 91 | 91 | ** Call this routine once before any other use of the SSL interface. |
| 92 | 92 | ** This routine does initial configuration of the SSL module. |
| 93 | 93 | */ |
| 94 | 94 | void ssl_global_init(void){ |
| 95 | 95 | const char *zCaSetting = 0, *zCaFile = 0, *zCaDirectory = 0; |
| 96 | 96 | const char *identityFile; |
| 97 | - | |
| 97 | + | |
| 98 | 98 | if( sslIsInit==0 ){ |
| 99 | 99 | SSL_library_init(); |
| 100 | 100 | SSL_load_error_strings(); |
| 101 | 101 | ERR_load_BIO_strings(); |
| 102 | - OpenSSL_add_all_algorithms(); | |
| 102 | + OpenSSL_add_all_algorithms(); | |
| 103 | 103 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| 104 | 104 | /* Disable SSLv2 */ |
| 105 | 105 | SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2); |
| 106 | - | |
| 106 | + | |
| 107 | 107 | /* Set up acceptable CA root certificates */ |
| 108 | 108 | zCaSetting = db_get("ssl-ca-location", 0); |
| 109 | 109 | if( zCaSetting==0 || zCaSetting[0]=='\0' ){ |
| 110 | 110 | /* CA location not specified, use platform's default certificate store */ |
| 111 | 111 | X509_STORE_set_default_paths(SSL_CTX_get_cert_store(sslCtx)); |
| @@ -129,11 +129,11 @@ | ||
| 129 | 129 | if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 130 | 130 | fossil_fatal("Failed to use CA root certificates from " |
| 131 | 131 | "ssl-ca-location '%s'", zCaSetting); |
| 132 | 132 | } |
| 133 | 133 | } |
| 134 | - | |
| 134 | + | |
| 135 | 135 | /* Load client SSL identity, preferring the filename specified on the |
| 136 | 136 | ** command line */ |
| 137 | 137 | if( g.zSSLIdentity!=0 ){ |
| 138 | 138 | identityFile = g.zSSLIdentity; |
| 139 | 139 | }else{ |
| @@ -164,11 +164,11 @@ | ||
| 164 | 164 | sslIsInit = 0; |
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | 168 | /* |
| 169 | -** Close the currently open SSL connection. If no connection is open, | |
| 169 | +** Close the currently open SSL connection. If no connection is open, | |
| 170 | 170 | ** this routine is a no-op. |
| 171 | 171 | */ |
| 172 | 172 | void ssl_close(void){ |
| 173 | 173 | if( iBio!=NULL ){ |
| 174 | 174 | (void)BIO_reset(iBio); |
| @@ -276,11 +276,11 @@ | ||
| 276 | 276 | BIO_push(iBio, sBio); |
| 277 | 277 | }else{ |
| 278 | 278 | iBio = BIO_new_ssl_connect(sslCtx); |
| 279 | 279 | } |
| 280 | 280 | if( iBio==NULL ) { |
| 281 | - ssl_set_errmsg("SSL: cannot open SSL (%s)", | |
| 281 | + ssl_set_errmsg("SSL: cannot open SSL (%s)", | |
| 282 | 282 | ERR_reason_error_string(ERR_get_error())); |
| 283 | 283 | return 1; |
| 284 | 284 | } |
| 285 | 285 | BIO_get_ssl(iBio, &ssl); |
| 286 | 286 | |
| @@ -295,19 +295,19 @@ | ||
| 295 | 295 | |
| 296 | 296 | if( !pUrlData->useProxy ){ |
| 297 | 297 | BIO_set_conn_hostname(iBio, pUrlData->name); |
| 298 | 298 | BIO_set_conn_int_port(iBio, &pUrlData->port); |
| 299 | 299 | if( BIO_do_connect(iBio)<=0 ){ |
| 300 | - ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", | |
| 300 | + ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", | |
| 301 | 301 | pUrlData->name, pUrlData->port, ERR_reason_error_string(ERR_get_error())); |
| 302 | 302 | ssl_close(); |
| 303 | 303 | return 1; |
| 304 | 304 | } |
| 305 | 305 | } |
| 306 | - | |
| 306 | + | |
| 307 | 307 | if( BIO_do_handshake(iBio)<=0 ) { |
| 308 | - ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)", | |
