Commit 9cb08bd8 authored by Matthew Phillips's avatar Matthew Phillips Committed by ROOL
Browse files

Implement SNI when making secure connections

Change to enable fetcher to connect to make secure connections to servers
which require Server Name Identification (SNI). Also ensures that the name
of the server is verified against the certificate for other secure
connections.

Version 1.04. Tagged as 'HTTP-1_04'
parent 1c9549ea
/* (1.03)
/* (1.04)
*
* This file is automatically maintained by srccommit, do not edit manually.
* Last processed by srccommit version: 1.1.
*
*/
#define Module_MajorVersion_CMHG 1.03
#define Module_MajorVersion_CMHG 1.04
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 06 Apr 2019
#define Module_Date_CMHG 22 Apr 2020
#define Module_MajorVersion "1.03"
#define Module_Version 103
#define Module_MajorVersion "1.04"
#define Module_Version 104
#define Module_MinorVersion ""
#define Module_Date "06 Apr 2019"
#define Module_Date "22 Apr 2020"
#define Module_ApplicationDate "06-Apr-19"
#define Module_ApplicationDate "22-Apr-20"
#define Module_ComponentName "HTTP"
#define Module_ComponentPath "apache/RiscOS/Sources/Networking/Fetchers/HTTP"
#define Module_FullVersion "1.03"
#define Module_HelpVersion "1.03 (06 Apr 2019)"
#define Module_LibraryVersionInfo "1:3"
#define Module_FullVersion "1.04"
#define Module_HelpVersion "1.04 (22 Apr 2020)"
#define Module_LibraryVersionInfo "1:4"
......@@ -26,6 +26,8 @@
#include "inetlib.h"
#include "socklib.h"
#include "Interface/AcornSSL.h"
#include "module.h"
#include "sys/types.h"
#include "sys/socket.h"
......@@ -42,6 +44,7 @@
#include "protocol.h"
#include "generic.h"
#include "connect.h"
#include "security.h"
static int make_sock_nonblocking(Session *ses, int fd)
{
......@@ -140,6 +143,16 @@ int opensock(char *name, int port, char *sername, int *state, int fd, Session *s
protocol_debug(".. result = %d\n", fd);
#endif
if (ses->op == security_get_ssl_vtable()) {
/* For secure connections, need to set the hostname
* so certificate can be verified and to support SNI
*/
#ifdef TRACE
protocol_debug(".. setting host to %s\n", name);
#endif
ses->op->s_setsockopt(fd, SOL_SOCKET, SO_ACORNSSL_HOSTNAME, name, 4);
}
if (can_nonblock) {
if (!make_sock_nonblocking(ses, fd)) can_nonblock=0;
#ifdef TML
......
......@@ -45,6 +45,7 @@ static int sec_getsockopt(int s, int level, int optname,
void *optval, int *optlen);
static int sec_socketwrite(int s, const void *buf, unsigned int len);
static int sec_recv(int s, void *data, size_t size, int flags);
static int sec_setsockopt(int s, int level, int optname, const void *optval, int optlen);
int security_ssl_available(void)
{
......@@ -85,7 +86,8 @@ const sock_vtbl *security_get_ssl_vtable(void)
sec_socketclose,
sec_getsockopt,
sec_socketwrite,
sec_recv
sec_recv,
sec_setsockopt
};
return &vtable;
}
......@@ -100,7 +102,8 @@ const sock_vtbl *security_get_normal_vtable(void)
socketclose,
getsockopt,
socketwrite,
recv
recv,
setsockopt
};
return &vtable;
}
......@@ -156,6 +159,11 @@ static int sec_recv(int s, void *data, size_t size, int flags)
return recv(s, data, size, flags);
}
static int sec_setsockopt(int s, int level, int optname, const void *optval, int optlen)
{
return setsockopt(s, level, optname, optval, optlen);
}
#else
static int sec_socketioctl(int s, unsigned long op, ...)
......@@ -267,4 +275,17 @@ static int sec_recv(int s, void *data, size_t size, int flags)
errno = GETDCI4ERRNO(e->errnum);
return -1;
}
static int sec_setsockopt(int s, int level, int optname, const void *optval, int optlen)
{
_kernel_oserror *e;
int result;
e = _swix(AcornSSL_Setsockopt, _INR(0,4)|_OUT(0),
s, level, optname, optval, optlen,
&result);
if (!e) return result;
errno = GETDCI4ERRNO(e->errnum);
return -1;
}
#endif
......@@ -71,6 +71,7 @@ typedef struct {
int (*s_getsockopt)(int /*s*/, int /*sol*/, int /*var*/, void */*dataout*/, int */*outsize*/);
int (*s_write)(int /*s*/, const void */*data*/, size_t /*len*/);
int (*s_recv)(int /*s*/, void */*data*/, size_t /*size*/, int /*flags*/);
int (*s_setsockopt)(int /*s*/, int /*level*/, int /*optname*/, const void */*optval*/, int /*optlen*/);
} sock_vtbl;
#include <time.h>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment