1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
24 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
29 * The original SSLeay-using code for curl was written by Linas Vepstas and
30 * Sampo Kellomaki 1998.
33 #include "curl_setup.h"
41 #include "formdata.h" /* for the boundary function */
42 #include "url.h" /* for the ssl config check function */
43 #include "inet_pton.h"
51 #include "hostcheck.h"
53 #define _MPRINTF_REPLACE /* use the internal *printf() functions */
54 #include <curl/mprintf.h>
59 #include <openssl/rand.h>
60 #include <openssl/x509v3.h>
61 #include <openssl/dsa.h>
62 #include <openssl/dh.h>
63 #include <openssl/err.h>
64 #include <openssl/md5.h>
72 #include "curl_memory.h"
73 #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
75 /* The last #include file should be: */
78 #ifndef OPENSSL_VERSION_NUMBER
79 #error "OPENSSL_VERSION_NUMBER not defined"
82 #if OPENSSL_VERSION_NUMBER >= 0x0090581fL
83 #define HAVE_SSL_GET1_SESSION 1
85 #undef HAVE_SSL_GET1_SESSION
88 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
89 #define HAVE_USERDATA_IN_PWD_CALLBACK 1
91 #undef HAVE_USERDATA_IN_PWD_CALLBACK
94 #if OPENSSL_VERSION_NUMBER >= 0x00907001L
95 /* ENGINE_load_private_key() takes four arguments */
96 #define HAVE_ENGINE_LOAD_FOUR_ARGS
97 #include <openssl/ui.h>
99 /* ENGINE_load_private_key() takes three arguments */
100 #undef HAVE_ENGINE_LOAD_FOUR_ARGS
103 #if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
104 /* OpenSSL has PKCS 12 support */
105 #define HAVE_PKCS12_SUPPORT
107 /* OpenSSL/SSLEay does not have PKCS12 support */
108 #undef HAVE_PKCS12_SUPPORT
111 #if OPENSSL_VERSION_NUMBER >= 0x00906001L
112 #define HAVE_ERR_ERROR_STRING_N 1
115 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
116 #define SSL_METHOD_QUAL const
118 #define SSL_METHOD_QUAL
121 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
122 /* 0.9.6 didn't have X509_STORE_set_flags() */
123 #define HAVE_X509_STORE_SET_FLAGS 1
125 #define X509_STORE_set_flags(x,y) Curl_nop_stmt
128 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
129 #define HAVE_ERR_REMOVE_THREAD_STATE 1
132 #ifndef HAVE_SSLV2_CLIENT_METHOD
133 #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
134 #define OPENSSL_NO_SSL2
138 * Number of bytes to read from the random number seed file. This must be
139 * a finite value (because some entropy "files" like /dev/urandom have
140 * an infinite length), but must be large enough to provide enough
141 * entopy to properly seed OpenSSL's PRNG.
143 #define RAND_LOAD_LENGTH 1024
145 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
146 static char global_passwd[64];
149 static int passwd_callback(char *buf, int num, int encrypting
150 #ifdef HAVE_USERDATA_IN_PWD_CALLBACK
151 /* This was introduced in 0.9.4, we can set this
152 using SSL_CTX_set_default_passwd_cb_userdata()
154 , void *global_passwd
158 DEBUGASSERT(0 == encrypting);
161 int klen = curlx_uztosi(strlen((char *)global_passwd));
163 memcpy(buf, global_passwd, klen+1);
171 * rand_enough() is a function that returns TRUE if we have seeded the random
172 * engine properly. We use some preprocessor magic to provide a seed_enough()
173 * macro to use, just to prevent a compiler warning on this function if we
174 * pass in an argument that is never used.
177 #ifdef HAVE_RAND_STATUS
178 #define seed_enough(x) rand_enough()
179 static bool rand_enough(void)
181 return (0 != RAND_status()) ? TRUE : FALSE;
184 #define seed_enough(x) rand_enough(x)
185 static bool rand_enough(int nread)
187 /* this is a very silly decision to make */
188 return (nread > 500) ? TRUE : FALSE;
192 static int ossl_seed(struct SessionHandle *data)
194 char *buf = data->state.buffer; /* point to the big buffer */
197 /* Q: should we add support for a random file name as a libcurl option?
198 A: Yes, it is here */
201 /* if RANDOM_FILE isn't defined, we only perform this if an option tells
203 if(data->set.ssl.random_file)
204 #define RANDOM_FILE "" /* doesn't matter won't be used */
207 /* let the option override the define */
208 nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
209 data->set.str[STRING_SSL_RANDOM_FILE]:
212 if(seed_enough(nread))
216 #if defined(HAVE_RAND_EGD)
217 /* only available in OpenSSL 0.9.5 and later */
218 /* EGD_SOCKET is set at configure time or not at all */
220 /* If we don't have the define set, we only do this if the egd-option
222 if(data->set.str[STRING_SSL_EGDSOCKET])
223 #define EGD_SOCKET "" /* doesn't matter won't be used */
226 /* If there's an option and a define, the option overrides the
228 int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
229 data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
232 if(seed_enough(nread))
238 /* If we get here, it means we need to seed the PRNG using a "silly"
241 unsigned char randb[64];
242 int len = sizeof(randb);
243 RAND_bytes(randb, len);
244 RAND_add(randb, len, (len >> 1));
245 } while(!RAND_status());
247 /* generates a default path for the random seed file */
248 buf[0]=0; /* blank it first */
249 RAND_file_name(buf, BUFSIZE);
251 /* we got a file name to try */
252 nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
253 if(seed_enough(nread))
257 infof(data, "libcurl is now using a weak random seed!\n");
261 int Curl_ossl_seed(struct SessionHandle *data)
263 /* we have the "SSL is seeded" boolean static to prevent multiple
264 time-consuming seedings in vain */
265 static bool ssl_seeded = FALSE;
267 if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
268 data->set.str[STRING_SSL_EGDSOCKET]) {
276 #ifndef SSL_FILETYPE_ENGINE
277 #define SSL_FILETYPE_ENGINE 42
279 #ifndef SSL_FILETYPE_PKCS12
280 #define SSL_FILETYPE_PKCS12 43
282 static int do_file_type(const char *type)
284 if(!type || !type[0])
285 return SSL_FILETYPE_PEM;
286 if(Curl_raw_equal(type, "PEM"))
287 return SSL_FILETYPE_PEM;
288 if(Curl_raw_equal(type, "DER"))
289 return SSL_FILETYPE_ASN1;
290 if(Curl_raw_equal(type, "ENG"))
291 return SSL_FILETYPE_ENGINE;
292 if(Curl_raw_equal(type, "P12"))
293 return SSL_FILETYPE_PKCS12;
297 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_FOUR_ARGS)
299 * Supply default password to the engine user interface conversation.
300 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
301 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
303 static int ssl_ui_reader(UI *ui, UI_STRING *uis)
305 const char *password;
306 switch(UI_get_string_type(uis)) {
309 password = (const char*)UI_get0_user_data(ui);
310 if(NULL != password &&
311 UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
312 UI_set_result(ui, uis, password);
318 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
322 * Suppress interactive request for a default password if available.
324 static int ssl_ui_writer(UI *ui, UI_STRING *uis)
326 switch(UI_get_string_type(uis)) {
329 if(NULL != UI_get0_user_data(ui) &&
330 UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
336 return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
341 int cert_stuff(struct connectdata *conn,
344 const char *cert_type,
346 const char *key_type)
348 struct SessionHandle *data = conn->data;
350 int file_type = do_file_type(cert_type);
352 if(cert_file != NULL || file_type == SSL_FILETYPE_ENGINE) {
357 if(data->set.str[STRING_KEY_PASSWD]) {
358 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
360 * If password has been given, we store that in the global
361 * area (*shudder*) for a while:
363 size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
364 if(len < sizeof(global_passwd))
365 memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
367 global_passwd[0] = '\0';
370 * We set the password in the callback userdata
372 SSL_CTX_set_default_passwd_cb_userdata(ctx,
373 data->set.str[STRING_KEY_PASSWD]);
375 /* Set passwd callback: */
376 SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
380 #define SSL_CLIENT_CERT_ERR \
381 "unable to use client certificate (no key found or wrong pass phrase?)"
