1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
24 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
29 * The original SSLeay-using code for curl was written by Linas Vepstas and
30 * Sampo Kellomaki 1998.
33 #include "curl_setup.h"
41 #include "formdata.h" /* for the boundary function */
42 #include "url.h" /* for the ssl config check function */
43 #include "inet_pton.h"
51 #include "hostcheck.h"
53 #define _MPRINTF_REPLACE /* use the internal *printf() functions */
54 #include <curl/mprintf.h>
59 #include <openssl/rand.h>
60 #include <openssl/x509v3.h>
61 #include <openssl/dsa.h>
62 #include <openssl/dh.h>
63 #include <openssl/err.h>
64 #include <openssl/md5.h>
65 #include <openssl/conf.h>
73 #include "curl_memory.h"
74 #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
76 /* The last #include file should be: */
79 #ifndef OPENSSL_VERSION_NUMBER
80 #error "OPENSSL_VERSION_NUMBER not defined"
83 #if OPENSSL_VERSION_NUMBER >= 0x0090581fL
84 #define HAVE_SSL_GET1_SESSION 1
86 #undef HAVE_SSL_GET1_SESSION
89 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
90 #define HAVE_USERDATA_IN_PWD_CALLBACK 1
92 #undef HAVE_USERDATA_IN_PWD_CALLBACK
95 #if OPENSSL_VERSION_NUMBER >= 0x00907001L
96 /* ENGINE_load_private_key() takes four arguments */
97 #define HAVE_ENGINE_LOAD_FOUR_ARGS
98 #include <openssl/ui.h>
100 /* ENGINE_load_private_key() takes three arguments */
101 #undef HAVE_ENGINE_LOAD_FOUR_ARGS
104 #if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
105 /* OpenSSL has PKCS 12 support */
106 #define HAVE_PKCS12_SUPPORT
108 /* OpenSSL/SSLEay does not have PKCS12 support */
109 #undef HAVE_PKCS12_SUPPORT
112 #if OPENSSL_VERSION_NUMBER >= 0x00906001L
113 #define HAVE_ERR_ERROR_STRING_N 1
116 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
117 #define SSL_METHOD_QUAL const
119 #define SSL_METHOD_QUAL
122 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
123 /* 0.9.6 didn't have X509_STORE_set_flags() */
124 #define HAVE_X509_STORE_SET_FLAGS 1
126 #define X509_STORE_set_flags(x,y) Curl_nop_stmt
129 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
130 #define HAVE_ERR_REMOVE_THREAD_STATE 1
133 #ifndef HAVE_SSLV2_CLIENT_METHOD
134 #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
135 #define OPENSSL_NO_SSL2
139 * Number of bytes to read from the random number seed file. This must be
140 * a finite value (because some entropy "files" like /dev/urandom have
141 * an infinite length), but must be large enough to provide enough
142 * entopy to properly seed OpenSSL's PRNG.
144 #define RAND_LOAD_LENGTH 1024
146 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
147 static char global_passwd[64];
150 static int passwd_callback(char *buf, int num, int encrypting
151 #ifdef HAVE_USERDATA_IN_PWD_CALLBACK
152 /* This was introduced in 0.9.4, we can set this
153 using SSL_CTX_set_default_passwd_cb_userdata()
155 , void *global_passwd
159 DEBUGASSERT(0 == encrypting);
162 int klen = curlx_uztosi(strlen((char *)global_passwd));
164 memcpy(buf, global_passwd, klen+1);
172 * rand_enough() is a function that returns TRUE if we have seeded the random
173 * engine properly. We use some preprocessor magic to provide a seed_enough()
174 * macro to use, just to prevent a compiler warning on this function if we
175 * pass in an argument that is never used.
178 #ifdef HAVE_RAND_STATUS
179 #define seed_enough(x) rand_enough()
180 static bool rand_enough(void)
182 return (0 != RAND_status()) ? TRUE : FALSE;
185 #define seed_enough(x) rand_enough(x)
186 static bool rand_enough(int nread)
188 /* this is a very silly decision to make */
189 return (nread > 500) ? TRUE : FALSE;
193 static int ossl_seed(struct SessionHandle *data)
195 char *buf = data->state.buffer; /* point to the big buffer */
198 /* Q: should we add support for a random file name as a libcurl option?
199 A: Yes, it is here */
202 /* if RANDOM_FILE isn't defined, we only perform this if an option tells
204 if(data->set.ssl.random_file)
205 #define RANDOM_FILE "" /* doesn't matter won't be used */
208 /* let the option override the define */
209 nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
210 data->set.str[STRING_SSL_RANDOM_FILE]:
213 if(seed_enough(nread))
217 #if defined(HAVE_RAND_EGD)
218 /* only available in OpenSSL 0.9.5 and later */
219 /* EGD_SOCKET is set at configure time or not at all */
221 /* If we don't have the define set, we only do this if the egd-option
223 if(data->set.str[STRING_SSL_EGDSOCKET])
224 #define EGD_SOCKET "" /* doesn't matter won't be used */
227 /* If there's an option and a define, the option overrides the
229 int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
230 data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
233 if(seed_enough(nread))
239 /* If we get here, it means we need to seed the PRNG using a "silly"
242 unsigned char randb[64];
243 int len = sizeof(randb);
244 RAND_bytes(randb, len);
245 RAND_add(randb, len, (len >> 1));
246 } while(!RAND_status());
248 /* generates a default path for the random seed file */
249 buf[0]=0; /* blank it first */
250 RAND_file_name(buf, BUFSIZE);
252 /* we got a file name to try */
253 nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
254 if(seed_enough(nread))
258 infof(data, "libcurl is now using a weak random seed!\n");
262 int Curl_ossl_seed(struct SessionHandle *data)
264 /* we have the "SSL is seeded" boolean static to prevent multiple
265 time-consuming seedings in vain */
266 static bool ssl_seeded = FALSE;
268 if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
269 data->set.str[STRING_SSL_EGDSOCKET]) {
277 #ifndef SSL_FILETYPE_ENGINE
278 #define SSL_FILETYPE_ENGINE 42
280 #ifndef SSL_FILETYPE_PKCS12
281 #define SSL_FILETYPE_PKCS12 43
283 static int do_file_type(const char *type)
285 if(!type || !type[0])
286 return SSL_FILETYPE_PEM;
287 if(Curl_raw_equal(type, "PEM"))
288 return SSL_FILETYPE_PEM;
289 if(Curl_raw_equal(type, "DER"))
290 return SSL_FILETYPE_ASN1;
291 if(Curl_raw_equal(type, "ENG"))
292 return SSL_FILETYPE_ENGINE;
293 if(Curl_raw_equal(type, "P12"))
294 return SSL_FILETYPE_PKCS12;
298 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_FOUR_ARGS)
300 * Supply default password to the engine user interface conversation.
301 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
302 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
304 static int ssl_ui_reader(UI *ui, UI_STRING *uis)
306 const char *password;
307 switch(UI_get_string_type(uis)) {
310 password = (const char*)UI_get0_user_data(ui);
311 if(NULL != password &&
312 UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
313 UI_set_result(ui, uis, password);
319 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
323 * Suppress interactive request for a default password if available.
325 static int ssl_ui_writer(UI *ui, UI_STRING *uis)
327 switch(UI_get_string_type(uis)) {
330 if(NULL != UI_get0_user_data(ui) &&
331 UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
337 return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
342 int cert_stuff(struct connectdata *conn,
345 const char *cert_type,
347 const char *key_type)
349 struct SessionHandle *data = conn->data;
351 int file_type = do_file_type(cert_type);
353 if(cert_file != NULL || file_type == SSL_FILETYPE_ENGINE) {
358 if(data->set.str[STRING_KEY_PASSWD]) {
359 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
361 * If password has been given, we store that in the global
362 * area (*shudder*) for a while:
364 size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
365 if(len < sizeof(global_passwd))
366 memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
368 global_passwd[0] = '\0';
371 * We set the password in the callback userdata
373 SSL_CTX_set_default_passwd_cb_userdata(ctx,
374 data->set.str[STRING_KEY_PASSWD]);
376 /* Set passwd callback: */
377 SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
381 #define SSL_CLIENT_CERT_ERR \
382 "unable to use client certificate (no key found or wrong pass phrase?)"
