From: Jouni Malinen Date: Sat, 22 Feb 2025 18:48:03 +0000 (+0200) Subject: HTTP: Remove now unused code X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e960c374189e8651005c4357609a6232f626edc2;p=thirdparty%2Fhostap.git HTTP: Remove now unused code OSU removal from hs20-osu-client removed need for quite a bit of the HTTP wrapper functionality. Signed-off-by: Jouni Malinen --- diff --git a/src/utils/http-utils.h b/src/utils/http-utils.h index 23e9ecd9b..14efaf813 100644 --- a/src/utils/http-utils.h +++ b/src/utils/http-utils.h @@ -11,38 +11,6 @@ struct http_ctx; -struct http_othername { - char *oid; - u8 *data; - size_t len; -}; - -#define HTTP_MAX_CERT_LOGO_HASH 32 - -struct http_logo { - char *alg_oid; - u8 *hash; - size_t hash_len; - char *uri; -}; - -struct http_cert { - char **dnsname; - size_t num_dnsname; - struct http_othername *othername; - size_t num_othername; - struct http_logo *logo; - size_t num_logo; - const char *url; -}; - -int soap_init_client(struct http_ctx *ctx, const char *address, - const char *ca_fname, const char *username, - const char *password, const char *client_cert, - const char *client_key); -int soap_reinit_client(struct http_ctx *ctx); -xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node); - struct http_ctx * http_init_ctx(void *upper_ctx, struct xml_node_ctx *xml_ctx); void http_ocsp_set(struct http_ctx *ctx, int val); void http_deinit_ctx(struct http_ctx *ctx); @@ -55,10 +23,6 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data, const char *username, const char *password, const char *client_cert, const char *client_key, size_t *resp_len); -void http_set_cert_cb(struct http_ctx *ctx, - int (*cb)(void *ctx, struct http_cert *cert), - void *cb_ctx); const char * http_get_err(struct http_ctx *ctx); -void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname); #endif /* HTTP_UTILS_H */ diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index 77d5b3578..1cf2f7e56 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -31,31 +31,15 @@ #endif /* EAP_TLS_OPENSSL */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L -static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x) -{ - return ASN1_STRING_data((ASN1_STRING *) x); -} -#endif /* OpenSSL < 1.1.0 */ - - struct http_ctx { void *ctx; struct xml_node_ctx *xml; CURL *curl; struct curl_slist *curl_hdr; char *svc_address; - char *svc_ca_fname; - char *svc_username; - char *svc_password; - char *svc_client_cert; - char *svc_client_key; char *curl_buf; size_t curl_buf_len; - int (*cert_cb)(void *ctx, struct http_cert *cert); - void *cert_cb_ctx; - enum { NO_OCSP, OPTIONAL_OCSP, MANDATORY_OCSP } ocsp; @@ -81,16 +65,6 @@ static void clear_curl(struct http_ctx *ctx) } -static void clone_str(char **dst, const char *src) -{ - os_free(*dst); - if (src) - *dst = os_strdup(src); - else - *dst = NULL; -} - - static void debug_dump(struct http_ctx *ctx, const char *title, const char *buf, size_t len) { @@ -202,773 +176,6 @@ static void debug_dump_cert(const char *title, X509 *cert) } -static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert, - OTHERNAME *o) -{ - char txt[100]; - int res; - struct http_othername *on; - ASN1_TYPE *val; - - on = os_realloc_array(cert->othername, cert->num_othername + 1, - sizeof(struct http_othername)); - if (on == NULL) - return; - cert->othername = on; - on = &on[cert->num_othername]; - os_memset(on, 0, sizeof(*on)); - - res = OBJ_obj2txt(txt, sizeof(txt), o->type_id, 1); - if (res < 0 || res >= (int) sizeof(txt)) - return; - - on->oid = os_strdup(txt); - if (on->oid == NULL) - return; - - val = o->value; - on->data = val->value.octet_string->data; - on->len = val->value.octet_string->length; - - cert->num_othername++; -} - - -static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert, - ASN1_STRING *name) -{ - char *buf; - char **n; - - buf = NULL; - if (ASN1_STRING_to_UTF8((unsigned char **) &buf, name) < 0) - return; - - n = os_realloc_array(cert->dnsname, cert->num_dnsname + 1, - sizeof(char *)); - if (n == NULL) - return; - - cert->dnsname = n; - n[cert->num_dnsname] = buf; - cert->num_dnsname++; -} - - -static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert, - const GENERAL_NAME *name) -{ - switch (name->type) { - case GEN_OTHERNAME: - add_alt_name_othername(ctx, cert, name->d.otherName); - break; - case GEN_DNS: - add_alt_name_dns(ctx, cert, name->d.dNSName); - break; - } -} - - -static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert, - GENERAL_NAMES *names) -{ - int num, i; - - num = sk_GENERAL_NAME_num(names); - for (i = 0; i < num; i++) { - const GENERAL_NAME *name; - name = sk_GENERAL_NAME_value(names, i); - add_alt_name(ctx, cert, name); - } -} - - -/* RFC 3709 */ - -typedef struct { - X509_ALGOR *hashAlg; - ASN1_OCTET_STRING *hashValue; -} HashAlgAndValue; - -typedef struct { - STACK_OF(HashAlgAndValue) *refStructHash; - STACK_OF(ASN1_IA5STRING) *refStructURI; -} LogotypeReference; - -typedef struct { - ASN1_IA5STRING *mediaType; - STACK_OF(HashAlgAndValue) *logotypeHash; - STACK_OF(ASN1_IA5STRING) *logotypeURI; -} LogotypeDetails; - -typedef struct { - int type; - union { - ASN1_INTEGER *numBits; - ASN1_INTEGER *tableSize; - } d; -} LogotypeImageResolution; - -typedef struct { - ASN1_INTEGER *type; /* LogotypeImageType ::= INTEGER */ - ASN1_INTEGER *fileSize; - ASN1_INTEGER *xSize; - ASN1_INTEGER *ySize; - LogotypeImageResolution *resolution; - ASN1_IA5STRING *language; -} LogotypeImageInfo; - -typedef struct { - LogotypeDetails *imageDetails; - LogotypeImageInfo *imageInfo; -} LogotypeImage; - -typedef struct { - ASN1_INTEGER *fileSize; - ASN1_INTEGER *playTime; - ASN1_INTEGER *channels; - ASN1_INTEGER *sampleRate; - ASN1_IA5STRING *language; -} LogotypeAudioInfo; - -typedef struct { - LogotypeDetails *audioDetails; - LogotypeAudioInfo *audioInfo; -} LogotypeAudio; - -typedef struct { - STACK_OF(LogotypeImage) *image; - STACK_OF(LogotypeAudio) *audio; -} LogotypeData; - -typedef struct { - int type; - union { - LogotypeData *direct; - LogotypeReference *indirect; - } d; -} LogotypeInfo; - -typedef struct { - ASN1_OBJECT *logotypeType; - LogotypeInfo *info; -} OtherLogotypeInfo; - -typedef struct { - STACK_OF(LogotypeInfo) *communityLogos; - LogotypeInfo *issuerLogo; - LogotypeInfo *subjectLogo; - STACK_OF(OtherLogotypeInfo) *otherLogos; -} LogotypeExtn; - -ASN1_SEQUENCE(HashAlgAndValue) = { - ASN1_SIMPLE(HashAlgAndValue, hashAlg, X509_ALGOR), - ASN1_SIMPLE(HashAlgAndValue, hashValue, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(HashAlgAndValue); - -ASN1_SEQUENCE(LogotypeReference) = { - ASN1_SEQUENCE_OF(LogotypeReference, refStructHash, HashAlgAndValue), - ASN1_SEQUENCE_OF(LogotypeReference, refStructURI, ASN1_IA5STRING) -} ASN1_SEQUENCE_END(LogotypeReference); - -ASN1_SEQUENCE(LogotypeDetails) = { - ASN1_SIMPLE(LogotypeDetails, mediaType, ASN1_IA5STRING), - ASN1_SEQUENCE_OF(LogotypeDetails, logotypeHash, HashAlgAndValue), - ASN1_SEQUENCE_OF(LogotypeDetails, logotypeURI, ASN1_IA5STRING) -} ASN1_SEQUENCE_END(LogotypeDetails); - -ASN1_CHOICE(LogotypeImageResolution) = { - ASN1_IMP(LogotypeImageResolution, d.numBits, ASN1_INTEGER, 