Finished changes to the linux client so that it can communicate

with the ATS via SSL.
2006-11-09 12:19:19 +00:00
parent 3a9cc292cb
commit d8398e3f22
5 changed files with 40 additions and 5 deletions
--- a/CASA-auth-token/non-java/client/client.conf
+++ b/CASA-auth-token/non-java/client/client.conf
@@ -83,4 +83,6 @@ AllowInvalidCerts	true
 #              Note: This parameter has no effect if the setting AllowInvalidCerts
 #              is set to true.
 #
+#              THIS FUNCTIONALITY HAS NOT BEEN IMPLEMENTED
+#
 #UsersCannotAllowInvalidCerts	true
--- a/CASA-auth-token/non-java/client/linux/Makefile.am
+++ b/CASA-auth-token/non-java/client/linux/Makefile.am
@@ -55,6 +55,7 @@ CFILES = ../authmech.c \
 	 ../getpolicymsg.c \
 	 ../gettokenmsg.c \
 	 ../util.c \
+	 ../invalidcert.c \
 	 rpc.c \
 	 platform.c

--- a/CASA-auth-token/non-java/client/linux/rpc.c
+++ b/CASA-auth-token/non-java/client/linux/rpc.c
@@ -29,9 +29,6 @@

 //===[ Type definitions ]==================================================

-#define INITIAL_RESPONSE_DATA_BUF_SIZE 1028
-#define INCREMENT_RESPONSE_DATA_BUF_SIZE 256
-
 #define MAX_RPC_RETRIES 3

 //===[ Function prototypes ]===============================================
@@ -310,13 +307,14 @@ InternalRpc(
 // L2
 //=======================================================================--
 {
+#define CASA_STATUS_INVALID_SERVER_CERTIFICATE CASA_STATUS_UNSUCCESSFUL // temporary until casa_status.h is updated
+
   CasaStatus  retStatus;
   char        *pPartialUrl;
   int         partialUrlLen;
   char        *pUrl;
   CURLcode    curlResult;

-
   DbgTrace(1, "-InternalRpc- Start\n", 0);

   // Initialize output parameters
@@ -328,13 +326,42 @@ InternalRpc(
   {
      pPartialUrl = pSession->pPartialHttpsUrl;
      partialUrlLen = pSession->partialHttpsUrlLen;
+
+      // Check if we need to ignore invalid CERTS
+      if (flags & ALLOW_INVALID_CERTS_RPC_FLAG)
+      {
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYPEER, 0)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYPEER, code = %d\n", curlResult);
+         }
+
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYHOST, 0)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYHOST, code = %d\n", curlResult);
+         }
+      }
+      else
+      {
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYPEER, 1)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYPEER, code = %d\n", curlResult);
+         }
+
+         if ((curlResult = curl_easy_setopt(pSession->hCurl, CURLOPT_SSL_VERIFYHOST, 2)) != CURLE_OK)
+         {
+            DbgTrace(0, "-InternalRpc- Error setting CURLOPT_SSL_VERIFYHOST, code = %d\n", curlResult);
+         }
+      }
+
   }
   else
   {
      pPartialUrl = pSession->pPartialHttpUrl;
      partialUrlLen = pSession->partialHttpUrlLen;
   }
+
   pUrl = (char*) malloc(partialUrlLen + strlen(pMethod) + 1);
+
   if (pUrl)
   {
      strcpy(pUrl, pPartialUrl);
--- a/CASA-auth-token/non-java/client/windows/rpc.c
+++ b/CASA-auth-token/non-java/client/windows/rpc.c
@@ -636,6 +636,10 @@ InternalRpc(
                              {
                                 DbgTrace(1, "-InternalRpc- User approved invalid certificate from %s\n", pSession->pHostName);

+                                 // tbd - Investigate if there is a way to set the accepted certificate in a store so that
+                                 // it can be utilized by the SSL stack directly. This would be a better method for dealing with
+                                 // this issue.
+
                                 AllowInvalidCertsFromHost(pSession->pHostName);

                                 // Try to retry the request