385 case SSL_FILETYPE_PEM:
386 /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
387 if(SSL_CTX_use_certificate_chain_file(ctx,
389 failf(data, SSL_CLIENT_CERT_ERR);
394 case SSL_FILETYPE_ASN1:
395 /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
396 we use the case above for PEM so this can only be performed with
398 if(SSL_CTX_use_certificate_file(ctx,
401 failf(data, SSL_CLIENT_CERT_ERR);
405 case SSL_FILETYPE_ENGINE:
406 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
408 if(data->state.engine) {
409 const char *cmd_name = "LOAD_CERT_CTRL";
415 params.cert_id = cert_file;
418 /* Does the engine supports LOAD_CERT_CTRL ? */
419 if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
420 0, (void *)cmd_name, NULL)) {
421 failf(data, "ssl engine does not support loading certificates");
425 /* Load the certificate from the engine */
426 if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
427 0, ¶ms, NULL, 1)) {
428 failf(data, "ssl engine cannot load client cert with id"
429 " '%s' [%s]", cert_file,
430 ERR_error_string(ERR_get_error(), NULL));
435 failf(data, "ssl engine didn't initialized the certificate "
440 if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
441 failf(data, "unable to set client certificate");
442 X509_free(params.cert);
445 X509_free(params.cert); /* we don't need the handle any more... */
448 failf(data, "crypto engine not set, can't load certificate");
454 failf(data, "file type ENG for certificate not implemented");
458 case SSL_FILETYPE_PKCS12:
460 #ifdef HAVE_PKCS12_SUPPORT
464 STACK_OF(X509) *ca = NULL;
467 f = fopen(cert_file,"rb");
469 failf(data, "could not open PKCS12 file '%s'", cert_file);
472 p12 = d2i_PKCS12_fp(f, NULL);
476 failf(data, "error reading PKCS12 file '%s'", cert_file );
482 if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
485 "could not parse PKCS12 file, check password, OpenSSL error %s",
486 ERR_error_string(ERR_get_error(), NULL) );
493 if(SSL_CTX_use_certificate(ctx, x509) != 1) {
494 failf(data, SSL_CLIENT_CERT_ERR);
498 if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
499 failf(data, "unable to use private key from PKCS12 file '%s'",
504 if(!SSL_CTX_check_private_key (ctx)) {
505 failf(data, "private key from PKCS12 file '%s' "
506 "does not match certificate in same file", cert_file);
509 /* Set Certificate Verification chain */
510 if(ca && sk_X509_num(ca)) {
511 for(i = 0; i < sk_X509_num(ca); i++) {
513 * Note that sk_X509_pop() is used below to make sure the cert is
514 * removed from the stack properly before getting passed to
515 * SSL_CTX_add_extra_chain_cert(). Previously we used
516 * sk_X509_value() instead, but then we'd clean it in the subsequent
517 * sk_X509_pop_free() call.
519 X509 *x = sk_X509_pop(ca);
520 if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
521 failf(data, "cannot add certificate to certificate chain");
524 /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
525 * presumably because it duplicates what we pass to it.
527 if(!SSL_CTX_add_client_CA(ctx, x)) {
528 failf(data, "cannot add certificate to client CA list");
538 sk_X509_pop_free(ca, X509_free);
541 return 0; /* failure! */
544 failf(data, "file type P12 for certificate not supported");
549 failf(data, "not supported file type '%s' for certificate", cert_type);
553 file_type = do_file_type(key_type);
556 case SSL_FILETYPE_PEM:
560 /* cert & key can only be in PEM case in the same file */
562 case SSL_FILETYPE_ASN1:
563 if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
564 failf(data, "unable to set private key file: '%s' type %s",
565 key_file, key_type?key_type:"PEM");
569 case SSL_FILETYPE_ENGINE:
570 #ifdef HAVE_OPENSSL_ENGINE_H
571 { /* XXXX still needs some work */
572 EVP_PKEY *priv_key = NULL;
573 if(data->state.engine) {
574 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
575 UI_METHOD *ui_method =
576 UI_create_method((char *)"cURL user interface");
577 if(NULL == ui_method) {
578 failf(data, "unable do create OpenSSL user-interface method");
581 UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
582 UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
583 UI_method_set_reader(ui_method, ssl_ui_reader);
584 UI_method_set_writer(ui_method, ssl_ui_writer);
586 /* the typecast below was added to please mingw32 */
587 priv_key = (EVP_PKEY *)
588 ENGINE_load_private_key(data->state.engine,key_file,
589 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
592 data->set.str[STRING_KEY_PASSWD]);
593 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
594 UI_destroy_method(ui_method);
597 failf(data, "failed to load private key from crypto engine");
600 if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
601 failf(data, "unable to set private key");
602 EVP_PKEY_free(priv_key);
605 EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
608 failf(data, "crypto engine not set, can't load private key");
614 failf(data, "file type ENG for private key not supported");
617 case SSL_FILETYPE_PKCS12:
619 failf(data, "file type P12 for private key not supported");
624 failf(data, "not supported file type for private key");
630 failf(data,"unable to create an SSL structure");
634 x509=SSL_get_certificate(ssl);
636 /* This version was provided by Evan Jordan and is supposed to not
637 leak memory as the previous version: */
639 EVP_PKEY *pktmp = X509_get_pubkey(x509);
640 EVP_PKEY_copy_parameters(pktmp,SSL_get_privatekey(ssl));
641 EVP_PKEY_free(pktmp);
646 /* If we are using DSA, we can copy the parameters from
650 /* Now we know that a key and cert have been set against
652 if(!SSL_CTX_check_private_key(ctx)) {
653 failf(data, "Private key does not match the certificate public key");
656 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
658 memset(global_passwd, 0, sizeof(global_passwd));
664 /* returns non-zero on failure */
665 static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
668 return X509_NAME_oneline(a, buf, size);
670 BIO *bio_out = BIO_new(BIO_s_mem());
675 return 1; /* alloc failed! */
677 rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
678 BIO_get_mem_ptr(bio_out, &biomem);
680 if((size_t)biomem->length < size)
681 size = biomem->length;
683 size--; /* don't overwrite the buffer end */
685 memcpy(buf, biomem->data, size);
695 int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
700 err_cert=X509_STORE_CTX_get_current_cert(ctx);
701 (void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
705 /* Return error string for last OpenSSL error
707 static char *SSL_strerror(unsigned long error, char *buf, size_t size)
709 #ifdef HAVE_ERR_ERROR_STRING_N
710 /* OpenSSL 0.9.6 and later has a function named
711 ERRO_error_string_n() that takes the size of the buffer as a
713 ERR_error_string_n(error, buf, size);
716 ERR_error_string(error, buf);
721 #endif /* USE_SSLEAY */
727 * @retval 0 error initializing SSL
728 * @retval 1 SSL initialized successfully
730 int Curl_ossl_init(void)
732 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
733 ENGINE_load_builtin_engines();
736 /* Lets get nice error messages */
737 SSL_load_error_strings();
739 /* Init the global ciphers and digests */
740 if(!SSLeay_add_ssl_algorithms())
743 OpenSSL_add_all_algorithms();
744 OPENSSL_config(NULL);
749 #endif /* USE_SSLEAY */
754 void Curl_ossl_cleanup(void)
756 /* Free ciphers and digests lists */
759 #ifdef HAVE_ENGINE_CLEANUP
760 /* Free engine list */
764 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
765 /* Free OpenSSL ex_data table */
766 CRYPTO_cleanup_all_ex_data();
769 /* Free OpenSSL error strings */
772 /* Free thread local error state, destroying hash upon zero refcount */
773 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
774 ERR_remove_thread_state(NULL);
781 * This function uses SSL_peek to determine connection status.
784 * 1 means the connection is still in place
785 * 0 means the connection has been closed
786 * -1 means the connection status is unknown
788 int Curl_ossl_check_cxn(struct connectdata *conn)
793 rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
795 return 1; /* connection still in place */
798 return 0; /* connection has been closed */
800 return -1; /* connection status unknown */
803 /* Selects an OpenSSL crypto engine
805 CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
807 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
810 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
811 e = ENGINE_by_id(engine);
813 /* avoid memory leak */
814 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
815 const char *e_id = ENGINE_get_id(e);
816 if(!strcmp(engine, e_id))
822 failf(data, "SSL Engine '%s' not found", engine);
823 return CURLE_SSL_ENGINE_NOTFOUND;
826 if(data->state.engine) {
827 ENGINE_finish(data->state.engine);
828 ENGINE_free(data->state.engine);
829 data->state.engine = NULL;
831 if(!ENGINE_init(e)) {
835 failf(data, "Failed to initialise SSL Engine '%s':\n%s",
836 engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
837 return CURLE_SSL_ENGINE_INITFAILED;
839 data->state.engine = e;
843 failf(data, "SSL Engine not supported");
844 return CURLE_SSL_ENGINE_NOTFOUND;
848 /* Sets engine as default for all SSL operations
850 CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
852 #ifdef HAVE_OPENSSL_ENGINE_H
853 if(data->state.engine) {
854 if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
855 infof(data,"set default crypto engine '%s'\n",
856 ENGINE_get_id(data->state.engine));
859 failf(data, "set default crypto engine '%s' failed",
860 ENGINE_get_id(data->state.engine));
861 return CURLE_SSL_ENGINE_SETFAILED;
870 /* Return list of OpenSSL crypto engine names.
