1 // carddav-sslverify.cpp - CardDAV Object - SSL verification subroutines.
3 // (c) 2012-2015 Xestia Software Development.
5 // This file is part of Xestia Address Book.
7 // Xestia Address Book is free software: you can redistribute it and/or modify
8 // it under the terms of the GNU General Public License as published by the
9 // Free Software Foundation, version 3 of the license.
11 // Xestia Address Book is distributed in the hope that it will be useful,
12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 // GNU General Public License for more details.
16 // You should have received a copy of the GNU General Public License along
17 // with Xestia Address Book. If not, see <http://www.gnu.org/licenses/>
20 #include "../version.h"
22 #include <wx/tokenzr.h>
24 #include <libxml/parser.h>
25 #include <libxml/tree.h>
28 #include "../vcard/vcard.h"
29 #include "../common/dirs.h"
31 CURLcode CardDAV::SSLVerifyTest(){
33 // Verify the SSL information.
40 AbortConnection = FALSE;
45 wxString ServerAddressURL;
47 wxString ServerAddressSSL;
48 wxString ServerAddressNormal;
50 conn = curl_easy_init();
52 /*struct CardDAVCURLPasser {
55 bool HeaderMode = TRUE;
57 } CardDAVHeader, CardDAVFooter;
59 CardDAVHeader.Data = this;
60 CardDAVHeader.HeaderMode = TRUE;
62 CardDAVFooter.Data = this;
63 CardDAVFooter.HeaderMode = FALSE;*/
68 ServerAddressURL = ServerAddress + wxT(":") + wxString::Format(wxT("%i"), ServerPort) + wxT("/");
69 ServerAddressSSL = wxT("https://") + ServerAddressURL;
74 struct curl_slist *certdata;
75 struct curl_certinfo *certinfo;
80 // Setup two initial connections and attempt to get the certificate data.
82 curl_easy_setopt(conn, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
83 curl_easy_setopt(conn, CURLOPT_CERTINFO, 1);
84 curl_easy_setopt(conn, CURLOPT_VERBOSE, 1L);
85 //curl_easy_setopt(conn, CURLOPT_SSL_VERIFYPEER, FALSE);
86 //curl_easy_setopt(conn, CURLOPT_SSL_VERIFYHOST, FALSE);
87 curl_easy_setopt(conn, CURLOPT_ERRORBUFFER, curlerrbuffer);
88 curl_easy_setopt(conn, CURLOPT_WRITEFUNCTION, WritebackFunc);
89 curl_easy_setopt(conn, CURLOPT_WRITEDATA, &PageData);
90 curl_easy_setopt(conn, CURLOPT_WRITEHEADER, &PageHeader);
92 conncode = (curl_easy_perform(conn));
94 // Check if the SSL certificate is valid or self-signed or some other
97 if (conncode == CURLE_OK){
99 // Connection is OK. Do nothing.
101 *ServerResult = TRUE;
103 } else if (conncode == CURLE_SSL_CACERT || conncode == CURLE_SSL_CONNECT_ERROR){
105 connssldata = curl_easy_init();
107 // Retry but get the certificates without peer/host verification.
109 curl_easy_setopt(connssldata, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
110 curl_easy_setopt(connssldata, CURLOPT_CERTINFO, 1);
111 curl_easy_setopt(connssldata, CURLOPT_VERBOSE, 1L);
112 curl_easy_setopt(connssldata, CURLOPT_ERRORBUFFER, curlerrbuffer);
113 curl_easy_setopt(connssldata, CURLOPT_WRITEFUNCTION, WritebackFunc);
114 curl_easy_setopt(connssldata, CURLOPT_WRITEDATA, &PageData);
115 curl_easy_setopt(connssldata, CURLOPT_WRITEHEADER, &PageHeader);
116 curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYPEER, 0L);
117 curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYHOST, 0L);
119 CURLcode certfetchcode;
121 certfetchcode = (curl_easy_perform(connssldata));
123 VerifyCertCollection = BuildSSLCollection(connssldata);
125 if (certfetchcode == CURLE_OK){
127 curl_easy_getinfo(connssldata, CURLINFO_CERTINFO, &ptr.certdata);
129 VerifyCertCollection = BuildSSLCollection(connssldata);
133 conncode = certfetchcode;
137 *ServerResult = FALSE;
141 fprintf(stderr, "curl_easy_perform() failed: %s\n",
142 curl_easy_strerror(conncode));
144 ErrorMessage = wxString::Format(wxT("%s"), curl_easy_strerror(conncode));
146 *ServerResult = FALSE;
152 curl_easy_cleanup(conn);