| 308 | + ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)", | |
| 309 | 309 | pUrlData->useProxy?pUrlData->hostname:pUrlData->name, |
| 310 | 310 | pUrlData->useProxy?pUrlData->proxyOrigPort:pUrlData->port, |
| 311 | 311 | ERR_reason_error_string(ERR_get_error())); |
| 312 | 312 | ssl_close(); |
| 313 | 313 | return 1; |
| @@ -321,17 +321,17 @@ | ||
| 321 | 321 | return 1; |
| 322 | 322 | } |
| 323 | 323 | |
| 324 | 324 | if( trusted<=0 && (e = SSL_get_verify_result(ssl)) != X509_V_OK ){ |
| 325 | 325 | char *desc, *prompt; |
| 326 | - char *warning = ""; | |
| 326 | + const char *warning = ""; | |
| 327 | 327 | Blob ans; |
| 328 | 328 | char cReply; |
| 329 | 329 | BIO *mem; |
| 330 | 330 | unsigned char md[32]; |
| 331 | 331 | unsigned int mdLength = 31; |
| 332 | - | |
| 332 | + | |
| 333 | 333 | mem = BIO_new(BIO_s_mem()); |
| 334 | 334 | X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE); |
| 335 | 335 | BIO_puts(mem, "\n\nIssued By:\n\n"); |
| 336 | 336 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE); |
| 337 | 337 | BIO_puts(mem, "\n\nSHA1 Fingerprint:\n\n "); |
| @@ -341,11 +341,11 @@ | ||
| 341 | 341 | BIO_printf(mem, " %02x", md[j]); |
| 342 | 342 | } |
| 343 | 343 | } |
| 344 | 344 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 345 | 345 | BIO_get_mem_data(mem, &desc); |
| 346 | - | |
| 346 | + | |
| 347 | 347 | if( hasSavedCertificate ){ |
| 348 | 348 | warning = "WARNING: Certificate doesn't match the " |
| 349 | 349 | "saved certificate for this host!"; |
| 350 | 350 | } |
| 351 | 351 | prompt = mprintf("\nSSL verification failed: %s\n" |
| @@ -413,11 +413,11 @@ | ||
| 413 | 413 | db_set(zHost, zCert, 1); |
| 414 | 414 | free(zHost); |
| 415 | 415 | zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 416 | 416 | db_set_int(zHost, trusted, 1); |
| 417 | 417 | free(zHost); |
| 418 | - BIO_free(mem); | |
| 418 | + BIO_free(mem); | |
| 419 | 419 | } |
| 420 | 420 | |
| 421 | 421 | /* |
| 422 | 422 | ** Get certificate for pUrlData->urlName from global config. |
| 423 | 423 | ** Return NULL if no certificate found. |
| @@ -443,11 +443,11 @@ | ||
| 443 | 443 | |
| 444 | 444 | mem = BIO_new(BIO_s_mem()); |
| 445 | 445 | BIO_puts(mem, zCert); |
| 446 | 446 | cert = PEM_read_bio_X509(mem, NULL, 0, NULL); |
| 447 | 447 | free(zCert); |
| 448 | - BIO_free(mem); | |
| 448 | + BIO_free(mem); | |
| 449 | 449 | return cert; |
| 450 | 450 | } |
| 451 | 451 | |
| 452 | 452 | /* |
| 453 | 453 | ** Send content out over the SSL connection. |
| 454 | 454 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -58,11 +58,11 @@ | |
| 58 | } |
| 59 | |
| 60 | /* |
| 61 | ** Set the SSL error message. |
| 62 | */ |
| 63 | void ssl_set_errmsg(char *zFormat, ...){ |
| 64 | va_list ap; |
| 65 | ssl_clear_errmsg(); |
| 66 | va_start(ap, zFormat); |
| 67 | sslErrMsg = vmprintf(zFormat, ap); |
| 68 | va_end(ap); |
| @@ -82,30 +82,30 @@ | |
| 82 | static int ssl_client_cert_callback(SSL *ssl, X509 **x509, EVP_PKEY **pkey){ |
| 83 | fossil_warning("The remote server requested a client certificate for " |
| 84 | "authentication. Specify the pathname to a file containing the PEM " |
| 85 | "encoded certificate and private key with the --ssl-identity option " |
| 86 | "or the ssl-identity setting."); |
| 87 | return 0; /* no cert available */ |
| 88 | } |
| 89 | |
| 90 | /* |
| 91 | ** Call this routine once before any other use of the SSL interface. |