384 case SSL_FILETYPE_PEM:
385 /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
386 if(SSL_CTX_use_certificate_chain_file(ctx,
388 failf(data, SSL_CLIENT_CERT_ERR);
393 case SSL_FILETYPE_ASN1:
394 /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
395 we use the case above for PEM so this can only be performed with
397 if(SSL_CTX_use_certificate_file(ctx,
400 failf(data, SSL_CLIENT_CERT_ERR);
404 case SSL_FILETYPE_ENGINE:
405 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
407 if(data->state.engine) {
408 const char *cmd_name = "LOAD_CERT_CTRL";
414 params.cert_id = cert_file;
417 /* Does the engine supports LOAD_CERT_CTRL ? */
418 if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
419 0, (void *)cmd_name, NULL)) {
420 failf(data, "ssl engine does not support loading certificates");
424 /* Load the certificate from the engine */
425 if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
426 0, ¶ms, NULL, 1)) {
427 failf(data, "ssl engine cannot load client cert with id"
428 " '%s' [%s]", cert_file,
429 ERR_error_string(ERR_get_error(), NULL));
434 failf(data, "ssl engine didn't initialized the certificate "
439 if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
440 failf(data, "unable to set client certificate");
441 X509_free(params.cert);
444 X509_free(params.cert); /* we don't need the handle any more... */
447 failf(data, "crypto engine not set, can't load certificate");
453 failf(data, "file type ENG for certificate not implemented");
457 case SSL_FILETYPE_PKCS12:
459 #ifdef HAVE_PKCS12_SUPPORT
463 STACK_OF(X509) *ca = NULL;
466 f = fopen(cert_file,"rb");
468 failf(data, "could not open PKCS12 file '%s'", cert_file);
471 p12 = d2i_PKCS12_fp(f, NULL);
475 failf(data, "error reading PKCS12 file '%s'", cert_file );
481 if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
484 "could not parse PKCS12 file, check password, OpenSSL error %s",
485 ERR_error_string(ERR_get_error(), NULL) );
492 if(SSL_CTX_use_certificate(ctx, x509) != 1) {
493 failf(data, SSL_CLIENT_CERT_ERR);
497 if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
498 failf(data, "unable to use private key from PKCS12 file '%s'",
503 if(!SSL_CTX_check_private_key (ctx)) {
504 failf(data, "private key from PKCS12 file '%s' "
505 "does not match certificate in same file", cert_file);
508 /* Set Certificate Verification chain */
509 if(ca && sk_X509_num(ca)) {
510 for(i = 0; i < sk_X509_num(ca); i++) {
512 * Note that sk_X509_pop() is used below to make sure the cert is
513 * removed from the stack properly before getting passed to
514 * SSL_CTX_add_extra_chain_cert(). Previously we used
515 * sk_X509_value() instead, but then we'd clean it in the subsequent
516 * sk_X509_pop_free() call.
518 X509 *x = sk_X509_pop(ca);
519 if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
520 failf(data, "cannot add certificate to certificate chain");
523 /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
524 * presumably because it duplicates what we pass to it.
526 if(!SSL_CTX_add_client_CA(ctx, x)) {
527 failf(data, "cannot add certificate to client CA list");
537 sk_X509_pop_free(ca, X509_free);
540 return 0; /* failure! */
542 failf(data, "file type P12 for certificate not supported");
547 failf(data, "not supported file type '%s' for certificate", cert_type);
551 file_type = do_file_type(key_type);
554 case SSL_FILETYPE_PEM:
558 /* cert & key can only be in PEM case in the same file */
560 case SSL_FILETYPE_ASN1:
561 if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
562 failf(data, "unable to set private key file: '%s' type %s",
563 key_file, key_type?key_type:"PEM");
567 case SSL_FILETYPE_ENGINE:
568 #ifdef HAVE_OPENSSL_ENGINE_H
569 { /* XXXX still needs some work */
570 EVP_PKEY *priv_key = NULL;
571 if(data->state.engine) {
572 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
573 UI_METHOD *ui_method =
574 UI_create_method((char *)"cURL user interface");
575 if(NULL == ui_method) {
576 failf(data, "unable do create OpenSSL user-interface method");
579 UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
580 UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
581 UI_method_set_reader(ui_method, ssl_ui_reader);
582 UI_method_set_writer(ui_method, ssl_ui_writer);
584 /* the typecast below was added to please mingw32 */
585 priv_key = (EVP_PKEY *)
586 ENGINE_load_private_key(data->state.engine,key_file,
587 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
590 data->set.str[STRING_KEY_PASSWD]);
591 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
592 UI_destroy_method(ui_method);
595 failf(data, "failed to load private key from crypto engine");
598 if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
599 failf(data, "unable to set private key");
600 EVP_PKEY_free(priv_key);
603 EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
606 failf(data, "crypto engine not set, can't load private key");
612 failf(data, "file type ENG for private key not supported");
615 case SSL_FILETYPE_PKCS12:
617 failf(data, "file type P12 for private key not supported");
622 failf(data, "not supported file type for private key");
628 failf(data,"unable to create an SSL structure");
632 x509=SSL_get_certificate(ssl);
634 /* This version was provided by Evan Jordan and is supposed to not
635 leak memory as the previous version: */
637 EVP_PKEY *pktmp = X509_get_pubkey(x509);
638 EVP_PKEY_copy_parameters(pktmp,SSL_get_privatekey(ssl));
639 EVP_PKEY_free(pktmp);
644 /* If we are using DSA, we can copy the parameters from
648 /* Now we know that a key and cert have been set against
650 if(!SSL_CTX_check_private_key(ctx)) {
651 failf(data, "Private key does not match the certificate public key");
654 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
656 memset(global_passwd, 0, sizeof(global_passwd));
662 /* returns non-zero on failure */
663 static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
666 return X509_NAME_oneline(a, buf, size);
668 BIO *bio_out = BIO_new(BIO_s_mem());
673 return 1; /* alloc failed! */
675 rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
676 BIO_get_mem_ptr(bio_out, &biomem);
678 if((size_t)biomem->length < size)
679 size = biomem->length;
681 size--; /* don't overwrite the buffer end */
683 memcpy(buf, biomem->data, size);
693 int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
698 err_cert=X509_STORE_CTX_get_current_cert(ctx);
699 (void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
703 /* Return error string for last OpenSSL error
705 static char *SSL_strerror(unsigned long error, char *buf, size_t size)
707 #ifdef HAVE_ERR_ERROR_STRING_N
708 /* OpenSSL 0.9.6 and later has a function named
709 ERRO_error_string_n() that takes the size of the buffer as a
711 ERR_error_string_n(error, buf, size);
714 ERR_error_string(error, buf);
719 #endif /* USE_SSLEAY */
725 * @retval 0 error initializing SSL
726 * @retval 1 SSL initialized successfully
728 int Curl_ossl_init(void)
730 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
731 ENGINE_load_builtin_engines();
734 /* Lets get nice error messages */
735 SSL_load_error_strings();
737 /* Init the global ciphers and digests */
738 if(!SSLeay_add_ssl_algorithms())
741 OpenSSL_add_all_algorithms();
746 #endif /* USE_SSLEAY */
751 void Curl_ossl_cleanup(void)
753 /* Free ciphers and digests lists */
756 #ifdef HAVE_ENGINE_CLEANUP
757 /* Free engine list */
761 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
762 /* Free OpenSSL ex_data table */
763 CRYPTO_cleanup_all_ex_data();
766 /* Free OpenSSL error strings */
769 /* Free thread local error state, destroying hash upon zero refcount */
770 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
771 ERR_remove_thread_state(NULL);
778 * This function uses SSL_peek to determine connection status.
781 * 1 means the connection is still in place
782 * 0 means the connection has been closed
783 * -1 means the connection status is unknown
785 int Curl_ossl_check_cxn(struct connectdata *conn)
790 rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
792 return 1; /* connection still in place */
795 return 0; /* connection has been closed */
797 return -1; /* connection status unknown */
800 /* Selects an OpenSSL crypto engine
802 CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
804 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
807 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
808 e = ENGINE_by_id(engine);
810 /* avoid memory leak */
811 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
812 const char *e_id = ENGINE_get_id(e);
813 if(!strcmp(engine, e_id))
819 failf(data, "SSL Engine '%s' not found", engine);
820 return CURLE_SSL_ENGINE_NOTFOUND;
823 if(data->state.engine) {
824 ENGINE_finish(data->state.engine);
825 ENGINE_free(data->state.engine);
826 data->state.engine = NULL;
828 if(!ENGINE_init(e)) {
832 failf(data, "Failed to initialise SSL Engine '%s':\n%s",
833 engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
834 return CURLE_SSL_ENGINE_INITFAILED;
836 data->state.engine = e;
840 failf(data, "SSL Engine not supported");
841 return CURLE_SSL_ENGINE_NOTFOUND;
845 /* Sets engine as default for all SSL operations
847 CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
849 #ifdef HAVE_OPENSSL_ENGINE_H
850 if(data->state.engine) {
851 if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
852 infof(data,"set default crypto engine '%s'\n",
853 ENGINE_get_id(data->state.engine));
856 failf(data, "set default crypto engine '%s' failed",
857 ENGINE_get_id(data->state.engine));
858 return CURLE_SSL_ENGINE_SETFAILED;
867 /* Return list of OpenSSL crypto engine names.
