HTTP: Make URL available to the cert_cb

This makes it easier for non-SOAP cases to validate HTTP server name
(from the URL) match against the certificate.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/utils/http-utils.h b/src/utils/http-utils.h
index d9fc925a2bce1ea56b7baec43c2276dfbea8ee80..23e9ecd9bb638bae99cbf7b5d32c1614982355a3 100644 (file)
--- a/src/utils/http-utils.h
+++ b/src/utils/http-utils.h
@@ -33,6 +33,7 @@ struct http_cert {
        size_t num_othername;
        struct http_logo *logo;
        size_t num_logo;
+       const char *url;
 };
 
 int soap_init_client(struct http_ctx *ctx, const char *address,

diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index e62fbf96bcb32ff548167e79362283c178986598..30b07f23d1f8b62810aabd795cf3ba677469ddae 100644 (file)
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -64,6 +64,7 @@ struct http_ctx {
        X509 *peer_issuer_issuer;
 
        const char *last_err;
+       const char *url;
 };
 
 
@@ -871,6 +872,7 @@ static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
                       X509 *cert, GENERAL_NAMES **names)
 {
        os_memset(hcert, 0, sizeof(*hcert));
+       hcert->url = ctx->url ? ctx->url : ctx->svc_address;
 
        *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
        if (*names)
@@ -1617,23 +1619,23 @@ int http_download_file(struct http_ctx *ctx, const char *url,
                       const char *fname, const char *ca_fname)
 {
        CURL *curl;
-       FILE *f;
+       FILE *f = NULL;
        CURLcode res;
        long http = 0;
+       int ret = -1;
 
        ctx->last_err = NULL;
+       ctx->url = url;
 
        wpa_printf(MSG_DEBUG, "curl: Download file from %s to %s (ca=%s)",
                   url, fname, ca_fname);
        curl = curl_easy_init();
        if (curl == NULL)
-               return -1;
+               goto fail;
 
        f = fopen(fname, "wb");
-       if (f == NULL) {
-               curl_easy_cleanup(curl);
-               return -1;
-       }
+       if (!f)
+               goto fail;
 
        curl_easy_setopt(curl, CURLOPT_URL, url);
        if (ca_fname) {
@@ -1655,9 +1657,7 @@ int http_download_file(struct http_ctx *ctx, const char *url,
                        ctx->last_err = curl_easy_strerror(res);
                wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
                           ctx->last_err);
-               curl_easy_cleanup(curl);
-               fclose(f);
-               return -1;
+               goto fail;
        }
 
        curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@@ -1665,15 +1665,19 @@ int http_download_file(struct http_ctx *ctx, const char *url,
        if (http != 200) {
                ctx->last_err = "HTTP download failed";
                wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
-               curl_easy_cleanup(curl);
-               fclose(f);
-               return -1;
+               goto fail;
        }
 
-       curl_easy_cleanup(curl);
-       fclose(f);
+       ret = 0;
 
-       return 0;
+fail:
+       ctx->url = NULL;
+       if (curl)
+               curl_easy_cleanup(curl);
+       if (f)
+               fclose(f);
+
+       return ret;
 }
 
 
@@ -1686,16 +1690,17 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
 {
        long http = 0;
        CURLcode res;
-       char *ret;
+       char *ret = NULL;
        CURL *curl;
        struct curl_slist *curl_hdr = NULL;
 
        ctx->last_err = NULL;
+       ctx->url = url;
        wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url);
        curl = setup_curl_post(ctx, url, ca_fname, username, password,
                               client_cert, client_key);
        if (curl == NULL)
-               return NULL;
+               goto fail;
 
        if (content_type) {
                char ct[200];
@@ -1715,8 +1720,7 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
                        ctx->last_err = curl_easy_strerror(res);
                wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
                           ctx->last_err);
-               free_curl_buf(ctx);
-               return NULL;
+               goto fail;
        }
 
        curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
@@ -1724,12 +1728,11 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
        if (http != 200) {
                ctx->last_err = "HTTP POST failed";
                wpa_printf(MSG_INFO, "HTTP POST failed - code %ld", http);
-               free_curl_buf(ctx);
-               return NULL;
+               goto fail;
        }
 
        if (ctx->curl_buf == NULL)
-               return NULL;
+               goto fail;
 
        ret = ctx->curl_buf;
        if (resp_len)
@@ -1739,6 +1742,9 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data,
 
        wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ret);
 
+fail:
+       free_curl_buf(ctx);
+       ctx->url = NULL;
        return ret;
 }