872 struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
874 struct curl_slist *list = NULL;
875 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
876 struct curl_slist *beg;
879 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
880 beg = curl_slist_append(list, ENGINE_get_id(e));
882 curl_slist_free_all(list);
894 * This function is called when an SSL connection is closed.
896 void Curl_ossl_close(struct connectdata *conn, int sockindex)
898 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
900 if(connssl->handle) {
901 (void)SSL_shutdown(connssl->handle);
902 SSL_set_connect_state(connssl->handle);
904 SSL_free (connssl->handle);
905 connssl->handle = NULL;
908 SSL_CTX_free (connssl->ctx);
914 * This function is called to shut down the SSL layer but keep the
915 * socket open (CCC - Clear Command Channel)
917 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
920 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
921 struct SessionHandle *data = conn->data;
922 char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
923 to be at least 120 bytes long. */
924 unsigned long sslerror;
930 /* This has only been tested on the proftpd server, and the mod_tls code
931 sends a close notify alert without waiting for a close notify alert in
932 response. Thus we wait for a close notify alert from the server, but
933 we do not send one. Let's hope other servers do the same... */
935 if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
936 (void)SSL_shutdown(connssl->handle);
938 if(connssl->handle) {
939 buffsize = (int)sizeof(buf);
941 int what = Curl_socket_ready(conn->sock[sockindex],
942 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
946 /* Something to read, let's do it and hope that it is the close
947 notify alert from the server */
948 nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
950 err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
953 case SSL_ERROR_NONE: /* this is not an error */
954 case SSL_ERROR_ZERO_RETURN: /* no more data */
955 /* This is the expected response. There was no data but only
956 the close notify alert */
959 case SSL_ERROR_WANT_READ:
960 /* there's data pending, re-invoke SSL_read() */
961 infof(data, "SSL_ERROR_WANT_READ\n");
963 case SSL_ERROR_WANT_WRITE:
964 /* SSL wants a write. Really odd. Let's bail out. */
965 infof(data, "SSL_ERROR_WANT_WRITE\n");
969 /* openssl/ssl.h says "look at error stack/return value/errno" */
970 sslerror = ERR_get_error();
971 failf(conn->data, "SSL read: %s, errno %d",
972 ERR_error_string(sslerror, buf),
980 failf(data, "SSL shutdown timeout");
984 /* anything that gets here is fatally bad */
985 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
989 } /* while()-loop for the select() */
991 if(data->set.verbose) {
992 #ifdef HAVE_SSL_GET_SHUTDOWN
993 switch(SSL_get_shutdown(connssl->handle)) {
994 case SSL_SENT_SHUTDOWN:
995 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
997 case SSL_RECEIVED_SHUTDOWN:
998 infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
1000 case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
1001 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
1002 "SSL_RECEIVED__SHUTDOWN\n");
1008 SSL_free (connssl->handle);
1009 connssl->handle = NULL;
1014 void Curl_ossl_session_free(void *ptr)
1017 SSL_SESSION_free(ptr);
1021 * This function is called when the 'data' struct is going away. Close
1022 * down everything and free all resources!
1024 int Curl_ossl_close_all(struct SessionHandle *data)
1026 #ifdef HAVE_OPENSSL_ENGINE_H
1027 if(data->state.engine) {
1028 ENGINE_finish(data->state.engine);
1029 ENGINE_free(data->state.engine);
1030 data->state.engine = NULL;
1038 static int asn1_output(const ASN1_UTCTIME *tm,
1042 const char *asn1_string;
1045 int year=0,month=0,day=0,hour=0,minute=0,second=0;
1048 asn1_string=(const char *)tm->data;
1052 if(asn1_string[i-1] == 'Z')
1055 if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
1058 year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
1062 month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
1063 if((month > 12) || (month < 1))
1066 day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
1067 hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
1068 minute= (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
1070 if((asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
1071 (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
1072 second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
1074 snprintf(buf, sizeofbuf,
1075 "%04d-%02d-%02d %02d:%02d:%02d %s",
1076 year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
1081 /* ====================================================== */
1084 /* Quote from RFC2818 section 3.1 "Server Identity"
1086 If a subjectAltName extension of type dNSName is present, that MUST
1087 be used as the identity. Otherwise, the (most specific) Common Name
1088 field in the Subject field of the certificate MUST be used. Although
1089 the use of the Common Name is existing practice, it is deprecated and
1090 Certification Authorities are encouraged to use the dNSName instead.
1092 Matching is performed using the matching rules specified by
1093 [RFC2459]. If more than one identity of a given type is present in
1094 the certificate (e.g., more than one dNSName name, a match in any one
1095 of the set is considered acceptable.) Names may contain the wildcard
1096 character * which is considered to match any single domain name
1097 component or component fragment. E.g., *.a.com matches foo.a.com but
1098 not bar.foo.a.com. f*.com matches foo.com but not bar.com.
1100 In some cases, the URI is specified as an IP address rather than a
1101 hostname. In this case, the iPAddress subjectAltName must be present
1102 in the certificate and must exactly match the IP in the URI.
1105 static CURLcode verifyhost(struct connectdata *conn,
1108 int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
1110 int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
1112 struct SessionHandle *data = conn->data;
1113 STACK_OF(GENERAL_NAME) *altnames;
1115 struct in6_addr addr;
1117 struct in_addr addr;
1119 CURLcode res = CURLE_OK;
1122 if(conn->bits.ipv6_ip &&
1123 Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
1125 addrlen = sizeof(struct in6_addr);
1129 if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
1131 addrlen = sizeof(struct in_addr);
1134 /* get a "list" of alternative names */
1135 altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
1141 /* get amount of alternatives, RFC2459 claims there MUST be at least
1142 one, but we don't depend on it... */
1143 numalts = sk_GENERAL_NAME_num(altnames);
1145 /* loop through all alternatives while none has matched */
1146 for(i=0; (i<numalts) && (matched != 1); i++) {
1147 /* get a handle to alternative name number i */
1148 const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
1150 /* only check alternatives of the same type the target is */
1151 if(check->type == target) {
1152 /* get data and length */
1153 const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
1154 size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1157 case GEN_DNS: /* name/pattern comparison */
1158 /* The OpenSSL man page explicitly says: "In general it cannot be
1159 assumed that the data returned by ASN1_STRING_data() is null
1160 terminated or does not contain embedded nulls." But also that
1161 "The actual format of the data will depend on the actual string
1162 type itself: for example for and IA5String the data will be ASCII"
1164 Gisle researched the OpenSSL sources:
1165 "I checked the 0.9.6 and 0.9.8 sources before my patch and
1166 it always 0-terminates an IA5String."
