1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
/*
* This file is part of NetSurf, http://netsurf.sourceforge.net/
* Licensed under the GNU General Public License,
* http://www.opensource.org/licenses/gpl-license
* Copyright 2006 John M Bell <jmb202@ecs.soton.ac.uk>
*/
/** \file
* HTTPS certificate verification database (implementation)
*
* URLs of servers with invalid SSL certificates are stored hashed by
* canonical root URI (absoluteURI with no abs_path part - see RFC 2617)
* for fast lookup.
*/
#include <assert.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include "netsurf/utils/config.h"
#include "netsurf/content/certdb.h"
#define NDEBUG
#include "netsurf/utils/log.h"
#include "netsurf/utils/url.h"
#define HASH_SIZE 77
#ifdef WITH_SSL
struct cert_entry {
char *root_url; /**< Canonical root URL */
struct cert_entry *next;
};
static struct cert_entry *cert_table[HASH_SIZE];
static unsigned int certdb_hash(const char *s);
static void certdb_dump(void);
/**
* Insert an entry into the database
*
* \param url Absolute URL to resource
* \return true on success, false on error.
*/
bool certdb_insert(const char *url)
{
char *canon;
unsigned int hash;
struct cert_entry *entry;
url_func_result ret;
assert(url);
LOG(("Adding '%s'", url));
ret = url_canonical_root(url, &canon);
if (ret != URL_FUNC_OK)
return false;
LOG(("'%s'", canon));
hash = certdb_hash(canon);
/* Look for existing entry */
for (entry = cert_table[hash]; entry; entry = entry->next) {
if (strcmp(entry->root_url, canon) == 0) {
free(canon);
return true;
}
}
/* not found => create new */
entry = malloc(sizeof(struct cert_entry));
if (!entry) {
free(canon);
return false;
}
entry->root_url = canon;
entry->next = cert_table[hash];
cert_table[hash] = entry;
return true;
}
/**
* Retrieve certificate details for an URL from the database
*
* \param url Absolute URL to consider
* \return certificate details, or NULL if none found.
*/
const char *certdb_get(const char *url)
{
char *canon;
struct cert_entry *entry;
url_func_result ret;
assert(url);
LOG(("Searching for '%s'", url));
certdb_dump();
ret = url_canonical_root(url, &canon);
if (ret != URL_FUNC_OK)
return NULL;
/* Find cert entry */
for (entry = cert_table[certdb_hash(canon)]; entry;
entry = entry->next) {
if (strcmp(entry->root_url, canon) == 0) {
free(canon);
return entry->root_url;
}
}
return NULL;
}
/**
* Hash function for keys.
*/
unsigned int certdb_hash(const char *s)
{
unsigned int i, z = 0, m;
if (!s)
return 0;
m = strlen(s);
for (i = 0; i != m && s[i]; i++)
z += s[i] & 0x1f; /* lower 5 bits, case insensitive */
return z % HASH_SIZE;
}
/**
* Dump contents of auth db to stderr
*/
void certdb_dump(void)
{
#ifndef NDEBUG
int i;
struct cert_entry *e;
for (i = 0; i != HASH_SIZE; i++) {
LOG(("%d:", i));
for (e = cert_table[i]; e; e = e->next) {
LOG(("\t%s", e->root_url));
}
}
#endif
}
#endif
|
