typedef int (__cdecl* _SSL_peek)(SSL*, void*, int);\r
typedef int (__cdecl* _SSL_read)(SSL*, void*, int);\r
typedef int (__cdecl* _SSL_get_error)(SSL*, int);\r
+typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);\r
+typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);\r
+typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();\r
+typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);\r
+typedef int (__cdecl* _BIO_free)(BIO*);\r
+typedef long (__cdecl* _BIO_ctrl)(BIO*, int, long, void*);\r
+typedef void (__cdecl* _X509_free)(X509*);\r
+typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long);\r
+typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);\r
+typedef X509_NAME* (__cdecl* _X509_get_issuer_name)(X509*);\r
+typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);\r
\r
-_SSL_load_error_strings pSSL_load_error_strings;\r
-_SSL_library_init pSSL_library_init;\r
-_SSLv23_method pSSLv23_method;\r
-_SSL_CTX_new pSSL_CTX_new;\r
-_SSL_CTX_free pSSL_CTX_free;\r
-_SSL_new pSSL_new;\r
-_SSL_free pSSL_free;\r
-_SSL_shutdown pSSL_shutdown;\r
-_SSL_get_fd pSSL_get_fd;\r
-_SSL_set_fd pSSL_set_fd;\r
-_SSL_accept pSSL_accept;\r
-_SSL_connect pSSL_connect;\r
-_SSL_write pSSL_write;\r
-_SSL_peek pSSL_peek;\r
-_SSL_read pSSL_read;\r
-_SSL_get_error pSSL_get_error;\r
+_SSL_load_error_strings p_SSL_load_error_strings;\r
+_SSL_library_init p_SSL_library_init;\r
+_SSLv23_method p_SSLv23_method;\r
+_SSL_CTX_new p_SSL_CTX_new;\r
+_SSL_CTX_free p_SSL_CTX_free;\r
+_SSL_new p_SSL_new;\r
+_SSL_free p_SSL_free;\r
+_SSL_shutdown p_SSL_shutdown;\r
+_SSL_get_fd p_SSL_get_fd;\r
+_SSL_set_fd p_SSL_set_fd;\r
+_SSL_accept p_SSL_accept;\r
+_SSL_connect p_SSL_connect;\r
+_SSL_write p_SSL_write;\r
+_SSL_peek p_SSL_peek;\r
+_SSL_read p_SSL_read;\r
+_SSL_get_error p_SSL_get_error;\r
+_SSL_get_peer_certificate p_SSL_get_peer_certificate;\r
+_SSL_get_verify_result p_SSL_get_verify_result;\r
+_BIO_s_mem p_BIO_s_mem;\r
+_BIO_new p_BIO_new;\r
+_BIO_free p_BIO_free;\r
+_BIO_ctrl p_BIO_ctrl;\r
+_X509_free p_X509_free;\r
+_X509_print_ex p_X509_print_ex;\r
+_X509_get_subject_name p_X509_get_subject_name;\r
+_X509_get_issuer_name p_X509_get_issuer_name;\r
+_X509_NAME_print_ex p_X509_NAME_print_ex;\r
\r
#define MAX_SSL_SOCKET 64\r
\r
BOOL g_bOpenSSLLoaded;\r
HMODULE g_hOpenSSL;\r
+HMODULE g_hOpenSSLCommon;\r
CRITICAL_SECTION g_OpenSSLLock;\r
DWORD g_OpenSSLTimeout;\r
LPSSLTIMEOUTCALLBACK g_pOpenSSLTimeoutCallback;\r
+LPSSLCONFIRMCALLBACK g_pOpenSSLConfirmCallback;\r
SSL_CTX* g_pOpenSSLCTX;\r
SSL* g_pOpenSSLHandle[MAX_SSL_SOCKET];\r
\r
return FALSE;\r
}\r
\r
+BOOL __stdcall DefaultSSLConfirmCallback(BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)\r
+{\r
+ return bVerified;\r
+}\r
+\r
BOOL LoadOpenSSL()\r
{\r
if(g_bOpenSSLLoaded)\r
if(!g_hOpenSSL)\r
g_hOpenSSL = LoadLibrary("libssl32.dll");\r
if(!g_hOpenSSL\r
- || !(pSSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))\r
- || !(pSSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))\r
- || !(pSSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))\r
- || !(pSSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))\r
- || !(pSSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))\r
- || !(pSSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))\r
- || !(pSSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))\r
- || !(pSSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))\r
- || !(pSSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))\r
- || !(pSSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))\r
- || !(pSSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))\r
- || !(pSSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))\r
- || !(pSSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))\r
- || !(pSSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))\r
