reactos/wine
1
0
Fork 0
mirror of https://github.com/reactos/wine.git synced 2025-02-01 09:42:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

wininet: Set callback to verify hostname with peer's certificate.

Browse Source
This commit is contained in:
Juan Lang 2009-12-13 15:42:29 -08:00 committed by Alexandre Julliard
parent 880133d248
commit 6217326a09
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
dlls/wininet/netconnection.c
View File

@ -132,12 +132,16 @@ MAKE_FUNCPTR(SSL_write);
MAKE_FUNCPTR(SSL_read);
MAKE_FUNCPTR(SSL_pending);
MAKE_FUNCPTR(SSL_get_ex_new_index);
MAKE_FUNCPTR(SSL_get_ex_data);
MAKE_FUNCPTR(SSL_set_ex_data);
MAKE_FUNCPTR(SSL_get_ex_data_X509_STORE_CTX_idx);
MAKE_FUNCPTR(SSL_get_verify_result);
MAKE_FUNCPTR(SSL_get_peer_certificate);
MAKE_FUNCPTR(SSL_CTX_get_timeout);
MAKE_FUNCPTR(SSL_CTX_set_timeout);
MAKE_FUNCPTR(SSL_CTX_set_default_verify_paths);
MAKE_FUNCPTR(SSL_CTX_set_verify);
MAKE_FUNCPTR(X509_STORE_CTX_get_ex_data);
/* OpenSSL's libcrypto functions that we use */
MAKE_FUNCPTR(BIO_new_fp);
@ -165,6 +169,18 @@ static void ssl_lock_callback(int mode, int type, const char *file, int line)
LeaveCriticalSection(&ssl_locks[type]);
}
static int netconn_secure_verify(int preverify_ok, X509_STORE_CTX *ctx)
{
SSL *ssl;
WCHAR *server;
ssl = pX509_STORE_CTX_get_ex_data(ctx,
pSSL_get_ex_data_X509_STORE_CTX_idx());
server = pSSL_get_ex_data(ssl, hostname_idx);
FIXME("verify %s\n", debugstr_w(server));
return preverify_ok;
}
#endif
DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
@ -224,12 +240,16 @@ DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
DYNSSL(SSL_read);
DYNSSL(SSL_pending);
DYNSSL(SSL_get_ex_new_index);
DYNSSL(SSL_get_ex_data);
DYNSSL(SSL_set_ex_data);
DYNSSL(SSL_get_ex_data_X509_STORE_CTX_idx);
DYNSSL(SSL_get_verify_result);
DYNSSL(SSL_get_peer_certificate);
DYNSSL(SSL_CTX_get_timeout);
DYNSSL(SSL_CTX_set_timeout);
DYNSSL(SSL_CTX_set_default_verify_paths);
DYNSSL(SSL_CTX_set_verify);
DYNSSL(X509_STORE_CTX_get_ex_data);
#undef DYNSSL
#define DYNCRYPTO(x) \
@ -265,6 +285,14 @@ DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
}
hostname_idx = pSSL_get_ex_new_index(0, (void *)"hostname index",
NULL, NULL, NULL);
if (hostname_idx == -1)
{
ERR("SSL_get_ex_new_index failed; %s\n",
pERR_error_string(pERR_get_error(), 0));
LeaveCriticalSection(&init_ssl_cs);
return ERROR_OUTOFMEMORY;
}
pSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, netconn_secure_verify);
pCRYPTO_set_id_callback(ssl_thread_id);
ssl_locks = HeapAlloc(GetProcessHeap(), 0,