mirror of
https://port.numenaute.org/aleajactaest/khanat-opennel-code.git
synced 2024-12-24 18:08:44 +00:00
Changed: Refactor curl certificate loading (issue #314)
--HG-- branch : develop
This commit is contained in:
parent
368e1389f2
commit
9a3a352142
3 changed files with 161 additions and 90 deletions
35
code/nel/include/nel/gui/curl_certificates.h
Normal file
35
code/nel/include/nel/gui/curl_certificates.h
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
// Ryzom - MMORPG Framework <http://dev.ryzom.com/projects/ryzom/>
|
||||||
|
// Copyright (C) 2010 Winch Gate Property Limited
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as
|
||||||
|
// published by the Free Software Foundation, either version 3 of the
|
||||||
|
// License, or (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
#ifndef CL_CURL_CERTIFICATES_HTML_H
|
||||||
|
#define CL_CURL_CERTIFICATES_HTML_H
|
||||||
|
|
||||||
|
#include <curl/curl.h>
|
||||||
|
|
||||||
|
#include "nel/misc/types_nl.h"
|
||||||
|
|
||||||
|
namespace NLGUI
|
||||||
|
{
|
||||||
|
#if defined(NL_OS_WINDOWS)
|
||||||
|
class CCurlCertificates {
|
||||||
|
public:
|
||||||
|
// cURL SSL certificate loading
|
||||||
|
static CURLcode sslCtxFunction(CURL *curl, void *sslctx, void *parm);
|
||||||
|
};
|
||||||
|
#endif // NL_OS_WINDOWS
|
||||||
|
|
||||||
|
} // namespace
|
||||||
|
#endif
|
123
code/nel/src/gui/curl_certificates.cpp
Normal file
123
code/nel/src/gui/curl_certificates.cpp
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
// Ryzom - MMORPG Framework <http://dev.ryzom.com/projects/ryzom/>
|
||||||
|
// Copyright (C) 2010 Winch Gate Property Limited
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as
|
||||||
|
// published by the Free Software Foundation, either version 3 of the
|
||||||
|
// License, or (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
//#include <crtdbg.h>
|
||||||
|
|
||||||
|
#include "stdpch.h"
|
||||||
|
#include "nel/gui/curl_certificates.h"
|
||||||
|
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
|
#if defined(NL_OS_WINDOWS)
|
||||||
|
#pragma comment(lib, "crypt32.lib")
|
||||||
|
#pragma comment(lib, "cryptui.lib")
|
||||||
|
#endif
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
using namespace NLMISC;
|
||||||
|
|
||||||
|
#ifdef DEBUG_NEW
|
||||||
|
#define new DEBUG_NEW
|
||||||
|
#endif
|
||||||
|
|
||||||
|
namespace NLGUI
|
||||||
|
{
|
||||||
|
#if defined(NL_OS_WINDOWS)
|
||||||
|
static std::vector<X509 *> x509CertList;
|
||||||
|
|
||||||
|
//
|
||||||
|
// x509CertList lifetime manager
|
||||||
|
//
|
||||||
|
class SX509Certificates {
|
||||||
|
public:
|
||||||
|
SX509Certificates()
|
||||||
|
{
|
||||||
|
curl_version_info_data *data;
|
||||||
|
data = curl_version_info(CURLVERSION_NOW);
|
||||||
|
if (!(data && data->features & CURL_VERSION_SSPI))
|
||||||
|
{
|
||||||
|
addCertificatesFrom("CA");
|
||||||
|
addCertificatesFrom("AuthRoot");
|
||||||
|
addCertificatesFrom("ROOT");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
~SX509Certificates()
|
||||||
|
{
|
||||||
|
for (uint i = 0; i < x509CertList.size(); ++i)
|
||||||
|
{
|
||||||
|
X509_free(x509CertList[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
x509CertList.clear();
|
||||||
|
}
|
||||||
|
|
||||||
|
void addCertificatesFrom(LPCSTR root)
|
||||||
|
{
|
||||||
|
HCERTSTORE hStore;
|
||||||
|
PCCERT_CONTEXT pContext = NULL;
|
||||||
|
X509 *x509;
|
||||||
|
hStore = CertOpenSystemStore(NULL, root);
|
||||||
|
if (hStore)
|
||||||
|
{
|
||||||
|
while (pContext = CertEnumCertificatesInStore(hStore, pContext))
|
||||||
|
{
|
||||||
|
x509 = NULL;
|
||||||
|
x509 = d2i_X509(NULL, (const unsigned char **)&pContext->pbCertEncoded, pContext->cbCertEncoded);
|
||||||
|
if (x509)
|
||||||
|
{
|
||||||
|
x509CertList.push_back(x509);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
CertFreeCertificateContext(pContext);
|
||||||
|
CertCloseStore(hStore, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
// this is called before debug context is set and log ends up in log.log
|
||||||
|
//nlinfo("Loaded %d certificates from '%s' certificate store", List.size(), root);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/// this will be initialized on startup and cleared on exit
|
||||||
|
static SX509Certificates x509CertListManager;
|
||||||
|
|
||||||
|
// ***************************************************************************
|
||||||
|
// static
|
||||||
|
CURLcode CCurlCertificates::sslCtxFunction(CURL *curl, void *sslctx, void *parm)
|
||||||
|
{
|
||||||
|
if (x509CertList.size() > 0)
