2 * Wininet - networking layer. Uses unix sockets or OpenSSL.
4 * Copyright 2002 TransGaming Technologies Inc.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #include "wine/port.h"
26 #ifdef HAVE_SYS_TIME_H
27 # include <sys/time.h>
29 #include <sys/types.h>
30 #ifdef HAVE_SYS_SOCKET_H
31 # include <sys/socket.h>
36 #ifdef HAVE_SYS_IOCTL_H
37 # include <sys/ioctl.h>
45 #include "wine/library.h"
51 /* To avoid conflicts with the Unix socket headers. we only need it for
52 * the error codes anyway. */
56 #include "wine/debug.h"
60 #define RESPONSE_TIMEOUT 30 /* FROM internet.c */
63 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
66 * This should use winsock - To use winsock the functions will have to change a bit
67 * as they are designed for unix sockets.
68 * SSL stuff should use crypt32.dll
71 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
73 #include <openssl/err.h>
76 #define SONAME_LIBSSL "libssl.so"
78 #ifndef SONAME_LIBCRYPTO
79 #define SONAME_LIBCRYPTO "libcrypto.so"
82 static void *OpenSSL_ssl_handle;
83 static void *OpenSSL_crypto_handle;
85 static SSL_METHOD *meth;
88 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
90 /* OpenSSL functions that we use */
91 MAKE_FUNCPTR(SSL_library_init);
92 MAKE_FUNCPTR(SSL_load_error_strings);
93 MAKE_FUNCPTR(SSLv23_method);
94 MAKE_FUNCPTR(SSL_CTX_new);
95 MAKE_FUNCPTR(SSL_new);
96 MAKE_FUNCPTR(SSL_free);
97 MAKE_FUNCPTR(SSL_set_fd);
98 MAKE_FUNCPTR(SSL_connect);
99 MAKE_FUNCPTR(SSL_shutdown);
100 MAKE_FUNCPTR(SSL_write);
101 MAKE_FUNCPTR(SSL_read);
102 MAKE_FUNCPTR(SSL_get_verify_result);
103 MAKE_FUNCPTR(SSL_get_peer_certificate);
104 MAKE_FUNCPTR(SSL_CTX_get_timeout);
105 MAKE_FUNCPTR(SSL_CTX_set_timeout);
106 MAKE_FUNCPTR(SSL_CTX_set_default_verify_paths);
107 MAKE_FUNCPTR(i2d_X509);
109 /* OpenSSL's libcrypto functions that we use */
110 MAKE_FUNCPTR(BIO_new_fp);
111 MAKE_FUNCPTR(ERR_get_error);
112 MAKE_FUNCPTR(ERR_error_string);
117 BOOL NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
119 connection->useSSL = FALSE;
120 connection->socketFD = -1;
123 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
124 TRACE("using SSL connection\n");
125 if (OpenSSL_ssl_handle) /* already initialized everything */
127 OpenSSL_ssl_handle = wine_dlopen(SONAME_LIBSSL, RTLD_NOW, NULL, 0);
128 if (!OpenSSL_ssl_handle)
130 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
132 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
135 OpenSSL_crypto_handle = wine_dlopen(SONAME_LIBCRYPTO, RTLD_NOW, NULL, 0);
136 if (!OpenSSL_crypto_handle)
138 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
140 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
144 /* mmm nice ugly macroness */
146 p##x = wine_dlsym(OpenSSL_ssl_handle, #x, NULL, 0); \
149 ERR("failed to load symbol %s\n", #x); \
150 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); \
154 DYNSSL(SSL_library_init);
155 DYNSSL(SSL_load_error_strings);
156 DYNSSL(SSLv23_method);
162 DYNSSL(SSL_shutdown);
165 DYNSSL(SSL_get_verify_result);
166 DYNSSL(SSL_get_peer_certificate);
167 DYNSSL(SSL_CTX_get_timeout);
168 DYNSSL(SSL_CTX_set_timeout);
169 DYNSSL(SSL_CTX_set_default_verify_paths);
173 #define DYNCRYPTO(x) \
174 p##x = wine_dlsym(OpenSSL_crypto_handle, #x, NULL, 0); \
177 ERR("failed to load symbol %s\n", #x); \
178 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); \
181 DYNCRYPTO(BIO_new_fp);
182 DYNCRYPTO(ERR_get_error);
183 DYNCRYPTO(ERR_error_string);
187 pSSL_load_error_strings();
188 pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
190 meth = pSSLv23_method();
191 connection->peek_msg = NULL;
192 connection->peek_msg_mem = NULL;
