OSDN Git Service

Add dialog to confirm certificate for SSL (experimental).
authors_kawamoto <s_kawamoto@users.sourceforge.jp>
Fri, 14 Oct 2011 14:02:53 +0000 (23:02 +0900)
committers_kawamoto <s_kawamoto@users.sourceforge.jp>
Fri, 14 Oct 2011 14:02:53 +0000 (23:02 +0900)
Prepare member variables for IPv6.

14 files changed:
FFFTP_Eng_Release/FFFTP.exe
Release/FFFTP.exe
common.h
connect.c
history.c
hostman.c
main.c
mesg-eng.h
mesg-eng.old.h
mesg-jpn.h
mesg-jpn.old.h
registory.c
socketwrapper.c
socketwrapper.h

index 2172f19..9cafb4d 100644 (file)
Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
index 561b5c8..fe228e4 100644 (file)
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
index e477ee0..3757345 100644 (file)
--- a/common.h
+++ b/common.h
@@ -875,6 +875,9 @@ LIST_UNIX_70
 #define FEATURE_UTF8           0x00000001\r
 // MLSD対応\r
 #define FEATURE_MLSD           0x00000002\r
+// IPv6対応\r
+#define FEATURE_EPRT           0x00000004\r
+#define FEATURE_EPSV           0x00000008\r
 \r
 \r
 /*=================================================\r
@@ -931,6 +934,8 @@ typedef struct {
        int Feature;                                            /* 利用可能な機能のフラグ (FEATURE_xxx) */\r
        // MLSD対応\r
        int UseMLSD;                                            /* "MLSD"コマンドを使用する */\r
+       // IPv6対応\r
+       int UseIPv6;                                            /* IPv6接続を許可しEPRT/EPSVコマンドを使用する */\r
 } HOSTDATA;\r
 \r
 \r
@@ -985,6 +990,8 @@ typedef struct historydata {
        int MaxThreadCount;                                     /* 同時接続数 */\r
        // MLSD対応\r
        int UseMLSD;                                            /* "MLSD"コマンドを使用する */\r
+       // IPv6対応\r
+       int UseIPv6;                                            /* IPv6接続を許可しEPRT/EPSVコマンドを使用する */\r
        struct historydata *Next;\r
 } HISTORYDATA;\r
 \r
@@ -1219,6 +1226,7 @@ void ResetAutoExitFlg(void);
 int AskAutoExit(void);\r
 // 暗号化通信対応\r
 BOOL __stdcall SSLTimeoutCallback();\r
+BOOL __stdcall SSLConfirmCallback(BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName);\r
 \r
 /*===== filelist.c =====*/\r
 \r
@@ -1402,6 +1410,8 @@ int AskMaxThreadCount(void);
 int AskHostFeature(void);\r
 // MLSD対応\r
 int AskUseMLSD(void);\r
+// IPv6対応\r
+int AskUseIPv6(void);\r
 \r
 /*===== cache.c =====*/\r
 \r
index af55002..27ff2b8 100644 (file)
--- a/connect.c
+++ b/connect.c
@@ -1542,6 +1542,9 @@ static SOCKET DoConnectCrypt(int CryptMode, HOSTDATA* HostData, char *Host, char
                                // MLST対応\r
                                if(strstr(Reply, " MLST ") || strstr(Reply, " MLSD "))\r
                                        HostData->Feature |= FEATURE_MLSD;\r
+                               // IPv6対応\r
+                               if(strstr(Reply, " EPRT ") || strstr(Reply, " EPSV "))\r
+                                       HostData->Feature |= FEATURE_EPRT | FEATURE_EPSV;\r
                        }\r
                        // UTF-8対応\r
                        if(HostData->NameKanjiCode == KANJI_AUTO && (HostData->Feature & FEATURE_UTF8))\r
@@ -2366,3 +2369,9 @@ int AskUseMLSD(void)
        return(CurHost.UseMLSD);\r
 }\r
 \r
+// IPv6対応\r
+int AskUseIPv6(void)\r
+{\r
+       return(CurHost.UseIPv6);\r
+}\r
+\r
index 9e1e464..1ccde87 100644 (file)
--- a/history.c
+++ b/history.c
@@ -231,6 +231,8 @@ static void CopyHostToHistory(HOSTDATA *Host, HISTORYDATA *New)
        New->MaxThreadCount = Host->MaxThreadCount;\r
        // MLSD対応\r
        New->UseMLSD = Host->UseMLSD;\r