869 struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
871 struct curl_slist *list = NULL;
872 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
873 struct curl_slist *beg;
876 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
877 beg = curl_slist_append(list, ENGINE_get_id(e));
879 curl_slist_free_all(list);
891 * This function is called when an SSL connection is closed.
893 void Curl_ossl_close(struct connectdata *conn, int sockindex)
895 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
897 if(connssl->handle) {
898 (void)SSL_shutdown(connssl->handle);
899 SSL_set_connect_state(connssl->handle);
901 SSL_free (connssl->handle);
902 connssl->handle = NULL;
905 SSL_CTX_free (connssl->ctx);
911 * This function is called to shut down the SSL layer but keep the
912 * socket open (CCC - Clear Command Channel)
914 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
917 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
918 struct SessionHandle *data = conn->data;
919 char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
920 to be at least 120 bytes long. */
921 unsigned long sslerror;
927 /* This has only been tested on the proftpd server, and the mod_tls code
928 sends a close notify alert without waiting for a close notify alert in
929 response. Thus we wait for a close notify alert from the server, but
930 we do not send one. Let's hope other servers do the same... */
932 if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
933 (void)SSL_shutdown(connssl->handle);
935 if(connssl->handle) {
936 buffsize = (int)sizeof(buf);
938 int what = Curl_socket_ready(conn->sock[sockindex],
939 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
943 /* Something to read, let's do it and hope that it is the close
944 notify alert from the server */
945 nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
947 err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
950 case SSL_ERROR_NONE: /* this is not an error */
951 case SSL_ERROR_ZERO_RETURN: /* no more data */
952 /* This is the expected response. There was no data but only
953 the close notify alert */
956 case SSL_ERROR_WANT_READ:
957 /* there's data pending, re-invoke SSL_read() */
958 infof(data, "SSL_ERROR_WANT_READ\n");
960 case SSL_ERROR_WANT_WRITE:
961 /* SSL wants a write. Really odd. Let's bail out. */
962 infof(data, "SSL_ERROR_WANT_WRITE\n");
966 /* openssl/ssl.h says "look at error stack/return value/errno" */
967 sslerror = ERR_get_error();
968 failf(conn->data, "SSL read: %s, errno %d",
969 ERR_error_string(sslerror, buf),
977 failf(data, "SSL shutdown timeout");
981 /* anything that gets here is fatally bad */
982 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
986 } /* while()-loop for the select() */
988 if(data->set.verbose) {
989 #ifdef HAVE_SSL_GET_SHUTDOWN
990 switch(SSL_get_shutdown(connssl->handle)) {
991 case SSL_SENT_SHUTDOWN:
992 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
994 case SSL_RECEIVED_SHUTDOWN:
995 infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
997 case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
998 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
999 "SSL_RECEIVED__SHUTDOWN\n");
1005 SSL_free (connssl->handle);
1006 connssl->handle = NULL;
1011 void Curl_ossl_session_free(void *ptr)
1014 SSL_SESSION_free(ptr);
1018 * This function is called when the 'data' struct is going away. Close
1019 * down everything and free all resources!
1021 int Curl_ossl_close_all(struct SessionHandle *data)
1023 #ifdef HAVE_OPENSSL_ENGINE_H
1024 if(data->state.engine) {
1025 ENGINE_finish(data->state.engine);
1026 ENGINE_free(data->state.engine);
1027 data->state.engine = NULL;
1035 static int asn1_output(const ASN1_UTCTIME *tm,
1039 const char *asn1_string;
1042 int year=0,month=0,day=0,hour=0,minute=0,second=0;
1045 asn1_string=(const char *)tm->data;
1049 if(asn1_string[i-1] == 'Z')
1052 if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
1055 year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
1059 month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
1060 if((month > 12) || (month < 1))
1063 day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
1064 hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
1065 minute= (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
1067 if((asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
1068 (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
1069 second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
1071 snprintf(buf, sizeofbuf,
1072 "%04d-%02d-%02d %02d:%02d:%02d %s",
1073 year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
1078 /* ====================================================== */
1081 /* Quote from RFC2818 section 3.1 "Server Identity"
1083 If a subjectAltName extension of type dNSName is present, that MUST
1084 be used as the identity. Otherwise, the (most specific) Common Name
1085 field in the Subject field of the certificate MUST be used. Although
1086 the use of the Common Name is existing practice, it is deprecated and
1087 Certification Authorities are encouraged to use the dNSName instead.
1089 Matching is performed using the matching rules specified by
1090 [RFC2459]. If more than one identity of a given type is present in
1091 the certificate (e.g., more than one dNSName name, a match in any one
1092 of the set is considered acceptable.) Names may contain the wildcard
1093 character * which is considered to match any single domain name
1094 component or component fragment. E.g., *.a.com matches foo.a.com but
1095 not bar.foo.a.com. f*.com matches foo.com but not bar.com.
1097 In some cases, the URI is specified as an IP address rather than a
1098 hostname. In this case, the iPAddress subjectAltName must be present
1099 in the certificate and must exactly match the IP in the URI.
1102 static CURLcode verifyhost(struct connectdata *conn,
1105 int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
1107 int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
1109 struct SessionHandle *data = conn->data;
1110 STACK_OF(GENERAL_NAME) *altnames;
1112 struct in6_addr addr;
1114 struct in_addr addr;
1116 CURLcode res = CURLE_OK;
1119 if(conn->bits.ipv6_ip &&
1120 Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
1122 addrlen = sizeof(struct in6_addr);
1126 if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
1128 addrlen = sizeof(struct in_addr);
1131 /* get a "list" of alternative names */
1132 altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
1138 /* get amount of alternatives, RFC2459 claims there MUST be at least
1139 one, but we don't depend on it... */
1140 numalts = sk_GENERAL_NAME_num(altnames);
1142 /* loop through all alternatives while none has matched */
1143 for(i=0; (i<numalts) && (matched != 1); i++) {
1144 /* get a handle to alternative name number i */
1145 const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
1147 /* only check alternatives of the same type the target is */
1148 if(check->type == target) {
1149 /* get data and length */
1150 const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
1151 size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1154 case GEN_DNS: /* name/pattern comparison */
1155 /* The OpenSSL man page explicitly says: "In general it cannot be
1156 assumed that the data returned by ASN1_STRING_data() is null
1157 terminated or does not contain embedded nulls." But also that
1158 "The actual format of the data will depend on the actual string
1159 type itself: for example for and IA5String the data will be ASCII"
1161 Gisle researched the OpenSSL sources:
1162 "I checked the 0.9.6 and 0.9.8 sources before my patch and
1163 it always 0-terminates an IA5String."