| 92 | ** This routine does initial configuration of the SSL module. |
| 93 | */ |
| 94 | void ssl_global_init(void){ |
| 95 | const char *zCaSetting = 0, *zCaFile = 0, *zCaDirectory = 0; |
| 96 | const char *identityFile; |
| 97 | |
| 98 | if( sslIsInit==0 ){ |
| 99 | SSL_library_init(); |
| 100 | SSL_load_error_strings(); |
| 101 | ERR_load_BIO_strings(); |
| 102 | OpenSSL_add_all_algorithms(); |
| 103 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| 104 | /* Disable SSLv2 */ |
| 105 | SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2); |
| 106 | |
| 107 | /* Set up acceptable CA root certificates */ |
| 108 | zCaSetting = db_get("ssl-ca-location", 0); |
| 109 | if( zCaSetting==0 || zCaSetting[0]=='\0' ){ |
| 110 | /* CA location not specified, use platform's default certificate store */ |
| 111 | X509_STORE_set_default_paths(SSL_CTX_get_cert_store(sslCtx)); |
| @@ -129,11 +129,11 @@ | |
| 129 | if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 130 | fossil_fatal("Failed to use CA root certificates from " |
| 131 | "ssl-ca-location '%s'", zCaSetting); |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | /* Load client SSL identity, preferring the filename specified on the |
| 136 | ** command line */ |
| 137 | if( g.zSSLIdentity!=0 ){ |
| 138 | identityFile = g.zSSLIdentity; |
| 139 | }else{ |
| @@ -164,11 +164,11 @@ | |
| 164 | sslIsInit = 0; |
| 165 | } |
| 166 | } |
| 167 | |
| 168 | /* |
| 169 | ** Close the currently open SSL connection. If no connection is open, |
| 170 | ** this routine is a no-op. |
| 171 | */ |
| 172 | void ssl_close(void){ |
| 173 | if( iBio!=NULL ){ |
| 174 | (void)BIO_reset(iBio); |
| @@ -276,11 +276,11 @@ | |
| 276 | BIO_push(iBio, sBio); |
| 277 | }else{ |
| 278 | iBio = BIO_new_ssl_connect(sslCtx); |
| 279 | } |
| 280 | if( iBio==NULL ) { |
| 281 | ssl_set_errmsg("SSL: cannot open SSL (%s)", |
| 282 | ERR_reason_error_string(ERR_get_error())); |
| 283 | return 1; |
| 284 | } |
| 285 | BIO_get_ssl(iBio, &ssl); |
| 286 | |
| @@ -295,19 +295,19 @@ | |
| 295 | |
| 296 | if( !pUrlData->useProxy ){ |
| 297 | BIO_set_conn_hostname(iBio, pUrlData->name); |
| 298 | BIO_set_conn_int_port(iBio, &pUrlData->port); |
| 299 | if( BIO_do_connect(iBio)<=0 ){ |
| 300 | ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", |
| 301 | pUrlData->name, pUrlData->port, ERR_reason_error_string(ERR_get_error())); |
| 302 | ssl_close(); |
| 303 | return 1; |
| 304 | } |
| 305 | } |
| 306 | |
| 307 | if( BIO_do_handshake(iBio)<=0 ) { |
| 308 | ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)", |
| 309 | pUrlData->useProxy?pUrlData->hostname:pUrlData->name, |
| 310 | pUrlData->useProxy?pUrlData->proxyOrigPort:pUrlData->port, |
| 311 | ERR_reason_error_string(ERR_get_error())); |
| 312 | ssl_close(); |
| 313 | return 1; |
| @@ -321,17 +321,17 @@ | |
| 321 | return 1; |
| 322 | } |
| 323 | |
| 324 | if( trusted<=0 && (e = SSL_get_verify_result(ssl)) != X509_V_OK ){ |
| 325 | char *desc, *prompt; |
| 326 | char *warning = ""; |
| 327 | Blob ans; |
| 328 | char cReply; |
| 329 | BIO *mem; |
| 330 | unsigned char md[32]; |
| 331 | unsigned int mdLength = 31; |
| 332 | |
| 333 | mem = BIO_new(BIO_s_mem()); |
| 334 | X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE); |
| 335 | BIO_puts(mem, "\n\nIssued By:\n\n"); |
