43 	void *ctx;  member
56 	int (*cert_cb)(void *ctx, struct http_cert *cert);
71 static void clear_curl(struct http_ctx *ctx)  in clear_curl()  argument
73 	if (ctx->curl) {  in clear_curl()
74 		curl_easy_cleanup(ctx->curl);  in clear_curl()
75 		ctx->curl = NULL;  in clear_curl()
77 	if (ctx->curl_hdr) {  in clear_curl()
78 		curl_slist_free_all(ctx->curl_hdr);  in clear_curl()
79 		ctx->curl_hdr = NULL;  in clear_curl()
94 static void debug_dump(struct http_ctx *ctx, const char *title,  in debug_dump()  argument
128 	struct http_ctx *ctx = userdata;  in curl_cb_debug()  local
131 		debug_dump(ctx, "CURLINFO_TEXT", buf, len);  in curl_cb_debug()
134 		debug_dump(ctx, "CURLINFO_HEADER_IN", buf, len);  in curl_cb_debug()
137 		debug_dump(ctx, "CURLINFO_HEADER_OUT", buf, len);  in curl_cb_debug()
140 		debug_dump(ctx, "CURLINFO_DATA_IN", buf, len);  in curl_cb_debug()
143 		debug_dump(ctx, "CURLINFO_DATA_OUT", buf, len);  in curl_cb_debug()
165 	struct http_ctx *ctx = userdata;  in curl_cb_write()  local
167 	n = os_realloc(ctx->curl_buf, ctx->curl_buf_len + size * nmemb + 1);  in curl_cb_write()
170 	ctx->curl_buf = n;  in curl_cb_write()
171 	os_memcpy(n + ctx->curl_buf_len, ptr, size * nmemb);  in curl_cb_write()
172 	n[ctx->curl_buf_len + size * nmemb] = '\0';  in curl_cb_write()
173 	ctx->curl_buf_len += size * nmemb;  in curl_cb_write()
205 static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name_othername()  argument
237 static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name_dns()  argument
258 static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name()  argument
263 		add_alt_name_othername(ctx, cert, name->d.otherName);  in add_alt_name()
266 		add_alt_name_dns(ctx, cert, name->d.dNSName);  in add_alt_name()
272 static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_names()  argument
281 		add_alt_name(ctx, cert, name);  in add_alt_names()
456 static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,  in DEFINE_STACK_OF()
504 static void add_logo_direct(struct http_ctx *ctx, struct http_cert *hcert,  in add_logo_direct()  argument
555 			add_logo(ctx, hcert, found_hash, uri);  in add_logo_direct()
561 static void add_logo_indirect(struct http_ctx *ctx, struct http_cert *hcert,  in add_logo_indirect()  argument
579 		add_logo(ctx, hcert, hash, uri);  in add_logo_indirect()
777 static void add_logotype_ext(struct http_ctx *ctx, struct http_cert *hcert,  in add_logotype_ext()  argument
836 			add_logo_direct(ctx, hcert, info->d.direct);  in add_logotype_ext()
839 			add_logo_indirect(ctx, hcert, info->d.indirect);  in add_logotype_ext()
848 static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,  in parse_cert()  argument
852 	hcert->url = ctx->url ? ctx->url : ctx->svc_address;  in parse_cert()
856 		add_alt_names(ctx, hcert, *names);  in parse_cert()
858 	add_logotype_ext(ctx, hcert, cert);  in parse_cert()
885 static int validate_server_cert(struct http_ctx *ctx, X509 *cert)  in validate_server_cert()  argument
891 	if (ctx->cert_cb == NULL) {  in validate_server_cert()
903 	parse_cert(ctx, &hcert, cert, &names);  in validate_server_cert()
904 	ret = ctx->cert_cb(ctx->cert_cb_ctx, &hcert);  in validate_server_cert()
911 void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname)  in http_parse_x509_certificate()  argument
941 	parse_cert(ctx, &hcert, cert, &names);  in http_parse_x509_certificate()
974 	struct http_ctx *ctx;  in curl_cb_ssl_verify()  local
986 	ctx = SSL_CTX_get_app_data(ssl_ctx);  in curl_cb_ssl_verify()
997 		ctx->last_err = "No server certificate available";  in curl_cb_ssl_verify()
1002 		ctx->peer_cert = cert;  in curl_cb_ssl_verify()
1004 		ctx->peer_issuer = cert;  in curl_cb_ssl_verify()
1006 		ctx->peer_issuer_issuer = cert;  in curl_cb_ssl_verify()
1014 	if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0)  in curl_cb_ssl_verify()
1018 	if (depth == 0 && ctx->ocsp != NO_OCSP && preverify_ok) {  in curl_cb_ssl_verify()
1021 		res = check_ocsp_resp(ssl_ctx, ssl, cert, ctx->peer_issuer,  in curl_cb_ssl_verify()
1022 				      ctx->peer_issuer_issuer);  in curl_cb_ssl_verify()
1029 		} else if (res != OCSP_GOOD && (ctx->ocsp == MANDATORY_OCSP)) {  in curl_cb_ssl_verify()
1038 		ctx->last_err = "TLS validation failed";  in curl_cb_ssl_verify()
1091 	struct http_ctx *ctx = arg;  in ocsp_resp_cb()  local
1104 		if (ctx->ocsp == MANDATORY_OCSP)  in ocsp_resp_cb()
1105 			ctx->last_err = "No OCSP response received";  in ocsp_resp_cb()
1106 		return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;  in ocsp_resp_cb()
1114 		ctx->last_err = "Failed to parse OCSP response";  in ocsp_resp_cb()
1124 		ctx->last_err = "OCSP responder error";  in ocsp_resp_cb()
1131 		ctx->last_err = "Could not find BasicOCSPResponse";  in ocsp_resp_cb()
1136 	if (ctx->peer_issuer) {  in ocsp_resp_cb()
1139 				ctx->peer_issuer);  in ocsp_resp_cb()
1141 		if (X509_STORE_add_cert(store, ctx->peer_issuer) != 1) {  in ocsp_resp_cb()
1148 			cert = X509_dup(ctx->peer_issuer);  in ocsp_resp_cb()
1157 			if (certs && ctx->peer_issuer_issuer) {  in ocsp_resp_cb()
1158 				cert = X509_dup(ctx->peer_issuer_issuer);  in ocsp_resp_cb()
1176 		ctx->last_err = "OCSP response failed verification";  in ocsp_resp_cb()
1182 	if (!ctx->peer_cert) {  in ocsp_resp_cb()
1186 		ctx->last_err = "Peer certificate not available for OCSP status check";  in ocsp_resp_cb()
1190 	if (!ctx->peer_issuer) {  in ocsp_resp_cb()
1194 		ctx->last_err = "Peer issuer certificate not available for OCSP status check";  in ocsp_resp_cb()
1198 	id = OCSP_cert_to_id(EVP_sha256(), ctx->peer_cert, ctx->peer_issuer);  in ocsp_resp_cb()
1204 		ctx->last_err = "Could not create OCSP certificate identifier";  in ocsp_resp_cb()
1211 		id = OCSP_cert_to_id(NULL, ctx->peer_cert, ctx->peer_issuer);  in ocsp_resp_cb()
1217 			ctx->last_err =  in ocsp_resp_cb()
1229 			   (ctx->ocsp == MANDATORY_OCSP) ? "" :  in ocsp_resp_cb()
1234 		if (ctx->ocsp == MANDATORY_OCSP)  in ocsp_resp_cb()
1236 			ctx->last_err = "Could not find current server certificate from OCSP response";  in ocsp_resp_cb()
1237 		return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;  in ocsp_resp_cb()
1245 		ctx->last_err = "OCSP status times invalid";  in ocsp_resp_cb()
1258 		ctx->last_err = "Server certificate has been revoked";  in ocsp_resp_cb()
1261 	if (ctx->ocsp == MANDATORY_OCSP) {  in ocsp_resp_cb()
1263 		ctx->last_err = "OCSP status unknown";  in ocsp_resp_cb()
1295 	struct http_ctx *ctx = parm;  in curl_cb_ssl()  local
1299 	SSL_CTX_set_app_data(ssl, ctx);  in curl_cb_ssl()
1303 	if (ctx->ocsp != NO_OCSP) {  in curl_cb_ssl()
1305 		SSL_CTX_set_tlsext_status_arg(ssl, ctx);  in curl_cb_ssl()
1327 static CURL * setup_curl_post(struct http_ctx *ctx, const char *address,  in setup_curl_post()  argument
1353 		curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx);  in setup_curl_post()
1361 		if (ctx->ocsp != NO_OCSP)  in setup_curl_post()
1376 	curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);  in setup_curl_post()