+       // IPv6対応\r
+       New->UseIPv6 = Host->UseIPv6;\r
        return;\r
 }\r
 \r
@@ -288,6 +290,8 @@ void CopyHistoryToHost(HISTORYDATA *Hist, HOSTDATA *Host)
        Host->MaxThreadCount = Hist->MaxThreadCount;\r
        // MLSD対応\r
        Host->UseMLSD = Hist->UseMLSD;\r
+       // IPv6対応\r
+       Host->UseIPv6 = Hist->UseIPv6;\r
        return;\r
 }\r
 \r
index 02a6fc9..9114d4d 100644 (file)
--- a/hostman.c
+++ b/hostman.c
@@ -1037,6 +1037,8 @@ int CopyHostFromListInConnect(int Num, HOSTDATA *Set)
                Set->MaxThreadCount = Pos->Set.MaxThreadCount;\r
                // MLSD対応\r
                Set->UseMLSD = Pos->Set.UseMLSD;\r
+               // IPv6対応\r
+               Set->UseIPv6 = Pos->Set.UseIPv6;\r
                Sts = FFFTP_SUCCESS;\r
        }\r
        return(Sts);\r
@@ -1321,6 +1323,8 @@ void CopyDefaultHost(HOSTDATA *Set)
        // MLSD対応\r
        Set->Feature = 0;\r
        Set->UseMLSD = YES;\r
+       // IPv6対応\r
+       Set->UseIPv6 = YES;\r
        return;\r
 }\r
 \r
diff --git a/main.c b/main.c
index dc72034..19a6332 100644 (file)
--- a/main.c
+++ b/main.c
@@ -458,6 +458,7 @@ static int InitApp(LPSTR lpszCmdLine, int cmdShow)
 \r
                        // 暗号化通信対応\r
                        SetSSLTimeoutCallback(TimeOut * 1000, SSLTimeoutCallback);\r
+                       SetSSLConfirmCallback(SSLConfirmCallback);\r
 \r
                        LoadJre();\r
                        if(NoRasControl == NO)\r
@@ -2824,3 +2825,19 @@ BOOL __stdcall SSLTimeoutCallback()
        return FALSE;\r
 }\r
 \r
+BOOL __stdcall SSLConfirmCallback(BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)\r
+{\r
+       BOOL bResult;\r
+       char* pm0;\r
+       bResult = FALSE;\r
+       pm0 = NULL;\r
+       if(pm0 = AllocateStringM(strlen(Certificate) + 1024))\r
+       {\r
+               sprintf(pm0, MSGJPN326, IsHostNameMatched(AskHostAdrs(), CommonName) ? MSGJPN327 : MSGJPN328, bVerified ? MSGJPN327 : MSGJPN328, Certificate);\r
+               if(MessageBox(GetMainHwnd(), pm0, "FFFTP", MB_YESNO) == IDYES)\r
+                       bResult = TRUE;\r
+       }\r
+       FreeDuplicatedString(pm0);\r
+       return bResult;\r
+}\r
+\r
index ff0fa7d..5c19de7 100644 (file)
 #define MSGJPN323              "Failed to unload untrustworthy DLLs."\r
 #define MSGJPN324              "Failed to hook required functions to protect the process."\r
 #define MSGJPN325              "New master passwords are not identical."\r
+#define MSGJPN326              "Choose 'Yes' if you trust this certificate and continue.\r\nCN is identical: %s\r\nVerified successfully: %s\r\n\r\n%s"\r
+#define MSGJPN327              "Yes"\r
+#define MSGJPN328              "No"\r
index 0cf2b2e..9a47091 100644 (file)
 #define MSGJPN323              "Failed to unload untrustworthy DLLs."\r
 #define MSGJPN324              "Failed to hook required functions to protect the process."\r
 #define MSGJPN325              "New master passwords are not identical."\r
+#define MSGJPN326              "Choose 'Yes' if you trust this certificate and continue.\r\nCN is identical: %s\r\nVerified successfully: %s\r\n\r\n%s"\r
+#define MSGJPN327              "Yes"\r
+#define MSGJPN328              "No"\r
index 53be6c7..979bcb0 100644 (file)
 #define MSGJPN323              "\xE4\xBF\xA1\xE9\xA0\xBC\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xAA\xE3\x81\x84\x44LL\xE3\x82\x92\xE3\x82\xA2\xE3\x83\xB3\xE3\x83\xAD\xE3\x83\xBC\xE3\x83\x89\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F."\r
