source/carddav/carddav-sslverify.cpp

   1 // carddav-sslverify.cpp - CardDAV Object - SSL verification subroutines.
   2 //
   3 // (c) 2012-2015 Xestia Software Development.
   4 //
   5 // This file is part of Xestia Address Book.
   6 //
   7 // Xestia Address Book is free software: you can redistribute it and/or modify
   8 // it under the terms of the GNU General Public License as published by the
   9 // Free Software Foundation, version 3 of the license.
  10 //
  11 // Xestia Address Book is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 // GNU General Public License for more details.
  15 //
  16 // You should have received a copy of the GNU General Public License along
  17 // with Xestia Address Book. If not, see <http://www.gnu.org/licenses/>
  18
  19 #include "carddav.h"
  20 #include "../version.h"
  21 #include <wx/wx.h>
  22 #include <wx/tokenzr.h>
  23 #include <wx/ffile.h>
  24 #include <libxml/parser.h>
  25 #include <libxml/tree.h>
  26 #include <map>
  27 #include <thread>
  28 #include "../vcard/vcard.h"
  29 #include "../common/dirs.h"
  30
  31 CURLcode CardDAV::SSLVerifyTest(){
  32
  33         // Verify the SSL information.
  34
  35         PageData.Clear();
  36         PageHeader.Clear();
  37
  38         SSLStatus = TRUE;
  39         AuthPassed = TRUE;
  40         AbortConnection = FALSE;
  41
  42         CURL *conn;
  43         CURL *connssldata;
  44         CURLcode conncode;
  45         wxString ServerAddressURL;
  46         wxString ServerAuth;
  47         wxString ServerAddressSSL;
  48         wxString ServerAddressNormal;
  49
  50         conn = curl_easy_init();
  51
  52         wxString Data1;
  53         wxString Data2;
  54
  55         ServerAddressURL = ServerAddress + wxT(":") + wxString::Format(wxT("%i"), ServerPort) + wxT("/");
  56         ServerAddressSSL = wxT("https://") + ServerAddressURL;
  57
  58         if (ServerSSL){
  59
  60                 union {
  61                         struct curl_slist       *certdata;
  62                         struct curl_certinfo    *certinfo;
  63                 } ptr;
  64
  65                 ptr.certdata = NULL;
  66
  67                 // Setup two initial connections and attempt to get the certificate data.
  68
  69                 curl_easy_setopt(conn, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
  70                 curl_easy_setopt(conn, CURLOPT_CERTINFO, 1);
  71                 curl_easy_setopt(conn, CURLOPT_VERBOSE, 1L);
  72                 curl_easy_setopt(conn, CURLOPT_ERRORBUFFER, curlerrbuffer);
  73                 curl_easy_setopt(conn, CURLOPT_WRITEFUNCTION, WritebackFunc);
  74                 curl_easy_setopt(conn, CURLOPT_WRITEDATA, &PageData);
  75                 curl_easy_setopt(conn, CURLOPT_WRITEHEADER, &PageHeader);
  76
  77 #if defined(__APPLE__)
  78
  79                 SetConnectionObject(conn);
  80
  81 #endif
  82
  83                 conncode = (curl_easy_perform(conn));
  84
  85                 // Check if the SSL certificate is valid or self-signed or some other
  86                 // error occured.
  87
  88                 if (conncode == CURLE_OK){
  89
  90                         // Connection is OK. Do nothing.
  91
  92                         *ServerResult = TRUE;
  93
  94                 } else if (conncode == CURLE_SSL_CACERT || conncode == CURLE_SSL_CONNECT_ERROR){
  95
  96                         connssldata = curl_easy_init();
  97
  98                         // Retry but get the certificates without peer/host verification.
  99
 100                         curl_easy_setopt(connssldata, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
 101                         curl_easy_setopt(connssldata, CURLOPT_CERTINFO, 1);
 102                         curl_easy_setopt(connssldata, CURLOPT_VERBOSE, 1L);
 103                         curl_easy_setopt(connssldata, CURLOPT_ERRORBUFFER, curlerrbuffer);
 104                         curl_easy_setopt(connssldata, CURLOPT_WRITEFUNCTION, WritebackFunc);
 105                         curl_easy_setopt(connssldata, CURLOPT_WRITEDATA, &PageData);
 106                         curl_easy_setopt(connssldata, CURLOPT_WRITEHEADER, &PageHeader);
 107                         curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYPEER, 0L);
 108                         curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYHOST, 0L);
 109
 110 #if defined(__APPLE__)
 111
 112                         SetConnectionObject(connssldata);
 113
 114 #endif
 115
 116                         CURLcode certfetchcode;
 117
 118                         certfetchcode = (curl_easy_perform(connssldata));
 119
 120                         VerifyCertCollection = BuildSSLCollection(connssldata);
 121
 122                         if (certfetchcode == CURLE_OK){
 123
 124                                 curl_easy_getinfo(connssldata, CURLINFO_CERTINFO, &ptr.certdata);
 125
 126                                 VerifyCertCollection = BuildSSLCollection(connssldata);
 127
 128                         } else {
 129
 130                                 conncode = certfetchcode;
 131
 132                         }
 133
 134                         *ServerResult = FALSE;
 135
 136                 } else {
 137
 138                         fprintf(stderr, "curl_easy_perform() failed: %s\n",
 139                                 curl_easy_strerror(conncode));
 140
 141                         ErrorMessage = wxString::Format(wxT("%s"), curl_easy_strerror(conncode));
 142
 143                         *ServerResult = FALSE;
 144
 145                 }
 146
 147         }
 148
 149         curl_easy_cleanup(conn);
 150
 151         return conncode;
 152
 153 }