Re: [w3m-dev 03320] Re: Passwords

* etc.c (dir_under): same path is ok * file.c (loadGeneralFile): if missing, return NULL ssl cert already checked * html.h (URLFILE): add ssl_certificate * istream.c (ssl_get_certificate): change args * istream.h (ssl_get_certificate): ditto * url.c (openSSLHandle): add p_cert ssl certificate check here (HTTPrequest): auth_cookie fix From: AIDA Shinra <aida-s@jcom.home.ne.jp>
2002-09-28 16:30:07 +00:00
parent f456ed308c
commit d4214f39a6
7 changed files with 65 additions and 30 deletions
@@ -1,3 +1,16 @@
+2002-09-29  AIDA Shinra <aida-s@jcom.home.ne.jp>
+
+	* Re: [w3m-dev 03320] Re: Passwords
+	* etc.c (dir_under): same path is ok
+	* file.c (loadGeneralFile): if missing, return NULL
+		ssl cert already checked
+	* html.h (URLFILE): add ssl_certificate
+	* istream.c (ssl_get_certificate): change args
+	* istream.h (ssl_get_certificate): ditto
+	* url.c (openSSLHandle): add p_cert
+		ssl certificate check here
+		(HTTPrequest): auth_cookie fix
+
 2002-09-25  Fumitoshi UKAI  <ukai@debian.or.jp>

 	* [w3m-dev 03321] Bug#162104: file descriptors 1 and 2 are closed rather than reopened to /dev/null
@@ -3827,4 +3840,4 @@
 	* release-0-2-1
 	* import w3m-0.2.1

-$Id: ChangeLog,v 1.430 2002/09/24 17:35:52 ukai Exp $
+$Id: ChangeLog,v 1.431 2002/09/28 16:30:07 ukai Exp $
@@ -1,4 +1,4 @@
-/* $Id: etc.c,v 1.24 2002/09/24 17:35:52 ukai Exp $ */
+/* $Id: etc.c,v 1.25 2002/09/28 16:30:07 ukai Exp $ */
 #include "fm.h"
 #include <pwd.h>
 #include "myctype.h"
@@ -854,6 +854,8 @@ static int
 dir_under(const char *x, const char *y)
 {
    size_t len = strlen(x);
+    if (strcmp(x, y) == 0)
+	return 1;
    return x[len - 1] == '/'
 	&& strlen(y) >= len
 	&& y[len - 1] == '/' && strncasecmp(x, y, len) == 0;
@@ -1,4 +1,4 @@
-/* $Id: file.c,v 1.101 2002/09/24 16:35:02 ukai Exp $ */
+/* $Id: file.c,v 1.102 2002/09/28 16:30:07 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include "myctype.h"
@@ -1582,6 +1582,11 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
 	return NULL;
    }

+    if (status == HTST_MISSING) {
+	UFclose(&f);
+	return NULL;
+    }
+
    /* openURL() succeeded */
    if (SETJMP(AbortLoading) != 0) {
 	/* transfer interrupted */
@@ -1955,13 +1960,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
 	t_buf->bufferprop |= BP_FRAME;
    }
 #ifdef USE_SSL
-    if (IStype(f.stream) == IST_SSL) {
-	Str s = ssl_get_certificate(f.stream, pu.host);
-	if (s == NULL)
-	    return NULL;
-	else
-	    t_buf->ssl_certificate = s->ptr;
-    }
+    if (IStype(f.stream) == IST_SSL)
+	t_buf->ssl_certificate = f.ssl_certificate;
 #endif
    frame_source = flag & RG_FRAME_SRC;
    b = loadSomething(&f, pu.real_file ? pu.real_file : pu.file, proc, t_buf);
@@ -1,4 +1,4 @@
-/* $Id: html.h,v 1.7 2002/02/05 12:31:27 ukai Exp $ */
+/* $Id: html.h,v 1.8 2002/09/28 16:30:07 ukai Exp $ */
 #ifndef _HTML_H
 #define _HTML_H
 #ifdef USE_SSL
@@ -69,6 +69,9 @@ typedef struct {
    char *ext;
    int compression;
    char *guess_type;
+#ifdef USE_SSL
+    char *ssl_certificate;
+#endif
 } URLFile;

 #define CMP_NOCOMPRESS   0
@@ -1,4 +1,4 @@
-/* $Id: istream.c,v 1.14 2002/02/07 14:02:12 ukai Exp $ */
+/* $Id: istream.c,v 1.15 2002/09/28 16:30:07 ukai Exp $ */
 #include "fm.h"
 #include "istream.h"
 #include <signal.h>
@@ -470,7 +470,7 @@ ssl_check_cert_ident(X509 * x, char *hostname)
 }

 Str
-ssl_get_certificate(InputStream stream, char *hostname)
+ssl_get_certificate(SSL * ssl, char *hostname)
 {
    BIO *bp;
    X509 *x;
@@ -483,13 +483,9 @@ ssl_get_certificate(InputStream stream, char *hostname)
    Str emsg;
    char *ans;

