source/carddav/carddav-sslverify.cpp

   1 // carddav-sslverify.cpp - CardDAV Object - SSL verification subroutines.
   2 //
   3 // (c) 2012-2015 Xestia Software Development.
   4 //
   5 // This file is part of Xestia Address Book.
   6 //
   7 // Xestia Address Book is free software: you can redistribute it and/or modify
   8 // it under the terms of the GNU General Public License as published by the
   9 // Free Software Foundation, version 3 of the license.
  10 //
  11 // Xestia Address Book is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 // GNU General Public License for more details.
  15 //
  16 // You should have received a copy of the GNU General Public License along
  17 // with Xestia Address Book. If not, see <http://www.gnu.org/licenses/>
  18
  19 #include "carddav.h"
  20 #include "../version.h"
  21 #include <wx/wx.h>
  22 #include <wx/tokenzr.h>
  23 #include <wx/ffile.h>
  24 #include <libxml/parser.h>
  25 #include <libxml/tree.h>
  26 #include <map>
  27 #include <thread>
  28 #include "../vcard/vcard.h"
  29 #include "../common/dirs.h"
  30
  31 CURLcode CardDAV::SSLVerifyTest(){
  32
  33         // Verify the SSL information.
  34
  35         PageData.Clear();
  36         PageHeader.Clear();
  37
  38         SSLStatus = TRUE;
  39         AuthPassed = TRUE;
  40         AbortConnection = FALSE;
  41
  42         CURL *conn;
  43         CURL *connssldata;
  44         CURLcode conncode = CURLE_OK;
  45         wxString ServerAddressURL;
  46         wxString ServerAuth;
  47         wxString ServerAddressSSL;
  48         wxString ServerAddressNormal;
  49
  50         conn = curl_easy_init();
  51
  52         wxString Data1;
  53         wxString Data2;
  54
  55         ServerAddressURL = ServerAddress + wxT(":") + wxString::Format(wxT("%i"), ServerPort) + wxT("/");
  56         ServerAddressSSL = wxT("https://") + ServerAddressURL;
  57
  58         if (ServerSSL){
  59
  60                 union {
  61                         struct curl_slist       *certdata;
  62                         struct curl_certinfo    *certinfo;
  63                 } ptr;
  64
  65                 ptr.certdata = NULL;
  66
  67                 // Setup two initial connections and attempt to get the certificate data.
  68
  69                 curl_easy_setopt(conn, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
  70                 curl_easy_setopt(conn, CURLOPT_CERTINFO, 1);
  71                 curl_easy_setopt(conn, CURLOPT_VERBOSE, 1L);
  72                 curl_easy_setopt(conn, CURLOPT_ERRORBUFFER, curlerrbuffer);
  73                 curl_easy_setopt(conn, CURLOPT_WRITEFUNCTION, WritebackFunc);
  74                 curl_easy_setopt(conn, CURLOPT_WRITEDATA, &PageData);
  75                 curl_easy_setopt(conn, CURLOPT_WRITEHEADER, &PageHeader);
  76
  77 #if defined(__APPLE__) || defined(__WIN32__)
  78
  79                 SetConnectionObject(conn);
  80
  81 #else
  82
  83                 if (ServerAccount != ""){
  84
  85                         wxString ServerCertFilename = GetAccountDir(ServerAccount, TRUE);
  86
  87                         if (wxFile::Exists(ServerCertFilename) == TRUE){
  88
  89                                 curl_easy_setopt(conn, CURLOPT_SSL_VERIFYPEER, 1);
  90                                 curl_easy_setopt(conn, CURLOPT_SSL_VERIFYHOST, 2);
  91                                 curl_easy_setopt(conn, CURLOPT_CAINFO, (const char*)ServerCertFilename.mb_str(wxConvUTF8));
  92
  93                         }
  94
  95                 }
  96
  97 #endif
  98
  99                 conncode = (curl_easy_perform(conn));
 100
 101                 // Check if the SSL certificate is valid or self-signed or some other
 102                 // error occured.
 103
 104                 if (conncode == CURLE_OK){
 105
 106                         // Connection is OK. Do nothing.
 107
 108                         *ServerResult = TRUE;
 109
 110 #if !defined(__APPLE__) && !defined(__WIN32__)
 111
 112                         VerifyCertCollection = BuildSSLCollection(conn);
 113
 114 #endif
 115
 116                 } else if (conncode == CURLE_SSL_CACERT ||
 117                                 conncode == CURLE_SSL_CONNECT_ERROR ||
 118                                 conncode == CURLE_PEER_FAILED_VERIFICATION){
 119
 120                         connssldata = curl_easy_init();
 121
 122                         // Retry but get the certificates without peer/host verification.
 123
 124                         curl_easy_setopt(connssldata, CURLOPT_URL, (const char*)ServerAddressSSL.mb_str(wxConvUTF8));
 125                         curl_easy_setopt(connssldata, CURLOPT_CERTINFO, 1);
 126                         curl_easy_setopt(connssldata, CURLOPT_VERBOSE, 1L);
 127                         curl_easy_setopt(connssldata, CURLOPT_ERRORBUFFER, curlerrbuffer);
 128                         curl_easy_setopt(connssldata, CURLOPT_WRITEFUNCTION, WritebackFunc);
 129                         curl_easy_setopt(connssldata, CURLOPT_WRITEDATA, &PageData);
 130                         curl_easy_setopt(connssldata, CURLOPT_WRITEHEADER, &PageHeader);
 131                         curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYPEER, 0L);
 132                         curl_easy_setopt(connssldata, CURLOPT_SSL_VERIFYHOST, 0L);
 133
 134 #if defined(__APPLE__) || defined(__WIN32__)
 135
 136                         SetConnectionObject(connssldata);
 137
 138 #endif
 139
 140                         CURLcode certfetchcode;
 141
 142                         certfetchcode = (curl_easy_perform(connssldata));
 143
 144 #if !defined(__APPLE__) && !defined(__WIN32__)
 145
 146                         VerifyCertCollection = BuildSSLCollection(connssldata);
 147
 148                         if (certfetchcode == CURLE_OK){
 149
 150                                 curl_easy_getinfo(connssldata, CURLINFO_CERTINFO, &ptr.certdata);
 151
 152                                 VerifyCertCollection = BuildSSLCollection(connssldata);
 153
 154                         } else {
 155
 156                                 conncode = certfetchcode;
 157
 158                         }
 159
 160 #endif
 161
 162                         *ServerResult = FALSE;
 163
 164                 } else {
 165
 166                         fprintf(stderr, "curl_easy_perform() failed: %s\n",
 167                                 curl_easy_strerror(conncode));
 168
 169                         ErrorMessage = wxString::Format(wxT("%s"), curl_easy_strerror(conncode));
 170
 171                         *ServerResult = FALSE;
 172
 173                 }
 174
 175         }
 176
 177         curl_easy_cleanup(conn);
 178
 179         return conncode;
 180
 181 }