2
0

lib3102.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "test.h"
  25. #include "memdebug.h"
  26. /*
  27. * Verify correct order of certificates in the chain by comparing the
  28. * subject and issuer attributes of each certificate.
  29. */
  30. static bool is_chain_in_order(struct curl_certinfo *cert_info)
  31. {
  32. char *last_issuer = NULL;
  33. int cert;
  34. /* Chains with only a single certificate are always in order */
  35. if(cert_info->num_of_certs <= 1)
  36. return 1;
  37. /* Enumerate each certificate in the chain */
  38. for(cert = 0; cert < cert_info->num_of_certs; cert++) {
  39. struct curl_slist *slist = cert_info->certinfo[cert];
  40. char *issuer = NULL;
  41. char *subject = NULL;
  42. /* Find the certificate issuer and subject by enumerating each field */
  43. for(; slist && (!issuer || !subject); slist = slist->next) {
  44. const char issuer_prefix[] = "Issuer:";
  45. const char subject_prefix[] = "Subject:";
  46. if(!strncmp(slist->data, issuer_prefix, sizeof(issuer_prefix)-1)) {
  47. issuer = slist->data + sizeof(issuer_prefix)-1;
  48. }
  49. if(!strncmp(slist->data, subject_prefix, sizeof(subject_prefix)-1)) {
  50. subject = slist->data + sizeof(subject_prefix)-1;
  51. }
  52. }
  53. if(subject && issuer) {
  54. printf("cert %d\n", cert);
  55. printf(" subject: %s\n", subject);
  56. printf(" issuer: %s\n", issuer);
  57. if(last_issuer) {
  58. /* If the last certificate's issuer matches the current certificate's
  59. * subject, then the chain is in order */
  60. if(strcmp(last_issuer, subject) != 0) {
  61. fprintf(stderr, "cert %d issuer does not match cert %d subject\n",
  62. cert - 1, cert);
  63. fprintf(stderr, "certificate chain is not in order\n");
  64. return false;
  65. }
  66. }
  67. }
  68. last_issuer = issuer;
  69. }
  70. printf("certificate chain is in order\n");
  71. return true;
  72. }
  73. static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream)
  74. {
  75. (void)stream;
  76. (void)ptr;
  77. return size * nmemb;
  78. }
  79. CURLcode test(char *URL)
  80. {
  81. CURL *curl;
  82. CURLcode res = CURLE_OK;
  83. if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
  84. fprintf(stderr, "curl_global_init() failed\n");
  85. return TEST_ERR_MAJOR_BAD;
  86. }
  87. curl = curl_easy_init();
  88. if(!curl) {
  89. fprintf(stderr, "curl_easy_init() failed\n");
  90. curl_global_cleanup();
  91. return TEST_ERR_MAJOR_BAD;
  92. }
  93. /* Set the HTTPS url to retrieve. */
  94. test_setopt(curl, CURLOPT_URL, URL);
  95. /* Capture certificate information */
  96. test_setopt(curl, CURLOPT_CERTINFO, 1L);
  97. /* Ignore output */
  98. test_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu);
  99. /* No peer verify */
  100. test_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
  101. test_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
  102. /* Perform the request, res will get the return code */
  103. res = curl_easy_perform(curl);
  104. if(!res || res == CURLE_GOT_NOTHING) {
  105. struct curl_certinfo *cert_info = NULL;
  106. /* Get the certificate information */
  107. res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &cert_info);
  108. if(!res) {
  109. /* Check to see if the certificate chain is ordered correctly */
  110. if(!is_chain_in_order(cert_info))
  111. res = TEST_ERR_FAILURE;
  112. }
  113. }
  114. test_cleanup:
  115. /* always cleanup */
  116. curl_easy_cleanup(curl);
  117. curl_global_cleanup();
  118. return res;
  119. }