| 336 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE); |
| 337 | BIO_puts(mem, "\n\nSHA1 Fingerprint:\n\n "); |
| @@ -341,11 +341,11 @@ | |
| 341 | BIO_printf(mem, " %02x", md[j]); |
| 342 | } |
| 343 | } |
| 344 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 345 | BIO_get_mem_data(mem, &desc); |
| 346 | |
| 347 | if( hasSavedCertificate ){ |
| 348 | warning = "WARNING: Certificate doesn't match the " |
| 349 | "saved certificate for this host!"; |
| 350 | } |
| 351 | prompt = mprintf("\nSSL verification failed: %s\n" |
| @@ -413,11 +413,11 @@ | |
| 413 | db_set(zHost, zCert, 1); |
| 414 | free(zHost); |
| 415 | zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 416 | db_set_int(zHost, trusted, 1); |
| 417 | free(zHost); |
| 418 | BIO_free(mem); |
| 419 | } |
| 420 | |
| 421 | /* |
| 422 | ** Get certificate for pUrlData->urlName from global config. |
| 423 | ** Return NULL if no certificate found. |
| @@ -443,11 +443,11 @@ | |
| 443 | |
| 444 | mem = BIO_new(BIO_s_mem()); |
| 445 | BIO_puts(mem, zCert); |
| 446 | cert = PEM_read_bio_X509(mem, NULL, 0, NULL); |
| 447 | free(zCert); |
| 448 | BIO_free(mem); |
| 449 | return cert; |
| 450 | } |
| 451 | |
| 452 | /* |
| 453 | ** Send content out over the SSL connection. |
| 454 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -58,11 +58,11 @@ | |
| 58 | } |
| 59 | |
| 60 | /* |
| 61 | ** Set the SSL error message. |
| 62 | */ |
| 63 | void ssl_set_errmsg(const char *zFormat, ...){ |
| 64 | va_list ap; |
| 65 | ssl_clear_errmsg(); |
| 66 | va_start(ap, zFormat); |
| 67 | sslErrMsg = vmprintf(zFormat, ap); |
| 68 | va_end(ap); |
| @@ -82,30 +82,30 @@ | |
| 82 | static int ssl_client_cert_callback(SSL *ssl, X509 **x509, EVP_PKEY **pkey){ |
| 83 | fossil_warning("The remote server requested a client certificate for " |
| 84 | "authentication. Specify the pathname to a file containing the PEM " |
| 85 | "encoded certificate and private key with the --ssl-identity option " |
| 86 | "or the ssl-identity setting."); |
| 87 | return 0; /* no cert available */ |
| 88 | } |
| 89 | |
| 90 | /* |
| 91 | ** Call this routine once before any other use of the SSL interface. |
| 92 | ** This routine does initial configuration of the SSL module. |
| 93 | */ |
| 94 | void ssl_global_init(void){ |
| 95 | const char *zCaSetting = 0, *zCaFile = 0, *zCaDirectory = 0; |
| 96 | const char *identityFile; |
| 97 | |
| 98 | if( sslIsInit==0 ){ |
| 99 | SSL_library_init(); |
| 100 | SSL_load_error_strings(); |
| 101 | ERR_load_BIO_strings(); |
| 102 | OpenSSL_add_all_algorithms(); |
| 103 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| 104 | /* Disable SSLv2 */ |
| 105 | SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2); |
| 106 | |
| 107 | /* Set up acceptable CA root certificates */ |
| 108 | zCaSetting = db_get("ssl-ca-location", 0); |
| 109 | if( zCaSetting==0 || zCaSetting[0]=='\0' ){ |
| 110 | /* CA location not specified, use platform's default certificate store */ |
| 111 | X509_STORE_set_default_paths(SSL_CTX_get_cert_store(sslCtx)); |
| @@ -129,11 +129,11 @@ | |
| 129 | if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 130 | fossil_fatal("Failed to use CA root certificates from " |
| 131 | "ssl-ca-location '%s'", zCaSetting); |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | /* Load client SSL identity, preferring the filename specified on the |