1378 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, ctx);  in setup_curl_post()
1390 static int post_init_client(struct http_ctx *ctx, const char *address,  in post_init_client()  argument
1398 	clone_str(&ctx->svc_address, address);  in post_init_client()
1399 	clone_str(&ctx->svc_ca_fname, ca_fname);  in post_init_client()
1400 	clone_str(&ctx->svc_username, username);  in post_init_client()
1401 	clone_str(&ctx->svc_password, password);  in post_init_client()
1402 	clone_str(&ctx->svc_client_cert, client_cert);  in post_init_client()
1403 	clone_str(&ctx->svc_client_key, client_key);  in post_init_client()
1409 	for (count = 0, pos = ctx->svc_address; count < 3 && pos && *pos;  in post_init_client()
1416 	ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username,  in post_init_client()
1418 	if (ctx->curl == NULL)  in post_init_client()
1425 int soap_init_client(struct http_ctx *ctx, const char *address,  in soap_init_client()  argument
1430 	if (post_init_client(ctx, address, ca_fname, username, password,  in soap_init_client()
1434 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr,  in soap_init_client()
1436 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "SOAPAction: ");  in soap_init_client()
1437 	ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "Expect:");  in soap_init_client()
1438 	curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, ctx->curl_hdr);  in soap_init_client()
1444 int soap_reinit_client(struct http_ctx *ctx)  in soap_reinit_client()  argument
1454 	clear_curl(ctx);  in soap_reinit_client()
1456 	clone_str(&address, ctx->svc_address);  in soap_reinit_client()
1457 	clone_str(&ca_fname, ctx->svc_ca_fname);  in soap_reinit_client()
1458 	clone_str(&username, ctx->svc_username);  in soap_reinit_client()
1459 	clone_str(&password, ctx->svc_password);  in soap_reinit_client()
1460 	clone_str(&client_cert, ctx->svc_client_cert);  in soap_reinit_client()
1461 	clone_str(&client_key, ctx->svc_client_key);  in soap_reinit_client()
1463 	ret = soap_init_client(ctx, address, ca_fname, username, password,  in soap_reinit_client()
1475 static void free_curl_buf(struct http_ctx *ctx)  in free_curl_buf()  argument
1477 	os_free(ctx->curl_buf);  in free_curl_buf()
1478 	ctx->curl_buf = NULL;  in free_curl_buf()
1479 	ctx->curl_buf_len = 0;  in free_curl_buf()
1483 xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node)  in soap_send_receive()  argument
1490 	ctx->last_err = NULL;  in soap_send_receive()
1493 	envelope = soap_build_envelope(ctx->xml, node);  in soap_send_receive()
1494 	str = xml_node_to_str(ctx->xml, envelope);  in soap_send_receive()
1495 	xml_node_free(ctx->xml, envelope);  in soap_send_receive()
1498 	curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, str);  in soap_send_receive()
1499 	free_curl_buf(ctx);  in soap_send_receive()
1501 	res = curl_easy_perform(ctx->curl);  in soap_send_receive()
1503 		if (!ctx->last_err)  in soap_send_receive()
1504 			ctx->last_err = curl_easy_strerror(res);  in soap_send_receive()
1506 			   ctx->last_err);  in soap_send_receive()
1508 		free_curl_buf(ctx);  in soap_send_receive()
1513 	curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &http);  in soap_send_receive()
1516 		ctx->last_err = "HTTP download failed";  in soap_send_receive()
1518 		free_curl_buf(ctx);  in soap_send_receive()
1522 	if (ctx->curl_buf == NULL)  in soap_send_receive()
1525 	wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ctx->curl_buf);  in soap_send_receive()