 #define MSGJPN324              "\xE3\x83\x97\xE3\x83\xAD\xE3\x82\xBB\xE3\x82\xB9\xE3\x81\xAE\xE4\xBF\x9D\xE8\xAD\xB7\xE3\x81\xAB\xE5\xBF\x85\xE8\xA6\x81\xE3\x81\xAA\xE9\x96\xA2\xE6\x95\xB0\xE3\x82\x92\xE3\x83\x95\xE3\x83\x83\xE3\x82\xAF\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F."\r
 #define MSGJPN325              "\xE6\x96\xB0\xE3\x81\x97\xE3\x81\x84\xE3\x83\x9E\xE3\x82\xB9\xE3\x82\xBF\xE3\x83\xBC\xE3\x83\x91\xE3\x82\xB9\xE3\x83\xAF\xE3\x83\xBC\xE3\x83\x89\xE3\x81\x8C\xE4\xB8\x80\xE8\x87\xB4\xE3\x81\x97\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93."\r
+#define MSGJPN326              "\xE3\x81\x93\xE3\x81\xAE\xE8\xA8\xBC\xE6\x98\x8E\xE6\x9B\xB8\xE3\x82\x92\xE4\xBF\xA1\xE9\xA0\xBC\xE3\x81\x97,\xE9\x80\x9A\xE4\xBF\xA1\xE3\x82\x92\xE7\xB6\x9A\xE8\xA1\x8C\xE3\x81\x99\xE3\x82\x8B\xE3\x81\xAB\xE3\x81\xAF\xE3\x80\x8C\xE3\x81\xAF\xE3\x81\x84\xE3\x80\x8D\xE3\x82\x92\xE9\x81\xB8\xE6\x8A\x9E\xE3\x81\x97\xE3\x81\xA6\xE3\x81\x8F\xE3\x81\xA0\xE3\x81\x95\xE3\x81\x84.\r\nCN\xE3\x81\xAE\xE4\xB8\x80\xE8\x87\xB4: %s\r\n\xE6\xA4\x9C\xE8\xA8\xBC\xE3\x81\xAB\xE6\x88\x90\xE5\x8A\x9F: %s\r\n\r\n%s"\r
+#define MSGJPN327              "\xE3\x81\xAF\xE3\x81\x84"\r
+#define MSGJPN328              "\xE3\x81\x84\xE3\x81\x84\xE3\x81\x88"\r
index e3643b8..c65ec2a 100644 (file)
 #define MSGJPN323              "\90M\97\8a\82Å\82«\82È\82¢DLL\82ð\83A\83\93\83\8d\81[\83h\82Å\82«\82Ü\82¹\82ñ\82Å\82µ\82½."\r
 #define MSGJPN324              "\83v\83\8d\83Z\83X\82Ì\95Û\8cì\82É\95K\97v\82È\8aÖ\90\94\82ð\83t\83b\83N\82Å\82«\82Ü\82¹\82ñ\82Å\82µ\82½."\r
 #define MSGJPN325              "\90V\82µ\82¢\83}\83X\83^\81[\83p\83X\83\8f\81[\83h\82ª\88ê\92v\82µ\82Ü\82¹\82ñ."\r
+#define MSGJPN326              "\82±\82Ì\8fØ\96¾\8f\91\82ð\90M\97\8a\82µ,\92Ê\90M\82ð\91±\8ds\82·\82é\82É\82Í\81u\82Í\82¢\81v\82ð\91I\91ð\82µ\82Ä\82­\82¾\82³\82¢.\r\nCN\82Ì\88ê\92v: %s\r\n\8c\9f\8fØ\82É\90¬\8c÷: %s\r\n\r\n%s"\r
+#define MSGJPN327              "\82Í\82¢"\r
+#define MSGJPN328              "\82¢\82¢\82¦"\r
index 2635ed5..bdab8a2 100644 (file)
@@ -470,6 +470,8 @@ void SaveRegistory(void)
                                                        SaveIntNum(hKey5, "ThreadCount", Hist.MaxThreadCount, DefaultHist.MaxThreadCount);\r
                                                        // MLSD対応\r
                                                        SaveIntNum(hKey5, "MLSD", Hist.UseMLSD, DefaultHist.UseMLSD);\r
+                                                       // IPv6対応\r
+                                                       SaveIntNum(hKey5, "IPv6", Hist.UseIPv6, DefaultHist.UseIPv6);\r
 \r
                                                        CloseSubKey(hKey5);\r
                                                        n++;\r
@@ -546,6 +548,8 @@ void SaveRegistory(void)
                                                        SaveIntNum(hKey5, "ThreadCount", Host.MaxThreadCount, DefaultHost.MaxThreadCount);\r
                                                        // MLSD対応\r
                                                        SaveIntNum(hKey5, "MLSD", Host.UseMLSD, DefaultHost.UseMLSD);\r
+                                                       // IPv6対応\r
+                                                       SaveIntNum(hKey5, "IPv6", Host.UseIPv6, DefaultHost.UseIPv6);\r
                                                }\r
                                                CloseSubKey(hKey5);\r
                                        }\r
@@ -804,6 +808,8 @@ int LoadRegistory(void)
                                        ReadIntValueFromReg(hKey5, "ThreadCount", &Hist.MaxThreadCount);\r
                                        // MLSD対応\r
                                        ReadIntValueFromReg(hKey5, "MLSD", &Hist.UseMLSD);\r
+                                       // IPv6対応\r
+                                       ReadIntValueFromReg(hKey5, "IPv6", &Hist.UseIPv6);\r
 \r
                                        CloseSubKey(hKey5);\r
                                        AddHistoryToHistory(&Hist);\r
@@ -882,6 +888,8 @@ int LoadRegistory(void)
                                        ReadIntValueFromReg(hKey5, "ThreadCount", &Host.MaxThreadCount);\r
                                        // MLSD対応\r
                                        ReadIntValueFromReg(hKey5, "MLSD", &Host.UseMLSD);\r
+                                       // IPv6対応\r
+                                       ReadIntValueFromReg(hKey5, "IPv6", &Host.UseIPv6);\r
 \r
                                        CloseSubKey(hKey5);\r
 \r
index 54209e0..48ebfcf 100644 (file)
@@ -28,31 +28,55 @@ typedef int (__cdecl* _SSL_write)(SSL*, const void*, int);
 typedef int (__cdecl* _SSL_peek)(SSL*, void*, int);\r
 typedef int (__cdecl* _SSL_read)(SSL*, void*, int);\r
 typedef int (__cdecl* _SSL_get_error)(SSL*, int);\r
+typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);\r
+typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);\r
+typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();\r
+typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);\r
+typedef int (__cdecl* _BIO_free)(BIO*);\r
+typedef long (__cdecl* _BIO_ctrl)(BIO*, int, long, void*);\r
+typedef void (__cdecl* _X509_free)(X509*);\r
+typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long);\r
+typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);\r
+typedef X509_NAME* (__cdecl* _X509_get_issuer_name)(X509*);\r
+typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);\r
 \r
-_SSL_load_error_strings pSSL_load_error_strings;\r
-_SSL_library_init pSSL_library_init;\r
-_SSLv23_method pSSLv23_method;\r
-_SSL_CTX_new pSSL_CTX_new;\r
-_SSL_CTX_free pSSL_CTX_free;\r
-_SSL_new pSSL_new;\r
-_SSL_free pSSL_free;\r
-_SSL_shutdown pSSL_shutdown;\r
-_SSL_get_fd pSSL_get_fd;\r
-_SSL_set_fd pSSL_set_fd;\r
-_SSL_accept pSSL_accept;\r
-_SSL_connect pSSL_connect;\r
-_SSL_write pSSL_write;\r
-_SSL_peek pSSL_peek;\r
-_SSL_read pSSL_read;\r
-_SSL_get_error pSSL_get_error;\r
+_SSL_load_error_strings p_SSL_load_error_strings;\r
+_SSL_library_init p_SSL_library_init;\r
+_SSLv23_method p_SSLv23_method;\r
+_SSL_CTX_new p_SSL_CTX_new;\r
+_SSL_CTX_free p_SSL_CTX_free;\r
+_SSL_new p_SSL_new;\r
+_SSL_free p_SSL_free;\r
+_SSL_shutdown p_SSL_shutdown;\r
+_SSL_get_fd p_SSL_get_fd;\r
+_SSL_set_fd p_SSL_set_fd;\r
+_SSL_accept p_SSL_accept;\r
+_SSL_connect p_SSL_connect;\r
+_SSL_write p_SSL_write;\r
+_SSL_peek p_SSL_peek;\r
+_SSL_read p_SSL_read;\r
+_SSL_get_error p_SSL_get_error;\r
+_SSL_get_peer_certificate p_SSL_get_peer_certificate;\r
+_SSL_get_verify_result p_SSL_get_verify_result;\r
+_BIO_s_mem p_BIO_s_mem;\r
+_BIO_new p_BIO_new;\r
+_BIO_free p_BIO_free;\r
+_BIO_ctrl p_BIO_ctrl;\r
+_X509_free p_X509_free;\r
+_X509_print_ex p_X509_print_ex;\r
+_X509_get_subject_name p_X509_get_subject_name;\r
+_X509_get_issuer_name p_X509_get_issuer_name;\r
+_X509_NAME_print_ex p_X509_NAME_print_ex;\r
 \r
 #define MAX_SSL_SOCKET 64\r
 \r
 BOOL g_bOpenSSLLoaded;\r
 HMODULE g_hOpenSSL;\r
+HMODULE g_hOpenSSLCommon;\r
 CRITICAL_SECTION g_OpenSSLLock;\r
 DWORD g_OpenSSLTimeout;\r
 LPSSLTIMEOUTCALLBACK g_pOpenSSLTimeoutCallback;\r
