Juan Lang : wininet: Set callback to verify hostname with peer' s certificate.

Alexandre Julliard julliard at winehq.org
Mon Dec 14 09:51:16 CST 2009


Module: wine
Branch: master
Commit: 6217326a09dda8d029f80846c1ea9c2725c532b5
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=6217326a09dda8d029f80846c1ea9c2725c532b5

Author: Juan Lang <juan.lang at gmail.com>
Date:   Sun Dec 13 15:42:29 2009 -0800

wininet: Set callback to verify hostname with peer's certificate.

---

 dlls/wininet/netconnection.c |   28 ++++++++++++++++++++++++++++
 1 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 6650359..e0667ec 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -132,12 +132,16 @@ MAKE_FUNCPTR(SSL_write);
 MAKE_FUNCPTR(SSL_read);
 MAKE_FUNCPTR(SSL_pending);
 MAKE_FUNCPTR(SSL_get_ex_new_index);
+MAKE_FUNCPTR(SSL_get_ex_data);
 MAKE_FUNCPTR(SSL_set_ex_data);
+MAKE_FUNCPTR(SSL_get_ex_data_X509_STORE_CTX_idx);
 MAKE_FUNCPTR(SSL_get_verify_result);
 MAKE_FUNCPTR(SSL_get_peer_certificate);
 MAKE_FUNCPTR(SSL_CTX_get_timeout);
 MAKE_FUNCPTR(SSL_CTX_set_timeout);
 MAKE_FUNCPTR(SSL_CTX_set_default_verify_paths);
+MAKE_FUNCPTR(SSL_CTX_set_verify);
+MAKE_FUNCPTR(X509_STORE_CTX_get_ex_data);
 
 /* OpenSSL's libcrypto functions that we use */
 MAKE_FUNCPTR(BIO_new_fp);
@@ -165,6 +169,18 @@ static void ssl_lock_callback(int mode, int type, const char *file, int line)
         LeaveCriticalSection(&ssl_locks[type]);
 }
 
+static int netconn_secure_verify(int preverify_ok, X509_STORE_CTX *ctx)
+{
+    SSL *ssl;
+    WCHAR *server;
+
+    ssl = pX509_STORE_CTX_get_ex_data(ctx,
+        pSSL_get_ex_data_X509_STORE_CTX_idx());
+    server = pSSL_get_ex_data(ssl, hostname_idx);
+    FIXME("verify %s\n", debugstr_w(server));
+    return preverify_ok;
+}
+
 #endif
 
 DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
@@ -224,12 +240,16 @@ DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
 	DYNSSL(SSL_read);
 	DYNSSL(SSL_pending);
 	DYNSSL(SSL_get_ex_new_index);
+	DYNSSL(SSL_get_ex_data);
 	DYNSSL(SSL_set_ex_data);
+	DYNSSL(SSL_get_ex_data_X509_STORE_CTX_idx);
 	DYNSSL(SSL_get_verify_result);
 	DYNSSL(SSL_get_peer_certificate);
 	DYNSSL(SSL_CTX_get_timeout);
 	DYNSSL(SSL_CTX_set_timeout);
 	DYNSSL(SSL_CTX_set_default_verify_paths);
+	DYNSSL(SSL_CTX_set_verify);
+	DYNSSL(X509_STORE_CTX_get_ex_data);
 #undef DYNSSL
 
 #define DYNCRYPTO(x) \
@@ -265,6 +285,14 @@ DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
         }
         hostname_idx = pSSL_get_ex_new_index(0, (void *)"hostname index",
                 NULL, NULL, NULL);
+        if (hostname_idx == -1)
+        {
+            ERR("SSL_get_ex_new_index failed; %s\n",
+                pERR_error_string(pERR_get_error(), 0));
+            LeaveCriticalSection(&init_ssl_cs);
+            return ERROR_OUTOFMEMORY;
+        }
+        pSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, netconn_secure_verify);
 
         pCRYPTO_set_id_callback(ssl_thread_id);
         ssl_locks = HeapAlloc(GetProcessHeap(), 0,




More information about the wine-cvs mailing list