194 FIXME("can't use SSL, not compiled in.\n");
195 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
202 BOOL NETCON_connected(WININET_NETCONNECTION *connection)
204 if (connection->socketFD == -1)
210 /* translate a unix error code into a winsock one */
211 static int sock_get_error( int err )
215 case EINTR: return WSAEINTR;
216 case EBADF: return WSAEBADF;
218 case EACCES: return WSAEACCES;
219 case EFAULT: return WSAEFAULT;
220 case EINVAL: return WSAEINVAL;
221 case EMFILE: return WSAEMFILE;
222 case EWOULDBLOCK: return WSAEWOULDBLOCK;
223 case EINPROGRESS: return WSAEINPROGRESS;
224 case EALREADY: return WSAEALREADY;
225 case ENOTSOCK: return WSAENOTSOCK;
226 case EDESTADDRREQ: return WSAEDESTADDRREQ;
227 case EMSGSIZE: return WSAEMSGSIZE;
228 case EPROTOTYPE: return WSAEPROTOTYPE;
229 case ENOPROTOOPT: return WSAENOPROTOOPT;
230 case EPROTONOSUPPORT: return WSAEPROTONOSUPPORT;
231 case ESOCKTNOSUPPORT: return WSAESOCKTNOSUPPORT;
232 case EOPNOTSUPP: return WSAEOPNOTSUPP;
233 case EPFNOSUPPORT: return WSAEPFNOSUPPORT;
234 case EAFNOSUPPORT: return WSAEAFNOSUPPORT;
235 case EADDRINUSE: return WSAEADDRINUSE;
236 case EADDRNOTAVAIL: return WSAEADDRNOTAVAIL;
237 case ENETDOWN: return WSAENETDOWN;
238 case ENETUNREACH: return WSAENETUNREACH;
239 case ENETRESET: return WSAENETRESET;
240 case ECONNABORTED: return WSAECONNABORTED;
242 case ECONNRESET: return WSAECONNRESET;
243 case ENOBUFS: return WSAENOBUFS;
244 case EISCONN: return WSAEISCONN;
245 case ENOTCONN: return WSAENOTCONN;
246 case ESHUTDOWN: return WSAESHUTDOWN;
247 case ETOOMANYREFS: return WSAETOOMANYREFS;
248 case ETIMEDOUT: return WSAETIMEDOUT;
249 case ECONNREFUSED: return WSAECONNREFUSED;
250 case ELOOP: return WSAELOOP;
251 case ENAMETOOLONG: return WSAENAMETOOLONG;
252 case EHOSTDOWN: return WSAEHOSTDOWN;
253 case EHOSTUNREACH: return WSAEHOSTUNREACH;
254 case ENOTEMPTY: return WSAENOTEMPTY;
256 case EPROCLIM: return WSAEPROCLIM;
259 case EUSERS: return WSAEUSERS;
262 case EDQUOT: return WSAEDQUOT;
265 case ESTALE: return WSAESTALE;
268 case EREMOTE: return WSAEREMOTE;
270 default: errno=err; perror("sock_set_error"); return WSAEFAULT;
274 /******************************************************************************
276 * Basically calls 'socket()'
278 BOOL NETCON_create(WININET_NETCONNECTION *connection, int domain,
279 int type, int protocol)
281 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
282 if (connection->useSSL)
286 connection->socketFD = socket(domain, type, protocol);
287 if (connection->socketFD == -1)
289 INTERNET_SetLastError(sock_get_error(errno));
295 /******************************************************************************
297 * Basically calls 'close()' unless we should use SSL
299 BOOL NETCON_close(WININET_NETCONNECTION *connection)
303 if (!NETCON_connected(connection)) return FALSE;
305 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
306 if (connection->useSSL)
308 HeapFree(GetProcessHeap(),0,connection->peek_msg_mem);
309 connection->peek_msg = NULL;
310 connection->peek_msg_mem = NULL;
311 connection->peek_len = 0;
313 pSSL_shutdown(connection->ssl_s);
314 pSSL_free(connection->ssl_s);
315 connection->ssl_s = NULL;
317 connection->useSSL = FALSE;
321 result = closesocket(connection->socketFD);
322 connection->socketFD = -1;
326 INTERNET_SetLastError(sock_get_error(errno));
331 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
332 static BOOL check_hostname(X509 *cert, char *hostname)
334 /* FIXME: implement */
338 /******************************************************************************
339 * NETCON_secure_connect
340 * Initiates a secure connection over an existing plaintext connection.