1), - ASN1_IMP(LogotypeImageResolution, d.tableSize, ASN1_INTEGER, 2) -} ASN1_CHOICE_END(LogotypeImageResolution); - -ASN1_SEQUENCE(LogotypeImageInfo) = { - ASN1_IMP_OPT(LogotypeImageInfo, type, ASN1_INTEGER, 0), - ASN1_SIMPLE(LogotypeImageInfo, fileSize, ASN1_INTEGER), - ASN1_SIMPLE(LogotypeImageInfo, xSize, ASN1_INTEGER), - ASN1_SIMPLE(LogotypeImageInfo, ySize, ASN1_INTEGER), - ASN1_OPT(LogotypeImageInfo, resolution, LogotypeImageResolution), - ASN1_IMP_OPT(LogotypeImageInfo, language, ASN1_IA5STRING, 4), -} ASN1_SEQUENCE_END(LogotypeImageInfo); - -ASN1_SEQUENCE(LogotypeImage) = { - ASN1_SIMPLE(LogotypeImage, imageDetails, LogotypeDetails), - ASN1_OPT(LogotypeImage, imageInfo, LogotypeImageInfo) -} ASN1_SEQUENCE_END(LogotypeImage); - -ASN1_SEQUENCE(LogotypeAudioInfo) = { - ASN1_SIMPLE(LogotypeAudioInfo, fileSize, ASN1_INTEGER), - ASN1_SIMPLE(LogotypeAudioInfo, playTime, ASN1_INTEGER), - ASN1_SIMPLE(LogotypeAudioInfo, channels, ASN1_INTEGER), - ASN1_IMP_OPT(LogotypeAudioInfo, sampleRate, ASN1_INTEGER, 3), - ASN1_IMP_OPT(LogotypeAudioInfo, language, ASN1_IA5STRING, 4) -} ASN1_SEQUENCE_END(LogotypeAudioInfo); - -ASN1_SEQUENCE(LogotypeAudio) = { - ASN1_SIMPLE(LogotypeAudio, audioDetails, LogotypeDetails), - ASN1_OPT(LogotypeAudio, audioInfo, LogotypeAudioInfo) -} ASN1_SEQUENCE_END(LogotypeAudio); - -ASN1_SEQUENCE(LogotypeData) = { - ASN1_SEQUENCE_OF_OPT(LogotypeData, image, LogotypeImage), - ASN1_IMP_SEQUENCE_OF_OPT(LogotypeData, audio, LogotypeAudio, 1) -} ASN1_SEQUENCE_END(LogotypeData); - -ASN1_CHOICE(LogotypeInfo) = { - ASN1_IMP(LogotypeInfo, d.direct, LogotypeData, 0), - ASN1_IMP(LogotypeInfo, d.indirect, LogotypeReference, 1) -} ASN1_CHOICE_END(LogotypeInfo); - -ASN1_SEQUENCE(OtherLogotypeInfo) = { - ASN1_SIMPLE(OtherLogotypeInfo, logotypeType, ASN1_OBJECT), - ASN1_SIMPLE(OtherLogotypeInfo, info, LogotypeInfo) -} ASN1_SEQUENCE_END(OtherLogotypeInfo); - -ASN1_SEQUENCE(LogotypeExtn) = { - ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, communityLogos, LogotypeInfo, 0), - ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 1), - ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 2), - ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, otherLogos, OtherLogotypeInfo, 3) -} ASN1_SEQUENCE_END(LogotypeExtn); - -IMPLEMENT_ASN1_FUNCTIONS(LogotypeExtn); - -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st)) -#define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i)) -#define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st)) -#define sk_LogotypeImage_value(st, i) SKM_sk_value(LogotypeImage, (st), (i)) -#define sk_LogotypeAudio_num(st) SKM_sk_num(LogotypeAudio, (st)) -#define sk_LogotypeAudio_value(st, i) SKM_sk_value(LogotypeAudio, (st), (i)) -#define sk_HashAlgAndValue_num(st) SKM_sk_num(HashAlgAndValue, (st)) -#define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i)) -#define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st)) -#define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i)) -#else -DEFINE_STACK_OF(LogotypeInfo) -DEFINE_STACK_OF(LogotypeImage) -DEFINE_STACK_OF(LogotypeAudio) -DEFINE_STACK_OF(HashAlgAndValue) -DEFINE_STACK_OF(ASN1_IA5STRING) -#endif - - -static void add_logo(struct http_ctx *ctx, struct http_cert *hcert, - HashAlgAndValue *hash, ASN1_IA5STRING *uri) -{ - char txt[100]; - int res, len; - struct http_logo *n; - - if (hash == NULL || uri == NULL) - return; - - res = OBJ_obj2txt(txt, sizeof(txt), hash->hashAlg->algorithm, 1); - if (res < 0 || res >= (int) sizeof(txt)) - return; - - n = os_realloc_array(hcert->logo, hcert->num_logo + 1, - sizeof(struct