1165 if((altlen == strlen(altptr)) &&
1166 /* if this isn't true, there was an embedded zero in the name
1167 string and we cannot match it. */
1168 Curl_cert_hostcheck(altptr, conn->host.name))
1174 case GEN_IPADD: /* IP address comparison */
1175 /* compare alternative IP address if the data chunk is the same size
1176 our server IP address is */
1177 if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
1185 GENERAL_NAMES_free(altnames);
1189 /* an alternative name matched the server hostname */
1190 infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
1191 else if(matched == 0) {
1192 /* an alternative name field existed, but didn't match and then
1194 infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
1195 failf(data, "SSL: no alternative certificate subject name matches "
1196 "target host name '%s'", conn->host.dispname);
1197 res = CURLE_PEER_FAILED_VERIFICATION;
1200 /* we have to look to the last occurrence of a commonName in the
1201 distinguished one to get the most significant one. */
1204 /* The following is done because of a bug in 0.9.6b */
1206 unsigned char *nulstr = (unsigned char *)"";
1207 unsigned char *peer_CN = nulstr;
1209 X509_NAME *name = X509_get_subject_name(server_cert) ;
1211 while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
1214 /* we have the name entry and we will now convert this to a string
1215 that we can use for comparison. Doing this we support BMPstring,
1219 ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
1221 /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
1222 is already UTF-8 encoded. We check for this case and copy the raw
1223 string manually to avoid the problem. This code can be made
1224 conditional in the future when OpenSSL has been fixed. Work-around
1225 brought by Alexis S. L. Carvalho. */
1227 if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1228 j = ASN1_STRING_length(tmp);
1230 peer_CN = OPENSSL_malloc(j+1);
1232 memcpy(peer_CN, ASN1_STRING_data(tmp), j);
1237 else /* not a UTF8 name */
1238 j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1240 if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1241 /* there was a terminating zero before the end of string, this
1242 cannot match and we return failure! */
1243 failf(data, "SSL: illegal cert name field");
1244 res = CURLE_PEER_FAILED_VERIFICATION;
1249 if(peer_CN == nulstr)
1252 /* convert peer_CN from UTF8 */
1253 CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
1254 /* Curl_convert_from_utf8 calls failf if unsuccessful */
1256 OPENSSL_free(peer_CN);
1262 /* error already detected, pass through */
1266 "SSL: unable to obtain common name from peer certificate");
1267 res = CURLE_PEER_FAILED_VERIFICATION;
1269 else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
1270 failf(data, "SSL: certificate subject name '%s' does not match "
1271 "target host name '%s'", peer_CN, conn->host.dispname);
1272 res = CURLE_PEER_FAILED_VERIFICATION;
1275 infof(data, "\t common name: %s (matched)\n", peer_CN);
1278 OPENSSL_free(peer_CN);
1282 #endif /* USE_SSLEAY */
1284 /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
1285 and thus this cannot be done there. */
1286 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1288 static const char *ssl_msg_type(int ssl_ver, int msg)
1290 if(ssl_ver == SSL2_VERSION_MAJOR) {
1294 case SSL2_MT_CLIENT_HELLO:
1295 return "Client hello";
1296 case SSL2_MT_CLIENT_MASTER_KEY:
1297 return "Client key";
1298 case SSL2_MT_CLIENT_FINISHED:
1299 return "Client finished";
1300 case SSL2_MT_SERVER_HELLO:
1301 return "Server hello";
1302 case SSL2_MT_SERVER_VERIFY:
1303 return "Server verify";
1304 case SSL2_MT_SERVER_FINISHED:
1305 return "Server finished";
1306 case SSL2_MT_REQUEST_CERTIFICATE:
1307 return "Request CERT";
1308 case SSL2_MT_CLIENT_CERTIFICATE:
1309 return "Client CERT";
1312 else if(ssl_ver == SSL3_VERSION_MAJOR) {
1314 case SSL3_MT_HELLO_REQUEST:
1315 return "Hello request";
1316 case SSL3_MT_CLIENT_HELLO:
1317 return "Client hello";
1318 case SSL3_MT_SERVER_HELLO:
1319 return "Server hello";
1320 case SSL3_MT_CERTIFICATE:
1322 case SSL3_MT_SERVER_KEY_EXCHANGE:
1323 return "Server key exchange";
1324 case SSL3_MT_CLIENT_KEY_EXCHANGE:
1325 return "Client key exchange";
1326 case SSL3_MT_CERTIFICATE_REQUEST:
1327 return "Request CERT";
1328 case SSL3_MT_SERVER_DONE:
1329 return "Server finished";
1330 case SSL3_MT_CERTIFICATE_VERIFY:
1331 return "CERT verify";
1332 case SSL3_MT_FINISHED:
1339 static const char *tls_rt_type(int type)
1342 type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
1343 type == SSL3_RT_ALERT ? "TLS alert, " :
1344 type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
1345 type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
1351 * Our callback from the SSL/TLS layers.
1353 static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
1354 const void *buf, size_t len, const SSL *ssl,
1355 struct connectdata *conn)
1357 struct SessionHandle *data;
1358 const char *msg_name, *tls_rt_name;
1360 int ver, msg_type, txt_len;
1362 if(!conn || !conn->data || !conn->data->set.fdebug ||
1363 (direction != 0 && direction != 1))
1368 ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' :
1369 ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?');
1371 /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
1372 * always pass-up content-type as 0. But the interesting message-type
1375 if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
1376 tls_rt_name = tls_rt_type(content_type);
1380 msg_type = *(char*)buf;
1381 msg_name = ssl_msg_type(ssl_ver, msg_type);
1383 txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n",
1384 ver, tls_rt_name, msg_name, msg_type);
1385 Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
1387 Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
1388 CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
1394 /* ====================================================== */
1396 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1397 # define use_sni(x) sni = (x)
1399 # define use_sni(x) Curl_nop_stmt
1405 #if defined(HAVE_SSL_CTX_SET_ALPN_PROTOS) && \
1406 defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
1410 #if !defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \
1411 defined(OPENSSL_NO_NEXTPROTONEG)
1412 # if !defined(HAS_ALPN)
1413 # error http2 builds require OpenSSL with NPN or ALPN support
1419 * in is a list of lenght prefixed strings. this function has to select
1420 * the protocol we want to use from the list and write its string into out.
1423 select_next_proto_cb(SSL *ssl,
1424 unsigned char **out, unsigned char *outlen,
1425 const unsigned char *in, unsigned int inlen,
1428 struct connectdata *conn = (struct connectdata*) arg;
1429 int retval = nghttp2_select_next_protocol(out, outlen, in, inlen);
1433 infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
1434 NGHTTP2_PROTO_VERSION_ID);
1435 conn->negnpn = NPN_HTTP2;
1437 else if(retval == 0) {
1438 infof(conn->data, "NPN, negotiated HTTP1.1\n");
1439 conn->negnpn = NPN_HTTP1_1;
1442 infof(conn->data, "NPN, no overlap, negotiated nothing\n");
1445 return SSL_TLSEXT_ERR_OK;
1450 get_ssl_version_txt(SSL_SESSION *session)
1455 switch(session->ssl_version) {
1456 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1457 case TLS1_2_VERSION:
1459 case TLS1_1_VERSION:
1474 ossl_connect_step1(struct connectdata *conn,
1477 CURLcode retcode = CURLE_OK;
1479 struct SessionHandle *data = conn->data;
1480 SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
1481 void *ssl_sessionid=NULL;
1482 X509_LOOKUP *lookup=NULL;
1483 curl_socket_t sockfd = conn->sock[sockindex];
1484 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1486 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1489 struct in6_addr addr;
1491 struct in_addr addr;
1495 unsigned char protocols[128];
1498 DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
1500 /* Make funny stuff to get random input */
1501 Curl_ossl_seed(data);
1503 /* check to see if we've been told to use an explicit SSL/TLS version */
1505 switch(data->set.ssl.version) {
1507 case CURL_SSLVERSION_DEFAULT:
1508 case CURL_SSLVERSION_TLSv1:
1509 case CURL_SSLVERSION_TLSv1_0:
1510 case CURL_SSLVERSION_TLSv1_1:
1511 case CURL_SSLVERSION_TLSv1_2:
1512 /* it will be handled later with the context options */
1513 req_method = SSLv23_client_method();
1516 case CURL_SSLVERSION_SSLv2:
1517 #ifdef OPENSSL_NO_SSL2
1518 failf(data, "OpenSSL was built without SSLv2 support");
1519 return CURLE_NOT_BUILT_IN;
1522 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1523 return CURLE_SSL_CONNECT_ERROR;
1525 req_method = SSLv2_client_method();
1529 case CURL_SSLVERSION_SSLv3:
1531 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1532 return CURLE_SSL_CONNECT_ERROR;
1534 req_method = SSLv3_client_method();
1540 SSL_CTX_free(connssl->ctx);
1541 connssl->ctx = SSL_CTX_new(req_method);
1544 failf(data, "SSL: couldn't create a context: %s",
1545 ERR_error_string(ERR_peek_error(), NULL));
1546 return CURLE_OUT_OF_MEMORY;
1549 #ifdef SSL_MODE_RELEASE_BUFFERS
1550 SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
1553 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1554 if(data->set.fdebug && data->set.verbose) {
1555 /* the SSL trace callback is only used for verbose logging so we only
1556 inform about failures of setting it */
1557 if(!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,
1558 (void (*)(void))ssl_tls_trace)) {
1559 infof(data, "SSL: couldn't set callback!\n");
1561 else if(!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0,
1563 infof(data, "SSL: couldn't set callback argument!\n");
1568 /* OpenSSL contains code to work-around lots of bugs and flaws in various
1569 SSL-implementations. SSL_CTX_set_options() is used to enabled those
1570 work-arounds. The man page for this option states that SSL_OP_ALL enables
1571 all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
1572 enable the bug workaround options if compatibility with somewhat broken
1573 implementations is desired."
1575 The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
1576 disable "rfc4507bis session ticket support". rfc4507bis was later turned
1577 into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
1579 The enabled extension concerns the session management. I wonder how often
1580 libcurl stops a connection and then resumes a TLS session. also, sending
1581 the session data is some overhead. .I suggest that you just use your
1582 proposed patch (which explicitly disables TICKET).
1584 If someone writes an application with libcurl and openssl who wants to
1585 enable the feature, one can do this in the SSL callback.
1587 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
1588 interoperability with web server Netscape Enterprise Server 2.0.1 which
1589 was released back in 1996.