1526 	resp = xml_node_from_buf(ctx->xml, ctx->curl_buf);  in soap_send_receive()
1527 	free_curl_buf(ctx);  in soap_send_receive()
1530 		ctx->last_err = "Could not parse SOAP response";  in soap_send_receive()
1534 	ret = soap_get_body(ctx->xml, resp);  in soap_send_receive()
1537 		ctx->last_err = "Could not get SOAP body";  in soap_send_receive()
1542 		   xml_node_get_localname(ctx->xml, ret));  in soap_send_receive()
1543 	n = xml_node_copy(ctx->xml, ret);  in soap_send_receive()
1544 	xml_node_free(ctx->xml, resp);  in soap_send_receive()
1552 	struct http_ctx *ctx;  in http_init_ctx()  local
1554 	ctx = os_zalloc(sizeof(*ctx));  in http_init_ctx()
1555 	if (ctx == NULL)  in http_init_ctx()
1557 	ctx->ctx = upper_ctx;  in http_init_ctx()
1558 	ctx->xml = xml_ctx;  in http_init_ctx()
1559 	ctx->ocsp = OPTIONAL_OCSP;  in http_init_ctx()
1563 	return ctx;  in http_init_ctx()
1567 void http_ocsp_set(struct http_ctx *ctx, int val)  in http_ocsp_set()  argument
1570 		ctx->ocsp = NO_OCSP;  in http_ocsp_set()
1572 		ctx->ocsp = OPTIONAL_OCSP;  in http_ocsp_set()
1574 		ctx->ocsp = MANDATORY_OCSP;  in http_ocsp_set()
1578 void http_deinit_ctx(struct http_ctx *ctx)  in http_deinit_ctx()  argument
1580 	clear_curl(ctx);  in http_deinit_ctx()
1581 	os_free(ctx->curl_buf);  in http_deinit_ctx()
1584 	os_free(ctx->svc_address);  in http_deinit_ctx()
1585 	os_free(ctx->svc_ca_fname);  in http_deinit_ctx()
1586 	str_clear_free(ctx->svc_username);  in http_deinit_ctx()
1587 	str_clear_free(ctx->svc_password);  in http_deinit_ctx()
1588 	os_free(ctx->svc_client_cert);  in http_deinit_ctx()
1589 	os_free(ctx->svc_client_key);  in http_deinit_ctx()
1591 	os_free(ctx);  in http_deinit_ctx()
1595 int http_download_file(struct http_ctx *ctx, const char *url,  in http_download_file()  argument
1604 	ctx->last_err = NULL;  in http_download_file()
1605 	ctx->url = url;  in http_download_file()
1626 	curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);  in http_download_file()
1633 		if (!ctx->last_err)  in http_download_file()
1634 			ctx->last_err = curl_easy_strerror(res);  in http_download_file()
1636 			   ctx->last_err);  in http_download_file()
1643 		ctx->last_err = "HTTP download failed";  in http_download_file()
1651 	ctx->url = NULL;  in http_download_file()
1661 char * http_post(struct http_ctx *ctx, const char *url, const char *data,  in http_post()  argument
1674 	ctx->last_err = NULL;  in http_post()
1675 	ctx->url = url;  in http_post()
1677 	curl = setup_curl_post(ctx, url, ca_fname, username, password,  in http_post()
1692 	free_curl_buf(ctx);  in http_post()
1696 		if (!ctx->last_err)  in http_post()
1697 			ctx->last_err = curl_easy_strerror(res);  in http_post()
1699 			   ctx->last_err);  in http_post()
1706 		ctx->last_err = "HTTP POST failed";  in http_post()
1711 	if (ctx->curl_buf == NULL)  in http_post()
1714 	ret = ctx->curl_buf;  in http_post()
1716 		*resp_len = ctx->curl_buf_len;  in http_post()
1717 	ctx->curl_buf = NULL;  in http_post()
1718 	ctx->curl_buf_len = 0;  in http_post()
1723 	free_curl_buf(ctx);  in http_post()
1724 	ctx->url = NULL;  in http_post()
1729 void http_set_cert_cb(struct http_ctx *ctx,  in http_set_cert_cb()  argument
1730 		      int (*cb)(void *ctx, struct http_cert *cert),  in http_set_cert_cb()  argument
1733 	ctx->cert_cb = cb;  in http_set_cert_cb()
1734 	ctx->cert_cb_ctx = cb_ctx;  in http_set_cert_cb()
1738 const char * http_get_err(struct http_ctx *ctx)  in http_get_err()  argument
1740 	return ctx->last_err;  in http_get_err()