http_logo)); - if (n == NULL) - return; - hcert->logo = n; - n = &hcert->logo[hcert->num_logo]; - os_memset(n, 0, sizeof(*n)); - - n->alg_oid = os_strdup(txt); - if (n->alg_oid == NULL) - return; - - n->hash_len = ASN1_STRING_length(hash->hashValue); - n->hash = os_memdup(ASN1_STRING_get0_data(hash->hashValue), - n->hash_len); - if (n->hash == NULL) { - os_free(n->alg_oid); - return; - } - - len = ASN1_STRING_length(uri); - n->uri = os_malloc(len + 1); - if (n->uri == NULL) { - os_free(n->alg_oid); - os_free(n->hash); - return; - } - os_memcpy(n->uri, ASN1_STRING_get0_data(uri), len); - n->uri[len] = '\0'; - - hcert->num_logo++; -} - - -static void add_logo_direct(struct http_ctx *ctx, struct http_cert *hcert, - LogotypeData *data) -{ - int i, num; - - if (data->image == NULL) - return; - - num = sk_LogotypeImage_num(data->image); - for (i = 0; i < num; i++) { - LogotypeImage *image; - LogotypeDetails *details; - int j, hash_num, uri_num; - HashAlgAndValue *found_hash = NULL; - - image = sk_LogotypeImage_value(data->image, i); - if (image == NULL) - continue; - - details = image->imageDetails; - if (details == NULL) - continue; - - hash_num = sk_HashAlgAndValue_num(details->logotypeHash); - for (j = 0; j < hash_num; j++) { - HashAlgAndValue *hash; - char txt[100]; - int res; - hash = sk_HashAlgAndValue_value(details->logotypeHash, - j); - if (hash == NULL) - continue; - res = OBJ_obj2txt(txt, sizeof(txt), - hash->hashAlg->algorithm, 1); - if (res < 0 || res >= (int) sizeof(txt)) - continue; - if (os_strcmp(txt, "2.16.840.1.101.3.4.2.1") == 0) { - found_hash = hash; - break; - } - } - - if (!found_hash) { - wpa_printf(MSG_DEBUG, "OpenSSL: No SHA256 hash found for the logo"); - continue; - } - - uri_num = sk_ASN1_IA5STRING_num(details->logotypeURI); - for (j = 0; j < uri_num; j++) { - ASN1_IA5STRING *uri; - uri = sk_ASN1_IA5STRING_value(details->logotypeURI, j); - add_logo(ctx, hcert, found_hash, uri); - } - } -} - - -static void add_logo_indirect(struct http_ctx *ctx, struct http_cert *hcert, - LogotypeReference *ref) -{ - int j, hash_num, uri_num; - - hash_num = sk_HashAlgAndValue_num(ref->refStructHash); - uri_num = sk_ASN1_IA5STRING_num(ref->refStructURI); - if (hash_num != uri_num) { - wpa_printf(MSG_INFO, "Unexpected LogotypeReference array size difference %d != %d", - hash_num, uri_num); - return; - } - - for (j = 0; j < hash_num; j++) { - HashAlgAndValue *hash; - ASN1_IA5STRING *uri; - hash = sk_HashAlgAndValue_value(ref->refStructHash, j); - uri = sk_ASN1_IA5STRING_value(ref->refStructURI, j); - add_logo(ctx, hcert, hash, uri); - } -} - - -static void i2r_HashAlgAndValue(HashAlgAndValue *hash, BIO *out, int indent) -{ - int i; - const unsigned char *data; - - BIO_printf(out, "%*shashAlg: ", indent, ""); - i2a_ASN1_OBJECT(out, hash->hashAlg->algorithm); - BIO_printf(out, "\n"); - - BIO_printf(out, "%*shashValue: ", indent, ""); - data = hash->hashValue->data; - for (i = 0; i < hash->hashValue->length; i++) - BIO_printf(out, "%s%02x", i > 0 ? ":" : "", data[i]); - BIO_printf(out, "\n"); -} - -static void i2r_LogotypeDetails(LogotypeDetails *details, BIO *out, int indent) -{ - int i, num; - - BIO_printf(out, "%*sLogotypeDetails\n", indent, ""); - if (details->mediaType) { - BIO_printf(out, "%*smediaType: ", indent, ""); - ASN1_STRING_print(out, details->mediaType); - BIO_printf(out, "\n"); - } - - num = details->logotypeHash ? - sk_HashAlgAndValue_num(details->logotypeHash) : 0; - for (i = 0; i < num; i++) { - HashAlgAndValue *hash; - hash = sk_HashAlgAndValue_value(details->logotypeHash, i); - i2r_HashAlgAndValue(hash, out, indent); - } - - num = details->logotypeURI ? - sk_ASN1_IA5STRING_num(details->logotypeURI) : 0; - for (i = 0; i < num; i++) { - ASN1_IA5STRING *uri; - uri = sk_ASN1_IA5STRING_value(details->logotypeURI, i); - BIO_printf(out, "%*slogotypeURI: ", indent, ""); - ASN1_STRING_print(out, uri); - BIO_printf(out, "\n"); - } -} - -static void i2r_LogotypeImageInfo(LogotypeImageInfo *info, BIO *out, int indent) -{ - long val; - - BIO_printf(out, "%*sLogotypeImageInfo\n", indent, ""); - if (info->type) { - val = ASN1_INTEGER_get(info->type); - BIO_printf(out, "%*stype: %ld\n", indent, "", val); - } else { - BIO_printf(out, "%*stype: default (1)\n", indent, ""); - } - val = ASN1_INTEGER_get(info->fileSize); - BIO_printf(out, "%*sfileSize: %ld\n", indent, "", val); - val = ASN1_INTEGER_get(info->xSize); - BIO_printf(out, "%*sxSize: %ld\n", indent, "", val); - val = ASN1_INTEGER_get(info->ySize); - BIO_printf(out, "%*sySize: %ld\n", indent, "", val); - if (info->resolution) { - BIO_printf(out, "%*sresolution [%d]\n", indent, "", - info->resolution->type); - switch (info->resolution->type) { - case 0: - val = ASN1_INTEGER_get(info->resolution->d.numBits); - BIO_printf(out, "%*snumBits: %ld\n", indent, "", val); - break; - case 1: - val = ASN1_INTEGER_get(info->resolution->d.tableSize); - BIO_printf(out, "%*stableSize: %ld\n", indent, "", val); - break; - } - } - if (info->language) { - BIO_printf(out, "%*slanguage: ", indent, ""); - ASN1_STRING_print(out, info->language); - BIO_printf(out, "\n"); - } -} - -static void i2r_LogotypeImage(LogotypeImage *image, BIO *out, int indent) -{ - BIO_printf(out, "%*sLogotypeImage\n", indent, ""); - if (image->imageDetails) { - i2r_LogotypeDetails(image->imageDetails, out, indent + 4); - } - if (image->imageInfo) { - i2r_LogotypeImageInfo(image->imageInfo, out, indent + 4); - } -} - -static void i2r_LogotypeData(LogotypeData *data, const char *title, BIO *out, - int indent) -{ - int i, num; - - BIO_printf(out, "%*s%s - LogotypeData\n", indent, "", title); - - num = data->image ? sk_LogotypeImage_num(data->image) : 0; - for (i = 0; i < num; i++) { - LogotypeImage *image = sk_LogotypeImage_value(data->image, i); - i2r_LogotypeImage(image, out, indent + 4); - } - - num = data->audio ? sk_LogotypeAudio_num(data->audio) : 0; - for (i = 0; i < num; i++) { - BIO_printf(out, "%*saudio: TODO\n", indent, ""); - } -} - -static void i2r_LogotypeReference(LogotypeReference *ref, const char *title, - BIO *out, int indent) -{ - int i, hash_num, uri_num; - - BIO_printf(out, "%*s%s - LogotypeReference\n", indent, "", title); - - hash_num = ref->refStructHash ? - sk_HashAlgAndValue_num(ref->refStructHash) : 0; - uri_num = ref->refStructURI ? - sk_ASN1_IA5STRING_num(ref->refStructURI) : 0; - if (hash_num != uri_num) { - BIO_printf(out, "%*sUnexpected LogotypeReference array size difference %d != %d\n", - indent, "", hash_num, uri_num); - return; - } - - for (i = 0; i < hash_num; i++) { - HashAlgAndValue *hash; - ASN1_IA5STRING *uri; - - hash = sk_HashAlgAndValue_value(ref->refStructHash, i); - i2r_HashAlgAndValue(hash, out, indent); - - uri = sk_ASN1_IA5STRING_value(ref->refStructURI, i); - BIO_printf(out, "%*srefStructURI: ", indent, ""); - ASN1_STRING_print(out, uri); - BIO_printf(out, "\n"); - } -} - -static void i2r_LogotypeInfo(LogotypeInfo *info, const char *title, BIO *out, - int indent) -{ - switch (info->type) { - case 0: - i2r_LogotypeData(info->d.direct, title, out, indent); - break; - case 1: - i2r_LogotypeReference(info->d.indirect, title, out, indent); - break; - } -} - -static