-    if (stream == NULL)
+    if (ssl == NULL)
 	return NULL;
-    if (IStype(stream) != IST_SSL)
-	return NULL;
-    if (stream->ssl.handle == NULL)
-	return NULL;
-    x = SSL_get_peer_certificate(stream->ssl.handle->ssl);
+    x = SSL_get_peer_certificate(ssl);
    if (x == NULL) {
 	if (accept_this_site
 	    && strcasecmp(accept_this_site->ptr, hostname) == 0)
@@ -521,7 +517,7 @@ ssl_get_certificate(InputStream stream, char *hostname)
     */
    if (ssl_verify_server) {
 	long verr;
-	if ((verr = SSL_get_verify_result(stream->ssl.handle->ssl))
+	if ((verr = SSL_get_verify_result(ssl))
 	    != X509_V_OK) {
 	    const char *em = X509_verify_cert_error_string(verr);
 	    if (accept_this_site
@@ -1,4 +1,4 @@
-/* $Id: istream.h,v 1.8 2002/01/12 13:33:47 ukai Exp $ */
+/* $Id: istream.h,v 1.9 2002/09/28 16:30:07 ukai Exp $ */
 #ifndef IO_STREAM_H
 #define IO_STREAM_H

@@ -126,7 +126,7 @@ extern int ISfileno(InputStream stream);
 extern int ISeos(InputStream stream);
 #ifdef USE_SSL
 extern void ssl_accept_this_site(char *hostname);
-extern Str ssl_get_certificate(InputStream stream, char *hostname);
+extern Str ssl_get_certificate(SSL *ssl, char *hostname);
 #endif

 #define IST_BASIC	0
@@ -1,4 +1,4 @@
-/* $Id: url.c,v 1.50 2002/09/24 17:06:05 ukai Exp $ */
+/* $Id: url.c,v 1.51 2002/09/28 16:30:07 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -276,7 +276,7 @@ init_PRNG()
 #endif				/* SSLEAY_VERSION_NUMBER >= 0x00905100 */

 static SSL *
-openSSLHandle(int sock, char *hostname)
+openSSLHandle(int sock, char *hostname, char **p_cert)
 {
    SSL *handle = NULL;
    static char *old_ssl_forbid_method = NULL;
@@ -362,8 +362,16 @@ openSSLHandle(int sock, char *hostname)
 #if SSLEAY_VERSION_NUMBER >= 0x00905100
    init_PRNG();
 #endif				/* SSLEAY_VERSION_NUMBER >= 0x00905100 */
-    if (SSL_connect(handle) > 0)
-	return handle;
+    if (SSL_connect(handle) > 0) {
+	Str serv_cert = ssl_get_certificate(handle, hostname);
+	if (serv_cert) {
+	    *p_cert = serv_cert->ptr;
+	    return handle;
+	}
+	close(sock);
+	SSL_free(handle);
+	return NULL;
+    }
  eend:
    close(sock);
    if (handle)
@@ -1312,8 +1320,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)

    if (!seen_www_auth) {
 	Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL);
-	if (!auth_cookie && proxy_auth_cookie)
-	    auth_cookie = proxy_auth_cookie;
 	if (auth_cookie)
 	    Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr,
 			   "\r\n", NULL);
@@ -1323,6 +1329,8 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra)
 	ParsedURL *proxy_pu = schemeToProxy(pu->scheme);
 	Str auth_cookie = find_auth_cookie(
 		proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL);
+	if (!auth_cookie && proxy_auth_cookie)
+	    auth_cookie = proxy_auth_cookie;
 	if (auth_cookie)
 	    Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr,
 			   "\r\n", NULL);
@@ -1580,7 +1588,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 #ifdef USE_SSL
 	    if (pu->scheme == SCM_HTTPS && *status == HTST_CONNECT) {
 		sock = ssl_socket_of(ouf->stream);
-		if (!(sslh = openSSLHandle(sock, pu->host))) {
+		if (!(sslh = openSSLHandle(sock, pu->host,
+				&uf.ssl_certificate))) {
 		    *status = HTST_MISSING;
 		    return uf;
 		}
@@ -1634,7 +1643,8 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 	    }
 #ifdef USE_SSL
 	    if (pu->scheme == SCM_HTTPS) {
-		if (!(sslh = openSSLHandle(sock, pu->host))) {
+		if (!(sslh = openSSLHandle(sock, pu->host,
+				&uf.ssl_certificate))) {
 		    *status = HTST_MISSING;
 		    return uf;
 		}
@@ -1651,6 +1661,17 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current,
 		SSL_write(sslh, tmp->ptr, tmp->length);
 	    else
 		write(sock, tmp->ptr, tmp->length);
+#ifdef HTTP_DEBUG
+	    {
+		FILE *ff = fopen("zzrequest", "a");
+		if (sslh)
+		    fputs("HTTPS: request via SSL\n", ff);
+		else
+		    fputs("HTTPS: request without SSL\n", ff);
+		fwrite(tmp->ptr, sizeof(char), tmp->length, ff);
+		fclose(ff);
+	    }
+#endif				/* HTTP_DEBUG */
 	    if (hr->command == HR_COMMAND_POST &&
 		request->enctype == FORM_ENCTYPE_MULTIPART) {
 		if (sslh)