wine/dlls/wininet http.c internet.h netconnect ...
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Nov 28 05:07:25 CST 2005
ChangeSet ID: 21496
CVSROOT: /opt/cvs-commit
Module name: wine
Changes by: julliard at winehq.org 2005/11/28 05:07:24
Modified files:
dlls/wininet : http.c internet.h netconnection.c
Log message:
Robert Shearman <rob at codeweavers.com>
Move the initiation of the SSL connection into a separate function.
Patch: http://cvs.winehq.org/patch.py?id=21496
Old revision New revision Changes Path
1.121 1.122 +9 -0 wine/dlls/wininet/http.c
1.44 1.45 +1 -0 wine/dlls/wininet/internet.h
1.15 1.16 +38 -25 wine/dlls/wininet/netconnection.c
Index: wine/dlls/wininet/http.c
diff -u -p wine/dlls/wininet/http.c:1.121 wine/dlls/wininet/http.c:1.122
--- wine/dlls/wininet/http.c:1.121 28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/http.c 28 Nov 2005 11: 7:24 -0000
@@ -2186,6 +2186,15 @@ static BOOL HTTP_OpenConnection(LPWININE
goto lend;
}
+ if (lpwhr->hdr.dwFlags & INTERNET_FLAG_SECURE)
+ {
+ if (!NETCON_secure_connect(&lpwhr->netConnection, lpwhs->lpszHostName))
+ {
+ WARN("Couldn't connect securely to host\n");
+ goto lend;
+ }
+ }
+
SendAsyncCallback(&lpwhr->hdr, lpwhr->hdr.dwContext,
INTERNET_STATUS_CONNECTED_TO_SERVER,
&(lpwhs->socketAddress),
Index: wine/dlls/wininet/internet.h
diff -u -p wine/dlls/wininet/internet.h:1.44 wine/dlls/wininet/internet.h:1.45
--- wine/dlls/wininet/internet.h:1.44 28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/internet.h 28 Nov 2005 11: 7:24 -0000
@@ -468,6 +468,7 @@ BOOL NETCON_create(WININET_NETCONNECTION
BOOL NETCON_close(WININET_NETCONNECTION *connection);
BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
unsigned int addrlen);
+BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname);
BOOL NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags,
int *sent /* out */);
BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags,
Index: wine/dlls/wininet/netconnection.c
diff -u -p wine/dlls/wininet/netconnection.c:1.15 wine/dlls/wininet/netconnection.c:1.16
--- wine/dlls/wininet/netconnection.c:1.15 28 Nov 2005 11: 7:24 -0000
+++ wine/dlls/wininet/netconnection.c 28 Nov 2005 11: 7:24 -0000
@@ -96,9 +96,9 @@ MAKE_FUNCPTR(BIO_new_fp);
void NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
{
- connection->useSSL = useSSL;
+ connection->useSSL = FALSE;
connection->socketFD = -1;
- if (connection->useSSL)
+ if (useSSL)
{
#ifdef HAVE_OPENSSL_SSL_H
TRACE("using SSL connection\n");
@@ -161,7 +161,6 @@ void NETCON_init(WININET_NETCONNECTION *
pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
meth = pSSLv23_method();
- /* FIXME: SECURITY PROBLEM! WE ARN'T VERIFYING THE HOSTS CERTIFICATES OR ANYTHING */
connection->peek_msg = NULL;
connection->peek_msg_mem = NULL;
#else
@@ -181,8 +180,7 @@ BOOL NETCON_connected(WININET_NETCONNECT
/******************************************************************************
* NETCON_create
- * Basically calls 'socket()' unless useSSL is supplised,
- * in which case we do other things.
+ * Basically calls 'socket()'
*/
BOOL NETCON_create(WININET_NETCONNECTION *connection, int domain,
int type, int protocol)
@@ -218,7 +216,8 @@ BOOL NETCON_close(WININET_NETCONNECTION
connection->peek_msg = NULL;
connection->peek_msg_mem = NULL;
/* FIXME should we call SSL_shutdown here?? Probably on whatever is the
- * opposite of NETCON_init.... */
+ * opposite of NETCON_secure_connect.... */
+ connection->useSSL = FALSE;
}
#endif
@@ -228,8 +227,40 @@ BOOL NETCON_close(WININET_NETCONNECTION
}
/******************************************************************************
+ * NETCON_secure_connect
+ * Initiates a secure connection over an existing plaintext connection.
+ */
+BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname)
+{
+#ifdef HAVE_OPENSSL_SSL_H
+ BIO *sbio;
+
+ /* nothing to do if we are already connected */
+ if (connection->useSSL)
+ return FALSE;
+
+ ctx = pSSL_CTX_new(meth);
+ connection->ssl_s = pSSL_new(ctx);
+
+ sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE);
+ pSSL_set_bio(connection->ssl_s, sbio, sbio);
+ if (pSSL_connect(connection->ssl_s) <= 0)
+ {
+ ERR("ssl couldn't connect\n");
+ return FALSE;
+ }
+ /* FIXME: verify the security of the connection and that the
+ * hostname of the certificate matches */
+ connection->useSSL = TRUE;
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+/******************************************************************************
* NETCON_connect
- * Basically calls 'connect()' unless we should use SSL
+ * Connects to the specified address.
*/
BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
unsigned int addrlen)
@@ -246,24 +277,6 @@ BOOL NETCON_connect(WININET_NETCONNECTIO
return FALSE;
}
-#ifdef HAVE_OPENSSL_SSL_H
- if (connection->useSSL)
- {
- BIO *sbio;
-
- ctx = pSSL_CTX_new(meth);
- connection->ssl_s = pSSL_new(ctx);
-
- sbio = pBIO_new_socket(connection->socketFD, BIO_NOCLOSE);
- pSSL_set_bio(connection->ssl_s, sbio, sbio);
- if (pSSL_connect(connection->ssl_s) <= 0)
- {
- ERR("ssl couldn't connect\n");
- return FALSE;
- }
- }
-#endif
-
return TRUE;
}
More information about the wine-cvs
mailing list