1591 Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
1592 become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
1593 CVE-2010-4180 when using previous OpenSSL versions we no longer enable
1594 this option regardless of OpenSSL version and SSL_OP_ALL definition.
1596 OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
1597 (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
1598 SSL_OP_ALL that _disables_ that work-around despite the fact that
1599 SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
1600 keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
1604 ctx_options = SSL_OP_ALL;
1606 #ifdef SSL_OP_NO_TICKET
1607 ctx_options |= SSL_OP_NO_TICKET;
1610 #ifdef SSL_OP_NO_COMPRESSION
1611 ctx_options |= SSL_OP_NO_COMPRESSION;
1614 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
1615 /* mitigate CVE-2010-4180 */
1616 ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
1619 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1620 /* unless the user explicitly ask to allow the protocol vulnerability we
1621 use the work-around */
1622 if(!conn->data->set.ssl_enable_beast)
1623 ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1626 switch(data->set.ssl.version) {
1627 case CURL_SSLVERSION_DEFAULT:
1628 ctx_options |= SSL_OP_NO_SSLv2;
1630 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1631 infof(data, "Set version TLSv1.x for SRP authorisation\n");
1632 ctx_options |= SSL_OP_NO_SSLv3;
1637 case CURL_SSLVERSION_SSLv3:
1638 ctx_options |= SSL_OP_NO_SSLv2;
1639 ctx_options |= SSL_OP_NO_TLSv1;
1640 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1641 ctx_options |= SSL_OP_NO_TLSv1_1;
1642 ctx_options |= SSL_OP_NO_TLSv1_2;
1646 case CURL_SSLVERSION_TLSv1:
1647 ctx_options |= SSL_OP_NO_SSLv2;
1648 ctx_options |= SSL_OP_NO_SSLv3;
1651 case CURL_SSLVERSION_TLSv1_0:
1652 ctx_options |= SSL_OP_NO_SSLv2;
1653 ctx_options |= SSL_OP_NO_SSLv3;
1654 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1655 ctx_options |= SSL_OP_NO_TLSv1_1;
1656 ctx_options |= SSL_OP_NO_TLSv1_2;
1660 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1661 case CURL_SSLVERSION_TLSv1_1:
1662 ctx_options |= SSL_OP_NO_SSLv2;
1663 ctx_options |= SSL_OP_NO_SSLv3;
1664 ctx_options |= SSL_OP_NO_TLSv1;
1665 ctx_options |= SSL_OP_NO_TLSv1_2;
1668 case CURL_SSLVERSION_TLSv1_2:
1669 ctx_options |= SSL_OP_NO_SSLv2;
1670 ctx_options |= SSL_OP_NO_SSLv3;
1671 ctx_options |= SSL_OP_NO_TLSv1;
1672 ctx_options |= SSL_OP_NO_TLSv1_1;
1676 #ifndef OPENSSL_NO_SSL2
1677 case CURL_SSLVERSION_SSLv2:
1678 ctx_options |= SSL_OP_NO_SSLv3;
1679 ctx_options |= SSL_OP_NO_TLSv1;
1680 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1681 ctx_options |= SSL_OP_NO_TLSv1_1;
1682 ctx_options |= SSL_OP_NO_TLSv1_2;
1688 failf(data, "Unsupported SSL protocol version");
1689 return CURLE_SSL_CONNECT_ERROR;
1692 SSL_CTX_set_options(connssl->ctx, ctx_options);
1695 if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
1696 if(data->set.ssl_enable_npn) {
1697 SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
1702 if(data->set.ssl_enable_alpn) {
1703 protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
1704 memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID,
1705 NGHTTP2_PROTO_VERSION_ID_LEN);
1707 protocols[NGHTTP2_PROTO_VERSION_ID_LEN+1] = ALPN_HTTP_1_1_LENGTH;
1708 memcpy(&protocols[NGHTTP2_PROTO_VERSION_ID_LEN+2], ALPN_HTTP_1_1,
1709 ALPN_HTTP_1_1_LENGTH);
1711 /* expects length prefixed preference ordered list of protocols in wire
1714 SSL_CTX_set_alpn_protos(connssl->ctx, protocols,
1715 NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH + 2);
1717 infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
1724 if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
1725 if(!cert_stuff(conn,
1727 data->set.str[STRING_CERT],
1728 data->set.str[STRING_CERT_TYPE],
1729 data->set.str[STRING_KEY],
1730 data->set.str[STRING_KEY_TYPE])) {
1731 /* failf() is already done in cert_stuff() */
1732 return CURLE_SSL_CERTPROBLEM;
1736 ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
1738 ciphers = (char *)DEFAULT_CIPHER_SELECTION;
1739 if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
1740 failf(data, "failed setting cipher list: %s", ciphers);
1741 return CURLE_SSL_CIPHER;
1745 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1746 infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
1748 if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
1749 failf(data, "Unable to set SRP user name");
1750 return CURLE_BAD_FUNCTION_ARGUMENT;
1752 if(!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
1753 failf(data, "failed setting SRP password");
1754 return CURLE_BAD_FUNCTION_ARGUMENT;
1756 if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
1757 infof(data, "Setting cipher list SRP\n");
1759 if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
1760 failf(data, "failed setting SRP cipher list");
1761 return CURLE_SSL_CIPHER;
1766 if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
1767 /* tell SSL where to find CA certificates that are used to verify
1768 the servers certificate. */
1769 if(!SSL_CTX_load_verify_locations(connssl->ctx,
1770 data->set.str[STRING_SSL_CAFILE],
1771 data->set.str[STRING_SSL_CAPATH])) {
1772 if(data->set.ssl.verifypeer) {
1773 /* Fail if we insist on successfully verifying the server. */
1774 failf(data,"error setting certificate verify locations:\n"
1775 " CAfile: %s\n CApath: %s",
1776 data->set.str[STRING_SSL_CAFILE]?
1777 data->set.str[STRING_SSL_CAFILE]: "none",
1778 data->set.str[STRING_SSL_CAPATH]?
1779 data->set.str[STRING_SSL_CAPATH] : "none");
1780 return CURLE_SSL_CACERT_BADFILE;
1783 /* Just continue with a warning if no strict certificate verification
1785 infof(data, "error setting certificate verify locations,"
1786 " continuing anyway:\n");
1790 /* Everything is fine. */
1791 infof(data, "successfully set certificate verify locations:\n");
1796 data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
1798 data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
1802 if(data->set.str[STRING_SSL_CRLFILE]) {
1803 /* tell SSL where to find CRL file that is used to check certificate
1805 lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
1806 X509_LOOKUP_file());
1808 (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
1809 X509_FILETYPE_PEM)) ) {
1810 failf(data,"error loading CRL file: %s",
1811 data->set.str[STRING_SSL_CRLFILE]);
1812 return CURLE_SSL_CRL_BADFILE;
1815 /* Everything is fine. */
1816 infof(data, "successfully load CRL file:\n");
1817 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
1818 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
1821 " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
1822 data->set.str[STRING_SSL_CRLFILE]: "none");
1825 /* SSL always tries to verify the peer, this only says whether it should
1826 * fail to connect if the verification fails, or if it should continue
1827 * anyway. In the latter case the result of the verification is checked with
1828 * SSL_get_verify_result() below. */
1829 SSL_CTX_set_verify(connssl->ctx,
1830 data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
1831 cert_verify_callback);
1833 /* give application a chance to interfere with SSL set up. */
1834 if(data->set.ssl.fsslctx) {
1835 retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
1836 data->set.ssl.fsslctxp);
1838 failf(data,"error signaled by ssl ctx callback");
1843 /* Lets make an SSL structure */
1845 SSL_free(connssl->handle);
1846 connssl->handle = SSL_new(connssl->ctx);
1847 if(!connssl->handle) {
1848 failf(data, "SSL: couldn't create a context (handle)!");
1849 return CURLE_OUT_OF_MEMORY;
1851 SSL_set_connect_state(connssl->handle);
1853 connssl->server_cert = 0x0;
1855 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1856 if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
1858 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
1861 !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
1862 infof(data, "WARNING: failed to configure server name indication (SNI) "
1866 /* Check if there's a cached ID we can/should use here! */
1867 if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
1868 /* we got a session id, use it! */
1869 if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
1870 failf(data, "SSL: SSL_set_session failed: %s",
1871 ERR_error_string(ERR_get_error(),NULL));
1872 return CURLE_SSL_CONNECT_ERROR;
1874 /* Informational message */
1875 infof (data, "SSL re-using session ID\n");
1878 /* pass the raw socket into the SSL layers */
1879 if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
1880 failf(data, "SSL: SSL_set_fd failed: %s",
1881 ERR_error_string(ERR_get_error(),NULL));
1882 return CURLE_SSL_CONNECT_ERROR;
1885 connssl->connecting_state = ssl_connect_2;
1890 ossl_connect_step2(struct connectdata *conn, int sockindex)
1892 struct SessionHandle *data = conn->data;
1894 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1895 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
1896 || ssl_connect_2_reading == connssl->connecting_state
1897 || ssl_connect_2_writing == connssl->connecting_state);
1901 err = SSL_connect(connssl->handle);
1904 0 is "not successful but was shut down controlled"
1905 <0 is "handshake was not successful, because a fatal error occurred" */
1907 int detail = SSL_get_error(connssl->handle, err);
1909 if(SSL_ERROR_WANT_READ == detail) {
1910 connssl->connecting_state = ssl_connect_2_reading;
1913 else if(SSL_ERROR_WANT_WRITE == detail) {
1914 connssl->connecting_state = ssl_connect_2_writing;
1918 /* untreated error */
1919 unsigned long errdetail;
1920 char error_buffer[256]; /* OpenSSL documents that this must be at least
1923 const char *cert_problem = NULL;
1926 connssl->connecting_state = ssl_connect_2; /* the connection failed,
1927 we're not waiting for
1930 errdetail = ERR_get_error(); /* Gets the earliest error code from the
1931 thread's error queue and removes the
1938 SSL2_SET_CERTIFICATE:
1939 certificate verify failed */
1944 SSL3_GET_SERVER_CERTIFICATE:
1945 certificate verify failed */
1946 rc = CURLE_SSL_CACERT;
1948 lerr = SSL_get_verify_result(connssl->handle);
1949 if(lerr != X509_V_OK) {
1950 snprintf(error_buffer, sizeof(error_buffer),
1951 "SSL certificate problem: %s",
1952 X509_verify_cert_error_string(lerr));
1955 cert_problem = "SSL certificate problem, verify that the CA cert is"
1960 rc = CURLE_SSL_CONNECT_ERROR;
1961 SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
1965 /* detail is already set to the SSL error above */
1967 /* If we e.g. use SSLv2 request-method and the server doesn't like us
1968 * (RST connection etc.), OpenSSL gives no explanation whatsoever and
1969 * the SO_ERROR is also lost.
