2 * HTTP wrapper for libcurl
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
10 #include <curl/curl.h>
11 #ifdef EAP_TLS_OPENSSL
12 #include <openssl/ssl.h>
13 #include <openssl/asn1.h>
14 #include <openssl/asn1t.h>
15 #include <openssl/x509v3.h>
17 #ifdef SSL_set_tlsext_status_type
18 #ifndef OPENSSL_NO_TLSEXT
20 #include <openssl/err.h>
21 #include <openssl/ocsp.h>
22 #endif /* OPENSSL_NO_TLSEXT */
23 #endif /* SSL_set_tlsext_status_type */
24 #endif /* EAP_TLS_OPENSSL */
27 #include "xml-utils.h"
28 #include "http-utils.h"
33 struct xml_node_ctx *xml;
35 struct curl_slist *curl_hdr;
40 char *svc_client_cert;
45 int (*cert_cb)(void *ctx, struct http_cert *cert);
49 NO_OCSP, OPTIONAL_OCSP, MANDATORY_OCSP
53 X509 *peer_issuer_issuer;
59 static void clear_curl(struct http_ctx *ctx)
62 curl_easy_cleanup(ctx->curl);
66 curl_slist_free_all(ctx->curl_hdr);
72 static void clone_str(char **dst, const char *src)
76 *dst = os_strdup(src);
82 static void debug_dump(struct http_ctx *ctx, const char *title,
83 const char *buf, size_t len)
88 for (i = 0; i < len; i++) {
89 if (buf[i] < 32 && buf[i] != '\t' && buf[i] != '\n' &&
91 wpa_hexdump_ascii(MSG_MSGDUMP, title, buf, len);
96 txt = os_malloc(len + 1);
99 os_memcpy(txt, buf, len);
103 if (txt[len] == '\n' || txt[len] == '\r')
108 wpa_printf(MSG_MSGDUMP, "%s[%s]", title, txt);
113 static int curl_cb_debug(CURL *curl, curl_infotype info, char *buf, size_t len,
116 struct http_ctx *ctx = userdata;
119 debug_dump(ctx, "CURLINFO_TEXT", buf, len);
121 case CURLINFO_HEADER_IN:
122 debug_dump(ctx, "CURLINFO_HEADER_IN", buf, len);
124 case CURLINFO_HEADER_OUT:
125 debug_dump(ctx, "CURLINFO_HEADER_OUT", buf, len);
127 case CURLINFO_DATA_IN:
128 debug_dump(ctx, "CURLINFO_DATA_IN", buf, len);
130 case CURLINFO_DATA_OUT:
131 debug_dump(ctx, "CURLINFO_DATA_OUT", buf, len);
133 case CURLINFO_SSL_DATA_IN:
134 wpa_printf(MSG_DEBUG, "debug - CURLINFO_SSL_DATA_IN - %d",
137 case CURLINFO_SSL_DATA_OUT:
138 wpa_printf(MSG_DEBUG, "debug - CURLINFO_SSL_DATA_OUT - %d",
142 wpa_printf(MSG_DEBUG, "debug - CURLINFO_END - %d",
150 static size_t curl_cb_write(void *ptr, size_t size, size_t nmemb,
153 struct http_ctx *ctx = userdata;
155 n = os_realloc(ctx->curl_buf, ctx->curl_buf_len + size * nmemb + 1);
159 os_memcpy(n + ctx->curl_buf_len, ptr, size * nmemb);
160 n[ctx->curl_buf_len + size * nmemb] = '\0';
161 ctx->curl_buf_len += size * nmemb;
166 #ifdef EAP_TLS_OPENSSL
168 static void debug_dump_cert(const char *title, X509 *cert)
174 out = BIO_new(BIO_s_mem());
178 X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
179 rlen = BIO_ctrl_pending(out);
180 txt = os_malloc(rlen + 1);
182 int res = BIO_read(out, txt, rlen);
185 wpa_printf(MSG_MSGDUMP, "%s:\n%s", title, txt);
193 static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert,
198 struct http_othername *on;
201 on = os_realloc_array(cert->othername, cert->num_othername + 1,
202 sizeof(struct http_othername));
205 cert->othername = on;
206 on = &on[cert->num_othername];
207 os_memset(on, 0, sizeof(*on));
209 res = OBJ_obj2txt(txt, sizeof(txt), o->type_id, 1);
210 if (res < 0 || res >= (int) sizeof(txt))
213 on->oid = os_strdup(txt);
218 on->data = val->value.octet_string->data;
219 on->len = val->value.octet_string->length;
221 cert->num_othername++;
225 static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert,
232 if (ASN1_STRING_to_UTF8((unsigned char **) &buf, name) < 0)
235 n = os_realloc_array(cert->dnsname, cert->num_dnsname + 1,
241 n[cert->num_dnsname] = buf;
246 static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert,
247 const GENERAL_NAME *name)
249 switch (name->type) {
251 add_alt_name_othername(ctx, cert, name->d.otherName);
254 add_alt_name_dns(ctx, cert, name->d.dNSName);
260 static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,
261 GENERAL_NAMES *names)
265 num = sk_GENERAL_NAME_num(names);
266 for (i = 0; i < num; i++) {
267 const GENERAL_NAME *name;
268 name = sk_GENERAL_NAME_value(names, i);
269 add_alt_name(ctx, cert, name);
278 ASN1_OCTET_STRING *hashValue;
282 STACK_OF(HashAlgAndValue) *refStructHash;
283 STACK_OF(ASN1_IA5STRING) *refStructURI;
287 ASN1_IA5STRING *mediaType;
288 STACK_OF(HashAlgAndValue) *logotypeHash;
289 STACK_OF(ASN1_IA5STRING) *logotypeURI;
295 ASN1_INTEGER *numBits;
296 ASN1_INTEGER *tableSize;
298 } LogotypeImageResolution;
301 ASN1_INTEGER *type; /* LogotypeImageType ::= INTEGER */
302 ASN1_INTEGER *fileSize;
305 LogotypeImageResolution *resolution;
306 ASN1_IA5STRING *language;
310 LogotypeDetails *imageDetails;
311 LogotypeImageInfo *imageInfo;
315 ASN1_INTEGER *fileSize;
316 ASN1_INTEGER *playTime;
317 ASN1_INTEGER *channels;
318 ASN1_INTEGER *sampleRate;
319 ASN1_IA5STRING *language;
323 LogotypeDetails *audioDetails;
324 LogotypeAudioInfo *audioInfo;
328 STACK_OF(LogotypeImage) *image;
329 STACK_OF(LogotypeAudio) *audio;
335 LogotypeData *direct;
336 LogotypeReference *indirect;
341 ASN1_OBJECT *logotypeType;
346 STACK_OF(LogotypeInfo) *communityLogos;
347 LogotypeInfo *issuerLogo;
348 LogotypeInfo *subjectLogo;
349 STACK_OF(OtherLogotypeInfo) *otherLogos;
352 ASN1_SEQUENCE(HashAlgAndValue) = {
353 ASN1_SIMPLE(HashAlgAndValue, hashAlg, X509_ALGOR),
354 ASN1_SIMPLE(HashAlgAndValue, hashValue, ASN1_OCTET_STRING)
355 } ASN1_SEQUENCE_END(HashAlgAndValue);
357 ASN1_SEQUENCE(LogotypeReference) = {
358 ASN1_SEQUENCE_OF(LogotypeReference, refStructHash, HashAlgAndValue),
359 ASN1_SEQUENCE_OF(LogotypeReference, refStructURI, ASN1_IA5STRING)
360 } ASN1_SEQUENCE_END(LogotypeReference);
362 ASN1_SEQUENCE(LogotypeDetails) = {
363 ASN1_SIMPLE(LogotypeDetails, mediaType, ASN1_IA5STRING),
364 ASN1_SEQUENCE_OF(LogotypeDetails, logotypeHash, HashAlgAndValue),
365 ASN1_SEQUENCE_OF(LogotypeDetails, logotypeURI, ASN1_IA5STRING)
366 } ASN1_SEQUENCE_END(LogotypeDetails);
368 ASN1_CHOICE(LogotypeImageResolution) = {
369 ASN1_IMP(LogotypeImageResolution, d.numBits, ASN1_INTEGER, 1),
370 ASN1_IMP(LogotypeImageResolution, d.tableSize, ASN1_INTEGER, 2)
371 } ASN1_CHOICE_END(LogotypeImageResolution);
373 ASN1_SEQUENCE(LogotypeImageInfo) = {
374 ASN1_IMP_OPT(LogotypeImageInfo, type, ASN1_INTEGER, 0),
375 ASN1_SIMPLE(LogotypeImageInfo, fileSize, ASN1_INTEGER),
376 ASN1_SIMPLE(LogotypeImageInfo, xSize, ASN1_INTEGER),
377 ASN1_SIMPLE(LogotypeImageInfo, ySize, ASN1_INTEGER),
378 ASN1_OPT(LogotypeImageInfo, resolution, LogotypeImageResolution),
379 ASN1_IMP_OPT(LogotypeImageInfo, language, ASN1_IA5STRING, 4),
380 } ASN1_SEQUENCE_END(LogotypeImageInfo);
382 ASN1_SEQUENCE(LogotypeImage) = {
383 ASN1_SIMPLE(LogotypeImage, imageDetails, LogotypeDetails),
384 ASN1_OPT(LogotypeImage, imageInfo, LogotypeImageInfo)
385 } ASN1_SEQUENCE_END(LogotypeImage);
387 ASN1_SEQUENCE(LogotypeAudioInfo) = {
388 ASN1_SIMPLE(LogotypeAudioInfo, fileSize, ASN1_INTEGER),
389 ASN1_SIMPLE(LogotypeAudioInfo, playTime, ASN1_INTEGER),
390 ASN1_SIMPLE(LogotypeAudioInfo, channels, ASN1_INTEGER),
391 ASN1_IMP_OPT(LogotypeAudioInfo, sampleRate, ASN1_INTEGER, 3),
392 ASN1_IMP_OPT(LogotypeAudioInfo, language, ASN1_IA5STRING, 4)
393 } ASN1_SEQUENCE_END(LogotypeAudioInfo);
395 ASN1_SEQUENCE(LogotypeAudio) = {
396 ASN1_SIMPLE(LogotypeAudio, audioDetails, LogotypeDetails),
397 ASN1_OPT(LogotypeAudio, audioInfo, LogotypeAudioInfo)
398 } ASN1_SEQUENCE_END(LogotypeAudio);
400 ASN1_SEQUENCE(LogotypeData) = {
401 ASN1_SEQUENCE_OF_OPT(LogotypeData, image, LogotypeImage),
402 ASN1_IMP_SEQUENCE_OF_OPT(LogotypeData, audio, LogotypeAudio, 1)
403 } ASN1_SEQUENCE_END(LogotypeData);
405 ASN1_CHOICE(LogotypeInfo) = {
406 ASN1_IMP(LogotypeInfo, d.direct, LogotypeData, 0),
407 ASN1_IMP(LogotypeInfo, d.indirect, LogotypeReference, 1)
408 } ASN1_CHOICE_END(LogotypeInfo);
410 ASN1_SEQUENCE(OtherLogotypeInfo) = {
411 ASN1_SIMPLE(OtherLogotypeInfo, logotypeType, ASN1_OBJECT),
412 ASN1_SIMPLE(OtherLogotypeInfo, info, LogotypeInfo)
413 } ASN1_SEQUENCE_END(OtherLogotypeInfo);
415 ASN1_SEQUENCE(LogotypeExtn) = {
416 ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, communityLogos, LogotypeInfo, 0),
417 ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 1),
418 ASN1_EXP_OPT(LogotypeExtn, issuerLogo, LogotypeInfo, 2),
