DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

HTTP: Make URL available to the cert_cb

Browse source 
This makes it easier for non-SOAP cases to validate HTTP server name
(from the URL) match against the certificate.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-03-11 19:46:23 +02:00 committed by Jouni Malinen
parent abed7978f6
commit 5eaf596e14
2 changed files with 29 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/utils/http-utils.h
View file

@ -33,6 +33,7 @@ struct http_cert {
size_t num_othername; size_t num_othername;
struct http_logo *logo; struct http_logo *logo;
size_t num_logo; size_t num_logo;
const char *url;
}; };
int soap_init_client(struct http_ctx *ctx, const char *address, int soap_init_client(struct http_ctx *ctx, const char *address,

50
src/utils/http_curl.c
View file

@ -64,6 +64,7 @@ struct http_ctx {
X509 *peer_issuer_issuer; X509 *peer_issuer_issuer;
const char *last_err; const char *last_err;
const char *url;
}; };
@ -871,6 +872,7 @@ static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
X509 *cert, GENERAL_NAMES **names) X509 *cert, GENERAL_NAMES **names)
{ {
os_memset(hcert, 0, sizeof(*hcert)); os_memset(hcert, 0, sizeof(*hcert));
hcert->url = ctx->url ? ctx->url : ctx->svc_address;
*names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (*names) if (*names)
@ -1617,23 +1619,23 @@ int http_download_file(struct http_ctx *ctx, const char *url,
const char *fname, const char *ca_fname) const char *fname, const char *ca_fname)
{ {
CURL *curl; CURL *curl;
FILE *f; FILE *f = NULL;
CURLcode res; CURLcode res;
long http = 0; long http = 0;
int ret = -1;
ctx->last_err = NULL; ctx->last_err = NULL;
ctx->url = url;
wpa_printf(MSG_DEBUG, "curl: Download file from %s to %s (ca=%s)", wpa_printf(MSG_DEBUG, "curl: Download file from %s to %s (ca=%s)",
url, fname, ca_fname); url, fname, ca_fname);
curl = curl_easy_init(); curl = curl_easy_init();
if (curl == NULL) if (curl == NULL)
return -1; goto fail;
f = fopen(fname, "wb"); f = fopen(fname, "wb");
if (f == NULL) { if (!f)
curl_easy_cleanup(curl); goto fail;
return -1;
}
curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_URL, url);
if (ca_fname) { if (ca_fname) {
@ -1655,9 +1657,7 @@ int http_download_file(struct http_ctx *ctx, const char *url,
ctx->last_err = curl_easy_strerror(res); ctx->last_err = curl_easy_strerror(res);
wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s", wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
ctx->last_err); ctx->last_err);
curl_easy_cleanup(curl); goto fail;
fclose(f);
return -1;
} }
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@ -1665,15 +1665,19 @@ int http_download_file(struct http_ctx *ctx, const char *url,
if (http != 200) { if (http != 200) {
ctx->last_err = "HTTP download failed"; ctx->last_err = "HTTP download failed";
wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http); wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
curl_easy_cleanup(curl); goto fail;
fclose(f);
return -1;
} }
curl_easy_cleanup(curl); ret = 0;
fclose(f);
return 0; fail:
ctx->url = NULL;
if (curl)
curl_easy_cleanup(curl);
if (f)
fclose(f);
return ret;
} }
@ -1686,16 +1690,17 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
{ {
long http = 0; long http = 0;
CURLcode res; CURLcode res;
char *ret; char *ret = NULL;
CURL *curl; CURL *curl;
struct curl_slist *curl_hdr = NULL; struct curl_slist *curl_hdr = NULL;
ctx->last_err = NULL; ctx->last_err = NULL;
ctx->url = url;
wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url); wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url);
curl = setup_curl_post(ctx, url, ca_fname, username, password, curl = setup_curl_post(ctx, url, ca_fname, username, password,
client_cert, client_key); client_cert, client_key);
if (curl == NULL) if (curl == NULL)
return NULL; goto fail;
if (content_type) { if (content_type) {
char ct[200]; char ct[200];
@ -1715,8 +1720,7 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
ctx->last_err = curl_easy_strerror(res); ctx->last_err = curl_easy_strerror(res);
wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s", wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
ctx->last_err); ctx->last_err);
free_curl_buf(ctx); goto fail;
return NULL;
} }
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@ -1724,12 +1728,11 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
if (http != 200) { if (http != 200) {
ctx->last_err = "HTTP POST failed"; ctx->last_err = "HTTP POST failed";
wpa_printf(MSG_INFO, "HTTP POST failed - code %ld", http); wpa_printf(MSG_INFO, "HTTP POST failed - code %ld", http);
free_curl_buf(ctx); goto fail;
return NULL;
} }
if (ctx->curl_buf == NULL) if (ctx->curl_buf == NULL)
return NULL; goto fail;
ret = ctx->curl_buf; ret = ctx->curl_buf;
if (resp_len) if (resp_len)
@ -1739,6 +1742,9 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ret); wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ret);
fail:
free_curl_buf(ctx);
ctx->url = NULL;
return ret; return ret;
} }