wine/dlls/wininet http.c internet.h netconnect ...

Mon Nov 28 05:07:25 CST 2005

ChangeSet ID:	21496
CVSROOT:	/opt/cvs-commit
Module name:	wine
Changes by:	julliard at winehq.org	2005/11/28 05:07:24

Modified files:
	dlls/wininet   : http.c internet.h netconnection.c 

Log message:
	Robert Shearman <rob at codeweavers.com>
	Move the initiation of the SSL connection into a separate function.

Patch: http://cvs.winehq.org/patch.py?id=21496

Old revision  New revision  Changes     Path
 1.121         1.122         +9 -0       wine/dlls/wininet/http.c
 1.44          1.45          +1 -0       wine/dlls/wininet/internet.h
 1.15          1.16          +38 -25     wine/dlls/wininet/netconnection.c

Index: wine/dlls/wininet/http.c
diff -u -p wine/dlls/wininet/http.c:1.121 wine/dlls/wininet/http.c:1.122

--- wine/dlls/wininet/http.c:1.121	28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/http.c	28 Nov 2005 11: 7:24 -0000
@@ -2186,6 +2186,15 @@ static BOOL HTTP_OpenConnection(LPWININE
        goto lend;
     }
 
+    if (lpwhr->hdr.dwFlags & INTERNET_FLAG_SECURE)
+    {
+        if (!NETCON_secure_connect(&lpwhr->netConnection, lpwhs->lpszHostName))
+        {
+            WARN("Couldn't connect securely to host\n");
+            goto lend;
+        }
+    }
+
     SendAsyncCallback(&lpwhr->hdr, lpwhr->hdr.dwContext,
                       INTERNET_STATUS_CONNECTED_TO_SERVER,
                       &(lpwhs->socketAddress),
Index: wine/dlls/wininet/internet.h
diff -u -p wine/dlls/wininet/internet.h:1.44 wine/dlls/wininet/internet.h:1.45
--- wine/dlls/wininet/internet.h:1.44	28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/internet.h	28 Nov 2005 11: 7:24 -0000
@@ -468,6 +468,7 @@ BOOL NETCON_create(WININET_NETCONNECTION
 BOOL NETCON_close(WININET_NETCONNECTION *connection);
 BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
 		    unsigned int addrlen);
+BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname);
 BOOL NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags,
 		int *sent /* out */);
 BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags,
Index: wine/dlls/wininet/netconnection.c
diff -u -p wine/dlls/wininet/netconnection.c:1.15 wine/dlls/wininet/netconnection.c:1.16
--- wine/dlls/wininet/netconnection.c:1.15	28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/netconnection.c	28 Nov 2005 11: 7:24 -0000
@@ -96,9 +96,9 @@ MAKE_FUNCPTR(BIO_new_fp);
 
 void NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
 {
-    connection->useSSL = useSSL;
+    connection->useSSL = FALSE;
     connection->socketFD = -1;
-    if (connection->useSSL)
+    if (useSSL)
     {
 #ifdef HAVE_OPENSSL_SSL_H
         TRACE("using SSL connection\n");
@@ -161,7 +161,6 @@ void NETCON_init(WININET_NETCONNECTION *
 	pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
 
 	meth = pSSLv23_method();
-	/* FIXME: SECURITY PROBLEM! WE ARN'T VERIFYING THE HOSTS CERTIFICATES OR ANYTHING */
         connection->peek_msg = NULL;
         connection->peek_msg_mem = NULL;
 #else
@@ -181,8 +180,7 @@ BOOL NETCON_connected(WININET_NETCONNECT
 
 /******************************************************************************
  * NETCON_create
- * Basically calls 'socket()' unless useSSL is supplised,
- *  in which case we do other things.
+ * Basically calls 'socket()'
  */
 BOOL NETCON_create(WININET_NETCONNECTION *connection, int domain,
 	      int type, int protocol)
@@ -218,7 +216,8 @@ BOOL NETCON_close(WININET_NETCONNECTION 
         connection->peek_msg = NULL;
         connection->peek_msg_mem = NULL;
         /* FIXME should we call SSL_shutdown here?? Probably on whatever is the
-         * opposite of NETCON_init.... */
+         * opposite of NETCON_secure_connect.... */
+        connection->useSSL = FALSE;
     }
 #endif
 
@@ -228,8 +227,40 @@ BOOL NETCON_close(WININET_NETCONNECTION 
 }
 
 /******************************************************************************
+ * NETCON_secure_connect
+ * Initiates a secure connection over an existing plaintext connection.
+ */
+BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname)
+{
+#ifdef HAVE_OPENSSL_SSL_H
+    BIO *sbio;
+
+    /* nothing to do if we are already connected */
+    if (connection->useSSL)
+        return FALSE;
+
+    ctx = pSSL_CTX_new(meth);
+    connection->ssl_s = pSSL_new(ctx);
+
+    sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE);
+    pSSL_set_bio(connection->ssl_s, sbio, sbio);
+    if (pSSL_connect(connection->ssl_s) <= 0)
+    {
+        ERR("ssl couldn't connect\n");
+        return FALSE;
+    }
+    /* FIXME: verify the security of the connection and that the
+     * hostname of the certificate matches */
+    connection->useSSL = TRUE;
+    return TRUE;
+#else
+    return FALSE;
+#endif
+}
+
+/******************************************************************************
  * NETCON_connect
- * Basically calls 'connect()' unless we should use SSL
+ * Connects to the specified address.
  */
 BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
 		    unsigned int addrlen)
@@ -246,24 +277,6 @@ BOOL NETCON_connect(WININET_NETCONNECTIO
         return FALSE;
     }
 
-#ifdef HAVE_OPENSSL_SSL_H
-    if (connection->useSSL)
-    {
-        BIO *sbio;
-
-        ctx = pSSL_CTX_new(meth);
-	connection->ssl_s = pSSL_new(ctx);
-
-	sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE);
-        pSSL_set_bio(connection->ssl_s, sbio, sbio);
-	if (pSSL_connect(connection->ssl_s) <= 0)
-	{
-            ERR("ssl couldn't connect\n");
-	    return FALSE;
-	}
-    }
-#endif
-
     return TRUE;
 }
 

