#include <sys/time.h>
#include "wget.h"
#include "connect.h"
-int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+/* #### Shouldn't this be static? --hniksic */
+int verify_callback PARAMS ((int, X509_STORE_CTX *));
/* Creates a SSL Context and sets some defaults for it */
-int init_ssl(SSL_CTX **ctx)
+int
+init_ssl (SSL_CTX **ctx)
{
-SSL_METHOD *meth=NULL;
-int verify=SSL_VERIFY_NONE;
- SSL_library_init();
- SSL_load_error_strings();
- SSLeay_add_all_algorithms();
- SSLeay_add_ssl_algorithms();
- meth = SSLv23_client_method();
- *ctx = SSL_CTX_new(meth);
- SSL_CTX_set_verify(*ctx,verify,verify_callback);
- if (*ctx==NULL) return SSL_ERR_CTX_CREATION;
-return 0; /* Succeded */
+ SSL_METHOD *meth = NULL;
+ int verify = SSL_VERIFY_NONE;
+ SSL_library_init ();
+ SSL_load_error_strings ();
+ SSLeay_add_all_algorithms ();
+ SSLeay_add_ssl_algorithms ();
+ meth = SSLv23_client_method ();
+ *ctx = SSL_CTX_new (meth);
+ SSL_CTX_set_verify (*ctx, verify, verify_callback);
+ if (*ctx == NULL) return SSL_ERR_CTX_CREATION;
+ return 0; /* Succeded */
}
/* Sets up a SSL structure and performs the handshake on fd
Returns 0 if everything went right
- Returns 1 if something went wrong ----- TODO: More exit codes
+ Returns 1 if something went wrong ----- TODO: More exit codes
*/
-int connect_ssl (SSL **con, SSL_CTX *ctx, int fd)
+int
+connect_ssl (SSL **con, SSL_CTX *ctx, int fd)
{
- *con=(SSL *)SSL_new(ctx);
- SSL_set_fd(*con,fd);
- SSL_set_connect_state(*con);
- SSL_connect(*con);
- if ((*con)->state !=SSL_ST_OK)
+ *con = (SSL *)SSL_new (ctx);
+ SSL_set_fd (*con, fd);
+ SSL_set_connect_state (*con);
+ SSL_connect (*con);
+ if ((*con)->state != SSL_ST_OK)
return 1;
-return 0;
+ return 0;
}
-void shutdown_ssl (SSL* con)
+void
+shutdown_ssl (SSL* con)
{
- SSL_shutdown(con);
- if (con != NULL) SSL_free(con);
+ SSL_shutdown (con);
+ if (con != NULL)
+ SSL_free (con);
}
-void free_ssl_ctx (SSL_CTX * ctx) {
- SSL_CTX_free(ctx);
+void
+free_ssl_ctx (SSL_CTX * ctx)
+{
+ SSL_CTX_free (ctx);
}
-int verify_callback(int ok, X509_STORE_CTX *ctx){
-char *s,buf[256];
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+int
+verify_callback (int ok, X509_STORE_CTX *ctx)
+{
+ char *s, buf[256];
+ s = X509_NAME_oneline (X509_get_subject_name (ctx->current_cert), buf, 256);
if (ok == 0) {
switch (ctx->error) {
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- ok=1;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ ok = 1;
}
}
- return(ok);
+ return ok;
}
/* SSL version of iread. Only exchanged read for SSL_read
{
int res;
int fd;
- BIO_get_fd(con->rbio,&fd);
+ BIO_get_fd (con->rbio, &fd);
do
{
#ifdef HAVE_SELECT
{
int res = 0;
int fd;
- BIO_get_fd(con->rbio,&fd);
+ BIO_get_fd (con->rbio, &fd);
/* `write' may write less than LEN bytes, thus the outward loop
keeps trying it until all was written, or an error occurred. The
inner loop is reserved for the usual EINTR f*kage, and the
If a previous connection was persistent, it is closed. */
static void
-#ifndef HAVE_SSL
-register_persistent (const char *host, unsigned short port, int fd)
-#else
-register_persistent (const char *host, unsigned short port, int fd, SSL* ssl)
-#endif /* HAVE_SSL */
+register_persistent (const char *host, unsigned short port, int fd
+#ifdef HAVE_SSL
+ , SSL *ssl
+#endif
+ )
{
int success;
different host, and try to register a persistent
connection to that one. */
#ifdef HAVE_SSL
- /* the ssl disconnect has to take place before the closing of pc_last_fd */
- if (pc_last_ssl) shutdown_ssl(pc_last_ssl);
-#endif /* HAVE_SSL */
+ /* The ssl disconnect has to take place before the closing
+ of pc_last_fd. */
+ if (pc_last_ssl)
+ shutdown_ssl(pc_last_ssl);