+LPSSLCONFIRMCALLBACK g_pOpenSSLConfirmCallback;\r
 SSL_CTX* g_pOpenSSLCTX;\r
 SSL* g_pOpenSSLHandle[MAX_SSL_SOCKET];\r
 \r
@@ -62,6 +86,11 @@ BOOL __stdcall DefaultSSLTimeoutCallback()
        return FALSE;\r
 }\r
 \r
+BOOL __stdcall DefaultSSLConfirmCallback(BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)\r
+{\r
+       return bVerified;\r
+}\r
+\r
 BOOL LoadOpenSSL()\r
 {\r
        if(g_bOpenSSLLoaded)\r
@@ -78,32 +107,55 @@ BOOL LoadOpenSSL()
        if(!g_hOpenSSL)\r
                g_hOpenSSL = LoadLibrary("libssl32.dll");\r
        if(!g_hOpenSSL\r
-               || !(pSSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))\r
-               || !(pSSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))\r
-               || !(pSSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))\r
-               || !(pSSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))\r
-               || !(pSSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))\r
-               || !(pSSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))\r
-               || !(pSSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))\r
-               || !(pSSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))\r
-               || !(pSSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))\r
-               || !(pSSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))\r
-               || !(pSSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))\r
-               || !(pSSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))\r
-               || !(pSSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))\r
-               || !(pSSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))\r
-               || !(pSSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))\r
-               || !(pSSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error")))\r
+               || !(p_SSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))\r
+               || !(p_SSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))\r
+               || !(p_SSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))\r
+               || !(p_SSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))\r
+               || !(p_SSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))\r
+               || !(p_SSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))\r
+               || !(p_SSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))\r
+               || !(p_SSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))\r
+               || !(p_SSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))\r
+               || !(p_SSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))\r
+               || !(p_SSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))\r
+               || !(p_SSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))\r
+               || !(p_SSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))\r
+               || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))\r
+               || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))\r
+               || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error"))\r
+               || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate"))\r
+               || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result")))\r
+       {\r
+               if(g_hOpenSSL)\r
+                       FreeLibrary(g_hOpenSSL);\r
+               g_hOpenSSL = NULL;\r
+               return FALSE;\r
+       }\r
+       g_hOpenSSLCommon = LoadLibrary("libeay32.dll");\r
+       if(!g_hOpenSSLCommon\r
+               || !(p_BIO_s_mem = (_BIO_s_mem)GetProcAddress(g_hOpenSSLCommon, "BIO_s_mem"))\r
+               || !(p_BIO_new = (_BIO_new)GetProcAddress(g_hOpenSSLCommon, "BIO_new"))\r
+               || !(p_BIO_free = (_BIO_free)GetProcAddress(g_hOpenSSLCommon, "BIO_free"))\r
+               || !(p_BIO_ctrl = (_BIO_ctrl)GetProcAddress(g_hOpenSSLCommon, "BIO_ctrl"))\r
+               || !(p_X509_free = (_X509_free)GetProcAddress(g_hOpenSSLCommon, "X509_free"))\r
+               || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))\r
+               || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))\r
+               || !(p_X509_get_issuer_name = (_X509_get_issuer_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_issuer_name"))\r
+               || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex")))\r
        {\r
                if(g_hOpenSSL)\r
                        FreeLibrary(g_hOpenSSL);\r
                g_hOpenSSL = NULL;\r
+               if(g_hOpenSSLCommon)\r
+                       FreeLibrary(g_hOpenSSLCommon);\r
+               g_hOpenSSLCommon = NULL;\r
                return FALSE;\r
        }\r
        InitializeCriticalSection(&g_OpenSSLLock);\r
-       pSSL_load_error_strings();\r
-       pSSL_library_init();\r
+       p_SSL_load_error_strings();\r
+       p_SSL_library_init();\r
        SetSSLTimeoutCallback(60000, DefaultSSLTimeoutCallback);\r
+       SetSSLConfirmCallback(DefaultSSLConfirmCallback);\r
        g_bOpenSSLLoaded = TRUE;\r
        return TRUE;\r
 }\r
@@ -118,16 +170,18 @@ void FreeOpenSSL()
        {\r
                if(g_pOpenSSLHandle[i])\r
                {\r
-                       pSSL_shutdown(g_pOpenSSLHandle[i]);\r
-                       pSSL_free(g_pOpenSSLHandle[i]);\r
+                       p_SSL_shutdown(g_pOpenSSLHandle[i]);\r
+                       p_SSL_free(g_pOpenSSLHandle[i]);\r
                        g_pOpenSSLHandle[i] = NULL;\r
                }\r
        }\r
        if(g_pOpenSSLCTX)\r
-               pSSL_CTX_free(g_pOpenSSLCTX);\r
+               p_SSL_CTX_free(g_pOpenSSLCTX);\r
        g_pOpenSSLCTX = NULL;\r
        FreeLibrary(g_hOpenSSL);\r
        g_hOpenSSL = NULL;\r
+       FreeLibrary(g_hOpenSSLCommon);\r
+       g_hOpenSSLCommon = NULL;\r
        LeaveCriticalSection(&g_OpenSSLLock);\r
        DeleteCriticalSection(&g_OpenSSLLock);\r
        g_bOpenSSLLoaded = FALSE;\r
@@ -156,13 +210,82 @@ SSL** FindSSLPointerFromSocket(SOCKET s)
        {\r
                if(g_pOpenSSLHandle[i])\r
                {\r
-                       if(pSSL_get_fd(g_pOpenSSLHandle[i]) == s)\r
+                       if(p_SSL_get_fd(g_pOpenSSLHandle[i]) == s)\r
                                return &g_pOpenSSLHandle[i];\r
                }\r
        }\r
        return NULL;\r
 }\r
 \r
+BOOL ConfirmSSLCertificate(SSL* pSSL)\r
+{\r
+       BOOL bResult;\r
+       BOOL bVerified;\r
+       char* pData;\r
+       char* pSubject;\r
+       X509* pX509;\r
+       BIO* pBIO;\r
+       long Length;\r
+       char* pBuffer;\r
+       char* pCN;\r
+       char* p;\r
+       bResult = FALSE;\r
+       bVerified = FALSE;\r
+       pData = NULL;\r
+       pSubject = NULL;\r
+       if(pX509 = p_SSL_get_peer_certificate(pSSL))\r
+       {\r
+               if(pBIO = p_BIO_new(p_BIO_s_mem()))\r
+               {\r
+                       p_X509_print_ex(pBIO, pX509, 0, XN_FLAG_RFC2253);\r
+                       if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)\r