342 BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname)
344 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
350 /* can't connect if we are already connected */
351 if (connection->useSSL)
353 ERR("already connected\n");
357 ctx = pSSL_CTX_new(meth);
358 if (!pSSL_CTX_set_default_verify_paths(ctx))
360 ERR("SSL_CTX_set_default_verify_paths failed: %s\n",
361 pERR_error_string(pERR_get_error(), 0));
362 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
365 connection->ssl_s = pSSL_new(ctx);
366 if (!connection->ssl_s)
368 ERR("SSL_new failed: %s\n",
369 pERR_error_string(pERR_get_error(), 0));
370 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
374 if (!pSSL_set_fd(connection->ssl_s, connection->socketFD))
376 ERR("SSL_set_fd failed: %s\n",
377 pERR_error_string(pERR_get_error(), 0));
378 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
382 if (pSSL_connect(connection->ssl_s) <= 0)
384 ERR("SSL_connect failed: %s\n",
385 pERR_error_string(pERR_get_error(), 0));
386 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
389 cert = pSSL_get_peer_certificate(connection->ssl_s);
392 ERR("no certificate for server %s\n", debugstr_w(hostname));
393 /* FIXME: is this the best error? */
394 INTERNET_SetLastError(ERROR_INTERNET_INVALID_CA);
397 verify_res = pSSL_get_verify_result(connection->ssl_s);
398 if (verify_res != X509_V_OK)
400 ERR("couldn't verify the security of the connection, %ld\n", verify_res);
401 /* FIXME: we should set an error and return, but we only warn at
405 len = WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, NULL, 0, NULL, NULL);
406 hostname_unix = HeapAlloc(GetProcessHeap(), 0, len);
409 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
412 WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, hostname_unix, len, NULL, NULL);
414 if (!check_hostname(cert, hostname_unix))
416 HeapFree(GetProcessHeap(), 0, hostname_unix);
417 INTERNET_SetLastError(ERROR_INTERNET_SEC_CERT_CN_INVALID);
421 HeapFree(GetProcessHeap(), 0, hostname_unix);
422 connection->useSSL = TRUE;
426 if (connection->ssl_s)
428 pSSL_shutdown(connection->ssl_s);
429 pSSL_free(connection->ssl_s);
430 connection->ssl_s = NULL;
436 /******************************************************************************
438 * Connects to the specified address.
440 BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
441 unsigned int addrlen)
445 if (!NETCON_connected(connection)) return FALSE;
447 result = connect(connection->socketFD, serv_addr, addrlen);
450 WARN("Unable to connect to host (%s)\n", strerror(errno));
451 INTERNET_SetLastError(sock_get_error(errno));
453 closesocket(connection->socketFD);
454 connection->socketFD = -1;
461 /******************************************************************************
463 * Basically calls 'send()' unless we should use SSL
464 * number of chars send is put in *sent
466 BOOL NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags,
469 if (!NETCON_connected(connection)) return FALSE;
470 if (!connection->useSSL)
472 *sent = send(connection->socketFD, msg, len, flags);
475 INTERNET_SetLastError(sock_get_error(errno));
482 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
484 FIXME("SSL_write doesn't support any flags (%08x)\n", flags);
485 *sent = pSSL_write(connection->ssl_s, msg, len);
486 if (*sent < 1 && len)
495 /******************************************************************************
497 * Basically calls 'recv()' unless we should use SSL
498 * number of chars received is put in *recvd
500 BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags,
501 int *recvd /* out */)
504 if (!NETCON_connected(connection)) return FALSE;
507 if (!connection->useSSL)
509 *recvd = recv(connection->socketFD, buf, len, flags);
512 INTERNET_SetLastError(sock_get_error(errno));
519 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
520 if (flags & ~(MSG_PEEK|MSG_WAITALL))
521 FIXME("SSL_read does not support the following flag: %08x\n", flags);
523 /* this ugly hack is all for MSG_PEEK. eww gross */
524 if (flags & MSG_PEEK && !connection->peek_msg)
526 connection->peek_msg = connection->peek_msg_mem = HeapAlloc(GetProcessHeap(), 0, (sizeof(char) * len) + 1);
528 else if (flags & MSG_PEEK && connection->peek_msg)
530 if (len < connection->peek_len)
531 FIXME("buffer isn't big enough. Do the expect us to wrap?\n");
532 *recvd = min(len, connection->peek_len);
533 memcpy(buf, connection->peek_msg, *recvd);
536 else if (connection->peek_msg)
538 *recvd = min(len, connection->peek_len);
539 memcpy(buf, connection->peek_msg, *recvd);
540 connection->peek_len -= *recvd;
541 connection->peek_msg += *recvd;
542 if (connection->peek_len == 0)
544 HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
545 connection->peek_msg_mem = NULL;
546 connection->peek_msg = NULL;
548 /* check if we got enough data from the peek buffer */
549 if (!(flags & MSG_WAITALL) || (*recvd == len))
551 /* otherwise, fall through */
553 *recvd += pSSL_read(connection->ssl_s, (char*)buf + *recvd, len - *recvd);
554 if (flags & MSG_PEEK) /* must copy stuff into buffer */
556 connection->peek_len = *recvd;
559 HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
560 connection->peek_msg_mem = NULL;
561 connection->peek_msg = NULL;
564 memcpy(connection->peek_msg, buf, *recvd);
566 if (*recvd < 1 && len)
575 /******************************************************************************
576 * NETCON_query_data_available
577 * Returns the number of bytes of peeked data plus the number of bytes of
578 * queued, but unread data.
