DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

HTTP: Make URL available to the cert_cb

Browse source 
This makes it easier for non-SOAP cases to validate HTTP server name
(from the URL) match against the certificate.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-03-11 19:46:23 +02:00 committed by Jouni Malinen
parent abed7978f6
commit 5eaf596e14
2 changed files with 29 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/utils/http-utils.h
View file

@ -33,6 +33,7 @@ struct http_cert {
size_t num_othername;
struct http_logo *logo;
size_t num_logo;
const char *url;
};
int soap_init_client(struct http_ctx *ctx, const char *address,

50
src/utils/http_curl.c
View file

@ -64,6 +64,7 @@ struct http_ctx {
X509 *peer_issuer_issuer;
const char *last_err;
const char *url;
};
@ -871,6 +872,7 @@ static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
X509 *cert, GENERAL_NAMES **names)
{
os_memset(hcert, 0, sizeof(*hcert));
hcert->url = ctx->url ? ctx->url : ctx->svc_address;
*names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (*names)
@ -1617,23 +1619,23 @@ int http_download_file(struct http_ctx *ctx, const char *url,
const char *fname, const char *ca_fname)
{
CURL *curl;
FILE *f;
FILE *f = NULL;
CURLcode res;
long http = 0;
int ret = -1;
ctx->last_err = NULL;
ctx->url = url;
wpa_printf(MSG_DEBUG, "curl: Download file from %s to %s (ca=%s)",
url, fname, ca_fname);
curl = curl_easy_init();
if (curl == NULL)
return -1;
goto fail;
f = fopen(fname, "wb");
if (f == NULL) {
curl_easy_cleanup(curl);
return -1;
}
if (!f)
goto fail;
curl_easy_setopt(curl, CURLOPT_URL, url);
if (ca_fname) {
@ -1655,9 +1657,7 @@ int http_download_file(struct http_ctx *ctx, const char *url,
ctx->last_err = curl_easy_strerror(res);
wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
ctx->last_err);
curl_easy_cleanup(curl);
fclose(f);
return -1;
goto fail;
}
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@ -1665,15 +1665,19 @@ int http_download_file(struct http_ctx *ctx, const char *url,
if (http != 200) {
ctx->last_err = "HTTP download failed";
wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
curl_easy_cleanup(curl);
fclose(f);
return -1;
goto fail;
}
curl_easy_cleanup(curl);
fclose(f);
ret = 0;
return 0;
fail:
ctx->url = NULL;
if (curl)
curl_easy_cleanup(curl);
if (f)
fclose(f);
return ret;
}
@ -1686,16 +1690,17 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
{
long http = 0;
CURLcode res;
char *ret;
char *ret = NULL;
CURL *curl;
struct curl_slist *curl_hdr = NULL;
ctx->last_err = NULL;
ctx->url = url;
wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url);
curl = setup_curl_post(ctx, url, ca_fname, username, password,
client_cert, client_key);
if (curl == NULL)
return NULL;
goto fail;
if (content_type) {
char ct[200];
@ -1715,8 +1720,7 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
ctx->last_err = curl_easy_strerror(res);
wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
ctx->last_err);
free_curl_buf(ctx);
return NULL;
goto fail;
}
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@ -1724,12 +1728,11 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
if (http != 200) {
ctx->last_err = "HTTP POST failed";
wpa_printf(MSG_INFO, "HTTP POST failed - code %ld", http);
free_curl_buf(ctx);
return NULL;
goto fail;
}
if (ctx->curl_buf == NULL)
return NULL;
goto fail;
ret = ctx->curl_buf;
if (resp_len)
@ -1739,6 +1742,9 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ret);
fail:
free_curl_buf(ctx);
ctx->url = NULL;
return ret;
}