419 ASN1_EXP_SEQUENCE_OF_OPT(LogotypeExtn, otherLogos, OtherLogotypeInfo, 3)
420 } ASN1_SEQUENCE_END(LogotypeExtn);
422 IMPLEMENT_ASN1_FUNCTIONS(LogotypeExtn);
424 #define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))
425 #define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))
426 #define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st))
427 #define sk_LogotypeImage_value(st, i) SKM_sk_value(LogotypeImage, (st), (i))
428 #define sk_LogotypeAudio_num(st) SKM_sk_num(LogotypeAudio, (st))
429 #define sk_LogotypeAudio_value(st, i) SKM_sk_value(LogotypeAudio, (st), (i))
430 #define sk_HashAlgAndValue_num(st) SKM_sk_num(HashAlgAndValue, (st))
431 #define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i))
432 #define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st))
433 #define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i))
436 static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,
437 HashAlgAndValue *hash, ASN1_IA5STRING *uri)
443 if (hash == NULL || uri == NULL)
446 res = OBJ_obj2txt(txt, sizeof(txt), hash->hashAlg->algorithm, 1);
447 if (res < 0 || res >= (int) sizeof(txt))
450 n = os_realloc_array(hcert->logo, hcert->num_logo + 1,
451 sizeof(struct http_logo));
455 n = &hcert->logo[hcert->num_logo];
456 os_memset(n, 0, sizeof(*n));
458 n->alg_oid = os_strdup(txt);
459 if (n->alg_oid == NULL)
462 n->hash_len = ASN1_STRING_length(hash->hashValue);
463 n->hash = os_malloc(n->hash_len);
464 if (n->hash == NULL) {
468 os_memcpy(n->hash, ASN1_STRING_data(hash->hashValue), n->hash_len);
470 len = ASN1_STRING_length(uri);
471 n->uri = os_malloc(len + 1);
472 if (n->uri == NULL) {
477 os_memcpy(n->uri, ASN1_STRING_data(uri), len);
484 static void add_logo_direct(struct http_ctx *ctx, struct http_cert *hcert,
489 if (data->image == NULL)
492 num = sk_LogotypeImage_num(data->image);
493 for (i = 0; i < num; i++) {
494 LogotypeImage *image;
495 LogotypeDetails *details;
496 int j, hash_num, uri_num;
497 HashAlgAndValue *found_hash = NULL;
499 image = sk_LogotypeImage_value(data->image, i);
503 details = image->imageDetails;
507 hash_num = sk_HashAlgAndValue_num(details->logotypeHash);
508 for (j = 0; j < hash_num; j++) {
509 HashAlgAndValue *hash;
512 hash = sk_HashAlgAndValue_value(details->logotypeHash,
516 res = OBJ_obj2txt(txt, sizeof(txt),
517 hash->hashAlg->algorithm, 1);
518 if (res < 0 || res >= (int) sizeof(txt))
520 if (os_strcmp(txt, "2.16.840.1.101.3.4.2.1") == 0) {
527 wpa_printf(MSG_DEBUG, "OpenSSL: No SHA256 hash found for the logo");
531 uri_num = sk_ASN1_IA5STRING_num(details->logotypeURI);
532 for (j = 0; j < uri_num; j++) {
534 uri = sk_ASN1_IA5STRING_value(details->logotypeURI, j);
535 add_logo(ctx, hcert, found_hash, uri);
541 static void add_logo_indirect(struct http_ctx *ctx, struct http_cert *hcert,
542 LogotypeReference *ref)
544 int j, hash_num, uri_num;
546 hash_num = sk_HashAlgAndValue_num(ref->refStructHash);
547 uri_num = sk_ASN1_IA5STRING_num(ref->refStructURI);
548 if (hash_num != uri_num) {
549 wpa_printf(MSG_INFO, "Unexpected LogotypeReference array size difference %d != %d",
554 for (j = 0; j < hash_num; j++) {
555 HashAlgAndValue *hash;
557 hash = sk_HashAlgAndValue_value(ref->refStructHash, j);
558 uri = sk_ASN1_IA5STRING_value(ref->refStructURI, j);
559 add_logo(ctx, hcert, hash, uri);
564 static void i2r_HashAlgAndValue(HashAlgAndValue *hash, BIO *out, int indent)
567 const unsigned char *data;
569 BIO_printf(out, "%*shashAlg: ", indent, "");
570 i2a_ASN1_OBJECT(out, hash->hashAlg->algorithm);
571 BIO_printf(out, "\n");
573 BIO_printf(out, "%*shashValue: ", indent, "");
574 data = hash->hashValue->data;
575 for (i = 0; i < hash->hashValue->length; i++)
576 BIO_printf(out, "%s%02x", i > 0 ? ":" : "", data[i]);
577 BIO_printf(out, "\n");
580 static void i2r_LogotypeDetails(LogotypeDetails *details, BIO *out, int indent)
584 BIO_printf(out, "%*sLogotypeDetails\n", indent, "");
585 if (details->mediaType) {
586 BIO_printf(out, "%*smediaType: ", indent, "");
587 ASN1_STRING_print(out, details->mediaType);
588 BIO_printf(out, "\n");
591 num = details->logotypeHash ?