- || !(pSSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))\r
- || !(pSSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error")))\r
+ || !(p_SSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))\r
+ || !(p_SSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))\r
+ || !(p_SSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))\r
+ || !(p_SSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))\r
+ || !(p_SSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))\r
+ || !(p_SSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))\r
+ || !(p_SSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))\r
+ || !(p_SSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))\r
+ || !(p_SSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))\r
+ || !(p_SSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))\r
+ || !(p_SSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))\r
+ || !(p_SSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))\r
+ || !(p_SSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))\r
+ || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))\r
+ || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))\r
+ || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error"))\r
+ || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate"))\r
+ || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result")))\r
+ {\r
+ if(g_hOpenSSL)\r
+ FreeLibrary(g_hOpenSSL);\r
+ g_hOpenSSL = NULL;\r
+ return FALSE;\r
+ }\r
+ g_hOpenSSLCommon = LoadLibrary("libeay32.dll");\r
+ if(!g_hOpenSSLCommon\r
+ || !(p_BIO_s_mem = (_BIO_s_mem)GetProcAddress(g_hOpenSSLCommon, "BIO_s_mem"))\r
+ || !(p_BIO_new = (_BIO_new)GetProcAddress(g_hOpenSSLCommon, "BIO_new"))\r
+ || !(p_BIO_free = (_BIO_free)GetProcAddress(g_hOpenSSLCommon, "BIO_free"))\r
+ || !(p_BIO_ctrl = (_BIO_ctrl)GetProcAddress(g_hOpenSSLCommon, "BIO_ctrl"))\r
+ || !(p_X509_free = (_X509_free)GetProcAddress(g_hOpenSSLCommon, "X509_free"))\r
+ || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))\r
+ || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))\r
+ || !(p_X509_get_issuer_name = (_X509_get_issuer_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_issuer_name"))\r
+ || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex")))\r
{\r
if(g_hOpenSSL)\r
FreeLibrary(g_hOpenSSL);\r
g_hOpenSSL = NULL;\r
+ if(g_hOpenSSLCommon)\r
+ FreeLibrary(g_hOpenSSLCommon);\r
+ g_hOpenSSLCommon = NULL;\r
return FALSE;\r
}\r
InitializeCriticalSection(&g_OpenSSLLock);\r
- pSSL_load_error_strings();\r
- pSSL_library_init();\r
+ p_SSL_load_error_strings();\r
+ p_SSL_library_init();\r
SetSSLTimeoutCallback(60000, DefaultSSLTimeoutCallback);\r
+ SetSSLConfirmCallback(DefaultSSLConfirmCallback);\r
g_bOpenSSLLoaded = TRUE;\r
return TRUE;\r
}\r
{\r
if(g_pOpenSSLHandle[i])\r
{\r
- pSSL_shutdown(g_pOpenSSLHandle[i]);\r
- pSSL_free(g_pOpenSSLHandle[i]);\r
+ p_SSL_shutdown(g_pOpenSSLHandle[i]);\r
+ p_SSL_free(g_pOpenSSLHandle[i]);\r
g_pOpenSSLHandle[i] = NULL;\r
}\r
}\r
if(g_pOpenSSLCTX)\r
- pSSL_CTX_free(g_pOpenSSLCTX);\r
+ p_SSL_CTX_free(g_pOpenSSLCTX);\r
g_pOpenSSLCTX = NULL;\r
FreeLibrary(g_hOpenSSL);\r
g_hOpenSSL = NULL;\r
+ FreeLibrary(g_hOpenSSLCommon);\r
+ g_hOpenSSLCommon = NULL;\r
LeaveCriticalSection(&g_OpenSSLLock);\r
DeleteCriticalSection(&g_OpenSSLLock);\r
g_bOpenSSLLoaded = FALSE;\r
{\r
if(g_pOpenSSLHandle[i])\r
{\r
- if(pSSL_get_fd(g_pOpenSSLHandle[i]) == s)\r
+ if(p_SSL_get_fd(g_pOpenSSLHandle[i]) == s)\r
return &g_pOpenSSLHandle[i];\r
}\r
}\r
return NULL;\r
}\r
\r
+BOOL ConfirmSSLCertificate(SSL* pSSL)\r
+{\r
+ BOOL bResult;\r
+ BOOL bVerified;\r
+ char* pData;\r
+ char* pSubject;\r
+ X509* pX509;\r
+ BIO* pBIO;\r
+ long Length;\r
+ char* pBuffer;\r
+ char* pCN;\r
+ char* p;\r
+ bResult = FALSE;\r
+ bVerified = FALSE;\r
+ pData = NULL;\r
+ pSubject = NULL;\r
+ if(pX509 = p_SSL_get_peer_certificate(pSSL))\r