| 136 | ** command line */ |
| 137 | if( g.zSSLIdentity!=0 ){ |
| 138 | identityFile = g.zSSLIdentity; |
| 139 | }else{ |
| @@ -164,11 +164,11 @@ | |
| 164 | sslIsInit = 0; |
| 165 | } |
| 166 | } |
| 167 | |
| 168 | /* |
| 169 | ** Close the currently open SSL connection. If no connection is open, |
| 170 | ** this routine is a no-op. |
| 171 | */ |
| 172 | void ssl_close(void){ |
| 173 | if( iBio!=NULL ){ |
| 174 | (void)BIO_reset(iBio); |
| @@ -276,11 +276,11 @@ | |
| 276 | BIO_push(iBio, sBio); |
| 277 | }else{ |
| 278 | iBio = BIO_new_ssl_connect(sslCtx); |
| 279 | } |
| 280 | if( iBio==NULL ) { |
| 281 | ssl_set_errmsg("SSL: cannot open SSL (%s)", |
| 282 | ERR_reason_error_string(ERR_get_error())); |
| 283 | return 1; |
| 284 | } |
| 285 | BIO_get_ssl(iBio, &ssl); |
| 286 | |
| @@ -295,19 +295,19 @@ | |
| 295 | |
| 296 | if( !pUrlData->useProxy ){ |
| 297 | BIO_set_conn_hostname(iBio, pUrlData->name); |
| 298 | BIO_set_conn_int_port(iBio, &pUrlData->port); |
| 299 | if( BIO_do_connect(iBio)<=0 ){ |
| 300 | ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", |
| 301 | pUrlData->name, pUrlData->port, ERR_reason_error_string(ERR_get_error())); |
| 302 | ssl_close(); |
| 303 | return 1; |
| 304 | } |
| 305 | } |
| 306 | |
| 307 | if( BIO_do_handshake(iBio)<=0 ) { |
| 308 | ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)", |
| 309 | pUrlData->useProxy?pUrlData->hostname:pUrlData->name, |
| 310 | pUrlData->useProxy?pUrlData->proxyOrigPort:pUrlData->port, |
| 311 | ERR_reason_error_string(ERR_get_error())); |
| 312 | ssl_close(); |
| 313 | return 1; |
| @@ -321,17 +321,17 @@ | |
| 321 | return 1; |
| 322 | } |
| 323 | |
| 324 | if( trusted<=0 && (e = SSL_get_verify_result(ssl)) != X509_V_OK ){ |
| 325 | char *desc, *prompt; |
| 326 | const char *warning = ""; |
| 327 | Blob ans; |
| 328 | char cReply; |
| 329 | BIO *mem; |
| 330 | unsigned char md[32]; |
| 331 | unsigned int mdLength = 31; |
| 332 | |
| 333 | mem = BIO_new(BIO_s_mem()); |
| 334 | X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE); |
| 335 | BIO_puts(mem, "\n\nIssued By:\n\n"); |
| 336 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE); |
| 337 | BIO_puts(mem, "\n\nSHA1 Fingerprint:\n\n "); |
| @@ -341,11 +341,11 @@ | |
| 341 | BIO_printf(mem, " %02x", md[j]); |
| 342 | } |
| 343 | } |
| 344 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 345 | BIO_get_mem_data(mem, &desc); |
| 346 | |
| 347 | if( hasSavedCertificate ){ |
| 348 | warning = "WARNING: Certificate doesn't match the " |
| 349 | "saved certificate for this host!"; |
| 350 | } |
| 351 | prompt = mprintf("\nSSL verification failed: %s\n" |
| @@ -413,11 +413,11 @@ | |
| 413 | db_set(zHost, zCert, 1); |
| 414 | free(zHost); |
| 415 | zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 416 | db_set_int(zHost, trusted, 1); |
| 417 | free(zHost); |
| 418 | BIO_free(mem); |
| 419 | } |
| 420 | |
| 421 | /* |
| 422 | ** Get certificate for pUrlData->urlName from global config. |
| 423 | ** Return NULL if no certificate found. |
| @@ -443,11 +443,11 @@ | |
| 443 | |
| 444 | mem = BIO_new(BIO_s_mem()); |
| 445 | BIO_puts(mem, zCert); |
| 446 | cert = PEM_read_bio_X509(mem, NULL, 0, NULL); |
| 447 | free(zCert); |
| 448 | BIO_free(mem); |
| 449 | return cert; |
| 450 | } |
| 451 | |
| 452 | /* |
| 453 | ** Send content out over the SSL connection. |
| 454 |