592 sk_HashAlgAndValue_num(details->logotypeHash) : 0;
593 for (i = 0; i < num; i++) {
594 HashAlgAndValue *hash;
595 hash = sk_HashAlgAndValue_value(details->logotypeHash, i);
596 i2r_HashAlgAndValue(hash, out, indent);
599 num = details->logotypeURI ?
600 sk_ASN1_IA5STRING_num(details->logotypeURI) : 0;
601 for (i = 0; i < num; i++) {
603 uri = sk_ASN1_IA5STRING_value(details->logotypeURI, i);
604 BIO_printf(out, "%*slogotypeURI: ", indent, "");
605 ASN1_STRING_print(out, uri);
606 BIO_printf(out, "\n");
610 static void i2r_LogotypeImageInfo(LogotypeImageInfo *info, BIO *out, int indent)
614 BIO_printf(out, "%*sLogotypeImageInfo\n", indent, "");
616 val = ASN1_INTEGER_get(info->type);
617 BIO_printf(out, "%*stype: %ld\n", indent, "", val);
619 BIO_printf(out, "%*stype: default (1)\n", indent, "");
621 val = ASN1_INTEGER_get(info->xSize);
622 BIO_printf(out, "%*sxSize: %ld\n", indent, "", val);
623 val = ASN1_INTEGER_get(info->ySize);
624 BIO_printf(out, "%*sySize: %ld\n", indent, "", val);
625 if (info->resolution) {
626 BIO_printf(out, "%*sresolution\n", indent, "");
629 if (info->language) {
630 BIO_printf(out, "%*slanguage: ", indent, "");
631 ASN1_STRING_print(out, info->language);
632 BIO_printf(out, "\n");
636 static void i2r_LogotypeImage(LogotypeImage *image, BIO *out, int indent)
638 BIO_printf(out, "%*sLogotypeImage\n", indent, "");
639 if (image->imageDetails) {
640 i2r_LogotypeDetails(image->imageDetails, out, indent + 4);
642 if (image->imageInfo) {
643 i2r_LogotypeImageInfo(image->imageInfo, out, indent + 4);
647 static void i2r_LogotypeData(LogotypeData *data, const char *title, BIO *out,
652 BIO_printf(out, "%*s%s - LogotypeData\n", indent, "", title);
654 num = data->image ? sk_LogotypeImage_num(data->image) : 0;
655 for (i = 0; i < num; i++) {
656 LogotypeImage *image = sk_LogotypeImage_value(data->image, i);
657 i2r_LogotypeImage(image, out, indent + 4);
660 num = data->audio ? sk_LogotypeAudio_num(data->audio) : 0;
661 for (i = 0; i < num; i++) {
662 BIO_printf(out, "%*saudio: TODO\n", indent, "");
666 static void i2r_LogotypeReference(LogotypeReference *ref, const char *title,
667 BIO *out, int indent)
669 int i, hash_num, uri_num;
671 BIO_printf(out, "%*s%s - LogotypeReference\n", indent, "", title);
673 hash_num = ref->refStructHash ?
674 sk_HashAlgAndValue_num(ref->refStructHash) : 0;
675 uri_num = ref->refStructURI ?
676 sk_ASN1_IA5STRING_num(ref->refStructURI) : 0;
677 if (hash_num != uri_num) {
678 BIO_printf(out, "%*sUnexpected LogotypeReference array size difference %d != %d\n",
679 indent, "", hash_num, uri_num);
683 for (i = 0; i < hash_num; i++) {
684 HashAlgAndValue *hash;
687 hash = sk_HashAlgAndValue_value(ref->refStructHash, i);
688 i2r_HashAlgAndValue(hash, out, indent);
690 uri = sk_ASN1_IA5STRING_value(ref->refStructURI, i);
691 BIO_printf(out, "%*srefStructURI: ", indent, "");
692 ASN1_STRING_print(out, uri);
693 BIO_printf(out, "\n");
697 static void i2r_LogotypeInfo(LogotypeInfo *info, const char *title, BIO *out,
700 switch (info->type) {
702 i2r_LogotypeData(info->d.direct, title, out, indent);
705 i2r_LogotypeReference(info->d.indirect, title, out, indent);
710 static void debug_print_logotypeext(LogotypeExtn *logo)
716 out = BIO_new_fp(stdout, BIO_NOCLOSE);
720 if (logo->communityLogos) {
721 num = sk_LogotypeInfo_num(logo->communityLogos);
722 for (i = 0; i < num; i++) {
724 info = sk_LogotypeInfo_value(logo->communityLogos, i);
725 i2r_LogotypeInfo(info, "communityLogo", out, indent);
729 if (logo->issuerLogo) {
730 i2r_LogotypeInfo(logo->issuerLogo, "issuerLogo", out, indent );
733 if (logo->subjectLogo) {
734 i2r_LogotypeInfo(logo->subjectLogo, "subjectLogo", out, indent);
737 if (logo->otherLogos) {
738 BIO_printf(out, "%*sotherLogos - TODO\n", indent, "");
745 static void add_logotype_ext(struct http_ctx *ctx, struct http_cert *hcert,
751 ASN1_OCTET_STRING *os;
753 const unsigned char *data;
756 obj = OBJ_txt2obj("1.3.6.1.5.5.7.1.12", 0);
760 pos = X509_get_ext_by_OBJ(cert, obj, -1);
762 wpa_printf(MSG_INFO, "No logotype extension included");
766 wpa_printf(MSG_INFO, "Parsing logotype extension");
767 ext = X509_get_ext(cert, pos);
769 wpa_printf(MSG_INFO, "Could not get logotype extension");
773 os = X509_EXTENSION_get_data(ext);
775 wpa_printf(MSG_INFO, "Could not get logotype extension data");
779 wpa_hexdump(MSG_DEBUG, "logotypeExtn",
780 ASN1_STRING_data(os), ASN1_STRING_length(os));
782 data = ASN1_STRING_data(os);
783 logo = d2i_LogotypeExtn(NULL, &data, ASN1_STRING_length(os));
785 wpa_printf(MSG_INFO, "Failed to parse logotypeExtn");
789 if (wpa_debug_level < MSG_INFO)
790 debug_print_logotypeext(logo);
792 if (!logo->communityLogos) {
793 wpa_printf(MSG_INFO, "No communityLogos included");
794 LogotypeExtn_free(logo);
798 num = sk_LogotypeInfo_num(logo->communityLogos);