1971 if(CURLE_SSL_CONNECT_ERROR == rc && errdetail == 0) {
1972 failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
1973 conn->host.name, conn->remote_port);
1976 /* Could be a CERT problem */
1978 failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
1983 /* we have been connected fine, we're not waiting for anything else. */
1984 connssl->connecting_state = ssl_connect_3;
1986 /* Informational message */
1987 infof (data, "SSL connection using %s / %s\n",
1988 get_ssl_version_txt(SSL_get_session(connssl->handle)),
1989 SSL_get_cipher(connssl->handle));
1992 /* Sets data and len to negotiated protocol, len is 0 if no protocol was
1995 if(data->set.ssl_enable_alpn) {
1996 const unsigned char* neg_protocol;
1998 SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
2000 infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
2002 if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
2003 memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
2004 conn->negnpn = NPN_HTTP2;
2006 else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
2007 neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
2008 conn->negnpn = NPN_HTTP1_1;
2012 infof(data, "ALPN, server did not agree to a protocol\n");
2021 static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
2025 if((ilen = (int)len) < 0)
2026 return 1; /* buffer too big */
2028 i = i2t_ASN1_OBJECT(buf, ilen, a);
2031 return 1; /* buffer too small */
2036 static void pubkey_show(struct SessionHandle *data,
2049 buffer = malloc(left);
2052 snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
2053 for(i=0; i< len; i++) {
2054 snprintf(ptr, left, "%02x:", raw[i]);
2058 infof(data, " %s: %s\n", namebuf, buffer);
2059 Curl_ssl_push_certinfo(data, num, namebuf, buffer);
2064 #define print_pubkey_BN(_type, _name, _num) \
2066 if(pubkey->pkey._type->_name != NULL) { \
2067 int len = BN_num_bytes(pubkey->pkey._type->_name); \
2068 if(len < CERTBUFFERSIZE) { \
2069 BN_bn2bin(pubkey->pkey._type->_name, (unsigned char*)bufp); \
2071 pubkey_show(data, _num, #_type, #_name, (unsigned char*)bufp, len); \
2076 static int X509V3_ext(struct SessionHandle *data,
2078 STACK_OF(X509_EXTENSION) *exts)
2083 if(sk_X509_EXTENSION_num(exts) <= 0)
2084 /* no extensions, bail out */
2087 for(i=0; i<sk_X509_EXTENSION_num(exts); i++) {
2089 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
2094 BIO *bio_out = BIO_new(BIO_s_mem());
2099 obj = X509_EXTENSION_get_object(ext);
2101 asn1_object_dump(obj, namebuf, sizeof(namebuf));
2103 infof(data, "%s: %s\n", namebuf,
2104 X509_EXTENSION_get_critical(ext)?"(critical)":"");
2106 if(!X509V3_EXT_print(bio_out, ext, 0, 0))
2107 M_ASN1_OCTET_STRING_print(bio_out, ext->value);
2109 BIO_get_mem_ptr(bio_out, &biomem);
2111 /* biomem->length bytes at biomem->data, this little loop here is only
2112 done for the infof() call, we send the "raw" data to the certinfo
2114 for(j=0; j<(size_t)biomem->length; j++) {
2116 if(biomem->data[j] == '\n') {
2118 j++; /* skip the newline */
2120 while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
2122 if(j<(size_t)biomem->length)
2123 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
2126 infof(data, " %s\n", buf);
2128 Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
2133 return 0; /* all is fine */
2137 static void X509_signature(struct SessionHandle *data,
2144 for(i=0; i<sig->length; i++)
2145 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
2147 infof(data, " Signature: %s\n", buf);
2148 Curl_ssl_push_certinfo(data, numcert, "Signature", buf);
2151 static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
2153 BIO *bio_out = BIO_new(BIO_s_mem());
2156 /* this outputs the cert in this 64 column wide style with newlines and
2157 -----BEGIN CERTIFICATE----- texts and more */
2158 PEM_write_bio_X509(bio_out, x);
2160 BIO_get_mem_ptr(bio_out, &biomem);
2162 Curl_ssl_push_certinfo_len(data, numcert,
2163 "Cert", biomem->data, biomem->length);
2170 * This size was previously 512 which has been reported "too small" without
2171 * any specifics, so it was enlarged to allow more data to get shown uncut.
2172 * The "perfect" size is yet to figure out.