1168 if((altlen == strlen(altptr)) &&
1169 /* if this isn't true, there was an embedded zero in the name
1170 string and we cannot match it. */
1171 Curl_cert_hostcheck(altptr, conn->host.name))
1177 case GEN_IPADD: /* IP address comparison */
1178 /* compare alternative IP address if the data chunk is the same size
1179 our server IP address is */
1180 if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
1188 GENERAL_NAMES_free(altnames);
1192 /* an alternative name matched the server hostname */
1193 infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
1194 else if(matched == 0) {
1195 /* an alternative name field existed, but didn't match and then
1197 infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
1198 failf(data, "SSL: no alternative certificate subject name matches "
1199 "target host name '%s'", conn->host.dispname);
1200 res = CURLE_PEER_FAILED_VERIFICATION;
1203 /* we have to look to the last occurrence of a commonName in the
1204 distinguished one to get the most significant one. */
1207 /* The following is done because of a bug in 0.9.6b */
1209 unsigned char *nulstr = (unsigned char *)"";
1210 unsigned char *peer_CN = nulstr;
1212 X509_NAME *name = X509_get_subject_name(server_cert) ;
1214 while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
1217 /* we have the name entry and we will now convert this to a string
1218 that we can use for comparison. Doing this we support BMPstring,
1222 ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
1224 /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
1225 is already UTF-8 encoded. We check for this case and copy the raw
1226 string manually to avoid the problem. This code can be made
1227 conditional in the future when OpenSSL has been fixed. Work-around
1228 brought by Alexis S. L. Carvalho. */
1230 if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1231 j = ASN1_STRING_length(tmp);
1233 peer_CN = OPENSSL_malloc(j+1);
1235 memcpy(peer_CN, ASN1_STRING_data(tmp), j);
1240 else /* not a UTF8 name */
1241 j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1243 if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1244 /* there was a terminating zero before the end of string, this
1245 cannot match and we return failure! */
1246 failf(data, "SSL: illegal cert name field");
1247 res = CURLE_PEER_FAILED_VERIFICATION;
1252 if(peer_CN == nulstr)
1255 /* convert peer_CN from UTF8 */
1256 CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
1257 /* Curl_convert_from_utf8 calls failf if unsuccessful */
1259 OPENSSL_free(peer_CN);
1265 /* error already detected, pass through */
1269 "SSL: unable to obtain common name from peer certificate");
1270 res = CURLE_PEER_FAILED_VERIFICATION;
1272 else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
1273 failf(data, "SSL: certificate subject name '%s' does not match "
1274 "target host name '%s'", peer_CN, conn->host.dispname);
1275 res = CURLE_PEER_FAILED_VERIFICATION;
1278 infof(data, "\t common name: %s (matched)\n", peer_CN);
1281 OPENSSL_free(peer_CN);
1285 #endif /* USE_SSLEAY */
1287 /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
1288 and thus this cannot be done there. */
1289 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1291 static const char *ssl_msg_type(int ssl_ver, int msg)
1293 if(ssl_ver == SSL2_VERSION_MAJOR) {
1297 case SSL2_MT_CLIENT_HELLO:
1298 return "Client hello";
1299 case SSL2_MT_CLIENT_MASTER_KEY:
1300 return "Client key";
1301 case SSL2_MT_CLIENT_FINISHED:
1302 return "Client finished";
1303 case SSL2_MT_SERVER_HELLO:
1304 return "Server hello";
1305 case SSL2_MT_SERVER_VERIFY:
1306 return "Server verify";
1307 case SSL2_MT_SERVER_FINISHED:
1308 return "Server finished";
1309 case SSL2_MT_REQUEST_CERTIFICATE:
1310 return "Request CERT";
1311 case SSL2_MT_CLIENT_CERTIFICATE:
1312 return "Client CERT";
1315 else if(ssl_ver == SSL3_VERSION_MAJOR) {
1317 case SSL3_MT_HELLO_REQUEST:
1318 return "Hello request";
1319 case SSL3_MT_CLIENT_HELLO:
1320 return "Client hello";
1321 case SSL3_MT_SERVER_HELLO:
1322 return "Server hello";
1323 case SSL3_MT_CERTIFICATE:
1325 case SSL3_MT_SERVER_KEY_EXCHANGE:
1326 return "Server key exchange";
1327 case SSL3_MT_CLIENT_KEY_EXCHANGE:
1328 return "Client key exchange";
1329 case SSL3_MT_CERTIFICATE_REQUEST:
1330 return "Request CERT";
1331 case SSL3_MT_SERVER_DONE:
1332 return "Server finished";
1333 case SSL3_MT_CERTIFICATE_VERIFY:
1334 return "CERT verify";
1335 case SSL3_MT_FINISHED:
1342 static const char *tls_rt_type(int type)
1345 type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
1346 type == SSL3_RT_ALERT ? "TLS alert, " :
1347 type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
1348 type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
1354 * Our callback from the SSL/TLS layers.
1356 static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
1357 const void *buf, size_t len, const SSL *ssl,
1358 struct connectdata *conn)
1360 struct SessionHandle *data;
1361 const char *msg_name, *tls_rt_name;
1363 int ver, msg_type, txt_len;
1365 if(!conn || !conn->data || !conn->data->set.fdebug ||
1366 (direction != 0 && direction != 1))
1371 ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' :
1372 ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?');
1374 /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
1375 * always pass-up content-type as 0. But the interesting message-type
1378 if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
1379 tls_rt_name = tls_rt_type(content_type);
1383 msg_type = *(char*)buf;
1384 msg_name = ssl_msg_type(ssl_ver, msg_type);
1386 txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n",
1387 ver, tls_rt_name, msg_name, msg_type);
1388 Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
1390 Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
1391 CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
1397 /* ====================================================== */
1399 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1400 # define use_sni(x) sni = (x)
1402 # define use_sni(x) Curl_nop_stmt
1408 #if defined(HAVE_SSL_CTX_SET_ALPN_PROTOS) && \
1409 defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
1413 #if !defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \
1414 defined(OPENSSL_NO_NEXTPROTONEG)
1415 # if !defined(HAS_ALPN)
1416 # error http2 builds require OpenSSL with NPN or ALPN support
1422 * in is a list of lenght prefixed strings. this function has to select
1423 * the protocol we want to use from the list and write its string into out.
1426 select_next_proto_cb(SSL *ssl,
1427 unsigned char **out, unsigned char *outlen,
1428 const unsigned char *in, unsigned int inlen,
1431 struct connectdata *conn = (struct connectdata*) arg;
1432 int retval = nghttp2_select_next_protocol(out, outlen, in, inlen);
1436 infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
1437 NGHTTP2_PROTO_VERSION_ID);
1438 conn->negnpn = NPN_HTTP2;
1440 else if(retval == 0) {
1441 infof(conn->data, "NPN, negotiated HTTP1.1\n");
1442 conn->negnpn = NPN_HTTP1_1;
1445 infof(conn->data, "NPN, no overlap, use HTTP1.1\n",
1446 NGHTTP2_PROTO_VERSION_ID);
1447 *out = (unsigned char*)"http/1.1";
1448 *outlen = sizeof("http/1.1") - 1;
1449 conn->negnpn = NPN_HTTP1_1;
1452 return SSL_TLSEXT_ERR_OK;
1457 get_ssl_version_txt(SSL_SESSION *session)
1462 switch(session->ssl_version) {
1463 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1464 case TLS1_2_VERSION:
1466 case TLS1_1_VERSION:
1481 ossl_connect_step1(struct connectdata *conn,
1484 CURLcode retcode = CURLE_OK;
1486 struct SessionHandle *data = conn->data;
1487 SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
1488 void *ssl_sessionid=NULL;
1489 X509_LOOKUP *lookup=NULL;
1490 curl_socket_t sockfd = conn->sock[sockindex];
1491 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1493 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1496 struct in6_addr addr;
1498 struct in_addr addr;
1502 unsigned char protocols[128];
1505 DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
1507 /* Make funny stuff to get random input */
1508 Curl_ossl_seed(data);
1510 data->set.ssl.certverifyresult = !X509_V_OK;
1512 /* check to see if we've been told to use an explicit SSL/TLS version */
1514 switch(data->set.ssl.version) {
1516 case CURL_SSLVERSION_DEFAULT:
1517 case CURL_SSLVERSION_TLSv1:
1518 case CURL_SSLVERSION_TLSv1_0:
1519 case CURL_SSLVERSION_TLSv1_1:
1520 case CURL_SSLVERSION_TLSv1_2:
1521 /* it will be handled later with the context options */
1522 req_method = SSLv23_client_method();
1525 case CURL_SSLVERSION_SSLv2:
1526 #ifdef OPENSSL_NO_SSL2
1527 failf(data, "OpenSSL was built without SSLv2 support");
1528 return CURLE_NOT_BUILT_IN;
1531 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1532 return CURLE_SSL_CONNECT_ERROR;
1534 req_method = SSLv2_client_method();
1538 case CURL_SSLVERSION_SSLv3:
1540 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1541 return CURLE_SSL_CONNECT_ERROR;
1543 req_method = SSLv3_client_method();
1549 SSL_CTX_free(connssl->ctx);
1550 connssl->ctx = SSL_CTX_new(req_method);
1553 failf(data, "SSL: couldn't create a context: %s",
1554 ERR_error_string(ERR_peek_error(), NULL));
1555 return CURLE_OUT_OF_MEMORY;
1558 #ifdef SSL_MODE_RELEASE_BUFFERS
1559 SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
1562 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1563 if(data->set.fdebug && data->set.verbose) {
1564 /* the SSL trace callback is only used for verbose logging so we only
1565 inform about failures of setting it */
1566 if(!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,
1567 (void (*)(void))ssl_tls_trace)) {
1568 infof(data, "SSL: couldn't set callback!\n");
1570 else if(!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0,
1572 infof(data, "SSL: couldn't set callback argument!\n");
1577 /* OpenSSL contains code to work-around lots of bugs and flaws in various
1578 SSL-implementations. SSL_CTX_set_options() is used to enabled those
1579 work-arounds. The man page for this option states that SSL_OP_ALL enables
1580 all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
1581 enable the bug workaround options if compatibility with somewhat broken
1582 implementations is desired."
1584 The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
1585 disable "rfc4507bis session ticket support". rfc4507bis was later turned
1586 into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
1588 The enabled extension concerns the session management. I wonder how often
1589 libcurl stops a connection and then resumes a TLS session. also, sending
1590 the session data is some overhead. .I suggest that you just use your
1591 proposed patch (which explicitly disables TICKET).