799 for (i = 0; i < num; i++) {
801 info = sk_LogotypeInfo_value(logo->communityLogos, i);
802 switch (info->type) {
804 add_logo_direct(ctx, hcert, info->d.direct);
807 add_logo_indirect(ctx, hcert, info->d.indirect);
812 LogotypeExtn_free(logo);
816 static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
817 X509 *cert, GENERAL_NAMES **names)
819 os_memset(hcert, 0, sizeof(*hcert));
821 *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
823 add_alt_names(ctx, hcert, *names);
825 add_logotype_ext(ctx, hcert, cert);
829 static void parse_cert_free(struct http_cert *hcert, GENERAL_NAMES *names)
833 for (i = 0; i < hcert->num_dnsname; i++)
834 OPENSSL_free(hcert->dnsname[i]);
835 os_free(hcert->dnsname);
837 for (i = 0; i < hcert->num_othername; i++)
838 os_free(hcert->othername[i].oid);
839 os_free(hcert->othername);
841 for (i = 0; i < hcert->num_logo; i++) {
842 os_free(hcert->logo[i].alg_oid);
843 os_free(hcert->logo[i].hash);
844 os_free(hcert->logo[i].uri);
846 os_free(hcert->logo);
848 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
852 static int validate_server_cert(struct http_ctx *ctx, X509 *cert)
854 GENERAL_NAMES *names;
855 struct http_cert hcert;
858 if (ctx->cert_cb == NULL) {
859 wpa_printf(MSG_DEBUG, "%s: no cert_cb configured", __func__);
865 out = BIO_new_fp(stdout, BIO_NOCLOSE);
866 X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
870 parse_cert(ctx, &hcert, cert, &names);
871 ret = ctx->cert_cb(ctx->cert_cb_ctx, &hcert);
872 parse_cert_free(&hcert, names);
878 void http_parse_x509_certificate(struct http_ctx *ctx, const char *fname)
882 GENERAL_NAMES *names;
883 struct http_cert hcert;
886 in = BIO_new_file(fname, "r");
888 wpa_printf(MSG_ERROR, "Could not read '%s'", fname);
892 cert = d2i_X509_bio(in, NULL);
896 wpa_printf(MSG_ERROR, "Could not parse certificate");
900 out = BIO_new_fp(stdout, BIO_NOCLOSE);
902 X509_print_ex(out, cert, XN_FLAG_COMPAT,
907 wpa_printf(MSG_INFO, "Additional parsing information:");
908 parse_cert(ctx, &hcert, cert, &names);
909 for (i = 0; i < hcert.num_othername; i++) {
910 if (os_strcmp(hcert.othername[i].oid,
911 "1.3.6.1.4.1.40808.1.1.1") == 0) {
912 char *name = os_zalloc(hcert.othername[i].len + 1);
914 os_memcpy(name, hcert.othername[i].data,
915 hcert.othername[i].len);
917 "id-wfa-hotspot-friendlyName: %s",
921 wpa_hexdump_ascii(MSG_INFO,
922 "id-wfa-hotspot-friendlyName",
923 hcert.othername[i].data,
924 hcert.othername[i].len);
926 wpa_printf(MSG_INFO, "subjAltName[othername]: oid=%s",
927 hcert.othername[i].oid);
928 wpa_hexdump_ascii(MSG_INFO, "unknown othername",
929 hcert.othername[i].data,
930 hcert.othername[i].len);
933 parse_cert_free(&hcert, names);
939 static int curl_cb_ssl_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
941 struct http_ctx *ctx;
950 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
951 SSL_get_ex_data_X509_STORE_CTX_idx());
953 ctx = SSL_CTX_get_app_data(ssl_ctx);
955 wpa_printf(MSG_DEBUG, "curl_cb_ssl_verify, preverify_ok: %d",
958 err = X509_STORE_CTX_get_error(x509_ctx);
959 err_str = X509_verify_cert_error_string(err);
960 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
961 cert = X509_STORE_CTX_get_current_cert(x509_ctx);
963 wpa_printf(MSG_INFO, "No server certificate available");
964 ctx->last_err = "No server certificate available";
969 ctx->peer_cert = cert;
971 ctx->peer_issuer = cert;
973 ctx->peer_issuer_issuer = cert;
975 name = X509_get_subject_name(cert);
976 X509_NAME_oneline(name, buf, sizeof(buf));
977 wpa_printf(MSG_INFO, "Server certificate chain - depth=%d err=%d (%s) subject=%s",
978 depth, err, err_str, buf);
979 debug_dump_cert("Server certificate chain - certificate", cert);
981 if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0)
985 ctx->last_err = "TLS validation failed";
993 static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
1000 out = BIO_new(BIO_s_mem());
1004 OCSP_RESPONSE_print(out, rsp, 0);
1005 rlen = BIO_ctrl_pending(out);
1006 txt = os_malloc(rlen + 1);
1012 res = BIO_read(out, txt, rlen);
1015 wpa_printf(MSG_MSGDUMP, "OpenSSL: OCSP Response\n%s", txt);
1022 static void tls_show_errors(const char *func, const char *txt)
1026 wpa_printf(MSG_DEBUG, "OpenSSL: %s - %s %s",
1027 func, txt, ERR_error_string(ERR_get_error(), NULL));
1029 while ((err = ERR_get_error())) {
1030 wpa_printf(MSG_DEBUG, "OpenSSL: pending error: %s",
1031 ERR_error_string(err, NULL));
1036 static int ocsp_resp_cb(SSL *s, void *arg)
1038 struct http_ctx *ctx = arg;
1039 const unsigned char *p;
1040 int len, status, reason;
1042 OCSP_BASICRESP *basic;
1044 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
1046 STACK_OF(X509) *certs = NULL;
1048 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
1050 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