+#endif
CLOSE (pc_last_fd);
invalidate_persistent ();
}
pc_last_fd = fd;
pc_active_p = 1;
#ifdef HAVE_SSL
- pc_last_ssl=ssl;
- pc_active_ssl= ssl ? 1 : 0;
-#endif /* HAVE_SSL */
+ pc_last_ssl = ssl;
+ pc_active_ssl = ssl ? 1 : 0;
+#endif
DEBUGP (("Registered fd %d for persistent reuse.\n", fd));
}
connecting to HOST:PORT. */
static int
-#ifndef HAVE_SSL
-persistent_available_p (const char *host, unsigned short port)
-#else
-persistent_available_p (const char *host, unsigned short port,int ssl)
-#endif /* HAVE_SSL */
+persistent_available_p (const char *host, unsigned short port
+#ifdef HAVE_SSL
+ int ssl
+#endif
+ )
{
unsigned char this_host[4];
/* First, check whether a persistent connection is active at all. */
(HOST, PORT) ordered pair. */
if (port != pc_last_port)
return 0;
+#ifdef HAVE_SSL
+ /* Second, a): check if current connection is (not) ssl, too. This
+ test is unlikely to fail because HTTP and HTTPS typicaly use
+ different ports. Yet it is possible, or so I [Christian
+ Fraenkel] have been told, to run HTTPS and HTTP simultaneus on
+ the same port. */
+ if (ssl != pc_active_ssl)
+ return 0;
+#endif /* HAVE_SSL */
if (!store_hostaddress (this_host, host))
return 0;
if (memcmp (pc_last_host, this_host, 4))
invalidate_persistent ();
return 0;
}
-#ifdef HAVE_SSL
- /* Fourth: check if current connection is (not) ssl, too.
- This test is unlikely to fail because HTTP and HTTPS
- typicaly use different ports. Yet it is possible (or so
- I have been told) to run HTTPS and HTTP simultaneus on
- the same port. */
- if (ssl!=pc_active_ssl)
- return 0;
-#endif /* HAVE_SSL */
return 1;
}
+#ifdef HAVE_SSL
+# define SHUTDOWN_SSL(ssl) do { \
+ if (ssl) \
+ shutdown_ssl (ssl); \
+} while (0)
+#else
+# define SHUTDOWN_SSL(ssl)
+#endif
+
/* The idea behind these two CLOSE macros is to distinguish between
two cases: one when the job we've been doing is finished, and we
want to close the connection and leave, and two when something is
`pc_active_p && (fd) == pc_last_fd' is "we're *now* using an
active, registered connection". */
-#ifndef HAVE_SSL
#define CLOSE_FINISH(fd) do { \
if (!keep_alive) \
{ \
+ SHUTDOWN_SSL (ssl); \
CLOSE (fd); \
if (pc_active_p && (fd) == pc_last_fd) \
invalidate_persistent (); \
} while (0)
#define CLOSE_INVALIDATE(fd) do { \
+ SHUTDOWN_SSL (ssl); \
CLOSE (fd); \
if (pc_active_p && (fd) == pc_last_fd) \
invalidate_persistent (); \
} while (0)
-
-#else
-
-#define CLOSE_FINISH(fd,ssl) do { \
- if (!keep_alive) \
- { \
- if (ssl) shutdown_ssl(ssl); \
- CLOSE (fd); \
- if (pc_active_p && (fd) == pc_last_fd) \
- invalidate_persistent (); \
- } \
-} while (0)
-
-#define CLOSE_INVALIDATE(fd,ssl) do { \
- if (ssl) shutdown_ssl(ssl); \
- CLOSE (fd); \
- if (pc_active_p && (fd) == pc_last_fd) \
- invalidate_persistent (); \
-} while (0)
-#endif /* HAVE_SSL */
\f
struct http_stat
{
int auth_tried_already;
struct rbuf rbuf;
#ifdef HAVE_SSL
- static SSL_CTX *ssl_ctx=NULL;
- SSL *ssl=NULL;
+ static SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl = NULL;
#endif /* HAVE_SSL */
/* Whether this connection will be kept alive after the HTTP request
#ifdef HAVE_SSL
/* initialize ssl_ctx on first run */
- if (!ssl_ctx) init_ssl(&ssl_ctx);
+ if (!ssl_ctx)
+ init_ssl (&ssl_ctx);
#endif /* HAVE_SSL */
if (!(*dt & HEAD_ONLY))
/* First: establish the connection. */
if (inhibit_keep_alive
+ ||
#ifndef HAVE_SSL
- || !persistent_available_p (u->host, u->port))
+ !persistent_available_p (u->host, u->port)
#else
- || !persistent_available_p (u->host, u->port, (u->proto==URLHTTPS ? 1 : 0)))
+ !persistent_available_p (u->host, u->port, (u->proto==URLHTTPS ? 1 : 0))
#endif /* HAVE_SSL */
+ )
{