1593 If someone writes an application with libcurl and openssl who wants to
1594 enable the feature, one can do this in the SSL callback.
1596 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
1597 interoperability with web server Netscape Enterprise Server 2.0.1 which
1598 was released back in 1996.
1600 Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
1601 become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
1602 CVE-2010-4180 when using previous OpenSSL versions we no longer enable
1603 this option regardless of OpenSSL version and SSL_OP_ALL definition.
1605 OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
1606 (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
1607 SSL_OP_ALL that _disables_ that work-around despite the fact that
1608 SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
1609 keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
1613 ctx_options = SSL_OP_ALL;
1615 #ifdef SSL_OP_NO_TICKET
1616 ctx_options |= SSL_OP_NO_TICKET;
1619 #ifdef SSL_OP_NO_COMPRESSION
1620 ctx_options |= SSL_OP_NO_COMPRESSION;
1623 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
1624 /* mitigate CVE-2010-4180 */
1625 ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
1628 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1629 /* unless the user explicitly ask to allow the protocol vulnerability we
1630 use the work-around */
1631 if(!conn->data->set.ssl_enable_beast)
1632 ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1635 switch(data->set.ssl.version) {
1636 case CURL_SSLVERSION_DEFAULT:
1637 ctx_options |= SSL_OP_NO_SSLv2;
1639 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1640 infof(data, "Set version TLSv1.x for SRP authorisation\n");
1641 ctx_options |= SSL_OP_NO_SSLv3;
1646 case CURL_SSLVERSION_SSLv3:
1647 ctx_options |= SSL_OP_NO_SSLv2;
1648 ctx_options |= SSL_OP_NO_TLSv1;
1649 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1650 ctx_options |= SSL_OP_NO_TLSv1_1;
1651 ctx_options |= SSL_OP_NO_TLSv1_2;
1655 case CURL_SSLVERSION_TLSv1:
1656 ctx_options |= SSL_OP_NO_SSLv2;
1657 ctx_options |= SSL_OP_NO_SSLv3;
1660 case CURL_SSLVERSION_TLSv1_0:
1661 ctx_options |= SSL_OP_NO_SSLv2;
1662 ctx_options |= SSL_OP_NO_SSLv3;
1663 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1664 ctx_options |= SSL_OP_NO_TLSv1_1;
1665 ctx_options |= SSL_OP_NO_TLSv1_2;
1669 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1670 case CURL_SSLVERSION_TLSv1_1:
1671 ctx_options |= SSL_OP_NO_SSLv2;
1672 ctx_options |= SSL_OP_NO_SSLv3;
1673 ctx_options |= SSL_OP_NO_TLSv1;
1674 ctx_options |= SSL_OP_NO_TLSv1_2;
1677 case CURL_SSLVERSION_TLSv1_2:
1678 ctx_options |= SSL_OP_NO_SSLv2;
1679 ctx_options |= SSL_OP_NO_SSLv3;
1680 ctx_options |= SSL_OP_NO_TLSv1;
1681 ctx_options |= SSL_OP_NO_TLSv1_1;
1685 #ifndef OPENSSL_NO_SSL2
1686 case CURL_SSLVERSION_SSLv2:
1687 ctx_options |= SSL_OP_NO_SSLv3;
1688 ctx_options |= SSL_OP_NO_TLSv1;
1689 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1690 ctx_options |= SSL_OP_NO_TLSv1_1;
1691 ctx_options |= SSL_OP_NO_TLSv1_2;
1697 failf(data, "Unsupported SSL protocol version");
1698 return CURLE_SSL_CONNECT_ERROR;
1701 SSL_CTX_set_options(connssl->ctx, ctx_options);
1704 if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
1705 if(data->set.ssl_enable_npn) {
1706 SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb,
1711 if(data->set.ssl_enable_alpn) {
1712 protocols[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
1713 memcpy(&protocols[1], NGHTTP2_PROTO_VERSION_ID,
1714 NGHTTP2_PROTO_VERSION_ID_LEN);
1716 protocols[NGHTTP2_PROTO_VERSION_ID_LEN+1] = ALPN_HTTP_1_1_LENGTH;
1717 memcpy(&protocols[NGHTTP2_PROTO_VERSION_ID_LEN+2], ALPN_HTTP_1_1,
1718 ALPN_HTTP_1_1_LENGTH);
1720 /* expects length prefixed preference ordered list of protocols in wire
1723 SSL_CTX_set_alpn_protos(connssl->ctx, protocols,
1724 NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH + 2);
1726 infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
1733 if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
1734 if(!cert_stuff(conn,
1736 data->set.str[STRING_CERT],
1737 data->set.str[STRING_CERT_TYPE],
1738 data->set.str[STRING_KEY],
1739 data->set.str[STRING_KEY_TYPE])) {
1740 /* failf() is already done in cert_stuff() */
1741 return CURLE_SSL_CERTPROBLEM;
1745 ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
1747 ciphers = (char *)DEFAULT_CIPHER_SELECTION;
1748 if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
1749 failf(data, "failed setting cipher list: %s", ciphers);
1750 return CURLE_SSL_CIPHER;
1754 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1755 infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
1757 if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
1758 failf(data, "Unable to set SRP user name");
1759 return CURLE_BAD_FUNCTION_ARGUMENT;
1761 if(!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
1762 failf(data, "failed setting SRP password");
1763 return CURLE_BAD_FUNCTION_ARGUMENT;
1765 if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
1766 infof(data, "Setting cipher list SRP\n");
1768 if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
1769 failf(data, "failed setting SRP cipher list");
1770 return CURLE_SSL_CIPHER;
1775 if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
1776 /* tell SSL where to find CA certificates that are used to verify
1777 the servers certificate. */
1778 if(!SSL_CTX_load_verify_locations(connssl->ctx,
1779 data->set.str[STRING_SSL_CAFILE],
1780 data->set.str[STRING_SSL_CAPATH])) {
1781 if(data->set.ssl.verifypeer) {
1782 /* Fail if we insist on successfully verifying the server. */
1783 failf(data,"error setting certificate verify locations:\n"
1784 " CAfile: %s\n CApath: %s",
1785 data->set.str[STRING_SSL_CAFILE]?
1786 data->set.str[STRING_SSL_CAFILE]: "none",
1787 data->set.str[STRING_SSL_CAPATH]?