2174 #define CERTBUFFERSIZE 8192
2176 static CURLcode get_cert_chain(struct connectdata *conn,
2177 struct ssl_connect_data *connssl)
2183 struct SessionHandle *data = conn->data;
2186 bufp = malloc(CERTBUFFERSIZE);
2188 return CURLE_OUT_OF_MEMORY;
2190 sk = SSL_get_peer_cert_chain(connssl->handle);
2193 return CURLE_OUT_OF_MEMORY;
2196 numcerts = sk_X509_num(sk);
2197 if(Curl_ssl_init_certinfo(data, numcerts)) {
2199 return CURLE_OUT_OF_MEMORY;
2202 infof(data, "--- Certificate chain\n");
2203 for(i=0; i<numcerts; i++) {
2206 ASN1_TIME *certdate;
2208 /* get the certs in "importance order" */
2210 X509 *x = sk_X509_value(sk, numcerts - i - 1);
2212 X509 *x = sk_X509_value(sk, i);
2216 EVP_PKEY *pubkey=NULL;
2220 (void)x509_name_oneline(X509_get_subject_name(x), bufp, CERTBUFFERSIZE);
2221 infof(data, "%2d Subject: %s\n", i, bufp);
2222 Curl_ssl_push_certinfo(data, i, "Subject", bufp);
2224 (void)x509_name_oneline(X509_get_issuer_name(x), bufp, CERTBUFFERSIZE);
2225 infof(data, " Issuer: %s\n", bufp);
2226 Curl_ssl_push_certinfo(data, i, "Issuer", bufp);
2228 value = X509_get_version(x);
2229 infof(data, " Version: %lu (0x%lx)\n", value+1, value);
2230 snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
2231 Curl_ssl_push_certinfo(data, i, "Version", bufp); /* hex */
2233 num=X509_get_serialNumber(x);
2234 if(num->length <= 4) {
2235 value = ASN1_INTEGER_get(num);
2236 infof(data," Serial Number: %ld (0x%lx)\n", value, value);
2237 snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
2240 int left = CERTBUFFERSIZE;
2244 if(num->type == V_ASN1_NEG_INTEGER)
2247 for(j=0; (j<num->length) && (left>=4); j++) {
2248 /* TODO: length restrictions */
2249 snprintf(ptr, 3, "%02x%c",num->data[j],
2250 ((j+1 == num->length)?'\n':':'));
2255 infof(data," Serial Number: %s\n", bufp);
2260 Curl_ssl_push_certinfo(data, i, "Serial Number", bufp); /* hex */
2262 cinf = x->cert_info;
2264 j = asn1_object_dump(cinf->signature->algorithm, bufp, CERTBUFFERSIZE);
2266 infof(data, " Signature Algorithm: %s\n", bufp);
2267 Curl_ssl_push_certinfo(data, i, "Signature Algorithm", bufp);
2270 certdate = X509_get_notBefore(x);
2271 asn1_output(certdate, bufp, CERTBUFFERSIZE);
2272 infof(data, " Start date: %s\n", bufp);
2273 Curl_ssl_push_certinfo(data, i, "Start date", bufp);
2275 certdate = X509_get_notAfter(x);
2276 asn1_output(certdate, bufp, CERTBUFFERSIZE);
2277 infof(data, " Expire date: %s\n", bufp);
2278 Curl_ssl_push_certinfo(data, i, "Expire date", bufp);
2280 j = asn1_object_dump(cinf->key->algor->algorithm, bufp, CERTBUFFERSIZE);
2282 infof(data, " Public Key Algorithm: %s\n", bufp);
2283 Curl_ssl_push_certinfo(data, i, "Public Key Algorithm", bufp);
2286 pubkey = X509_get_pubkey(x);
2288 infof(data, " Unable to load public key\n");
2290 switch(pubkey->type) {
2292 infof(data, " RSA Public Key (%d bits)\n",
2293 BN_num_bits(pubkey->pkey.rsa->n));
2294 snprintf(bufp, CERTBUFFERSIZE, "%d", BN_num_bits(pubkey->pkey.rsa->n));
2295 Curl_ssl_push_certinfo(data, i, "RSA Public Key", bufp);
2297 print_pubkey_BN(rsa, n, i);
2298 print_pubkey_BN(rsa, e, i);
2299 print_pubkey_BN(rsa, d, i);
2300 print_pubkey_BN(rsa, p, i);
2301 print_pubkey_BN(rsa, q, i);
2302 print_pubkey_BN(rsa, dmp1, i);
2303 print_pubkey_BN(rsa, dmq1, i);
2304 print_pubkey_BN(rsa, iqmp, i);
2307 print_pubkey_BN(dsa, p, i);
2308 print_pubkey_BN(dsa, q, i);
2309 print_pubkey_BN(dsa, g, i);
2310 print_pubkey_BN(dsa, priv_key, i);
2311 print_pubkey_BN(dsa, pub_key, i);
2314 print_pubkey_BN(dh, p, i);
2315 print_pubkey_BN(dh, g, i);
2316 print_pubkey_BN(dh, priv_key, i);
2317 print_pubkey_BN(dh, pub_key, i);
2320 case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
2325 EVP_PKEY_free(pubkey);
2328 X509V3_ext(data, i, cinf->extensions);
2330 X509_signature(data, i, x->signature);
2332 dumpcert(data, x, i);
2341 * Get the server cert, verify it and show it etc, only call failf() if the
2342 * 'strict' argument is TRUE as otherwise all this is for informational
2345 * We check certificates to authenticate the server; otherwise we risk
2346 * man-in-the-middle attack.
2348 static CURLcode servercert(struct connectdata *conn,
2349 struct ssl_connect_data *connssl,
2352 CURLcode retcode = CURLE_OK;
2355 ASN1_TIME *certdate;
2356 struct SessionHandle *data = conn->data;
2359 char *buffer = data->state.buffer;
2361 if(data->set.ssl.certinfo)
2362 /* we've been asked to gather certificate info! */
2363 (void)get_cert_chain(conn, connssl);
2365 data->set.ssl.certverifyresult = !X509_V_OK;
2367 connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
2368 if(!connssl->server_cert) {
2370 failf(data, "SSL: couldn't get peer certificate!");
2371 return CURLE_PEER_FAILED_VERIFICATION;
2373 infof (data, "Server certificate:\n");
2375 rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
2377 infof(data, "\t subject: %s\n", rc?"[NONE]":buffer);
2379 certdate = X509_get_notBefore(connssl->server_cert);
2380 asn1_output(certdate, buffer, BUFSIZE);
2381 infof(data, "\t start date: %s\n", buffer);
2383 certdate = X509_get_notAfter(connssl->server_cert);
2384 asn1_output(certdate, buffer, BUFSIZE);
2385 infof(data, "\t expire date: %s\n", buffer);
2387 if(data->set.ssl.verifyhost) {
2388 retcode = verifyhost(conn, connssl->server_cert);
2390 X509_free(connssl->server_cert);
2391 connssl->server_cert = NULL;
2396 rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
2400 failf(data, "SSL: couldn't get X509-issuer name!");
2401 retcode = CURLE_SSL_CONNECT_ERROR;
2404 infof(data, "\t issuer: %s\n", buffer);
2406 /* We could do all sorts of certificate verification stuff here before
2407 deallocating the certificate. */
2409 /* e.g. match issuer name with provided issuer certificate */
2410 if(data->set.str[STRING_SSL_ISSUERCERT]) {
2411 fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
2414 failf(data, "SSL: Unable to open issuer cert (%s)",
2415 data->set.str[STRING_SSL_ISSUERCERT]);
2416 X509_free(connssl->server_cert);
2417 connssl->server_cert = NULL;
2418 return CURLE_SSL_ISSUER_ERROR;
2420 issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
2423 failf(data, "SSL: Unable to read issuer cert (%s)",
2424 data->set.str[STRING_SSL_ISSUERCERT]);
2425 X509_free(connssl->server_cert);
2428 return CURLE_SSL_ISSUER_ERROR;
2431 if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
2433 failf(data, "SSL: Certificate issuer check failed (%s)",
2434 data->set.str[STRING_SSL_ISSUERCERT]);
2435 X509_free(connssl->server_cert);
2437 connssl->server_cert = NULL;
2438 return CURLE_SSL_ISSUER_ERROR;
2440 infof(data, "\t SSL certificate issuer check ok (%s)\n",
2441 data->set.str[STRING_SSL_ISSUERCERT]);
2445 lerr = data->set.ssl.certverifyresult=
2446 SSL_get_verify_result(connssl->handle);
2447 if(data->set.ssl.certverifyresult != X509_V_OK) {
2448 if(data->set.ssl.verifypeer) {
2449 /* We probably never reach this, because SSL_connect() will fail
2450 and we return earlier if verifypeer is set? */
2452 failf(data, "SSL certificate verify result: %s (%ld)",
2453 X509_verify_cert_error_string(lerr), lerr);
2454 retcode = CURLE_PEER_FAILED_VERIFICATION;
2457 infof(data, "\t SSL certificate verify result: %s (%ld),"
2458 " continuing anyway.\n",
2459 X509_verify_cert_error_string(lerr), lerr);
2462 infof(data, "\t SSL certificate verify ok.\n");
2465 X509_free(connssl->server_cert);
2466 connssl->server_cert = NULL;
2467 connssl->connecting_state = ssl_connect_done;
2474 ossl_connect_step3(struct connectdata *conn,
2477 CURLcode retcode = CURLE_OK;
2478 void *old_ssl_sessionid=NULL;
2479 struct SessionHandle *data = conn->data;
2480 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2482 SSL_SESSION *our_ssl_sessionid;
2484 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
2486 #ifdef HAVE_SSL_GET1_SESSION
2487 our_ssl_sessionid = SSL_get1_session(connssl->handle);
2489 /* SSL_get1_session() will increment the reference
2490 count and the session will stay in memory until explicitly freed with
2491 SSL_SESSION_free(3), regardless of its state.
2492 This function was introduced in openssl 0.9.5a. */
2494 our_ssl_sessionid = SSL_get_session(connssl->handle);
2496 /* if SSL_get1_session() is unavailable, use SSL_get_session().
2497 This is an inferior option because the session can be flushed
2498 at any time by openssl. It is included only so curl compiles
2499 under versions of openssl < 0.9.5a.
2501 WARNING: How curl behaves if it's session is flushed is
2506 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
2508 if(old_ssl_sessionid != our_ssl_sessionid) {
2509 infof(data, "old SSL session ID is stale, removing\n");
2510 Curl_ssl_delsessionid(conn, old_ssl_sessionid);
2515 retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
2516 0 /* unknown size */);
2518 failf(data, "failed to store ssl session");
2522 #ifdef HAVE_SSL_GET1_SESSION
2524 /* Session was incache, so refcount already incremented earlier.
