+/*
+ * uclient - ustream based protocol client library
+ *
+ * Copyright (C) 2014 Felix Fietkau <nbd@openwrt.org>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
#include <stdio.h>
#include <ctype.h>
#include <unistd.h>
struct uclient_http {
struct uclient uc;
+ const struct ustream_ssl_ops *ssl_ops;
struct ustream_ssl_ctx *ssl_ctx;
struct ustream *us;
struct ustream_fd ufd;
struct ustream_ssl ussl;
+ bool ssl_require_validation;
bool ssl;
bool eof;
bool connection_close;
static int uclient_do_connect(struct uclient_http *uh, const char *port)
{
+ socklen_t sl;
int fd;
if (uh->uc.url->port)
return -1;
ustream_fd_init(&uh->ufd, fd);
+
+ memset(&uh->uc.local_addr, 0, sizeof(uh->uc.local_addr));
+ memset(&uh->uc.remote_addr, 0, sizeof(uh->uc.remote_addr));
+
+ sl = sizeof(uh->uc.local_addr);
+ getsockname(fd, &uh->uc.local_addr.sa, &sl);
+ getpeername(fd, &uh->uc.remote_addr.sa, &sl);
+
return 0;
}
uclient_http_disconnect(uh);
}
+static void uclient_http_error(struct uclient_http *uh, int code)
+{
+ uh->state = HTTP_STATE_ERROR;
+ uh->us->eof = true;
+ ustream_state_change(uh->us);
+ uclient_backend_set_error(&uh->uc, code);
+}
+
static void uclient_notify_eof(struct uclient_http *uh)
{
struct ustream *us = uh->us;
uclient_http_add_auth_header(uh);
ustream_printf(uh->us, "\r\n");
+
+ uh->state = HTTP_STATE_HEADERS_SENT;
}
static void uclient_http_headers_complete(struct uclient_http *uh)
if (uh->uc.cb->header_done)
uh->uc.cb->header_done(&uh->uc);
- if (uh->req_type == REQ_HEAD) {
+ if (uh->req_type == REQ_HEAD || uh->uc.status_code == 204) {
uh->eof = true;
uclient_notify_eof(uh);
}
char *data;
int len;
- if (uh->state < HTTP_STATE_REQUEST_DONE)
+ if (uh->state < HTTP_STATE_REQUEST_DONE || uh->state == HTTP_STATE_ERROR)
return;
data = ustream_get_read_buf(uh->us, &len);
int ret;
uh->us = us;
+ uh->ssl = false;
+
us->string_data = true;
us->notify_state = uclient_notify_state;
us->notify_read = uclient_notify_read;
ret = uclient_do_connect(uh, "80");
if (ret)
- return ret;
+ return UCLIENT_ERROR_CONNECT;
return 0;
}
uclient_notify_eof(uh);
}
+static void uclient_ssl_notify_error(struct ustream_ssl *ssl, int error, const char *str)
+{
+ struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
+
+ uclient_http_error(uh, UCLIENT_ERROR_CONNECT);
+}
+
+static void uclient_ssl_notify_verify_error(struct ustream_ssl *ssl, int error, const char *str)
+{
+ struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
+
+ if (!uh->ssl_require_validation)
+ return;
+
+ uclient_http_error(uh, UCLIENT_ERROR_SSL_INVALID_CERT);
+}
+
+static void uclient_ssl_notify_connected(struct ustream_ssl *ssl)
+{
+ struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
+
+ if (!uh->ssl_require_validation)
+ return;
+
+ if (!uh->ussl.valid_cn)
+ uclient_http_error(uh, UCLIENT_ERROR_SSL_CN_MISMATCH);
+}
+
static int uclient_setup_https(struct uclient_http *uh)
{
struct ustream *us = &uh->ussl.stream;
uh->ssl = true;
uh->us = us;
+ if (!uh->ssl_ctx)
+ return UCLIENT_ERROR_MISSING_SSL_CONTEXT;
+
ret = uclient_do_connect(uh, "443");
if (ret)
- return ret;
-
- if (!uh->ssl_ctx)
- uh->ssl_ctx = ustream_ssl_context_new(false);
+ return UCLIENT_ERROR_CONNECT;
us->string_data = true;
us->notify_state = uclient_ssl_notify_state;
us->notify_read = uclient_ssl_notify_read;
- ustream_ssl_init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
+ uh->ussl.notify_error = uclient_ssl_notify_error;
+ uh->ussl.notify_verify_error = uclient_ssl_notify_verify_error;
+ uh->ussl.notify_connected = uclient_ssl_notify_connected;
+ uh->ssl_ops->init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
+ uh->ssl_ops->set_peer_cn(&uh->ussl, uh->uc.url->host);
return 0;
}
static int uclient_http_connect(struct uclient *cl)
{
struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
+ int ret;
uclient_http_init_request(uh);
uh->ssl = cl->url->prefix == PREFIX_HTTPS;
if (uh->ssl)
- return uclient_setup_https(uh);
+ ret = uclient_setup_https(uh);
else
- return uclient_setup_http(uh);
+ ret = uclient_setup_http(uh);
+
+ return ret;
}
static struct uclient *uclient_http_alloc(void)
return &uh->uc;
}
+static void uclient_http_free_ssl_ctx(struct uclient_http *uh)
+{
+ uh->ssl_ops = NULL;
+ uh->ssl_ctx = NULL;
+}
+
static void uclient_http_free(struct uclient *cl)
{
struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
- if (uh->ssl_ctx)
- ustream_ssl_context_free(uh->ssl_ctx);
-
uclient_http_free_url_state(cl);
+ uclient_http_free_ssl_ctx(uh);
blob_buf_free(&uh->headers);
blob_buf_free(&uh->meta);
free(uh);
}
int
-uclient_http_reset_headers(struct uclient *cl, const char *name, const char *value)
+uclient_http_reset_headers(struct uclient *cl)
{
struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
uclient_http_send_headers(uh);
- ustream_printf(uh->us, "%X\r\n", len);
- if (len > 0)
+ if (len > 0) {
+ ustream_printf(uh->us, "%X\r\n", len);
ustream_write(uh->us, buf, len, false);
- ustream_printf(uh->us, "\r\n");
+ ustream_printf(uh->us, "\r\n");
+ }
return len;
}
return -1;
uclient_http_send_headers(uh);
+ if (uh->req_type == REQ_POST)
+ ustream_printf(uh->us, "0\r\n\r\n");
uh->state = HTTP_STATE_REQUEST_DONE;
return 0;
return true;
}
+int uclient_http_set_ssl_ctx(struct uclient *cl, const struct ustream_ssl_ops *ops,
+ struct ustream_ssl_ctx *ctx, bool require_validation)
+{
+ struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
+
+ if (cl->backend != &uclient_backend_http)
+ return -1;
+
+ uclient_http_free_url_state(cl);
+
+ uclient_http_free_ssl_ctx(uh);
+ uh->ssl_ops = ops;
+ uh->ssl_ctx = ctx;
+ uh->ssl_require_validation = !!ctx && require_validation;
+
+ return 0;
+}
+
const struct uclient_backend uclient_backend_http = {
.prefix = uclient_http_prefix,