1788 data->set.str[STRING_SSL_CAPATH] : "none");
1789 return CURLE_SSL_CACERT_BADFILE;
1792 /* Just continue with a warning if no strict certificate verification
1794 infof(data, "error setting certificate verify locations,"
1795 " continuing anyway:\n");
1799 /* Everything is fine. */
1800 infof(data, "successfully set certificate verify locations:\n");
1805 data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
1807 data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
1811 if(data->set.str[STRING_SSL_CRLFILE]) {
1812 /* tell SSL where to find CRL file that is used to check certificate
1814 lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
1815 X509_LOOKUP_file());
1817 (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
1818 X509_FILETYPE_PEM)) ) {
1819 failf(data,"error loading CRL file: %s",
1820 data->set.str[STRING_SSL_CRLFILE]);
1821 return CURLE_SSL_CRL_BADFILE;
1824 /* Everything is fine. */
1825 infof(data, "successfully load CRL file:\n");
1826 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
1827 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
1830 " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
1831 data->set.str[STRING_SSL_CRLFILE]: "none");
1834 /* SSL always tries to verify the peer, this only says whether it should
1835 * fail to connect if the verification fails, or if it should continue
1836 * anyway. In the latter case the result of the verification is checked with
1837 * SSL_get_verify_result() below. */
1838 SSL_CTX_set_verify(connssl->ctx,
1839 data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
1840 cert_verify_callback);
1842 /* give application a chance to interfere with SSL set up. */
1843 if(data->set.ssl.fsslctx) {
1844 retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
1845 data->set.ssl.fsslctxp);
1847 failf(data,"error signaled by ssl ctx callback");
1852 /* Lets make an SSL structure */
1854 SSL_free(connssl->handle);
1855 connssl->handle = SSL_new(connssl->ctx);
1856 if(!connssl->handle) {
1857 failf(data, "SSL: couldn't create a context (handle)!");
1858 return CURLE_OUT_OF_MEMORY;
1860 SSL_set_connect_state(connssl->handle);
1862 connssl->server_cert = 0x0;
1864 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1865 if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
1867 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
1870 !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
1871 infof(data, "WARNING: failed to configure server name indication (SNI) "
1875 /* Check if there's a cached ID we can/should use here! */
1876 if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
1877 /* we got a session id, use it! */
1878 if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
1879 failf(data, "SSL: SSL_set_session failed: %s",
1880 ERR_error_string(ERR_get_error(),NULL));
1881 return CURLE_SSL_CONNECT_ERROR;
1883 /* Informational message */
1884 infof (data, "SSL re-using session ID\n");
1887 /* pass the raw socket into the SSL layers */
1888 if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
1889 failf(data, "SSL: SSL_set_fd failed: %s",
1890 ERR_error_string(ERR_get_error(),NULL));
1891 return CURLE_SSL_CONNECT_ERROR;
1894 connssl->connecting_state = ssl_connect_2;
1899 ossl_connect_step2(struct connectdata *conn, int sockindex)
1901 struct SessionHandle *data = conn->data;
1903 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1904 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
1905 || ssl_connect_2_reading == connssl->connecting_state
1906 || ssl_connect_2_writing == connssl->connecting_state);
1910 err = SSL_connect(connssl->handle);
1913 0 is "not successful but was shut down controlled"
1914 <0 is "handshake was not successful, because a fatal error occurred" */
1916 int detail = SSL_get_error(connssl->handle, err);
1918 if(SSL_ERROR_WANT_READ == detail) {
1919 connssl->connecting_state = ssl_connect_2_reading;
1922 else if(SSL_ERROR_WANT_WRITE == detail) {
1923 connssl->connecting_state = ssl_connect_2_writing;
1927 /* untreated error */
1928 unsigned long errdetail;
1929 char error_buffer[256]; /* OpenSSL documents that this must be at least
1932 const char *cert_problem = NULL;
1935 connssl->connecting_state = ssl_connect_2; /* the connection failed,
1936 we're not waiting for
1939 errdetail = ERR_get_error(); /* Gets the earliest error code from the
1940 thread's error queue and removes the
1947 SSL2_SET_CERTIFICATE:
1948 certificate verify failed */
1953 SSL3_GET_SERVER_CERTIFICATE:
1954 certificate verify failed */
1955 rc = CURLE_SSL_CACERT;
1957 lerr = SSL_get_verify_result(connssl->handle);
1958 if(lerr != X509_V_OK) {
1959 snprintf(error_buffer, sizeof(error_buffer),
1960 "SSL certificate problem: %s",
1961 X509_verify_cert_error_string(lerr));
1964 cert_problem = "SSL certificate problem, verify that the CA cert is"
1969 rc = CURLE_SSL_CONNECT_ERROR;
1970 SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
1974 /* detail is already set to the SSL error above */
1976 /* If we e.g. use SSLv2 request-method and the server doesn't like us
1977 * (RST connection etc.), OpenSSL gives no explanation whatsoever and
1978 * the SO_ERROR is also lost.
1980 if(CURLE_SSL_CONNECT_ERROR == rc && errdetail == 0) {
1981 failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
1982 conn->host.name, conn->remote_port);
1985 /* Could be a CERT problem */
1987 failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
1992 /* we have been connected fine, we're not waiting for anything else. */
1993 connssl->connecting_state = ssl_connect_3;
1995 /* Informational message */
1996 infof (data, "SSL connection using %s / %s\n",
1997 get_ssl_version_txt(SSL_get_session(connssl->handle)),
1998 SSL_get_cipher(connssl->handle));
2001 /* Sets data and len to negotiated protocol, len is 0 if no protocol was
2004 if(data->set.ssl_enable_alpn) {
2005 const unsigned char* neg_protocol;
2007 SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
2009 infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
2011 if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
2012 memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) {
2013 conn->negnpn = NPN_HTTP2;
2015 else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
2016 neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) {
2017 conn->negnpn = NPN_HTTP1_1;
2021 infof(data, "ALPN, server did not agree to a protocol\n");
2030 static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
2034 if((ilen = (int)len) < 0)
2035 return 1; /* buffer too big */
2037 i = i2t_ASN1_OBJECT(buf, ilen, a);
2040 return 1; /* buffer too small */
2045 static void pubkey_show(struct SessionHandle *data,
2058 buffer = malloc(left);
2061 snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
2062 for(i=0; i< len; i++) {
2063 snprintf(ptr, left, "%02x:", raw[i]);
2067 infof(data, " %s: %s\n", namebuf, buffer);
2068 Curl_ssl_push_certinfo(data, num, namebuf, buffer);
2073 #define print_pubkey_BN(_type, _name, _num) \
2075 if(pubkey->pkey._type->_name != NULL) { \
2076 int len = BN_num_bytes(pubkey->pkey._type->_name); \
2077 if(len < CERTBUFFERSIZE) { \
2078 BN_bn2bin(pubkey->pkey._type->_name, (unsigned char*)bufp); \
2080 pubkey_show(data, _num, #_type, #_name, (unsigned char*)bufp, len); \
2085 static int X509V3_ext(struct SessionHandle *data,
2087 STACK_OF(X509_EXTENSION) *exts)
2092 if(sk_X509_EXTENSION_num(exts) <= 0)
2093 /* no extensions, bail out */
2096 for(i=0; i<sk_X509_EXTENSION_num(exts); i++) {
2098 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
2103 BIO *bio_out = BIO_new(BIO_s_mem());
2108 obj = X509_EXTENSION_get_object(ext);
2110 asn1_object_dump(obj, namebuf, sizeof(namebuf));
2112 infof(data, "%s: %s\n", namebuf,
2113 X509_EXTENSION_get_critical(ext)?"(critical)":"");
2115 if(!X509V3_EXT_print(bio_out, ext, 0, 0))
2116 M_ASN1_OCTET_STRING_print(bio_out, ext->value);
2118 BIO_get_mem_ptr(bio_out, &biomem);
2120 /* biomem->length bytes at biomem->data, this little loop here is only
2121 done for the infof() call, we send the "raw" data to the certinfo
2123 for(j=0; j<(size_t)biomem->length; j++) {
2125 if(biomem->data[j] == '\n') {
2127 j++; /* skip the newline */
2129 while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
2131 if(j<(size_t)biomem->length)
2132 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
2135 infof(data, " %s\n", buf);
2137 Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
2142 return 0; /* all is fine */
2146 static void X509_signature(struct SessionHandle *data,
2153 for(i=0; i<sig->length; i++)
2154 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
2156 infof(data, " Signature: %s\n", buf);
2157 Curl_ssl_push_certinfo(data, numcert, "Signature", buf);
2160 static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
2162 BIO *bio_out = BIO_new(BIO_s_mem());
2165 /* this outputs the cert in this 64 column wide style with newlines and
2166 -----BEGIN CERTIFICATE----- texts and more */
2167 PEM_write_bio_X509(bio_out, x);
2169 BIO_get_mem_ptr(bio_out, &biomem);
2171 Curl_ssl_push_certinfo_len(data, numcert,
2172 "Cert", biomem->data, biomem->length);
2179 * This size was previously 512 which has been reported "too small" without
2180 * any specifics, so it was enlarged to allow more data to get shown uncut.
2181 * The "perfect" size is yet to figure out.
