2 * Wininet - networking layer. Uses unix sockets or OpenSSL.
4 * Copyright 2002 TransGaming Technologies Inc.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #include "wine/port.h"
26 #ifdef HAVE_SYS_TIME_H
27 # include <sys/time.h>
29 #include <sys/types.h>
30 #ifdef HAVE_SYS_SOCKET_H
31 # include <sys/socket.h>
42 #include "wine/library.h"
48 /* To avoid conflicts with the Unix socket headers. we only need it for
49 * the error codes anyway. */
53 #include "wine/debug.h"
57 #define RESPONSE_TIMEOUT 30 /* FROM internet.c */
60 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
63 * This should use winsock - To use winsock the functions will have to change a bit
64 * as they are designed for unix sockets.
65 * SSL stuff should use crypt32.dll
68 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
70 #include <openssl/err.h>
73 #define SONAME_LIBSSL "libssl.so"
75 #ifndef SONAME_LIBCRYPTO
76 #define SONAME_LIBCRYPTO "libcrypto.so"
79 static void *OpenSSL_ssl_handle;
80 static void *OpenSSL_crypto_handle;
82 static SSL_METHOD *meth;
85 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
87 /* OpenSSL functions that we use */
88 MAKE_FUNCPTR(SSL_library_init);
89 MAKE_FUNCPTR(SSL_load_error_strings);
90 MAKE_FUNCPTR(SSLv23_method);
91 MAKE_FUNCPTR(SSL_CTX_new);
92 MAKE_FUNCPTR(SSL_new);
93 MAKE_FUNCPTR(SSL_free);
94 MAKE_FUNCPTR(SSL_set_fd);
95 MAKE_FUNCPTR(SSL_connect);
96 MAKE_FUNCPTR(SSL_shutdown);
97 MAKE_FUNCPTR(SSL_write);
98 MAKE_FUNCPTR(SSL_read);
99 MAKE_FUNCPTR(SSL_get_verify_result);
100 MAKE_FUNCPTR(SSL_get_peer_certificate);
101 MAKE_FUNCPTR(SSL_CTX_get_timeout);
102 MAKE_FUNCPTR(SSL_CTX_set_timeout);
103 MAKE_FUNCPTR(SSL_CTX_set_default_verify_paths);
104 MAKE_FUNCPTR(i2d_X509);
106 /* OpenSSL's libcrypto functions that we use */
107 MAKE_FUNCPTR(BIO_new_fp);
108 MAKE_FUNCPTR(ERR_get_error);
109 MAKE_FUNCPTR(ERR_error_string);
114 BOOL NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL)
116 connection->useSSL = FALSE;
117 connection->socketFD = -1;
120 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
121 TRACE("using SSL connection\n");
122 if (OpenSSL_ssl_handle) /* already initialized everything */
124 OpenSSL_ssl_handle = wine_dlopen(SONAME_LIBSSL, RTLD_NOW, NULL, 0);
125 if (!OpenSSL_ssl_handle)
127 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
129 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
132 OpenSSL_crypto_handle = wine_dlopen(SONAME_LIBCRYPTO, RTLD_NOW, NULL, 0);
133 if (!OpenSSL_crypto_handle)
135 ERR("trying to use a SSL connection, but couldn't load %s. Expect trouble.\n",
137 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
141 /* mmm nice ugly macroness */
143 p##x = wine_dlsym(OpenSSL_ssl_handle, #x, NULL, 0); \
146 ERR("failed to load symbol %s\n", #x); \
147 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); \
151 DYNSSL(SSL_library_init);
152 DYNSSL(SSL_load_error_strings);
153 DYNSSL(SSLv23_method);
159 DYNSSL(SSL_shutdown);
162 DYNSSL(SSL_get_verify_result);
163 DYNSSL(SSL_get_peer_certificate);
164 DYNSSL(SSL_CTX_get_timeout);
165 DYNSSL(SSL_CTX_set_timeout);
166 DYNSSL(SSL_CTX_set_default_verify_paths);
170 #define DYNCRYPTO(x) \
171 p##x = wine_dlsym(OpenSSL_crypto_handle, #x, NULL, 0); \
174 ERR("failed to load symbol %s\n", #x); \
175 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); \
178 DYNCRYPTO(BIO_new_fp);
179 DYNCRYPTO(ERR_get_error);
180 DYNCRYPTO(ERR_error_string);
184 pSSL_load_error_strings();
185 pBIO_new_fp(stderr, BIO_NOCLOSE); /* FIXME: should use winedebug stuff */
187 meth = pSSLv23_method();
188 connection->peek_msg = NULL;
189 connection->peek_msg_mem = NULL;
191 FIXME("can't use SSL, not compiled in.\n");
192 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
199 BOOL NETCON_connected(WININET_NETCONNECTION *connection)
201 if (connection->socketFD == -1)
207 /* translate a unix error code into a winsock one */
208 static int sock_get_error( int err )
212 case EINTR: return WSAEINTR;
213 case EBADF: return WSAEBADF;
215 case EACCES: return WSAEACCES;
216 case EFAULT: return WSAEFAULT;
217 case EINVAL: return WSAEINVAL;
218 case EMFILE: return WSAEMFILE;
219 case EWOULDBLOCK: return WSAEWOULDBLOCK;
220 case EINPROGRESS: return WSAEINPROGRESS;
221 case EALREADY: return WSAEALREADY;
222 case ENOTSOCK: return WSAENOTSOCK;
223 case EDESTADDRREQ: return WSAEDESTADDRREQ;
224 case EMSGSIZE: return WSAEMSGSIZE;
225 case EPROTOTYPE: return WSAEPROTOTYPE;
226 case ENOPROTOOPT: return WSAENOPROTOOPT;
227 case EPROTONOSUPPORT: return WSAEPROTONOSUPPORT;
228 case ESOCKTNOSUPPORT: return WSAESOCKTNOSUPPORT;
229 case EOPNOTSUPP: return WSAEOPNOTSUPP;
230 case EPFNOSUPPORT: return WSAEPFNOSUPPORT;
231 case EAFNOSUPPORT: return WSAEAFNOSUPPORT;
232 case EADDRINUSE: return WSAEADDRINUSE;
233 case EADDRNOTAVAIL: return WSAEADDRNOTAVAIL;
234 case ENETDOWN: return WSAENETDOWN;
235 case ENETUNREACH: return WSAENETUNREACH;
236 case ENETRESET: return WSAENETRESET;
237 case ECONNABORTED: return WSAECONNABORTED;
239 case ECONNRESET: return WSAECONNRESET;
240 case ENOBUFS: return WSAENOBUFS;
241 case EISCONN: return WSAEISCONN;
242 case ENOTCONN: return WSAENOTCONN;
243 case ESHUTDOWN: return WSAESHUTDOWN;
244 case ETOOMANYREFS: return WSAETOOMANYREFS;
245 case ETIMEDOUT: return WSAETIMEDOUT;
246 case ECONNREFUSED: return WSAECONNREFUSED;
247 case ELOOP: return WSAELOOP;
248 case ENAMETOOLONG: return WSAENAMETOOLONG;
249 case EHOSTDOWN: return WSAEHOSTDOWN;
250 case EHOSTUNREACH: return WSAEHOSTUNREACH;
251 case ENOTEMPTY: return WSAENOTEMPTY;
253 case EPROCLIM: return WSAEPROCLIM;
256 case EUSERS: return WSAEUSERS;
259 case EDQUOT: return WSAEDQUOT;
262 case ESTALE: return WSAESTALE;
265 case EREMOTE: return WSAEREMOTE;
267 default: errno=err; perror("sock_set_error"); return WSAEFAULT;
271 /******************************************************************************
273 * Basically calls 'socket()'
275 BOOL NETCON_create(WININET_NETCONNECTION *connection, int domain,
276 int type, int protocol)
278 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
279 if (connection->useSSL)
283 connection->socketFD = socket(domain, type, protocol);
284 if (connection->socketFD == -1)
286 INTERNET_SetLastError(sock_get_error(errno));
292 /******************************************************************************
294 * Basically calls 'close()' unless we should use SSL
296 BOOL NETCON_close(WININET_NETCONNECTION *connection)
300 if (!NETCON_connected(connection)) return FALSE;
302 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
303 if (connection->useSSL)
305 HeapFree(GetProcessHeap(),0,connection->peek_msg_mem);
306 connection->peek_msg = NULL;
307 connection->peek_msg_mem = NULL;
308 connection->peek_len = 0;
310 pSSL_shutdown(connection->ssl_s);
311 pSSL_free(connection->ssl_s);
312 connection->ssl_s = NULL;
314 connection->useSSL = FALSE;
318 result = closesocket(connection->socketFD);
319 connection->socketFD = -1;
323 INTERNET_SetLastError(sock_get_error(errno));
328 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
329 static BOOL check_hostname(X509 *cert, char *hostname)
331 /* FIXME: implement */
335 /******************************************************************************
336 * NETCON_secure_connect
337 * Initiates a secure connection over an existing plaintext connection.
339 BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname)
341 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
347 /* can't connect if we are already connected */
348 if (connection->useSSL)
350 ERR("already connected\n");
354 ctx = pSSL_CTX_new(meth);
355 if (!pSSL_CTX_set_default_verify_paths(ctx))
357 ERR("SSL_CTX_set_default_verify_paths failed: %s\n",
358 pERR_error_string(pERR_get_error(), 0));
359 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
362 connection->ssl_s = pSSL_new(ctx);
363 if (!connection->ssl_s)
365 ERR("SSL_new failed: %s\n",
366 pERR_error_string(pERR_get_error(), 0));
367 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
371 if (!pSSL_set_fd(connection->ssl_s, connection->socketFD))
373 ERR("SSL_set_fd failed: %s\n",
374 pERR_error_string(pERR_get_error(), 0));
375 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
379 if (pSSL_connect(connection->ssl_s) <= 0)
381 ERR("SSL_connect failed: %s\n",
382 pERR_error_string(pERR_get_error(), 0));
383 INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR);
386 cert = pSSL_get_peer_certificate(connection->ssl_s);
389 ERR("no certificate for server %s\n", debugstr_w(hostname));
390 /* FIXME: is this the best error? */
391 INTERNET_SetLastError(ERROR_INTERNET_INVALID_CA);
394 verify_res = pSSL_get_verify_result(connection->ssl_s);
395 if (verify_res != X509_V_OK)
397 ERR("couldn't verify the security of the connection, %ld\n", verify_res);
398 /* FIXME: we should set an error and return, but we only warn at
402 len = WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, NULL, 0, NULL, NULL);
403 hostname_unix = HeapAlloc(GetProcessHeap(), 0, len);
406 INTERNET_SetLastError(ERROR_OUTOFMEMORY);
409 WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, hostname_unix, len, NULL, NULL);
411 if (!check_hostname(cert, hostname_unix))
413 HeapFree(GetProcessHeap(), 0, hostname_unix);
414 INTERNET_SetLastError(ERROR_INTERNET_SEC_CERT_CN_INVALID);
418 HeapFree(GetProcessHeap(), 0, hostname_unix);
419 connection->useSSL = TRUE;
423 if (connection->ssl_s)
425 pSSL_shutdown(connection->ssl_s);
426 pSSL_free(connection->ssl_s);
427 connection->ssl_s = NULL;
433 /******************************************************************************
435 * Connects to the specified address.
437 BOOL NETCON_connect(WININET_NETCONNECTION *connection, const struct sockaddr *serv_addr,
438 unsigned int addrlen)
442 if (!NETCON_connected(connection)) return FALSE;
444 result = connect(connection->socketFD, serv_addr, addrlen);
447 WARN("Unable to connect to host (%s)\n", strerror(errno));
448 INTERNET_SetLastError(sock_get_error(errno));
450 closesocket(connection->socketFD);
451 connection->socketFD = -1;
458 /******************************************************************************
460 * Basically calls 'send()' unless we should use SSL
461 * number of chars send is put in *sent
463 BOOL NETCON_send(WININET_NETCONNECTION *connection, const void *msg, size_t len, int flags,
466 if (!NETCON_connected(connection)) return FALSE;
467 if (!connection->useSSL)
469 *sent = send(connection->socketFD, msg, len, flags);
472 INTERNET_SetLastError(sock_get_error(errno));
479 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
481 FIXME("SSL_write doesn't support any flags (%08x)\n", flags);
482 *sent = pSSL_write(connection->ssl_s, msg, len);
483 if (*sent < 1 && len)
492 /******************************************************************************
494 * Basically calls 'recv()' unless we should use SSL
495 * number of chars received is put in *recvd
497 BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int flags,
498 int *recvd /* out */)
500 if (!NETCON_connected(connection)) return FALSE;
506 if (!connection->useSSL)
508 *recvd = recv(connection->socketFD, buf, len, flags);
511 INTERNET_SetLastError(sock_get_error(errno));
518 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
519 if (flags & ~(MSG_PEEK|MSG_WAITALL))
520 FIXME("SSL_read does not support the following flag: %08x\n", flags);
522 /* this ugly hack is all for MSG_PEEK. eww gross */
523 if (flags & MSG_PEEK && !connection->peek_msg)
525 connection->peek_msg = connection->peek_msg_mem = HeapAlloc(GetProcessHeap(), 0, (sizeof(char) * len) + 1);
527 else if (flags & MSG_PEEK && connection->peek_msg)
529 if (len < connection->peek_len)
530 FIXME("buffer isn't big enough. Do the expect us to wrap?\n");
531 *recvd = min(len, connection->peek_len);
532 memcpy(buf, connection->peek_msg, *recvd);
535 else if (connection->peek_msg)
537 *recvd = min(len, connection->peek_len);
538 memcpy(buf, connection->peek_msg, *recvd);
539 connection->peek_len -= *recvd;
540 connection->peek_msg += *recvd;
541 if (connection->peek_len == 0)
543 HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
544 connection->peek_msg_mem = NULL;
545 connection->peek_msg = NULL;
546 /* check if the peek buffer held too few data */
547 if ((flags & MSG_WAITALL) && (*recvd < len))
550 /* recursive call - but now the peek buffer is empty */
551 if (!NETCON_recv(connection, (char*)buf + *recvd, len - *recvd, flags, &recv2))
558 *recvd = pSSL_read(connection->ssl_s, buf, len);
559 if (flags & MSG_PEEK) /* must copy stuff into buffer */
561 connection->peek_len = *recvd;
564 HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
565 connection->peek_msg_mem = NULL;
566 connection->peek_msg = NULL;
569 memcpy(connection->peek_msg, buf, *recvd);
571 if (*recvd < 1 && len)
580 /******************************************************************************
583 BOOL NETCON_getNextLine(WININET_NETCONNECTION *connection, LPSTR lpszBuffer, LPDWORD dwBuffer)
588 if (!NETCON_connected(connection)) return FALSE;
590 if (!connection->useSSL)
594 BOOL bSuccess = FALSE;
598 FD_SET(connection->socketFD, &infd);
599 tv.tv_sec=RESPONSE_TIMEOUT;
602 while (nRecv < *dwBuffer)
604 if (select(connection->socketFD+1,&infd,NULL,NULL,&tv) > 0)
606 if (recv(connection->socketFD, &lpszBuffer[nRecv], 1, 0) <= 0)
608 INTERNET_SetLastError(sock_get_error(errno));
612 if (lpszBuffer[nRecv] == '\n')
617 if (lpszBuffer[nRecv] != '\r')
622 INTERNET_SetLastError(ERROR_INTERNET_TIMEOUT);
627 lend: /* FIXME: don't use labels */
630 lpszBuffer[nRecv++] = '\0';
632 TRACE(":%u %s\n", nRecv, lpszBuffer);
642 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
647 prev_timeout = pSSL_CTX_get_timeout(ctx);
648 pSSL_CTX_set_timeout(ctx, RESPONSE_TIMEOUT);
650 while (nRecv < *dwBuffer)
653 if (!NETCON_recv(connection, &lpszBuffer[nRecv], 1, 0, &recv))
655 INTERNET_SetLastError(ERROR_CONNECTION_ABORTED);
659 if (lpszBuffer[nRecv] == '\n')
664 if (lpszBuffer[nRecv] != '\r')
668 pSSL_CTX_set_timeout(ctx, prev_timeout);
671 lpszBuffer[nRecv++] = '\0';
673 TRACE("_SSL:%u %s\n", nRecv, lpszBuffer);
684 LPCVOID NETCON_GetCert(WININET_NETCONNECTION *connection)
687 #if defined HAVE_OPENSSL_SSL_H && defined HAVE_OPENSSL_ERR_H
689 unsigned char* buffer,*p;
691 BOOL malloced = FALSE;
694 if (!connection->useSSL)
697 cert = pSSL_get_peer_certificate(connection->ssl_s);
699 len = pi2d_X509(cert,&p);
701 * SSL 0.9.7 and above malloc the buffer if it is null.
702 * however earlier version do not and so we would need to alloc the buffer.
704 * see the i2d_X509 man page for more details.
708 buffer = HeapAlloc(GetProcessHeap(),0,len);
710 len = pi2d_X509(cert,&p);
718 r = CertCreateCertificateContext(X509_ASN_ENCODING,buffer,len);
723 HeapFree(GetProcessHeap(),0,buffer);
731 BOOL NETCON_set_timeout(WININET_NETCONNECTION *connection, BOOL send, int value)
736 /* FIXME: we should probably store the timeout in the connection to set
737 * when we do connect */
738 if (!NETCON_connected(connection))
741 /* value is in milliseconds, convert to struct timeval */
742 tv.tv_sec = value / 1000;
743 tv.tv_usec = (value % 1000) * 1000;
745 result = setsockopt(connection->socketFD, SOL_SOCKET,
746 send ? SO_SNDTIMEO : SO_RCVTIMEO, &tv,
751 WARN("setsockopt failed (%s)\n", strerror(errno));
752 INTERNET_SetLastError(sock_get_error(errno));