1051 if (ctx->ocsp == MANDATORY_OCSP)
1052 ctx->last_err = "No OCSP response received";
1053 return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;
1056 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
1058 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
1060 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
1061 ctx->last_err = "Failed to parse OCSP response";
1065 ocsp_debug_print_resp(rsp);
1067 status = OCSP_response_status(rsp);
1068 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
1069 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
1070 status, OCSP_response_status_str(status));
1071 ctx->last_err = "OCSP responder error";
1075 basic = OCSP_response_get1_basic(rsp);
1077 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
1078 ctx->last_err = "Could not find BasicOCSPResponse";
1082 store = SSL_CTX_get_cert_store(s->ctx);
1083 if (ctx->peer_issuer) {
1084 wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer");
1085 debug_dump_cert("OpenSSL: Issuer certificate",
1088 if (X509_STORE_add_cert(store, ctx->peer_issuer) != 1) {
1089 tls_show_errors(__func__,
1090 "OpenSSL: Could not add issuer to certificate store");
1092 certs = sk_X509_new_null();
1095 cert = X509_dup(ctx->peer_issuer);
1096 if (cert && !sk_X509_push(certs, cert)) {
1099 "OpenSSL: Could not add issuer to OCSP responder trust store");
1101 sk_X509_free(certs);
1104 if (certs && ctx->peer_issuer_issuer) {
1105 cert = X509_dup(ctx->peer_issuer_issuer);
1106 if (cert && !sk_X509_push(certs, cert)) {
1109 "OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
1116 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER);
1117 sk_X509_pop_free(certs, X509_free);
1119 tls_show_errors(__func__,
1120 "OpenSSL: OCSP response failed verification");
1121 OCSP_BASICRESP_free(basic);
1122 OCSP_RESPONSE_free(rsp);
1123 ctx->last_err = "OCSP response failed verification";
1127 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
1129 if (!ctx->peer_cert) {
1130 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
1131 OCSP_BASICRESP_free(basic);
1132 OCSP_RESPONSE_free(rsp);
1133 ctx->last_err = "Peer certificate not available for OCSP status check";
1137 if (!ctx->peer_issuer) {
1138 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
1139 OCSP_BASICRESP_free(basic);
1140 OCSP_RESPONSE_free(rsp);
1141 ctx->last_err = "Peer issuer certificate not available for OCSP status check";
1145 id = OCSP_cert_to_id(NULL, ctx->peer_cert, ctx->peer_issuer);
1147 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier");
1148 OCSP_BASICRESP_free(basic);
1149 OCSP_RESPONSE_free(rsp);
1150 ctx->last_err = "Could not create OCSP certificate identifier";
1154 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
1155 &this_update, &next_update)) {
1156 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
1157 (ctx->ocsp == MANDATORY_OCSP) ? "" :
1158 " (OCSP not required)");
1159 OCSP_BASICRESP_free(basic);
1160 OCSP_RESPONSE_free(rsp);
1161 if (ctx->ocsp == MANDATORY_OCSP)
1163 ctx->last_err = "Could not find current server certificate from OCSP response";
1164 return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;
1167 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
1168 tls_show_errors(__func__, "OpenSSL: OCSP status times invalid");
1169 OCSP_BASICRESP_free(basic);
1170 OCSP_RESPONSE_free(rsp);
1171 ctx->last_err = "OCSP status times invalid";
1175 OCSP_BASICRESP_free(basic);
1176 OCSP_RESPONSE_free(rsp);
1178 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
1179 OCSP_cert_status_str(status));
1181 if (status == V_OCSP_CERTSTATUS_GOOD)
1183 if (status == V_OCSP_CERTSTATUS_REVOKED) {
1184 ctx->last_err = "Server certificate has been revoked";
1187 if (ctx->ocsp == MANDATORY_OCSP) {
1188 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
1189 ctx->last_err = "OCSP status unknown";
1192 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
1197 static SSL_METHOD patch_ssl_method;
1198 static const SSL_METHOD *real_ssl_method;
1200 static int curl_patch_ssl_new(SSL *s)
1202 SSL_CTX *ssl = s->ctx;
1205 ssl->method = real_ssl_method;
1206 s->method = real_ssl_method;
1208 ret = s->method->ssl_new(s);
1209 SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp);
1214 #endif /* HAVE_OCSP */
1217 static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm)
1219 struct http_ctx *ctx = parm;
1220 SSL_CTX *ssl = sslctx;
1222 wpa_printf(MSG_DEBUG, "curl_cb_ssl");
1223 SSL_CTX_set_app_data(ssl, ctx);
1224 SSL_CTX_set_verify(ssl, SSL_VERIFY_PEER, curl_cb_ssl_verify);
1227 if (ctx->ocsp != NO_OCSP) {
1228 SSL_CTX_set_tlsext_status_cb(ssl, ocsp_resp_cb);
1229 SSL_CTX_set_tlsext_status_arg(ssl, ctx);
1232 * Use a temporary SSL_METHOD to get a callback on SSL_new()
1233 * from libcurl since there is no proper callback registration
1234 * available for this.
