* src/live-f1.h (CurrentState): Add new auth_host member.

(DEFAULT_AUTH_HOST): Define the name of the default auth_host.
* src/main.c (main): Initialise the auth_host member, if neon
supports SSL use it instead of the ordinary host.
* src/cfgfile.c (read_config): Parse the auth-host directive.
* src/http.c (obtain_auth_cookie): Add new ssl argument and use
https and port 443 if TRUE.  Display an error if we failed to
obtain a cookie from the server.
(check_auth_cert): Check the identity and fingerprint of the SSL
certificate; not really secure, but it'll do for now.
* src/http.h: Update.
* TODO: Update.

ChangeLog

@@ -1,3 +1,18 @@
+2006-03-16  Scott James Remnant  <scott@netsplit.com>
+
+	* src/live-f1.h (CurrentState): Add new auth_host member.
+	(DEFAULT_AUTH_HOST): Define the name of the default auth_host.
+	* src/main.c (main): Initialise the auth_host member, if neon
+	supports SSL use it instead of the ordinary host.
+	* src/cfgfile.c (read_config): Parse the auth-host directive.
+	* src/http.c (obtain_auth_cookie): Add new ssl argument and use
+	https and port 443 if TRUE.  Display an error if we failed to
+	obtain a cookie from the server.
+	(check_auth_cert): Check the identity and fingerprint of the SSL
+	certificate; not really secure, but it'll do for now.
+	* src/http.h: Update.
+	* TODO: Update.
+
 2006-03-11  Scott James Remnant  <scott@netsplit.com>
 
 	* src/live-f1.h (EventType): Qualifying has changed to event

TODO

@@ -1,9 +1,5 @@
 High Priority:
 
- * Looks like the web site is changing logins to https://secure.formula1.com/
-   we'll need to follow suit to be "compatible", though for now the old http
-   location still works.
-
  * Identify a way of noticing when we haven't got the right decryption
    and bailing out -- instead of displaying junk.
 

src/cfgfile.c

@@ -100,6 +100,9 @@ read_config (CurrentState *state,
 		} else if (! strcmp (line, "host")) {
 			free (state->host);
 			state->host = strdup (ptr);
+		} else if (! strcmp (line, "auth-host")) {
+			free (state->auth_host);
+			state->auto_host = strdup (ptr);
 		} else {
 			fprintf (stderr, "%s:%s:%d: %s: %s\n", program_name,
 				 filename, lineno, line,

src/http.c

@@ -2,7 +2,7 @@
  *
  * http.c - handle web-site authentication and keyframe grabbing
  *
- * Copyright © 2005 Scott James Remnant <scott@netsplit.com>.
+ * Copyright © 2006 Scott James Remnant <scott@netsplit.com>.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -40,10 +40,16 @@
 #define KEY_URL_BASE        "/reg/getkey/"
 #define KEYFRAME_URL_PREFIX "/keyframe"
 
+/* Parts of the certificate we check */
+#define CERT_IDENTITY	    "secure.formula1.com"
+#define CERT_DIGEST         "8b:69:10:49:d4:ee:de:4a:14:3d:5b:76:5b:72:6b:a5:cd:8a:36:16"
+
 
 /* Forward prototypes */
-static void  parse_cookie_hdr (char **value, const char  *header);
-static void  parse_key_body   (unsigned int *key, const char *buf, size_t len);
+static int  check_auth_cert  (void *userdata, int failures,
+			      const ne_ssl_certificate *cert);
+static void parse_cookie_hdr (char **value, const char  *header);
+static void parse_key_body   (unsigned int *key, const char *buf, size_t len);
 
 
 /**
@@ -67,6 +73,7 @@ numlen (unsigned int number)
 /**
  * obtain_auth_cookie:
  * @host: host to obtain cookie from,
+ * @ssl: whether to use https,
  * @email: e-mail address registered with the F1 website,
  * @password: paassword registered for @email.
  *
@@ -80,6 +87,7 @@ numlen (unsigned int number)
  **/
 char *
 obtain_auth_cookie (const char *host,
+		    int         ssl,
 		    const char *email,
 		    const char *password)
 {
@@ -97,7 +105,13 @@ obtain_auth_cookie (const char *host,
 	free (e_password);
 	free (e_email);
 
-	sess = ne_session_create ("http", host, 80);
+	if (ssl) {
+		sess = ne_session_create ("https", host, 443);
+		ne_ssl_set_verify (sess, (ne_ssl_verify_fn) check_auth_cert,
+				   NULL);
+	} else {
+		sess = ne_session_create ("http", host, 80);
+	}
 	ne_set_useragent (sess, PACKAGE_STRING);
 