+ {\r
+ if(pBIO = p_BIO_new(p_BIO_s_mem()))\r
+ {\r
+ p_X509_print_ex(pBIO, pX509, 0, XN_FLAG_RFC2253);\r
+ if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)\r
+ {\r
+ if(pData = (char*)malloc(Length + sizeof(char)))\r
+ {\r
+ memcpy(pData, pBuffer, Length);\r
+ *(char*)((size_t)pData + Length) = '\0';\r
+ }\r
+ }\r
+ p_BIO_free(pBIO);\r
+ }\r
+ if(pBIO = p_BIO_new(p_BIO_s_mem()))\r
+ {\r
+ p_X509_NAME_print_ex(pBIO, p_X509_get_subject_name(pX509), 0, XN_FLAG_RFC2253);\r
+ if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)\r
+ {\r
+ if(pSubject = (char*)malloc(Length + sizeof(char)))\r
+ {\r
+ memcpy(pSubject, pBuffer, Length);\r
+ *(char*)((size_t)pSubject + Length) = '\0';\r
+ }\r
+ }\r
+ p_BIO_free(pBIO);\r
+ }\r
+ p_X509_free(pX509);\r
+ }\r
+ if(p_SSL_get_verify_result(pSSL) == X509_V_OK)\r
+ bVerified = TRUE;\r
+ pCN = pSubject;\r
+ while(pCN)\r
+ {\r
+ if(strncmp(pCN, "CN=", strlen("CN=")) == 0)\r
+ {\r
+ pCN += strlen("CN=");\r
+ if(p = strchr(pCN, ','))\r
+ *p = '\0';\r
+ break;\r
+ }\r
+ if(pCN = strchr(pCN, ','))\r
+ pCN++;\r
+ }\r
+ bResult = g_pOpenSSLConfirmCallback(bVerified, pData, pCN);\r
+ if(pData)\r
+ free(pData);\r
+ if(pSubject)\r
+ free(pSubject);\r
+ return bResult;\r
+}\r
+\r
void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)\r
{\r
if(!g_bOpenSSLLoaded)\r
LeaveCriticalSection(&g_OpenSSLLock);\r
}\r
\r
+void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)\r
+{\r
+ if(!g_bOpenSSLLoaded)\r
+ return;\r
+ EnterCriticalSection(&g_OpenSSLLock);\r
+ g_pOpenSSLConfirmCallback = pCallback;\r
+ LeaveCriticalSection(&g_OpenSSLLock);\r
+}\r
+\r
+BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName)\r
+{\r
+ BOOL bResult;\r
+ char* pAsterisk;\r
+ bResult = FALSE;\r
+ if(HostName && CommonName)\r
+ {\r
+ if(pAsterisk = strchr(CommonName, '*'))\r
+ {\r
+ if(_strnicmp(HostName, CommonName, ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char)) == 0)\r
+ {\r
+ while(*pAsterisk == '*')\r
+ {\r
+ pAsterisk++;\r
+ }\r
+ if(_stricmp(HostName + strlen(HostName) - strlen(pAsterisk), pAsterisk) == 0)\r
+ bResult = TRUE;\r
+ }\r
+ }\r
+ else if(_stricmp(HostName, CommonName) == 0)\r
+ bResult = TRUE;\r
+ }\r
+ return bResult;\r
+}\r
+\r
BOOL AttachSSL(SOCKET s)\r
{\r
BOOL r;\r
Time = timeGetTime();\r
EnterCriticalSection(&g_OpenSSLLock);\r
if(!g_pOpenSSLCTX)\r
- g_pOpenSSLCTX = pSSL_CTX_new(pSSLv23_method());\r
+ g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());\r
if(g_pOpenSSLCTX)\r
{\r
if(ppSSL = GetUnusedSSLPointer())\r
{\r
- if(*ppSSL = pSSL_new(g_pOpenSSLCTX))\r
+ if(*ppSSL = p_SSL_new(g_pOpenSSLCTX))\r
{\r
- if(pSSL_set_fd(*ppSSL, s) != 0)\r
+ if(p_SSL_set_fd(*ppSSL, s) != 0)\r
{\r
r = TRUE;\r
// SSLのネゴシエーションには時間がかかる場合がある\r
- while(pSSL_connect(*ppSSL) != 1)\r
+ while(p_SSL_connect(*ppSSL) != 1)\r
{\r
LeaveCriticalSection(&g_OpenSSLLock);\r
if(g_pOpenSSLTimeoutCallback() || (g_OpenSSLTimeout > 0 && timeGetTime() - Time >= g_OpenSSLTimeout))\r
DetachSSL(s);\r
EnterCriticalSection(&g_OpenSSLLock);\r
}\r
+ if(ConfirmSSLCertificate(*ppSSL))\r
+ {\r
+ }\r
+ else\r
+ {\r
+ DetachSSL(s);\r
+ r = FALSE;\r
+ }\r
}\r
}\r
}\r
EnterCriticalSection(&g_OpenSSLLock);\r
if(ppSSL = FindSSLPointerFromSocket(s))\r
{\r
- pSSL_shutdown(*ppSSL);\r
- pSSL_free(*ppSSL);\r
+ p_SSL_shutdown(*ppSSL);\r
+ p_SSL_free(*ppSSL);\r
*ppSSL = NULL;\r
r = TRUE;\r
}\r
LeaveCriticalSection(&g_OpenSSLLock);\r
if(!ppSSL)\r
return send(s, buf, len, flags);\r
- return pSSL_write(*ppSSL, buf, len);\r
+ return p_SSL_write(*ppSSL, buf, len);\r
}\r
\r
int recvS(SOCKET s, char * buf, int len, int flags)\r
if(!ppSSL)\r
return recv(s, buf, len, flags);\r
if(flags & MSG_PEEK)\r
- return pSSL_peek(*ppSSL, buf, len);\r
- return pSSL_read(*ppSSL, buf, len);\r
+ return p_SSL_peek(*ppSSL, buf, len);\r
+ return p_SSL_read(*ppSSL, buf, len);\r
}\r
\r