1236 os_memset(&patch_ssl_method, 0, sizeof(patch_ssl_method));
1237 patch_ssl_method.ssl_new = curl_patch_ssl_new;
1238 real_ssl_method = ssl->method;
1239 ssl->method = &patch_ssl_method;
1241 #endif /* HAVE_OCSP */
1246 #endif /* EAP_TLS_OPENSSL */
1249 static CURL * setup_curl_post(struct http_ctx *ctx, const char *address,
1250 const char *ca_fname, const char *username,
1251 const char *password, const char *client_cert,
1252 const char *client_key)
1255 #ifdef EAP_TLS_OPENSSL
1256 const char *extra = " tls=openssl";
1257 #else /* EAP_TLS_OPENSSL */
1258 const char *extra = "";
1259 #endif /* EAP_TLS_OPENSSL */
1261 wpa_printf(MSG_DEBUG, "Start HTTP client: address=%s ca_fname=%s "
1262 "username=%s%s", address, ca_fname, username, extra);
1264 curl = curl_easy_init();
1268 curl_easy_setopt(curl, CURLOPT_URL, address);
1269 curl_easy_setopt(curl, CURLOPT_POST, 1L);
1271 curl_easy_setopt(curl, CURLOPT_CAINFO, ca_fname);
1272 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
1273 #ifdef EAP_TLS_OPENSSL
1274 curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_cb_ssl);
1275 curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx);
1276 #endif /* EAP_TLS_OPENSSL */
1278 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
1280 if (client_cert && client_key) {
1281 curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert);
1282 curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key);
1284 /* TODO: use curl_easy_getinfo() with CURLINFO_CERTINFO to fetch
1285 * information about the server certificate */
1286 curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
1287 curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, curl_cb_debug);
1288 curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);
1289 curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_cb_write);
1290 curl_easy_setopt(curl, CURLOPT_WRITEDATA, ctx);
1291 curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
1293 curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_ANYSAFE);
1294 curl_easy_setopt(curl, CURLOPT_USERNAME, username);
1295 curl_easy_setopt(curl, CURLOPT_PASSWORD, password);
1302 static int post_init_client(struct http_ctx *ctx, const char *address,
1303 const char *ca_fname, const char *username,
1304 const char *password, const char *client_cert,
1305 const char *client_key)
1310 clone_str(&ctx->svc_address, address);
1311 clone_str(&ctx->svc_ca_fname, ca_fname);
1312 clone_str(&ctx->svc_username, username);
1313 clone_str(&ctx->svc_password, password);
1314 clone_str(&ctx->svc_client_cert, client_cert);
1315 clone_str(&ctx->svc_client_key, client_key);
1318 * Workaround for Apache "Hostname 'FOO' provided via SNI and hostname
1319 * 'foo' provided via HTTP are different.
1321 for (count = 0, pos = ctx->svc_address; count < 3 && pos && *pos;
1325 *pos = tolower(*pos);
1328 ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username,
1329 password, client_cert, client_key);
1330 if (ctx->curl == NULL)
1337 int soap_init_client(struct http_ctx *ctx, const char *address,
1338 const char *ca_fname, const char *username,
1339 const char *password, const char *client_cert,
1340 const char *client_key)
1342 if (post_init_client(ctx, address, ca_fname, username, password,
1343 client_cert, client_key) < 0)
1346 ctx->curl_hdr = curl_slist_append(ctx->curl_hdr,
1347 "Content-Type: application/soap+xml");
1348 ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "SOAPAction: ");
1349 ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, "Expect:");
1350 curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, ctx->curl_hdr);
1356 int soap_reinit_client(struct http_ctx *ctx)
1358 char *address = NULL;
1359 char *ca_fname = NULL;
1360 char *username = NULL;
1361 char *password = NULL;
1362 char *client_cert = NULL;
1363 char *client_key = NULL;
1368 clone_str(&address, ctx->svc_address);
1369 clone_str(&ca_fname, ctx->svc_ca_fname);
1370 clone_str(&username, ctx->svc_username);
1371 clone_str(&password, ctx->svc_password);
1372 clone_str(&client_cert, ctx->svc_client_cert);
1373 clone_str(&client_key, ctx->svc_client_key);
1375 ret = soap_init_client(ctx, address, ca_fname, username, password,
1376 client_cert, client_key);
1379 str_clear_free(username);
1380 str_clear_free(password);
1381 os_free(client_cert);
1382 os_free(client_key);
1387 static void free_curl_buf(struct http_ctx *ctx)
1389 os_free(ctx->curl_buf);
1390 ctx->curl_buf = NULL;
1391 ctx->curl_buf_len = 0;
1395 xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node)
1398 xml_node_t *envelope, *ret, *resp, *n;
1402 ctx->last_err = NULL;
1404 wpa_printf(MSG_DEBUG, "SOAP: Sending message");
1405 envelope = soap_build_envelope(ctx->xml, node);
1406 str = xml_node_to_str(ctx->xml, envelope);
1407 xml_node_free(ctx->xml, envelope);
1408 wpa_printf(MSG_MSGDUMP, "SOAP[%s]", str);