logprintf (LOG_VERBOSE, _("Connecting to %s:%hu... "), u->host, u->port);
err = make_connection (&sock, u->host, u->port);
break;
}
#ifdef HAVE_SSL
- if (u->proto==URLHTTPS) if (connect_ssl(&ssl,ssl_ctx,sock)!=0) {
- logputs (LOG_VERBOSE, "\n");
- logprintf (LOG_NOTQUIET, _("Unable to establish SSL connection.\n"));
- CLOSE (sock);
- return CONSSLERR;
- }
+ if (u->proto == URLHTTPS)
+ if (connect_ssl (&ssl, ssl_ctx,sock) != 0)
+ {
+ logputs (LOG_VERBOSE, "\n");
+ logprintf (LOG_NOTQUIET, _("Unable to establish SSL connection.\n"));
+ CLOSE (sock);
+ return CONSSLERR;
+ }
#endif /* HAVE_SSL */
}
else
/* Send the request to server. */
#ifdef HAVE_SSL
- if (u->proto==URLHTTPS) {
- num_written = ssl_iwrite (ssl, request, strlen (request));
- } else {
-#endif /* HAVE_SSL */
- num_written = iwrite (sock, request, strlen (request));
-#ifdef HAVE_SSL
- }
+ if (u->proto == URLHTTPS)
+ num_written = ssl_iwrite (ssl, request, strlen (request));
+ else
#endif /* HAVE_SSL */
+ num_written = iwrite (sock, request, strlen (request));
+
if (num_written < 0)
{
logprintf (LOG_VERBOSE, _("Failed writing HTTP request: %s.\n"),
strerror (errno));
-#ifndef HAVE_SSL
- CLOSE_INVALIDATE (sock);
-#else
- CLOSE_INVALIDATE (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_INVALIDATE (sock);
return WRITEFAILED;
}
logprintf (LOG_VERBOSE, _("%s request sent, awaiting response... "),
/* Before reading anything, initialize the rbuf. */
rbuf_initialize (&rbuf, sock);
#ifdef HAVE_SSL
- if (u->proto == URLHTTPS) {
- rbuf.ssl=ssl;
- } else { rbuf.ssl=NULL; }
+ if (u->proto == URLHTTPS)
+ rbuf.ssl = ssl;
+ else
+ rbuf.ssl = NULL;
#endif /* HAVE_SSL */
all_headers = NULL;
all_length = 0;
FREE_MAYBE (type);
FREE_MAYBE (hs->newloc);
FREE_MAYBE (all_headers);
-#ifndef HAVE_SSL
- CLOSE_INVALIDATE (sock);
-#else
- CLOSE_INVALIDATE (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_INVALIDATE (sock);
return HEOF;
}
else if (status == HG_ERROR)
FREE_MAYBE (type);
FREE_MAYBE (hs->newloc);
FREE_MAYBE (all_headers);
-#ifndef HAVE_SSL
- CLOSE_INVALIDATE (sock);
-#else
- CLOSE_INVALIDATE (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_INVALIDATE (sock);
return HERR;
}
FREE_MAYBE (type);
type = NULL;
FREEHSTAT (*hs);
-#ifndef HAVE_SSL
- CLOSE_FINISH (sock);
-#else
- CLOSE_FINISH (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_FINISH (sock);
if (auth_tried_already)
{
/* If we have tried it already, then there is not point
FREE_MAYBE (type);
FREE_MAYBE (hs->newloc);
FREE_MAYBE (all_headers);
-#ifndef HAVE_SSL
- CLOSE_INVALIDATE (sock);
-#else
- CLOSE_INVALIDATE (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_INVALIDATE (sock);
return RANGEERR;
}
_("Location: %s%s\n"),
hs->newloc ? hs->newloc : _("unspecified"),
hs->newloc ? _(" [following]") : "");
-#ifndef HAVE_SSL
- CLOSE_FINISH (sock);
-#else
- CLOSE_FINISH (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_FINISH (sock);
FREE_MAYBE (type);
FREE_MAYBE (all_headers);
return NEWLOCATION;
hs->res = 0;
FREE_MAYBE (type);
FREE_MAYBE (all_headers);
-#ifndef HAVE_SSL
- CLOSE_FINISH (sock);
-#else
- CLOSE_FINISH (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_FINISH (sock);
return RETRFINISHED;
}
if (!fp)
{
logprintf (LOG_NOTQUIET, "%s: %s\n", u->local, strerror (errno));
-#ifndef HAVE_SSL
- CLOSE_FINISH (sock);
-#else
- CLOSE_FINISH (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_FINISH (sock);
FREE_MAYBE (all_headers);
return FOPENERR;
}
hs->res = -2;
}
FREE_MAYBE (all_headers);
-#ifndef HAVE_SSL
- CLOSE_FINISH (sock);
-#else
- CLOSE_FINISH (sock,ssl);
-#endif /* HAVE_SSL */
+ CLOSE_FINISH (sock);
if (hs->res == -2)
return FWRITEERR;
return RETRFINISHED;