|
||||||
|
{
|
||||||
|
SSL_CTX *ctx = (SSL_CTX*)sslctx;
|
||||||
|
X509_STORE *x509store = SSL_CTX_get_cert_store(ctx);
|
||||||
|
if (x509store)
|
||||||
|
{
|
||||||
|
for (uint i = 0; i < x509CertList.size(); ++i)
|
||||||
|
{
|
||||||
|
X509_STORE_add_cert(x509store, x509CertList[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
nlwarning("SSL_CTX_get_cert_store returned NULL");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
#endif // NL_OS_WINDOWS
|
||||||
|
|
||||||
|
}// namespace
|
||||||
|
|
|
@ -46,16 +46,7 @@
|
||||||
#include "nel/misc/big_file.h"
|
#include "nel/misc/big_file.h"
|
||||||
#include "nel/gui/url_parser.h"
|
#include "nel/gui/url_parser.h"
|
||||||
#include "nel/gui/http_cache.h"
|
#include "nel/gui/http_cache.h"
|
||||||
|
#include "nel/gui/curl_certificates.h"
|
||||||
#if defined(NL_OS_WINDOWS)
|
|
||||||
#include <curl/curl.h>
|
|
||||||
#include <openssl/x509.h>
|
|
||||||
#include <openssl/ssl.h>
|
|
||||||
|
|
||||||
#pragma comment(lib, "crypt32.lib")
|
|
||||||
#pragma comment(lib, "cryptui.lib")
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
using namespace NLMISC;
|
using namespace NLMISC;
|
||||||
|
@ -80,84 +71,6 @@ namespace NLGUI
|
||||||
|
|
||||||
CGroupHTML::SWebOptions CGroupHTML::options;
|
CGroupHTML::SWebOptions CGroupHTML::options;
|
||||||
|
|
||||||
#if defined(NL_OS_WINDOWS)
|
|
||||||
class SX509Certificates {
|
|
||||||
public:
|
|
||||||
SX509Certificates()
|
|
||||||
{
|
|
||||||
curl_version_info_data *data;
|
|
||||||
data = curl_version_info(CURLVERSION_NOW);
|
|
||||||
if (!(data && data->features & CURL_VERSION_SSPI))
|
|
||||||
{
|
|
||||||
addCertificatesFrom("CA");
|
|
||||||
addCertificatesFrom("AuthRoot");
|
|
||||||
addCertificatesFrom("ROOT");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
~SX509Certificates()
|
|
||||||
{
|
|
||||||
for (uint i = 0; i < List.size(); ++i)
|
|
||||||
{
|
|
||||||
X509_free(List[i]);
|
|
||||||
}
|
|
||||||
|
|
||||||
List.clear();
|
|
||||||
}
|
|
||||||
|
|
||||||
void addCertificatesFrom(LPCSTR root)
|
|
||||||
{
|
|
||||||
HCERTSTORE hStore;
|
|
||||||
PCCERT_CONTEXT pContext = NULL;
|
|
||||||
X509 *x509;
|
|
||||||
hStore = CertOpenSystemStore(NULL, root);
|
|
||||||
if (hStore)
|
|
||||||
{
|
|
||||||
while (pContext = CertEnumCertificatesInStore(hStore, pContext))
|
|
||||||
{
|
|
||||||
x509 = NULL;
|
|
||||||
x509 = d2i_X509(NULL, (const unsigned char **)&pContext->pbCertEncoded, pContext->cbCertEncoded);
|
|
||||||
if (x509)
|
|
||||||
{
|
|
||||||
List.push_back(x509);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
CertFreeCertificateContext(pContext);
|
|
||||||
CertCloseStore(hStore, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
// this is called before debug context is set and log ends up in log.log
|
|
||||||
//nlinfo("Loaded %d certificates from '%s' certificate store", List.size(), root);
|
|
||||||
}
|
|
||||||
public:
|
|
||||||
std::vector<X509 *> List;
|
|
||||||
};
|
|
||||||
|
|
||||||
/// this will be initialized on startup and cleared on exit
|
|
||||||
static SX509Certificates x509CertList;
|
|
||||||
|
|
||||||
static CURLcode ssl_ctx_function(CURL *curl, void *sslctx, void *parm)
|
|
||||||
{
|
|
||||||
if (x509CertList.List.size() > 0)
|
|
||||||
{
|
|
||||||
SSL_CTX *ctx = (SSL_CTX*)sslctx;
|
|
||||||
X509_STORE *x509store = SSL_CTX_get_cert_store(ctx);
|
|
||||||
if (x509store)
|
|
||||||
{
|
|
||||||
for (uint i = 0; i < x509CertList.List.size(); ++i)
|
|
||||||
{
|
|
||||||
X509_STORE_add_cert(x509store, x509CertList.List[i]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
nlwarning("SSL_CTX_get_cert_store returned NULL");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return CURLE_OK;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Active cURL www transfer
|
// Active cURL www transfer
|
||||||
class CCurlWWWData
|
class CCurlWWWData
|
||||||
{
|
{
|
||||||
|
@ -447,7 +360,7 @@ namespace NLGUI
|
||||||
// https://
|
// https://
|
||||||
if (toLower(download.url.substr(0, 8)) == "https://")
|
if (toLower(download.url.substr(0, 8)) == "https://")
|
||||||
{
|
{
|
||||||
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &ssl_ctx_function);
|
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -5363,7 +5276,7 @@ namespace NLGUI
|
||||||
// https://
|
// https://
|
||||||
if (toLower(url.substr(0, 8)) == "https://")
|
if (toLower(url.substr(0, 8)) == "https://")
|
||||||
{
|
{
|
||||||
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &ssl_ctx_function);
|
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue