|
Packit |
8f70b4 |
/*
|
|
Packit |
8f70b4 |
* lftp - file transfer program
|
|
Packit |
8f70b4 |
*
|
|
Packit |
8f70b4 |
* Copyright (c) 1996-2016 by Alexander V. Lukyanov (lav@yars.free.net)
|
|
Packit |
8f70b4 |
*
|
|
Packit |
8f70b4 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
8f70b4 |
* it under the terms of the GNU General Public License as published by
|
|
Packit |
8f70b4 |
* the Free Software Foundation; either version 3 of the License, or
|
|
Packit |
8f70b4 |
* (at your option) any later version.
|
|
Packit |
8f70b4 |
*
|
|
Packit |
8f70b4 |
* This program is distributed in the hope that it will be useful,
|
|
Packit |
8f70b4 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
8f70b4 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
8f70b4 |
* GNU General Public License for more details.
|
|
Packit |
8f70b4 |
*
|
|
Packit |
8f70b4 |
* You should have received a copy of the GNU General Public License
|
|
Packit |
8f70b4 |
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit |
8f70b4 |
*/
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#ifndef LFTP_SSL_H
|
|
Packit |
8f70b4 |
#define LFTP_SSL_H
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#if USE_SSL
|
|
Packit |
8f70b4 |
# if USE_GNUTLS
|
|
Packit |
8f70b4 |
# include <gnutls/gnutls.h>
|
|
Packit |
8f70b4 |
# elif USE_OPENSSL
|
|
Packit |
8f70b4 |
# include <openssl/ssl.h>
|
|
Packit |
8f70b4 |
# include <openssl/err.h>
|
|
Packit |
8f70b4 |
# include <openssl/rand.h>
|
|
Packit |
8f70b4 |
# include <openssl/x509v3.h>
|
|
Packit |
8f70b4 |
# endif
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#include "Ref.h"
|
|
Packit |
8f70b4 |
#include "xstring.h"
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
class lftp_ssl_base
|
|
Packit |
8f70b4 |
{
|
|
Packit |
8f70b4 |
public:
|
|
Packit |
8f70b4 |
bool handshake_done;
|
|
Packit |
8f70b4 |
int fd;
|
|
Packit |
8f70b4 |
xstring_c hostname;
|
|
Packit |
8f70b4 |
enum handshake_mode_t { CLIENT, SERVER } handshake_mode;
|
|
Packit |
8f70b4 |
xstring error;
|
|
Packit |
8f70b4 |
bool fatal;
|
|
Packit |
8f70b4 |
bool cert_error;
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
lftp_ssl_base(int fd,handshake_mode_t m,const char *host=0);
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
enum code { RETRY=-2, ERROR=-1, DONE=0 };
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
void set_error(const char *s1,const char *s2);
|
|
Packit |
8f70b4 |
void set_cert_error(const char *s,const xstring& fp);
|
|
Packit |
8f70b4 |
};
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#if USE_GNUTLS
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#include <gnutls/x509.h>
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#if LFTP_LIBGNUTLS_VERSION_CODE < 0x010201
|
|
Packit |
8f70b4 |
/* Compatibility defintions for old gnutls */
|
|
Packit |
8f70b4 |
typedef gnutls_session gnutls_session_t;
|
|
Packit |
8f70b4 |
typedef gnutls_anon_server_credentials gnutls_anon_server_credentials_t;
|
|
Packit |
8f70b4 |
typedef gnutls_dh_params gnutls_dh_params_t;
|
|
Packit |
8f70b4 |
typedef gnutls_certificate_credentials gnutls_certificate_credentials_t;
|
|
Packit |
8f70b4 |
typedef gnutls_transport_ptr gnutls_transport_ptr_t;
|
|
Packit |
8f70b4 |
typedef gnutls_x509_crt gnutls_x509_crt_t;
|
|
Packit |
8f70b4 |
typedef gnutls_x509_crl gnutls_x509_crl_t;
|
|
Packit |
8f70b4 |
typedef gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t;
|
|
Packit |
8f70b4 |
typedef gnutls_datum gnutls_datum_t;
|
|
Packit |
8f70b4 |
#endif
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#include "ResMgr.h"
|
|
Packit |
8f70b4 |
class lftp_ssl_gnutls_instance : public ResClient
|
|
Packit |
8f70b4 |
{
|
|
Packit |
8f70b4 |
gnutls_x509_crl_t *crl_list;
|
|
Packit |
8f70b4 |
unsigned crl_list_size;
|
|
Packit |
8f70b4 |
gnutls_x509_crt_t *ca_list;
|
|
Packit |
8f70b4 |
unsigned ca_list_size;
|
|
Packit |
8f70b4 |
friend class lftp_ssl_gnutls;
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
void LoadCA();
|
|
Packit |
8f70b4 |
void LoadCRL();
|
|
Packit |
8f70b4 |
public:
|
|
Packit |
8f70b4 |
lftp_ssl_gnutls_instance();
|
|
Packit |
8f70b4 |
~lftp_ssl_gnutls_instance();
|
|
Packit |
8f70b4 |
void Reconfig(const char *);
|
|
Packit |
8f70b4 |
};
|
|
Packit |
8f70b4 |
class lftp_ssl_gnutls : public lftp_ssl_base
|
|
Packit |
8f70b4 |
{
|
|
Packit |
8f70b4 |
static Ref<lftp_ssl_gnutls_instance> instance;
|
|
Packit |
8f70b4 |
gnutls_session_t session;
|
|
Packit |
8f70b4 |
gnutls_certificate_credentials_t cred;
|
|
Packit |
8f70b4 |
void verify_certificate_chain(const gnutls_datum_t *cert_chain,int cert_chain_length);
|
|
Packit |
8f70b4 |
void verify_cert2(gnutls_x509_crt_t crt,gnutls_x509_crt_t issuer);
|
|
Packit |
8f70b4 |
void verify_last_cert(gnutls_x509_crt_t crt);
|
|
Packit |
8f70b4 |
int do_handshake();
|
|
Packit |
8f70b4 |
bool check_fatal(int res);
|
|
Packit |
8f70b4 |
static const xstring& get_fp(gnutls_x509_crt_t crt);
|
|
Packit |
8f70b4 |
public:
|
|
Packit |
8f70b4 |
static void global_init();
|
|
Packit |
8f70b4 |
static void global_deinit();
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
lftp_ssl_gnutls(int fd,handshake_mode_t m,const char *host=0);
|
|
Packit |
8f70b4 |
~lftp_ssl_gnutls();
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
int read(char *buf,int size);
|
|
Packit |
8f70b4 |
int write(const char *buf,int size);
|
|
Packit |
8f70b4 |
bool want_in();
|
|
Packit |
8f70b4 |
bool want_out();
|
|
Packit |
8f70b4 |
void copy_sid(const lftp_ssl_gnutls *);
|
|
Packit |
8f70b4 |
void load_keys();
|
|
Packit |
8f70b4 |
void shutdown();
|
|
Packit |
8f70b4 |
};
|
|
Packit |
8f70b4 |
typedef lftp_ssl_gnutls lftp_ssl;
|
|
Packit |
8f70b4 |
#elif USE_OPENSSL
|
|
Packit |
8f70b4 |
class lftp_ssl_openssl_instance {
|
|
Packit |
8f70b4 |
public:
|
|
Packit |
8f70b4 |
SSL_CTX *ssl_ctx;
|
|
Packit |
8f70b4 |
X509_STORE *crl_store;
|
|
Packit |
8f70b4 |
lftp_ssl_openssl_instance();
|
|
Packit |
8f70b4 |
~lftp_ssl_openssl_instance();
|
|
Packit |
8f70b4 |
};
|
|
Packit |
8f70b4 |
class lftp_ssl_openssl : public lftp_ssl_base
|
|
Packit |
8f70b4 |
{
|
|
Packit |
8f70b4 |
static Ref<lftp_ssl_openssl_instance> instance;
|
|
Packit |
8f70b4 |
SSL *ssl;
|
|
Packit |
8f70b4 |
bool check_fatal(int res);
|
|
Packit |
8f70b4 |
int do_handshake();
|
|
Packit |
8f70b4 |
const char *strerror();
|
|
Packit |
8f70b4 |
static const xstring& get_fp(X509 *crt);
|
|
Packit |
8f70b4 |
public:
|
|
Packit |
8f70b4 |
static int verify_crl(X509_STORE_CTX *ctx);
|
|
Packit |
8f70b4 |
static int verify_callback(int ok,X509_STORE_CTX *ctx);
|
|
Packit |
8f70b4 |
void check_certificate();
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
static void global_init();
|
|
Packit |
8f70b4 |
static void global_deinit();
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
lftp_ssl_openssl(int fd,handshake_mode_t m,const char *host=0);
|
|
Packit |
8f70b4 |
~lftp_ssl_openssl();
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
int read(char *buf,int size);
|
|
Packit |
8f70b4 |
int write(const char *buf,int size);
|
|
Packit |
8f70b4 |
bool want_in();
|
|
Packit |
8f70b4 |
bool want_out();
|
|
Packit |
8f70b4 |
void copy_sid(const lftp_ssl_openssl *);
|
|
Packit |
8f70b4 |
void load_keys();
|
|
Packit |
8f70b4 |
void shutdown();
|
|
Packit |
8f70b4 |
};
|
|
Packit |
8f70b4 |
typedef lftp_ssl_openssl lftp_ssl;
|
|
Packit |
8f70b4 |
#endif
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#endif//USE_SSL
|
|
Packit |
8f70b4 |
|
|
Packit |
8f70b4 |
#endif//LFTP_SSL_H
|