2525 * Avoid further increments with each SSL_get1_session() call.
2526 * This does not free the session as refcount remains > 0
2528 SSL_SESSION_free(our_ssl_sessionid);
2533 * We check certificates to authenticate the server; otherwise we risk
2534 * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
2535 * verify the peer ignore faults and failures from the server cert
2539 if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
2540 (void)servercert(conn, connssl, FALSE);
2542 retcode = servercert(conn, connssl, TRUE);
2544 if(CURLE_OK == retcode)
2545 connssl->connecting_state = ssl_connect_done;
2549 static Curl_recv ossl_recv;
2550 static Curl_send ossl_send;
2553 ossl_connect_common(struct connectdata *conn,
2559 struct SessionHandle *data = conn->data;
2560 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2561 curl_socket_t sockfd = conn->sock[sockindex];
2565 /* check if the connection has already been established */
2566 if(ssl_connection_complete == connssl->state) {
2571 if(ssl_connect_1==connssl->connecting_state) {
2572 /* Find out how much more time we're allowed */
2573 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2575 if(timeout_ms < 0) {
2576 /* no need to continue if time already is up */
2577 failf(data, "SSL connection timeout");
2578 return CURLE_OPERATION_TIMEDOUT;
2580 retcode = ossl_connect_step1(conn, sockindex);
2585 while(ssl_connect_2 == connssl->connecting_state ||
2586 ssl_connect_2_reading == connssl->connecting_state ||
2587 ssl_connect_2_writing == connssl->connecting_state) {
2589 /* check allowed time left */
2590 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2592 if(timeout_ms < 0) {
2593 /* no need to continue if time already is up */
2594 failf(data, "SSL connection timeout");
2595 return CURLE_OPERATION_TIMEDOUT;
2598 /* if ssl is expecting something, check if it's available. */
2599 if(connssl->connecting_state == ssl_connect_2_reading
2600 || connssl->connecting_state == ssl_connect_2_writing) {
2602 curl_socket_t writefd = ssl_connect_2_writing==
2603 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2604 curl_socket_t readfd = ssl_connect_2_reading==
2605 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2607 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
2610 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2611 return CURLE_SSL_CONNECT_ERROR;
2613 else if(0 == what) {
2620 failf(data, "SSL connection timeout");
2621 return CURLE_OPERATION_TIMEDOUT;
2624 /* socket is readable or writable */
2627 /* Run transaction, and return to the caller if it failed or if this
2628 * connection is done nonblocking and this loop would execute again. This
2629 * permits the owner of a multi handle to abort a connection attempt
2630 * before step2 has completed while ensuring that a client using select()
2631 * or epoll() will always have a valid fdset to wait on.
2633 retcode = ossl_connect_step2(conn, sockindex);
2634 if(retcode || (nonblocking &&
2635 (ssl_connect_2 == connssl->connecting_state ||
2636 ssl_connect_2_reading == connssl->connecting_state ||
2637 ssl_connect_2_writing == connssl->connecting_state)))
2640 } /* repeat step2 until all transactions are done. */
2643 if(ssl_connect_3==connssl->connecting_state) {
2644 retcode = ossl_connect_step3(conn, sockindex);
2649 if(ssl_connect_done==connssl->connecting_state) {
2650 connssl->state = ssl_connection_complete;
2651 conn->recv[sockindex] = ossl_recv;
2652 conn->send[sockindex] = ossl_send;
2658 /* Reset our connect state machine */
2659 connssl->connecting_state = ssl_connect_1;
2665 Curl_ossl_connect_nonblocking(struct connectdata *conn,
2669 return ossl_connect_common(conn, sockindex, TRUE, done);
2673 Curl_ossl_connect(struct connectdata *conn,
2679 retcode = ossl_connect_common(conn, sockindex, FALSE, &done);
2688 bool Curl_ossl_data_pending(const struct connectdata *conn,
2691 if(conn->ssl[connindex].handle)
2693 return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
2698 static ssize_t ossl_send(struct connectdata *conn,
2704 /* SSL_write() is said to return 'int' while write() and send() returns
2707 char error_buffer[120]; /* OpenSSL documents that this must be at least 120
2709 unsigned long sslerror;
2715 memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
2716 rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
2719 err = SSL_get_error(conn->ssl[sockindex].handle, rc);
2722 case SSL_ERROR_WANT_READ:
2723 case SSL_ERROR_WANT_WRITE:
2724 /* The operation did not complete; the same TLS/SSL I/O function
2725 should be called again later. This is basically an EWOULDBLOCK
2727 *curlcode = CURLE_AGAIN;
2729 case SSL_ERROR_SYSCALL:
2730 failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
2732 *curlcode = CURLE_SEND_ERROR;
2735 /* A failure in the SSL library occurred, usually a protocol error.
2736 The OpenSSL error queue contains more information on the error. */
2737 sslerror = ERR_get_error();
2738 failf(conn->data, "SSL_write() error: %s",
2739 ERR_error_string(sslerror, error_buffer));
2740 *curlcode = CURLE_SEND_ERROR;
2744 failf(conn->data, "SSL_write() return error %d", err);
2745 *curlcode = CURLE_SEND_ERROR;
2748 return (ssize_t)rc; /* number of bytes */
2751 static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
2752 int num, /* socketindex */
2753 char *buf, /* store read data here */
2754 size_t buffersize, /* max amount to read */
2757 char error_buffer[120]; /* OpenSSL documents that this must be at
2758 least 120 bytes long. */
2759 unsigned long sslerror;
2765 buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
2766 nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
2768 /* failed SSL_read */
2769 int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
2772 case SSL_ERROR_NONE: /* this is not an error */
2773 case SSL_ERROR_ZERO_RETURN: /* no more data */
2775 case SSL_ERROR_WANT_READ:
2776 case SSL_ERROR_WANT_WRITE:
2777 /* there's data pending, re-invoke SSL_read() */
2778 *curlcode = CURLE_AGAIN;
2781 /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
2783 /* http://www.openssl.org/docs/crypto/ERR_get_error.html */
2784 sslerror = ERR_get_error();
2785 if((nread < 0) || sslerror) {
2786 /* If the return code was negative or there actually is an error in the
2788 failf(conn->data, "SSL read: %s, errno %d",
2789 ERR_error_string(sslerror, error_buffer),
2791 *curlcode = CURLE_RECV_ERROR;
2799 size_t Curl_ossl_version(char *buffer, size_t size)
2801 #ifdef YASSL_VERSION
2802 /* yassl provides an OpenSSL API compatibility layer so it looks identical
2803 to OpenSSL in all other aspects */
2804 return snprintf(buffer, size, "yassl/%s", YASSL_VERSION);
2805 #else /* YASSL_VERSION */
2807 #if(SSLEAY_VERSION_NUMBER >= 0x905000)
2810 unsigned long ssleay_value;
2812 ssleay_value=SSLeay();
2813 if(ssleay_value < 0x906000) {
2814 ssleay_value=SSLEAY_VERSION_NUMBER;
2818 if(ssleay_value&0xff0) {
2819 sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
2825 return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx%s",
2826 (ssleay_value>>28)&0xf,
2827 (ssleay_value>>20)&0xff,
2828 (ssleay_value>>12)&0xff,
2832 #else /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
2834 #if(SSLEAY_VERSION_NUMBER >= 0x900000)
2835 return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx",
2836 (SSLEAY_VERSION_NUMBER>>28)&0xff,
2837 (SSLEAY_VERSION_NUMBER>>20)&0xff,
2838 (SSLEAY_VERSION_NUMBER>>12)&0xf);
2840 #else /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
2844 if(SSLEAY_VERSION_NUMBER&0x0f) {
2845 sub[0]=(SSLEAY_VERSION_NUMBER&0x0f) + 'a' -1;
2850 return snprintf(buffer, size, "SSL/%x.%x.%x%s",
2851 (SSLEAY_VERSION_NUMBER>>12)&0xff,
2852 (SSLEAY_VERSION_NUMBER>>8)&0xf,
2853 (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
2855 #endif /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
2856 #endif /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
2858 #endif /* YASSL_VERSION */
2861 void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
2864 Curl_ossl_seed(data); /* Initiate the seed if not already done */
2865 RAND_bytes(entropy, curlx_uztosi(length));
2868 void Curl_ossl_md5sum(unsigned char *tmp, /* input */
2870 unsigned char *md5sum /* output */,
2876 MD5_Update(&MD5pw, tmp, tmplen);
2877 MD5_Final(md5sum, &MD5pw);
2879 #endif /* USE_SSLEAY */