1410 curl_easy_setopt(ctx->curl, CURLOPT_POSTFIELDS, str);
1413 res = curl_easy_perform(ctx->curl);
1414 if (res != CURLE_OK) {
1416 ctx->last_err = curl_easy_strerror(res);
1417 wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
1425 curl_easy_getinfo(ctx->curl, CURLINFO_RESPONSE_CODE, &http);
1426 wpa_printf(MSG_DEBUG, "SOAP: Server response code %ld", http);
1428 ctx->last_err = "HTTP download failed";
1429 wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
1434 if (ctx->curl_buf == NULL)
1437 wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ctx->curl_buf);
1438 resp = xml_node_from_buf(ctx->xml, ctx->curl_buf);
1441 wpa_printf(MSG_INFO, "Could not parse SOAP response");
1442 ctx->last_err = "Could not parse SOAP response";
1446 ret = soap_get_body(ctx->xml, resp);
1448 wpa_printf(MSG_INFO, "Could not get SOAP body");
1449 ctx->last_err = "Could not get SOAP body";
1453 wpa_printf(MSG_DEBUG, "SOAP body localname: '%s'",
1454 xml_node_get_localname(ctx->xml, ret));
1455 n = xml_node_copy(ctx->xml, ret);
1456 xml_node_free(ctx->xml, resp);
1462 struct http_ctx * http_init_ctx(void *upper_ctx, struct xml_node_ctx *xml_ctx)
1464 struct http_ctx *ctx;
1466 ctx = os_zalloc(sizeof(*ctx));
1469 ctx->ctx = upper_ctx;
1471 ctx->ocsp = OPTIONAL_OCSP;
1473 curl_global_init(CURL_GLOBAL_ALL);
1479 void http_ocsp_set(struct http_ctx *ctx, int val)
1482 ctx->ocsp = NO_OCSP;
1484 ctx->ocsp = OPTIONAL_OCSP;
1486 ctx->ocsp = MANDATORY_OCSP;
1490 void http_deinit_ctx(struct http_ctx *ctx)
1493 os_free(ctx->curl_buf);
1494 curl_global_cleanup();
1496 os_free(ctx->svc_address);
1497 os_free(ctx->svc_ca_fname);
1498 str_clear_free(ctx->svc_username);
1499 str_clear_free(ctx->svc_password);
1500 os_free(ctx->svc_client_cert);
1501 os_free(ctx->svc_client_key);
1507 int http_download_file(struct http_ctx *ctx, const char *url,
1508 const char *fname, const char *ca_fname)
1515 ctx->last_err = NULL;
1517 wpa_printf(MSG_DEBUG, "curl: Download file from %s to %s (ca=%s)",
1518 url, fname, ca_fname);
1519 curl = curl_easy_init();
1523 f = fopen(fname, "wb");
1525 curl_easy_cleanup(curl);
1529 curl_easy_setopt(curl, CURLOPT_URL, url);
1531 curl_easy_setopt(curl, CURLOPT_CAINFO, ca_fname);
1532 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
1533 curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
1535 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
1537 curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, curl_cb_debug);
1538 curl_easy_setopt(curl, CURLOPT_DEBUGDATA, ctx);
1539 curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
1540 curl_easy_setopt(curl, CURLOPT_WRITEDATA, f);
1541 curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
1543 res = curl_easy_perform(curl);
1544 if (res != CURLE_OK) {
1546 ctx->last_err = curl_easy_strerror(res);
1547 wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
1549 curl_easy_cleanup(curl);
1554 curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
1555 wpa_printf(MSG_DEBUG, "curl: Server response code %ld", http);
1557 ctx->last_err = "HTTP download failed";
1558 wpa_printf(MSG_INFO, "HTTP download failed - code %ld", http);
1559 curl_easy_cleanup(curl);
1564 curl_easy_cleanup(curl);
1571 char * http_post(struct http_ctx *ctx, const char *url, const char *data,
1572 const char *content_type, const char *ext_hdr,
1573 const char *ca_fname,
1574 const char *username, const char *password,
1575 const char *client_cert, const char *client_key,
1582 struct curl_slist *curl_hdr = NULL;
1584 ctx->last_err = NULL;
1585 wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url);
1586 curl = setup_curl_post(ctx, url, ca_fname, username, password,
1587 client_cert, client_key);
1593 snprintf(ct, sizeof(ct), "Content-Type: %s", content_type);
1594 curl_hdr = curl_slist_append(curl_hdr, ct);
1597 curl_hdr = curl_slist_append(curl_hdr, ext_hdr);
1598 curl_easy_setopt(curl, CURLOPT_HTTPHEADER, curl_hdr);
1600 curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
1603 res = curl_easy_perform(curl);
1604 if (res != CURLE_OK) {
1606 ctx->last_err = curl_easy_strerror(res);
1607 wpa_printf(MSG_ERROR, "curl_easy_perform() failed: %s",
1613 curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http);
1614 wpa_printf(MSG_DEBUG, "curl: Server response code %ld", http);
1616 ctx->last_err = "HTTP POST failed";
1617 wpa_printf(MSG_INFO, "HTTP POST failed - code %ld", http);
1622 if (ctx->curl_buf == NULL)
1625 ret = ctx->curl_buf;
1627 *resp_len = ctx->curl_buf_len;
1628 ctx->curl_buf = NULL;
1629 ctx->curl_buf_len = 0;
1631 wpa_printf(MSG_MSGDUMP, "Server response:\n%s", ret);
1637 void http_set_cert_cb(struct http_ctx *ctx,
1638 int (*cb)(void *ctx, struct http_cert *cert),
1642 ctx->cert_cb_ctx = cb_ctx;
1646 const char * http_get_err(struct http_ctx *ctx)
1648 return ctx->last_err;
projects / mech_eap.git / blob