580 BOOL NETCON_query_data_available(WININET_NETCONNECTION *connection, DWORD *available)
582 if (!NETCON_connected(connection))
586 #if defined HAVE_OPENSSL_SSL_H
587 if (connection->peek_msg) *available = connection->peek_len;
591 if (!connection->useSSL)
594 int retval = ioctl(connection->socketFD, FIONREAD, &unread);
597 TRACE("%d bytes of queued, but unread data\n", unread);
598 *available += unread;
605 /******************************************************************************
608 BOOL NETCON_getNextLine(WININET_NETCONNECTION *connection, LPSTR lpszBuffer, LPDWORD dwBuffer)
613 if (!NETCON_connected(connection)) return FALSE;
615 if (!connection->useSSL)
619 BOOL bSuccess = FALSE;
623 FD_SET(connection->socketFD, &infd);
624 tv.tv_sec=RESPONSE_TIMEOUT;
627 while (nRecv < *dwBuffer)
629 if (select(connection->socketFD+1,&infd,NULL,NULL,&tv) > 0)
631 if (recv(connection->socketFD, &lpszBuffer[nRecv], 1, 0) <= 0)
633 INTERNET_SetLastError(sock_get_error(errno));
637 if (lpszBuffer[nRecv] == '\n')
642 if (lpszBuffer[nRecv] != '\r')
647 INTERNET_SetLastError(ERROR_INTERNET_TIMEOUT);
652 lend: /* FIXME: don't use labels */
655 lpszBuffer[nRecv++] = '\0';
657 TRACE(":%u %s\n", nRecv, lpszBuffer);
667 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
672 prev_timeout = pSSL_CTX_get_timeout(ctx);
673 pSSL_CTX_set_timeout(ctx, RESPONSE_TIMEOUT);
675 while (nRecv < *dwBuffer)
678 if (!NETCON_recv(connection, &lpszBuffer[nRecv], 1, 0, &recv))
680 INTERNET_SetLastError(ERROR_CONNECTION_ABORTED);
684 if (lpszBuffer[nRecv] == '\n')
689 if (lpszBuffer[nRecv] != '\r')
693 pSSL_CTX_set_timeout(ctx, prev_timeout);
696 lpszBuffer[nRecv++] = '\0';
698 TRACE("_SSL:%u %s\n", nRecv, lpszBuffer);
709 LPCVOID NETCON_GetCert(WININET_NETCONNECTION *connection)
712 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
714 unsigned char* buffer,*p;
716 BOOL malloced = FALSE;
719 if (!connection->useSSL)
722 cert = pSSL_get_peer_certificate(connection->ssl_s);
724 len = pi2d_X509(cert,&p);
726 * SSL 0.9.7 and above malloc the buffer if it is null.
727 * however earlier version do not and so we would need to alloc the buffer.
729 * see the i2d_X509 man page for more details.
733 buffer = HeapAlloc(GetProcessHeap(),0,len);
735 len = pi2d_X509(cert,&p);
743 r = CertCreateCertificateContext(X509_ASN_ENCODING,buffer,len);
748 HeapFree(GetProcessHeap(),0,buffer);
756 BOOL NETCON_set_timeout(WININET_NETCONNECTION *connection, BOOL send, int value)
761 /* FIXME: we should probably store the timeout in the connection to set
762 * when we do connect */
763 if (!NETCON_connected(connection))
766 /* value is in milliseconds, convert to struct timeval */
767 tv.tv_sec = value / 1000;
768 tv.tv_usec = (value % 1000) * 1000;
770 result = setsockopt(connection->socketFD, SOL_SOCKET,
771 send ? SO_SNDTIMEO : SO_RCVTIMEO, &tv,
776 WARN("setsockopt failed (%s)\n", strerror(errno));
777 INTERNET_SetLastError(sock_get_error(errno));