void debug_print_logotypeext(LogotypeExtn *logo) -{ - BIO *out; - int i, num; - int indent = 0; - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (out == NULL) - return; - - if (logo->communityLogos) { - num = sk_LogotypeInfo_num(logo->communityLogos); - for (i = 0; i < num; i++) { - LogotypeInfo *info; - info = sk_LogotypeInfo_value(logo->communityLogos, i); - i2r_LogotypeInfo(info, "communityLogo", out, indent); - } - } - - if (logo->issuerLogo) { - i2r_LogotypeInfo(logo->issuerLogo, "issuerLogo", out, indent ); - } - - if (logo->subjectLogo) { - i2r_LogotypeInfo(logo->subjectLogo, "subjectLogo", out, indent); - } - - if (logo->otherLogos) { - BIO_printf(out, "%*sotherLogos - TODO\n", indent, ""); - } - - BIO_free(out); -} - - -static void add_logotype_ext(struct http_ctx *ctx, struct http_cert *hcert, - X509 *cert) -{ - ASN1_OBJECT *obj; - int pos; - X509_EXTENSION *ext; - ASN1_OCTET_STRING *os; - LogotypeExtn *logo; - const unsigned char *data; - int i, num; - - obj = OBJ_txt2obj("1.3.6.1.5.5.7.1.12", 0); - if (obj == NULL) - return; - - pos = X509_get_ext_by_OBJ(cert, obj, -1); - if (pos < 0) { - wpa_printf(MSG_INFO, "No logotype extension included"); - return; - } - - wpa_printf(MSG_INFO, "Parsing logotype extension"); - ext = X509_get_ext(cert, pos); - if (!ext) { - wpa_printf(MSG_INFO, "Could not get logotype extension"); - return; - } - - os = X509_EXTENSION_get_data(ext); - if (os == NULL) { - wpa_printf(MSG_INFO, "Could not get logotype extension data"); - return; - } - - wpa_hexdump(MSG_DEBUG, "logotypeExtn", - ASN1_STRING_get0_data(os), ASN1_STRING_length(os)); - - data = ASN1_STRING_get0_data(os); - logo = d2i_LogotypeExtn(NULL, &data, ASN1_STRING_length(os)); - if (logo == NULL) { - wpa_printf(MSG_INFO, "Failed to parse logotypeExtn"); - return; - } - - if (wpa_debug_level < MSG_INFO) - debug_print_logotypeext(logo); - - if (!logo->communityLogos) { - wpa_printf(MSG_INFO, "No communityLogos included"); - LogotypeExtn_free(logo); - return; - } - - num = sk_LogotypeInfo_num(logo->communityLogos); - for (i = 0; i < num; i++) { - LogotypeInfo *info; - info = sk_LogotypeInfo_value(logo->communityLogos, i); - switch (info->type) { - case 0: - add_logo_direct(ctx, hcert, info->d.direct); - break; - case 1: - add_logo_indirect(ctx, hcert, info->d.indirect); - break; - } - } - - LogotypeExtn_free(logo); -} - - -static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert, - X509 *cert, GENERAL_NAMES **names) -{ - os_memset(hcert, 0, sizeof(*hcert)); - hcert->url = ctx->url ? ctx->url : ctx->svc_address; - - *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); - if (*names) - add_alt_names(ctx, hcert, *names); - - add_logotype_ext(ctx, hcert, cert); -} - - -static void parse_cert_free(struct http_cert *hcert, GENERAL_NAMES *names) -{ - unsigned int i; - - for (i = 0; i < hcert->num_dnsname; i++) - OPENSSL_free(hcert->dnsname[i]); - os_free(hcert->dnsname); - - for (i = 0; i < hcert->num_othername; i++) - os_free(hcert->othername[i].oid); - os_free(hcert->othername); - - for (i = 0; i < hcert->num_logo; i++) { - os_free(hcert->logo[i].alg_oid); - os_free(hcert->logo[i].hash); - os_free(hcert->logo[i].uri); - } - os_free(hcert->logo); - - sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); -} - - -static int validate_server_cert(struct http_ctx *ctx, X509 *cert) -{ - GENERAL_NAMES *names; - struct http_cert hcert; - int ret; - - if (ctx->cert_cb == NULL) { - wpa_printf(MSG_DEBUG, "%s: no cert_cb configured", __func__); - return 0; - } - - if (0) { - BIO *out; - out = BIO_new_fp(stdout, BIO_NOCLOSE); - X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT); - BIO_free(out); - } - - parse_cert(ctx, &hcert, cert, &names); - ret = ctx->cert_cb(ctx->cert_cb_ctx, &hcert); - parse_cert_free(&hcert, names); - - return ret; -} - - -void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname) -{ - BIO *in, *out; - X509 *cert; - GENERAL_NAMES *names; - struct http_cert hcert; - unsigned int i; - - in = BIO_new_file(fname, "r"); - if (in == NULL) { - wpa_printf(MSG_ERROR, "Could not read '%s'", fname); - return; - } - - cert = d2i_X509_bio(in, NULL); - BIO_free(in); - - if (cert == NULL) { - wpa_printf(MSG_ERROR, "Could not parse certificate"); - return; - } - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (out) { - X509_print_ex(out, cert, XN_FLAG_COMPAT, - X509_FLAG_COMPAT); - BIO_free(out); - } - - wpa_printf(MSG_INFO, "Additional parsing information:"); - parse_cert(ctx, &hcert, cert, &names); - for (i = 0; i < hcert.num_othername; i++) { - if (os_strcmp(hcert.othername[i].oid, - "1.3.6.1.4.1.40808.1.1.1") == 0) { - char *name = os_zalloc(hcert.othername[i].len + 1); - if (name) { - os_memcpy(name, hcert.othername[i].data, - hcert.othername[i].len); - wpa_printf(MSG_INFO, - "id-wfa-hotspot-friendlyName: %s", - name); - os_free(name); - } - wpa_hexdump_ascii(MSG_INFO, - "id-wfa-hotspot-friendlyName", - hcert.othername[i].data, - hcert.othername[i].len); - } else { - wpa_printf(MSG_INFO, "subjAltName[othername]: oid=%s", - hcert.othername[i].oid); - wpa_hexdump_ascii(MSG_INFO, "unknown othername", - hcert.othername[i].data, - hcert.othername[i].len); - } - } - parse_cert_free(&hcert, names); - - X509_free(cert); -} - - static int curl_cb_ssl_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) { struct http_ctx *ctx; @@ -1011,9 +218,6 @@ static int curl_cb_ssl_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) depth, err, err_str, buf); debug_dump_cert("Server certificate chain - certificate", cert); - if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0) - return 0; - #ifdef OPENSSL_IS_BORINGSSL if (depth == 0 && ctx->ocsp != NO_OCSP && preverify_ok) { enum ocsp_result res; @@ -1387,91 +591,6 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, } -static int post_init_client(struct http_ctx *ctx, const char *address, - const char *ca_fname, const char *username, - const char *password, const char *client_cert, - const char *client_key) -{ - char *pos; - int count; - - clone_str(&ctx->svc_address, address); - clone_str(&ctx->svc_ca_fname, ca_fname); - clone_str(&ctx->svc_username, username); - clone_str(&ctx->svc_password, password); - clone_str(&ctx->svc_client_cert, client_cert); - clone_str(&ctx->svc_client_key, client_key); - - /* - * Workaround for Apache "Hostname 'FOO' provided via SNI and hostname - * 'foo' provided via HTTP are different. - */ - for (count = 0, pos = ctx->svc_address; count < 3 && pos && *pos; - pos++) { - if (*pos == '/') - count++; - *pos = tolower(*pos); - } - - ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username, - password, client_cert, client_key); - if (ctx->curl == NULL) - return -1; - - return 0; -} - - -int soap_init_client(struct http_ctx *ctx, const char *address, - const char *ca_fname, const char *username, - const char *password, const char *client_cert, - const char *client_key) -{ - if (post_init_client(ctx, address, ca_fname, username, password, - client_cert, client_key) < 0) - return -1; - - ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, - "Content-Type: application/soap+xml"); - ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "SOAPAction: "); - ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "Expect:"); - curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, ctx->curl_hdr); - - return 0; -} - - -int soap_reinit_client(struct http_ctx *ctx) -{ - char *address = NULL; - char *ca_fname = NULL; - char *username = NULL; - char *password = NULL; - char *client_cert = NULL; - char *client_key = NULL; - int ret; - - clear_curl(ctx); - - clone_str(&address, ctx->svc_address); - clone_str(&ca_fname, ctx->svc_ca_fname); - clone_str(&username, ctx->svc_username); - clone_str(&password, ctx->svc_password); - clone_str(&client_cert, ctx->svc_client_cert); - clone_str(&client_key, ctx->svc_client_key); - - ret = soap_init_client(ctx, address, ca_fname, username, password, - client_cert, client_key); - os_free(address); - os_free(ca_fname); - str_clear_free(username); - str_clear_free(password); - os_free(client_cert); - os_free(client_key); - return ret; -} - - static void free_curl_buf(struct http_ctx *ctx) { os_free(ctx->curl_buf); @@ -1480,73 +599,6 @@ static void free_curl_buf(struct http_ctx *ctx) } -xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node) -{ - char *str; - xml_node_t *envelope, *ret, *resp, *n; - CURLcode res; - long http = 0; - - ctx->last_err = NULL; - - wpa_printf(MSG_DEBUG, "SOAP: Sending message"); - envelope = soap_build_envelope(ctx->xml, node); - str = xml_node_to_str(ctx->xml, envelope); - xml_node_free(ctx->xml, envelope); - wpa_printf(MSG_MSGDUMP, "SOAP[%s]", str); - - curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, str); - free_curl_buf(ctx); - - res = curl_easy_perform(ctx->curl); - if (res != CURLE_OK) { - if (!ctx->last_err) - ctx->last_err = curl_easy_strerror(res); - wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s", - ctx->last_err); - os_free(str); - free_curl_buf(ctx); - return NULL; - } - os_free(str); - - curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &http); - wpa_printf(MSG_DEBUG, "SOAP: Server response code %ld", http); - if (http != 200) { - ctx->last_err = "HTTP download failed"; - wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http); - free_curl_buf(ctx); - return NULL; - } - - if (ctx->curl_buf == NULL) - return NULL; - - wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ctx->curl_buf); - resp = xml_node_from_buf(ctx->xml, ctx->curl_buf); - free_curl_buf(ctx); - if (resp == NULL) { - wpa_printf(MSG_INFO, "Could not parse SOAP response"); - ctx->last_err = "Could not parse SOAP response"; - return NULL; - } - - ret = soap_get_body(ctx->xml, resp); - if (ret == NULL) { - wpa_printf(MSG_INFO, "Could not get SOAP body"); - ctx->last_err = "Could not get SOAP body"; - return NULL; - } - - wpa_printf(MSG_DEBUG, "SOAP body localname: '%s'", - xml_node_get_localname(ctx->xml, ret)); - n = xml_node_copy(ctx->xml, ret); - xml_node_free(ctx->xml, resp); - - return n; -} - - struct http_ctx * http_init_ctx(void *upper_ctx, struct xml_node_ctx *xml_ctx) { struct http_ctx *ctx; @@ -1582,11 +634,6 @@ void http_deinit_ctx(struct http_ctx *ctx) curl_global_cleanup(); os_free(ctx->svc_address); - os_free(ctx->svc_ca_fname); - str_clear_free(ctx->svc_username); - str_clear_free(ctx->svc_password); - os_free(ctx->svc_client_cert); - os_free(ctx->svc_client_key); os_free(ctx); } @@ -1726,15 +773,6 @@ fail: } -void http_set_cert_cb(struct http_ctx *ctx, - int (*cb)(void *ctx, struct http_cert *cert), - void *cb_ctx) -{ - ctx->cert_cb = cb; - ctx->cert_cb_ctx = cb_ctx; -} - - const char * http_get_err(struct http_ctx *ctx) { return ctx->last_err;