Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

schannel: add CURLOPT_CERTINFO support #822

Closed
wants to merge 4 commits into from
Closed
Changes from 1 commit
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

Next

schannel: add CURLOPT_CERTINFO support

  • Loading branch information...
ajax16384 committed May 20, 2016
commit 638415b6ce43b2ad3313633249c7d1434a04d5c1
@@ -56,6 +56,7 @@
#include "inet_pton.h" /* for IP addr SNI check */
#include "curl_multibyte.h"
#include "warnless.h"
#include "x509asn1.h"
#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -600,8 +601,9 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct curl_schannel_cred *old_cred = NULL;
#ifdef HAS_ALPN
SECURITY_STATUS sspi_status = SEC_E_OK;
CERT_CONTEXT *ccert_context = NULL;
#ifdef HAS_ALPN
SecPkgContext_ApplicationProtocol alpn_result;
#endif
bool incache;
@@ -694,6 +696,30 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
}
}

if(data->set.ssl.certinfo) {
sspi_status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context);

if((sspi_status != SEC_E_OK) || (ccert_context == NULL)) {
failf(data, "schannel: failed to retrieve remote cert context");
return CURLE_SSL_CONNECT_ERROR;
}

result = Curl_ssl_init_certinfo(data, 1);
if(!result) {
if(((ccert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) &&
(ccert_context->cbCertEncoded > 0)) {

This comment has been minimized.

Copy link
@mback2k

mback2k May 27, 2016

Member

Please fix the indentation by adding one additional space in front of this line.

This comment has been minimized.

Copy link
@ajax16384

ajax16384 May 27, 2016

Author Contributor

ok


const char *beg = (const char *) ccert_context->pbCertEncoded;
const char *end = beg + ccert_context->cbCertEncoded;
result = Curl_extract_certinfo(conn, 0, beg, end);
}
}
CertFreeCertificateContext(ccert_context);
if(result)
return result;
}

connssl->connecting_state = ssl_connect_done;

return CURLE_OK;
@@ -97,6 +97,9 @@ int Curl_schannel_random(unsigned char *entropy, size_t length);
/* Set the API backend definition to Schannel */
#define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL

/* this backend supports CURLOPT_CERTINFO */
#define have_curlssl_certinfo 1

/* API setup for Schannel */
#define curlssl_init Curl_schannel_init
#define curlssl_cleanup Curl_schannel_cleanup
@@ -23,7 +23,7 @@
#include "curl_setup.h"

#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \
defined(USE_CYASSL)
defined(USE_CYASSL) || defined(USE_SCHANNEL)

#include <curl/curl.h>
#include "urldata.h"
@@ -1025,7 +1025,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
return CURLE_OK;
}

#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL */
#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */

#if defined(USE_GSKIT)

@@ -26,7 +26,7 @@
#include "curl_setup.h"

#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \
defined(USE_CYASSL)
defined(USE_CYASSL) || defined(USE_SCHANNEL)

#include "urldata.h"

@@ -128,5 +128,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
CURLcode Curl_verifyhost(struct connectdata * conn,
const char * beg, const char * end);

#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL */
#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */
#endif /* HEADER_CURL_X509ASN1_H */
@@ -232,6 +232,7 @@ USE_WINSSL = true
!ERROR cannot build with WinSSL without SSPI
!ENDIF
SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_SCHANNEL
WIN_LIBS = $(WIN_LIBS) Crypt32.lib
!ENDIF


ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.