Finished changes to the linux client so that it can communicate

with the ATS via SSL.

CASA-auth-token/non-java/TODO

@@ -13,4 +13,5 @@ details outstanding items at the project level.
 
 OUTSTANDING ITEMS
 
-- Allow the Windows client to be built under Cygwin.
+- Add mechanism to try communicating with ATS over port 443 if communications
+  over port 2645 fail.

CASA-auth-token/non-java/client/client.conf

@@ -83,4 +83,6 @@ AllowInvalidCerts	true
 #              Note: This parameter has no effect if the setting AllowInvalidCerts
 #              is set to true.
 #
+#              THIS FUNCTIONALITY HAS NOT BEEN IMPLEMENTED
+#
 #UsersCannotAllowInvalidCerts	true

CASA-auth-token/non-java/client/linux/Makefile.am

@@ -55,6 +55,7 @@ CFILES = ../authmech.c \
 	 ../getpolicymsg.c \
 	 ../gettokenmsg.c \
 	 ../util.c \
+	 ../invalidcert.c \
 	 rpc.c \
 	 platform.c
 

CASA-auth-token/non-java/client/linux/rpc.c

@@ -29,9 +29,6 @@
 
 //===[ Type definitions ]==================================================
 
-#define INITIAL_RESPONSE_DATA_BUF_SIZE 1028
-#define INCREMENT_RESPONSE_DATA_BUF_SIZE 256
-
 #define MAX_RPC_RETRIES 3
 
 //===[ Function prototypes ]===============================================
@@ -310,13 +307,14 @@ InternalRpc(
 // L2
 //=======================================================================--
 {
+#define CASA_STATUS_INVALID_SERVER_CERTIFICATE CASA_STATUS_UNSUCCESSFUL // temporary until casa_status.h is updated
+
    CasaStatus  retStatus;
    char        *pPartialUrl;
    int         partialUrlLen;
    char        *pUrl;
    CURLcode    curlResult;
 
-
    DbgTrace(1, "-InternalRpc- Start\n", 0);
 
    // Initialize output parameters
@@ -328,13 +326,42 @@ InternalRpc(
    {
       pPartialUrl = pSession->pPartialHttpsUrl;
       partialUrlLen = pSession->partialHttpsUrlLen;
+
+      // Check if we need to ignore invalid CERTS
+      if (flags & ALLOW_INVALID_CERTS_RPC_FLAG)
+      {
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYPEER, 0)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYPEER, code = %d\n", curlResult);
+         }
+
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYHOST, 0)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYHOST, code = %d\n", curlResult);
+         }
+      }
+      else
+      {
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYPEER, 1)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYPEER, code = %d\n", curlResult);
+         }
+
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYHOST, 2)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYHOST, code = %d\n", curlResult);
+         }
+      }
+
    }
    else
    {
       pPartialUrl = pSession->pPartialHttpUrl;
       partialUrlLen = pSession->partialHttpUrlLen;
    }
+
    pUrl = (char*) malloc(partialUrlLen + strlen(pMethod) + 1);
+
    if (pUrl)
    {
       strcpy(pUrl, pPartialUrl);

CASA-auth-token/non-java/client/windows/rpc.c

@@ -636,6 +636,10 @@ InternalRpc(
                               {
                                  DbgTrace(1, "-InternalRpc- User approved invalid certificate from %s\n", pSession->pHostName);
 
+                                 // tbd - Investigate if there is a way to set the accepted certificate in a store so that
+                                 // it can be utilized by the SSL stack directly. This would be a better method for dealing with
+                                 // this issue.
+
                                  AllowInvalidCertsFromHost(pSession->pHostName);
 
                                  // Try to retry the request