+                       {\r
+                               if(pData = (char*)malloc(Length + sizeof(char)))\r
+                               {\r
+                                       memcpy(pData, pBuffer, Length);\r
+                                       *(char*)((size_t)pData + Length) = '\0';\r
+                               }\r
+                       }\r
+                       p_BIO_free(pBIO);\r
+               }\r
+               if(pBIO = p_BIO_new(p_BIO_s_mem()))\r
+               {\r
+                       p_X509_NAME_print_ex(pBIO, p_X509_get_subject_name(pX509), 0, XN_FLAG_RFC2253);\r
+                       if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)\r
+                       {\r
+                               if(pSubject = (char*)malloc(Length + sizeof(char)))\r
+                               {\r
+                                       memcpy(pSubject, pBuffer, Length);\r
+                                       *(char*)((size_t)pSubject + Length) = '\0';\r
+                               }\r
+                       }\r
+                       p_BIO_free(pBIO);\r
+               }\r
+               p_X509_free(pX509);\r
+       }\r
+       if(p_SSL_get_verify_result(pSSL) == X509_V_OK)\r
+               bVerified = TRUE;\r
+       pCN = pSubject;\r
+       while(pCN)\r
+       {\r
+               if(strncmp(pCN, "CN=", strlen("CN=")) == 0)\r
+               {\r
+                       pCN += strlen("CN=");\r
+                       if(p = strchr(pCN, ','))\r
+                               *p = '\0';\r
+                       break;\r
+               }\r
+               if(pCN = strchr(pCN, ','))\r
+                       pCN++;\r
+       }\r
+       bResult = g_pOpenSSLConfirmCallback(bVerified, pData, pCN);\r
+       if(pData)\r
+               free(pData);\r
+       if(pSubject)\r
+               free(pSubject);\r
+       return bResult;\r
+}\r
+\r
 void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)\r
 {\r
        if(!g_bOpenSSLLoaded)\r
@@ -173,6 +296,40 @@ void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)
        LeaveCriticalSection(&g_OpenSSLLock);\r
 }\r
 \r
+void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)\r
+{\r
+       if(!g_bOpenSSLLoaded)\r
+               return;\r
+       EnterCriticalSection(&g_OpenSSLLock);\r
+       g_pOpenSSLConfirmCallback = pCallback;\r
+       LeaveCriticalSection(&g_OpenSSLLock);\r
+}\r
+\r
+BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName)\r
+{\r
+       BOOL bResult;\r
+       char* pAsterisk;\r
+       bResult = FALSE;\r
+       if(HostName && CommonName)\r
+       {\r
+               if(pAsterisk = strchr(CommonName, '*'))\r
+               {\r
+                       if(_strnicmp(HostName, CommonName, ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char)) == 0)\r
+                       {\r
+                               while(*pAsterisk == '*')\r
+                               {\r
+                                       pAsterisk++;\r
+                               }\r
+                               if(_stricmp(HostName + strlen(HostName) - strlen(pAsterisk), pAsterisk) == 0)\r
+                                       bResult = TRUE;\r
+                       }\r
+               }\r
+               else if(_stricmp(HostName, CommonName) == 0)\r
+                       bResult = TRUE;\r
+       }\r
+       return bResult;\r
+}\r
+\r
 BOOL AttachSSL(SOCKET s)\r
 {\r
        BOOL r;\r
@@ -184,18 +341,18 @@ BOOL AttachSSL(SOCKET s)
        Time = timeGetTime();\r