 	/* Create the request */
@@ -119,6 +133,10 @@ obtain_auth_cookie (const char *host,
 		fprintf (stderr, "%s: %s: %s\n", program_name,
 			 _("login request failed"),
 			 ne_get_status (req)->reason_phrase);
+	} else if (! cookie) {
+		fprintf (stderr, "%s: %s\n", program_name,
+			 _("no authorisation cookie obtained, check credentials"));
+
 	}
 
 	ne_request_destroy (req);
@@ -127,6 +145,32 @@ obtain_auth_cookie (const char *host,
 	return cookie;
 }
 
+/**
+ * check_auth_cert:
+ * @userdata: always NULL,
+ * @failures: reasons for verification failure,
+ * @cert: certificate received.
+ *
+ * Check the particulars of the SSL certificate to make sure the identity
+ * and fingerprint match what we expected.
+ **/
+static int check_auth_cert  (void                     *userdata,
+			     int                       failures,
+			     const ne_ssl_certificate *cert)
+{
+	char digest[NE_SSL_DIGESTLEN];
+
+	if (strcmp (ne_ssl_cert_identity (cert), CERT_IDENTITY))
+		return 1;
+
+	if (ne_ssl_cert_digest (cert, digest))
+		return 1;
+	if (strcmp (digest, CERT_DIGEST))
+		return 1;
+
+	return 0;
+}
+
 /**
  * parse_cookie_hdr:
  * @value: pointer to store allocated string,

src/http.h

@@ -1,6 +1,6 @@
 /* live-f1
  *
- * Copyright © 2005 Scott James Remnant <scott@netsplit.com>.
+ * Copyright © 2006 Scott James Remnant <scott@netsplit.com>.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,8 +25,8 @@
 
 SJR_BEGIN_EXTERN
 
-char *       obtain_auth_cookie    (const char *host, const char *email,
-				    const char *password);
+char *       obtain_auth_cookie    (const char *host, int ssl,
+				    const char *email, const char *password);
 unsigned int obtain_decryption_key (const char *host, unsigned int event_no,
 				    const char *cookie);
 int          obtain_key_frame      (const char *host, unsigned int frame,

src/live-f1.h

@@ -26,8 +26,9 @@
 #include "macros.h"
 
 
-/* Default hostname to contact */
-#define DEFAULT_HOST "live-timing.formula1.com"
+/* Default hostnames to contact */
+#define DEFAULT_HOST      "live-timing.formula1.com"
+#define DEFAULT_AUTH_HOST "secure.formula1.com"
 
 /* Make gettext a little friendlier */
 #define _(_str) gettext (_str)
@@ -78,6 +79,7 @@ typedef struct {
 /**
  * CurrentState:
  * @host: hostname to contact,
+ * @auth_host: authorisation host to contact,
  * @email: user's e-mail address,
  * @password: user's password,
  * @cookie: user's authorisation cookie,
@@ -99,7 +101,7 @@ typedef struct {
  * a lot of variables or keep them globally.
  **/
 typedef struct {
-	char          *host;
+	char          *host, *auth_host;
 	char          *email, *password, *cookie;
 	unsigned int   key, salt;
 	unsigned int   frame;

src/main.c

@@ -38,6 +38,7 @@
 #include <errno.h>
 
 #include <ne_socket.h>
+#include <ne_utils.h>
 
 #include "live-f1.h"
 #include "cfgfile.h"
@@ -121,6 +122,7 @@ main (int   argc,
 	state = malloc (sizeof (CurrentState));
 	memset (state, 0, sizeof (CurrentState));
 	state->host = NULL;
+	state->auth_host = NULL;
 	state->email = NULL;
 	state->password = NULL;
 	state->cookie = NULL;
@@ -140,12 +142,19 @@ main (int   argc,
 
 	if (! state->host)
 		state->host = DEFAULT_HOST;
+	if (! state->auth_host)
+		state->auth_host = DEFAULT_AUTH_HOST;
 
 	free (config_file);
 
 
-	state->cookie = obtain_auth_cookie (state->host, state->email,
-					    state->password);
+	if (ne_supports_ssl ()) {
+		state->cookie = obtain_auth_cookie (state->auth_host, TRUE,
+						    state->email, state->password);
+	} else {
+		state->cookie = obtain_auth_cookie (state->host, FALSE,
+						    state->email, state->password);
+	}
 	if (! state->cookie)
 		return 2;