2183 #define CERTBUFFERSIZE 8192
2185 static CURLcode get_cert_chain(struct connectdata *conn,
2186 struct ssl_connect_data *connssl)
2192 struct SessionHandle *data = conn->data;
2195 bufp = malloc(CERTBUFFERSIZE);
2197 return CURLE_OUT_OF_MEMORY;
2199 sk = SSL_get_peer_cert_chain(connssl->handle);
2202 return CURLE_OUT_OF_MEMORY;
2205 numcerts = sk_X509_num(sk);
2206 if(Curl_ssl_init_certinfo(data, numcerts)) {
2208 return CURLE_OUT_OF_MEMORY;
2211 infof(data, "--- Certificate chain\n");
2212 for(i=0; i<numcerts; i++) {
2215 ASN1_TIME *certdate;
2217 /* get the certs in "importance order" */
2219 X509 *x = sk_X509_value(sk, numcerts - i - 1);
2221 X509 *x = sk_X509_value(sk, i);
2225 EVP_PKEY *pubkey=NULL;
2229 (void)x509_name_oneline(X509_get_subject_name(x), bufp, CERTBUFFERSIZE);
2230 infof(data, "%2d Subject: %s\n", i, bufp);
2231 Curl_ssl_push_certinfo(data, i, "Subject", bufp);
2233 (void)x509_name_oneline(X509_get_issuer_name(x), bufp, CERTBUFFERSIZE);
2234 infof(data, " Issuer: %s\n", bufp);
2235 Curl_ssl_push_certinfo(data, i, "Issuer", bufp);
2237 value = X509_get_version(x);
2238 infof(data, " Version: %lu (0x%lx)\n", value+1, value);
2239 snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
2240 Curl_ssl_push_certinfo(data, i, "Version", bufp); /* hex */
2242 num=X509_get_serialNumber(x);
2243 if(num->length <= 4) {
2244 value = ASN1_INTEGER_get(num);
2245 infof(data," Serial Number: %ld (0x%lx)\n", value, value);
2246 snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
2249 int left = CERTBUFFERSIZE;
2253 if(num->type == V_ASN1_NEG_INTEGER)
2256 for(j=0; (j<num->length) && (left>=4); j++) {
2257 /* TODO: length restrictions */
2258 snprintf(ptr, 3, "%02x%c",num->data[j],
2259 ((j+1 == num->length)?'\n':':'));
2264 infof(data," Serial Number: %s\n", bufp);
2269 Curl_ssl_push_certinfo(data, i, "Serial Number", bufp); /* hex */
2271 cinf = x->cert_info;
2273 j = asn1_object_dump(cinf->signature->algorithm, bufp, CERTBUFFERSIZE);
2275 infof(data, " Signature Algorithm: %s\n", bufp);
2276 Curl_ssl_push_certinfo(data, i, "Signature Algorithm", bufp);
2279 certdate = X509_get_notBefore(x);
2280 asn1_output(certdate, bufp, CERTBUFFERSIZE);
2281 infof(data, " Start date: %s\n", bufp);
2282 Curl_ssl_push_certinfo(data, i, "Start date", bufp);
2284 certdate = X509_get_notAfter(x);
2285 asn1_output(certdate, bufp, CERTBUFFERSIZE);
2286 infof(data, " Expire date: %s\n", bufp);
2287 Curl_ssl_push_certinfo(data, i, "Expire date", bufp);
2289 j = asn1_object_dump(cinf->key->algor->algorithm, bufp, CERTBUFFERSIZE);
2291 infof(data, " Public Key Algorithm: %s\n", bufp);
2292 Curl_ssl_push_certinfo(data, i, "Public Key Algorithm", bufp);
2295 pubkey = X509_get_pubkey(x);
2297 infof(data, " Unable to load public key\n");
2299 switch(pubkey->type) {
2301 infof(data, " RSA Public Key (%d bits)\n",
2302 BN_num_bits(pubkey->pkey.rsa->n));
2303 snprintf(bufp, CERTBUFFERSIZE, "%d", BN_num_bits(pubkey->pkey.rsa->n));
2304 Curl_ssl_push_certinfo(data, i, "RSA Public Key", bufp);
2306 print_pubkey_BN(rsa, n, i);
2307 print_pubkey_BN(rsa, e, i);
2308 print_pubkey_BN(rsa, d, i);
2309 print_pubkey_BN(rsa, p, i);
2310 print_pubkey_BN(rsa, q, i);
2311 print_pubkey_BN(rsa, dmp1, i);
2312 print_pubkey_BN(rsa, dmq1, i);
2313 print_pubkey_BN(rsa, iqmp, i);
2316 print_pubkey_BN(dsa, p, i);
2317 print_pubkey_BN(dsa, q, i);
2318 print_pubkey_BN(dsa, g, i);
2319 print_pubkey_BN(dsa, priv_key, i);
2320 print_pubkey_BN(dsa, pub_key, i);
2323 print_pubkey_BN(dh, p, i);
2324 print_pubkey_BN(dh, g, i);
2325 print_pubkey_BN(dh, priv_key, i);
2326 print_pubkey_BN(dh, pub_key, i);
2329 case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
2334 EVP_PKEY_free(pubkey);
2337 X509V3_ext(data, i, cinf->extensions);
2339 X509_signature(data, i, x->signature);
2341 dumpcert(data, x, i);
2350 * Get the server cert, verify it and show it etc, only call failf() if the
2351 * 'strict' argument is TRUE as otherwise all this is for informational
2354 * We check certificates to authenticate the server; otherwise we risk
2355 * man-in-the-middle attack.
2357 static CURLcode servercert(struct connectdata *conn,
2358 struct ssl_connect_data *connssl,
2361 CURLcode retcode = CURLE_OK;
2364 ASN1_TIME *certdate;
2365 struct SessionHandle *data = conn->data;
2368 char *buffer = data->state.buffer;
2370 if(data->set.ssl.certinfo)
2371 /* we've been asked to gather certificate info! */
2372 (void)get_cert_chain(conn, connssl);
2374 connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
2375 if(!connssl->server_cert) {
2377 failf(data, "SSL: couldn't get peer certificate!");
2378 return CURLE_PEER_FAILED_VERIFICATION;
2380 infof (data, "Server certificate:\n");
2382 rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
2384 infof(data, "\t subject: %s\n", rc?"[NONE]":buffer);
2386 certdate = X509_get_notBefore(connssl->server_cert);
2387 asn1_output(certdate, buffer, BUFSIZE);
2388 infof(data, "\t start date: %s\n", buffer);
2390 certdate = X509_get_notAfter(connssl->server_cert);
2391 asn1_output(certdate, buffer, BUFSIZE);
2392 infof(data, "\t expire date: %s\n", buffer);
2394 if(data->set.ssl.verifyhost) {
2395 retcode = verifyhost(conn, connssl->server_cert);
2397 X509_free(connssl->server_cert);
2398 connssl->server_cert = NULL;
2403 rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
2407 failf(data, "SSL: couldn't get X509-issuer name!");
2408 retcode = CURLE_SSL_CONNECT_ERROR;
2411 infof(data, "\t issuer: %s\n", buffer);
2413 /* We could do all sorts of certificate verification stuff here before
2414 deallocating the certificate. */
2416 /* e.g. match issuer name with provided issuer certificate */
2417 if(data->set.str[STRING_SSL_ISSUERCERT]) {
2418 fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
2421 failf(data, "SSL: Unable to open issuer cert (%s)",
2422 data->set.str[STRING_SSL_ISSUERCERT]);
2423 X509_free(connssl->server_cert);
2424 connssl->server_cert = NULL;
2425 return CURLE_SSL_ISSUER_ERROR;
2427 issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
2430 failf(data, "SSL: Unable to read issuer cert (%s)",
2431 data->set.str[STRING_SSL_ISSUERCERT]);
2432 X509_free(connssl->server_cert);
2435 return CURLE_SSL_ISSUER_ERROR;
2438 if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
2440 failf(data, "SSL: Certificate issuer check failed (%s)",
2441 data->set.str[STRING_SSL_ISSUERCERT]);
2442 X509_free(connssl->server_cert);
2444 connssl->server_cert = NULL;
2445 return CURLE_SSL_ISSUER_ERROR;
2447 infof(data, "\t SSL certificate issuer check ok (%s)\n",
2448 data->set.str[STRING_SSL_ISSUERCERT]);
2452 lerr = data->set.ssl.certverifyresult=
2453 SSL_get_verify_result(connssl->handle);
2454 if(data->set.ssl.certverifyresult != X509_V_OK) {
2455 if(data->set.ssl.verifypeer) {
2456 /* We probably never reach this, because SSL_connect() will fail
2457 and we return earlier if verifypeer is set? */
2459 failf(data, "SSL certificate verify result: %s (%ld)",
2460 X509_verify_cert_error_string(lerr), lerr);
2461 retcode = CURLE_PEER_FAILED_VERIFICATION;
2464 infof(data, "\t SSL certificate verify result: %s (%ld),"
2465 " continuing anyway.\n",
2466 X509_verify_cert_error_string(lerr), lerr);
2469 infof(data, "\t SSL certificate verify ok.\n");
2472 X509_free(connssl->server_cert);
2473 connssl->server_cert = NULL;
2474 connssl->connecting_state = ssl_connect_done;
2481 ossl_connect_step3(struct connectdata *conn,
2484 CURLcode retcode = CURLE_OK;
2485 void *old_ssl_sessionid=NULL;
2486 struct SessionHandle *data = conn->data;
2487 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2489 SSL_SESSION *our_ssl_sessionid;
2491 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
2493 #ifdef HAVE_SSL_GET1_SESSION
2494 our_ssl_sessionid = SSL_get1_session(connssl->handle);
2496 /* SSL_get1_session() will increment the reference
2497 count and the session will stay in memory until explicitly freed with
2498 SSL_SESSION_free(3), regardless of its state.
2499 This function was introduced in openssl 0.9.5a. */
2501 our_ssl_sessionid = SSL_get_session(connssl->handle);
2503 /* if SSL_get1_session() is unavailable, use SSL_get_session().
2504 This is an inferior option because the session can be flushed
2505 at any time by openssl. It is included only so curl compiles
2506 under versions of openssl < 0.9.5a.
2508 WARNING: How curl behaves if it's session is flushed is
2513 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
2515 if(old_ssl_sessionid != our_ssl_sessionid) {
2516 infof(data, "old SSL session ID is stale, removing\n");
2517 Curl_ssl_delsessionid(conn, old_ssl_sessionid);
2522 retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
2523 0 /* unknown size */);
2525 failf(data, "failed to store ssl session");
2529 #ifdef HAVE_SSL_GET1_SESSION
2531 /* Session was incache, so refcount already incremented earlier.