        EnterCriticalSection(&g_OpenSSLLock);\r
        if(!g_pOpenSSLCTX)\r
-               g_pOpenSSLCTX = pSSL_CTX_new(pSSLv23_method());\r
+               g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());\r
        if(g_pOpenSSLCTX)\r
        {\r
                if(ppSSL = GetUnusedSSLPointer())\r
                {\r
-                       if(*ppSSL = pSSL_new(g_pOpenSSLCTX))\r
+                       if(*ppSSL = p_SSL_new(g_pOpenSSLCTX))\r
                        {\r
-                               if(pSSL_set_fd(*ppSSL, s) != 0)\r
+                               if(p_SSL_set_fd(*ppSSL, s) != 0)\r
                                {\r
                                        r = TRUE;\r
                                        // SSLのネゴシエーションには時間がかかる場合がある\r
-                                       while(pSSL_connect(*ppSSL) != 1)\r
+                                       while(p_SSL_connect(*ppSSL) != 1)\r
                                        {\r
                                                LeaveCriticalSection(&g_OpenSSLLock);\r
                                                if(g_pOpenSSLTimeoutCallback() || (g_OpenSSLTimeout > 0 && timeGetTime() - Time >= g_OpenSSLTimeout))\r
@@ -214,6 +371,14 @@ BOOL AttachSSL(SOCKET s)
                                        DetachSSL(s);\r
                                        EnterCriticalSection(&g_OpenSSLLock);\r
                                }\r
+                               if(ConfirmSSLCertificate(*ppSSL))\r
+                               {\r
+                               }\r
+                               else\r
+                               {\r
+                                       DetachSSL(s);\r
+                                       r = FALSE;\r
+                               }\r
                        }\r
                }\r
        }\r
@@ -231,8 +396,8 @@ BOOL DetachSSL(SOCKET s)
        EnterCriticalSection(&g_OpenSSLLock);\r
        if(ppSSL = FindSSLPointerFromSocket(s))\r
        {\r
-               pSSL_shutdown(*ppSSL);\r
-               pSSL_free(*ppSSL);\r
+               p_SSL_shutdown(*ppSSL);\r
+               p_SSL_free(*ppSSL);\r
                *ppSSL = NULL;\r
                r = TRUE;\r
        }\r
@@ -305,7 +470,7 @@ int sendS(SOCKET s, const char * buf, int len, int flags)
        LeaveCriticalSection(&g_OpenSSLLock);\r
        if(!ppSSL)\r
                return send(s, buf, len, flags);\r
-       return pSSL_write(*ppSSL, buf, len);\r
+       return p_SSL_write(*ppSSL, buf, len);\r
 }\r
 \r
 int recvS(SOCKET s, char * buf, int len, int flags)\r
@@ -319,7 +484,7 @@ int recvS(SOCKET s, char * buf, int len, int flags)
        if(!ppSSL)\r
                return recv(s, buf, len, flags);\r
        if(flags & MSG_PEEK)\r
-               return pSSL_peek(*ppSSL, buf, len);\r
-       return pSSL_read(*ppSSL, buf, len);\r
+               return p_SSL_peek(*ppSSL, buf, len);\r
+       return p_SSL_read(*ppSSL, buf, len);\r
 }\r
 \r
index 0b81880..7556d10 100644 (file)
@@ -8,11 +8,14 @@
 #define USE_OPENSSL\r
 \r
 typedef BOOL (__stdcall* LPSSLTIMEOUTCALLBACK)();\r
+typedef BOOL (__stdcall* LPSSLCONFIRMCALLBACK)(BOOL, LPCSTR, LPCSTR);\r
 \r
 BOOL LoadOpenSSL();\r
 void FreeOpenSSL();\r
 BOOL IsOpenSSLLoaded();\r
 void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback);\r
+void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback);\r
+BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName);\r
 BOOL AttachSSL(SOCKET s);\r
 BOOL DetachSSL(SOCKET s);\r
 BOOL IsSSLAttached(SOCKET s);\r