OSDN Git Service

Add support for retrying file transfer.
[ffftp/ffftp.git] / socketwrapper.c
index edd8418..2f60ac6 100644 (file)
@@ -36,7 +36,7 @@ typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);
 typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);\r
 typedef SSL_SESSION* (__cdecl* _SSL_get_session)(SSL*);\r
 typedef int (__cdecl* _SSL_set_session)(SSL*, SSL_SESSION*);\r
-typedef int (__cdecl* _SSL_CTX_use_certificate)(SSL_CTX*, X509*);\r
+typedef X509_STORE* (__cdecl* _SSL_CTX_get_cert_store)(const SSL_CTX*);\r
 typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();\r
 typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);\r
 typedef int (__cdecl* _BIO_free)(BIO*);\r
@@ -47,6 +47,7 @@ typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long)
 typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);\r
 typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);\r
 typedef X509* (__cdecl* _PEM_read_bio_X509)(BIO*, X509**, pem_password_cb*, void*);\r
+typedef int (__cdecl* _X509_STORE_add_cert)(X509_STORE*, X509*);\r
 \r
 _SSL_load_error_strings p_SSL_load_error_strings;\r
 _SSL_library_init p_SSL_library_init;\r
@@ -68,7 +69,7 @@ _SSL_get_peer_certificate p_SSL_get_peer_certificate;
 _SSL_get_verify_result p_SSL_get_verify_result;\r
 _SSL_get_session p_SSL_get_session;\r
 _SSL_set_session p_SSL_set_session;\r
-_SSL_CTX_use_certificate p_SSL_CTX_use_certificate;\r
+_SSL_CTX_get_cert_store p_SSL_CTX_get_cert_store;\r
 _BIO_s_mem p_BIO_s_mem;\r
 _BIO_new p_BIO_new;\r
 _BIO_free p_BIO_free;\r
@@ -79,6 +80,7 @@ _X509_print_ex p_X509_print_ex;
 _X509_get_subject_name p_X509_get_subject_name;\r
 _X509_NAME_print_ex p_X509_NAME_print_ex;\r
 _PEM_read_bio_X509 p_PEM_read_bio_X509;\r
+_X509_STORE_add_cert p_X509_STORE_add_cert;\r
 \r
 #define MAX_SSL_SOCKET 16\r
 \r
@@ -141,7 +143,7 @@ BOOL LoadOpenSSL()
                || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result"))\r
                || !(p_SSL_get_session = (_SSL_get_session)GetProcAddress(g_hOpenSSL, "SSL_get_session"))\r
                || !(p_SSL_set_session = (_SSL_set_session)GetProcAddress(g_hOpenSSL, "SSL_set_session"))\r
-               || !(p_SSL_CTX_use_certificate = (_SSL_CTX_use_certificate)GetProcAddress(g_hOpenSSL, "SSL_CTX_use_certificate")))\r
+               || !(p_SSL_CTX_get_cert_store = (_SSL_CTX_get_cert_store)GetProcAddress(g_hOpenSSL, "SSL_CTX_get_cert_store")))\r
        {\r
                if(g_hOpenSSL)\r
                        FreeLibrary(g_hOpenSSL);\r
@@ -159,7 +161,8 @@ BOOL LoadOpenSSL()
                || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))\r
                || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))\r
                || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex"))\r
-               || !(p_PEM_read_bio_X509 = (_PEM_read_bio_X509)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509")))\r
+               || !(p_PEM_read_bio_X509 = (_PEM_read_bio_X509)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509"))\r
+               || !(p_X509_STORE_add_cert = (_X509_STORE_add_cert)GetProcAddress(g_hOpenSSLCommon, "X509_STORE_add_cert")))\r
        {\r
                if(g_hOpenSSL)\r
                        FreeLibrary(g_hOpenSSL);\r
@@ -283,7 +286,7 @@ BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted)
                }\r
                p_X509_free(pX509);\r
        }\r
-       if(p_SSL_get_verify_result(pSSL) == X509_V_OK)\r
+       if(pX509 && p_SSL_get_verify_result(pSSL) == X509_V_OK)\r
                bVerified = TRUE;\r
        pCN = pSubject;\r
        while(pCN)\r
@@ -326,9 +329,14 @@ void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)
 }\r
 \r
 // SSLルート証明書を設定\r
-BOOL SetSSLRootCertificate(void* pData, DWORD Length)\r
+// PEM形式のみ指定可能\r
+BOOL SetSSLRootCertificate(const void* pData, DWORD Length)\r
 {\r
        BOOL r;\r
+       X509_STORE* pStore;\r
+       BYTE* p;\r
+       BYTE* pBegin;\r
+       BYTE* pEnd;\r
        BIO* pBIO;\r
        X509* pX509;\r
        if(!g_bOpenSSLLoaded)\r
@@ -339,15 +347,45 @@ BOOL SetSSLRootCertificate(void* pData, DWORD Length)
                g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());\r
        if(g_pOpenSSLCTX)\r
        {\r
-               if(pBIO = p_BIO_new_mem_buf(pData, Length))\r
+               if(pStore = p_SSL_CTX_get_cert_store(g_pOpenSSLCTX))\r
                {\r
-                       if(pX509 = p_PEM_read_bio_X509(pBIO, NULL, NULL, NULL))\r
+                       p = (BYTE*)pData;\r
+                       pBegin = NULL;\r
+                       pEnd = NULL;\r
+                       while(Length > 0)\r
                        {\r
-                               if(p_SSL_CTX_use_certificate(g_pOpenSSLCTX, pX509) == 1)\r
-                                       r = TRUE;\r
-                               p_X509_free(pX509);\r
+                               if(!pBegin)\r
+                               {\r
+                                       if(Length < 27)\r
+                                               break;\r
+                                       if(memcmp(p, "-----BEGIN CERTIFICATE-----", 27) == 0)\r
+                                               pBegin = p;\r
+                               }\r
+                               else if(!pEnd)\r
+                               {\r
+                                       if(Length < 25)\r
+                                               break;\r
+                                       if(memcmp(p, "-----END CERTIFICATE-----", 25) == 0)\r
+                                               pEnd = p + 25;\r
+                               }\r
+                               if(pBegin && pEnd)\r
+                               {\r
+                                       if(pBIO = p_BIO_new_mem_buf(pBegin, (int)((size_t)pEnd - (size_t)pBegin)))\r
+                                       {\r
+                                               if(pX509 = p_PEM_read_bio_X509(pBIO, NULL, NULL, NULL))\r
+                                               {\r
+                                                       if(p_X509_STORE_add_cert(pStore, pX509) == 1)\r
+                                                               r = TRUE;\r
+                                                       p_X509_free(pX509);\r
+                                               }\r
+                                               p_BIO_free(pBIO);\r
+                                       }\r
+                                       pBegin = NULL;\r
+                                       pEnd = NULL;\r
+                               }\r
+                               p++;\r
+                               Length--;\r
                        }\r
-                       p_BIO_free(pBIO);\r
                }\r
        }\r
        LeaveCriticalSection(&g_OpenSSLLock);\r