2532 * Avoid further increments with each SSL_get1_session() call.
2533 * This does not free the session as refcount remains > 0
2535 SSL_SESSION_free(our_ssl_sessionid);
2540 * We check certificates to authenticate the server; otherwise we risk
2541 * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
2542 * verify the peer ignore faults and failures from the server cert
2546 if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
2547 (void)servercert(conn, connssl, FALSE);
2549 retcode = servercert(conn, connssl, TRUE);
2551 if(CURLE_OK == retcode)
2552 connssl->connecting_state = ssl_connect_done;
2556 static Curl_recv ossl_recv;
2557 static Curl_send ossl_send;
2560 ossl_connect_common(struct connectdata *conn,
2566 struct SessionHandle *data = conn->data;
2567 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2568 curl_socket_t sockfd = conn->sock[sockindex];
2572 /* check if the connection has already been established */
2573 if(ssl_connection_complete == connssl->state) {
2578 if(ssl_connect_1==connssl->connecting_state) {
2579 /* Find out how much more time we're allowed */
2580 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2582 if(timeout_ms < 0) {
2583 /* no need to continue if time already is up */
2584 failf(data, "SSL connection timeout");
2585 return CURLE_OPERATION_TIMEDOUT;
2587 retcode = ossl_connect_step1(conn, sockindex);
2592 while(ssl_connect_2 == connssl->connecting_state ||
2593 ssl_connect_2_reading == connssl->connecting_state ||
2594 ssl_connect_2_writing == connssl->connecting_state) {
2596 /* check allowed time left */
2597 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2599 if(timeout_ms < 0) {
2600 /* no need to continue if time already is up */
2601 failf(data, "SSL connection timeout");
2602 return CURLE_OPERATION_TIMEDOUT;
2605 /* if ssl is expecting something, check if it's available. */
2606 if(connssl->connecting_state == ssl_connect_2_reading
2607 || connssl->connecting_state == ssl_connect_2_writing) {
2609 curl_socket_t writefd = ssl_connect_2_writing==
2610 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2611 curl_socket_t readfd = ssl_connect_2_reading==
2612 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2614 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
2617 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2618 return CURLE_SSL_CONNECT_ERROR;
2620 else if(0 == what) {
2627 failf(data, "SSL connection timeout");
2628 return CURLE_OPERATION_TIMEDOUT;
2631 /* socket is readable or writable */
2634 /* Run transaction, and return to the caller if it failed or if this
2635 * connection is done nonblocking and this loop would execute again. This
2636 * permits the owner of a multi handle to abort a connection attempt
2637 * before step2 has completed while ensuring that a client using select()
2638 * or epoll() will always have a valid fdset to wait on.
2640 retcode = ossl_connect_step2(conn, sockindex);
2641 if(retcode || (nonblocking &&
2642 (ssl_connect_2 == connssl->connecting_state ||
2643 ssl_connect_2_reading == connssl->connecting_state ||
2644 ssl_connect_2_writing == connssl->connecting_state)))
2647 } /* repeat step2 until all transactions are done. */
2650 if(ssl_connect_3==connssl->connecting_state) {
2651 retcode = ossl_connect_step3(conn, sockindex);
2656 if(ssl_connect_done==connssl->connecting_state) {
2657 connssl->state = ssl_connection_complete;
2658 conn->recv[sockindex] = ossl_recv;
2659 conn->send[sockindex] = ossl_send;
2665 /* Reset our connect state machine */
2666 connssl->connecting_state = ssl_connect_1;
2672 Curl_ossl_connect_nonblocking(struct connectdata *conn,
2676 return ossl_connect_common(conn, sockindex, TRUE, done);
2680 Curl_ossl_connect(struct connectdata *conn,
2686 retcode = ossl_connect_common(conn, sockindex, FALSE, &done);
2695 bool Curl_ossl_data_pending(const struct connectdata *conn,
2698 if(conn->ssl[connindex].handle)
2700 return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
2705 static ssize_t ossl_send(struct connectdata *conn,
2711 /* SSL_write() is said to return 'int' while write() and send() returns
2714 char error_buffer[120]; /* OpenSSL documents that this must be at least 120
2716 unsigned long sslerror;
2722 memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
2723 rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
2726 err = SSL_get_error(conn->ssl[sockindex].handle, rc);
2729 case SSL_ERROR_WANT_READ:
2730 case SSL_ERROR_WANT_WRITE:
2731 /* The operation did not complete; the same TLS/SSL I/O function
2732 should be called again later. This is basically an EWOULDBLOCK
2734 *curlcode = CURLE_AGAIN;
2736 case SSL_ERROR_SYSCALL:
2737 failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
2739 *curlcode = CURLE_SEND_ERROR;
2742 /* A failure in the SSL library occurred, usually a protocol error.
2743 The OpenSSL error queue contains more information on the error. */
2744 sslerror = ERR_get_error();
2745 failf(conn->data, "SSL_write() error: %s",
2746 ERR_error_string(sslerror, error_buffer));
2747 *curlcode = CURLE_SEND_ERROR;
2751 failf(conn->data, "SSL_write() return error %d", err);
2752 *curlcode = CURLE_SEND_ERROR;
2755 return (ssize_t)rc; /* number of bytes */
2758 static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
2759 int num, /* socketindex */
2760 char *buf, /* store read data here */
2761 size_t buffersize, /* max amount to read */
2764 char error_buffer[120]; /* OpenSSL documents that this must be at
2765 least 120 bytes long. */
2766 unsigned long sslerror;
2772 buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
2773 nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
2775 /* failed SSL_read */
2776 int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
2779 case SSL_ERROR_NONE: /* this is not an error */
2780 case SSL_ERROR_ZERO_RETURN: /* no more data */
2782 case SSL_ERROR_WANT_READ:
2783 case SSL_ERROR_WANT_WRITE:
2784 /* there's data pending, re-invoke SSL_read() */
2785 *curlcode = CURLE_AGAIN;
2788 /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
2790 /* http://www.openssl.org/docs/crypto/ERR_get_error.html */
2791 sslerror = ERR_get_error();
2792 if((nread < 0) || sslerror) {
2793 /* If the return code was negative or there actually is an error in the
2795 failf(conn->data, "SSL read: %s, errno %d",
2796 ERR_error_string(sslerror, error_buffer),
2798 *curlcode = CURLE_RECV_ERROR;
2806 size_t Curl_ossl_version(char *buffer, size_t size)
2808 #ifdef YASSL_VERSION
2809 /* yassl provides an OpenSSL API compatibility layer so it looks identical
2810 to OpenSSL in all other aspects */
2811 return snprintf(buffer, size, "yassl/%s", YASSL_VERSION);
2812 #else /* YASSL_VERSION */
2814 #if(SSLEAY_VERSION_NUMBER >= 0x905000)
2817 unsigned long ssleay_value;
2819 ssleay_value=SSLeay();
2820 if(ssleay_value < 0x906000) {
2821 ssleay_value=SSLEAY_VERSION_NUMBER;
2825 if(ssleay_value&0xff0) {
2826 sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
2832 return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx%s",
2833 (ssleay_value>>28)&0xf,
2834 (ssleay_value>>20)&0xff,
2835 (ssleay_value>>12)&0xff,
2839 #else /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
2841 #if(SSLEAY_VERSION_NUMBER >= 0x900000)
2842 return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx",
2843 (SSLEAY_VERSION_NUMBER>>28)&0xff,
2844 (SSLEAY_VERSION_NUMBER>>20)&0xff,
2845 (SSLEAY_VERSION_NUMBER>>12)&0xf);
2847 #else /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
2851 if(SSLEAY_VERSION_NUMBER&0x0f) {
2852 sub[0]=(SSLEAY_VERSION_NUMBER&0x0f) + 'a' -1;
2857 return snprintf(buffer, size, "SSL/%x.%x.%x%s",
2858 (SSLEAY_VERSION_NUMBER>>12)&0xff,
2859 (SSLEAY_VERSION_NUMBER>>8)&0xf,
2860 (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
2862 #endif /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
2863 #endif /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
2865 #endif /* YASSL_VERSION */
2868 void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
2871 Curl_ossl_seed(data); /* Initiate the seed if not already done */
2872 RAND_bytes(entropy, curlx_uztosi(length));
2875 void Curl_ossl_md5sum(unsigned char *tmp, /* input */
2877 unsigned char *md5sum /* output */,
2883 MD5_Update(&MD5pw, tmp, tmplen);
2884 MD5_Final(md5sum, &MD5pw);
2886 #endif /* USE_SSLEAY */