FFFTPのソースコードです。
| Revision | 2335c90d75fc705460a84d66f6a13bf57115f8ca (tree) |
|---|---|
| Zeit | 2018-01-07 16:01:12 |
| Autor | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Implement Subject Alternative Names check.
FFFTP_Eng_Release/FFFTP.exe (diff) FFFTP_Eng_Release_64/FFFTP.exe (diff) Release/FFFTP.exe (diff) Release_64/FFFTP.exe (diff)
doc/eng/FFFTP.txt (diff) doc/eng/history.txt (diff) doc/jpn/FFFTP.txt (diff) doc/jpn/history.txt (diff)
src/common.h (diff)
src/main.c (diff) src/mesg-eng.h (diff) src/mesg-jpn.h (diff) src/socketwrapper.c (diff) src/socketwrapper.h (diff)| @@ -65,6 +65,9 @@ This list includes changes applied by automatic software updates. | ||
| 65 | 65 | -- Implemented Server Name Indication. |
| 66 | 66 | This solves the problem that it cannot connect to some shared servers. |
| 67 | 67 | |
| 68 | +-- Changed to check Subject Alternative Names at validation of SSL/TLS | |
| 69 | + certificates. | |
| 70 | + | |
| 68 | 71 | -- Fixed bugs that sometimes it cannot reconnect after transfer failure. |
| 69 | 72 | |
| 70 | 73 | -- Fixed bugs that the queue of file transfer is not released on disconnection. |
| @@ -35,6 +35,9 @@ Changes in Ver.2.00 | ||
| 35 | 35 | -- Implemented Server Name Indication. |
| 36 | 36 | This solves the problem that it cannot connect to some shared servers. |
| 37 | 37 | |
| 38 | +-- Changed to check Subject Alternative Names at validation of SSL/TLS | |
| 39 | + certificates. | |
| 40 | + | |
| 38 | 41 | -- Fixed bugs that sometimes it cannot reconnect after transfer failure. |
| 39 | 42 | |
| 40 | 43 | -- Fixed bugs that the queue of file transfer is not released on disconnection. |
| @@ -61,7 +61,10 @@ Ver 2.00 | ||
| 61 | 61 | ・バグ対策の副作用によるウィンドウのちらつきを解消しました。 |
| 62 | 62 | |
| 63 | 63 | ・Server Name Indicationを実装しました。 |
| 64 | - これにより一部の共用サーバーに接続できない問題が解消されます。 | |
| 64 | + これにより一部の共用サーバーに接続できない問題が解消されます。 | |
| 65 | + | |
| 66 | +・SSL/TLS証明書の検証時にSubject Alternative Namesを確認するように | |
| 67 | + 変更しました。 | |
| 65 | 68 | |
| 66 | 69 | ・転送失敗時に再接続できない場合があるバグを修正しました。 |
| 67 | 70 |
| @@ -31,7 +31,10 @@ FFFTP | ||
| 31 | 31 | ・バグ対策の副作用によるウィンドウのちらつきを解消しました。 |
| 32 | 32 | |
| 33 | 33 | ・Server Name Indicationを実装しました。 |
| 34 | - これにより一部の共用サーバーに接続できない問題が解消されます。 | |
| 34 | + これにより一部の共用サーバーに接続できない問題が解消されます。 | |
| 35 | + | |
| 36 | +・SSL/TLS証明書の検証時にSubject Alternative Namesを確認するように | |
| 37 | + 変更しました。 | |
| 35 | 38 | |
| 36 | 39 | ・転送失敗時に再接続できない場合があるバグを修正しました。 |
| 37 | 40 |
| @@ -81,7 +81,7 @@ | ||
| 81 | 81 | // ソフトウェア自動更新 |
| 82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
| 83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
| 84 | -#define RELEASE_VERSION_NUM 2017110400 /* リリースバージョン */ | |
| 84 | +#define RELEASE_VERSION_NUM 2018010700 /* リリースバージョン */ | |
| 85 | 85 | |
| 86 | 86 | |
| 87 | 87 | // SourceForge.JPによるフォーク |
| @@ -1423,7 +1423,7 @@ void ResetAutoExitFlg(void); | ||
| 1423 | 1423 | int AskAutoExit(void); |
| 1424 | 1424 | // 暗号化通信対応 |
| 1425 | 1425 | BOOL __stdcall SSLTimeoutCallback(BOOL* pbAborted); |
| 1426 | -BOOL __stdcall SSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName); | |
| 1426 | +BOOL __stdcall SSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate); | |
| 1427 | 1427 | BOOL LoadSSLRootCAFile(); |
| 1428 | 1428 | // マルチコアCPUの特定環境下でファイル通信中にクラッシュするバグ対策 |
| 1429 | 1429 | BOOL IsMainThread(); |
| @@ -3588,7 +3588,7 @@ BOOL __stdcall SSLTimeoutCallback(BOOL* pbAborted) | ||
| 3588 | 3588 | return FALSE; |
| 3589 | 3589 | } |
| 3590 | 3590 | |
| 3591 | -BOOL __stdcall SSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName) | |
| 3591 | +BOOL __stdcall SSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate) | |
| 3592 | 3592 | { |
| 3593 | 3593 | BOOL bResult; |
| 3594 | 3594 | uint32 Hash[5]; |
| @@ -3616,7 +3616,7 @@ BOOL __stdcall SSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certif | ||
| 3616 | 3616 | { |
| 3617 | 3617 | if(pm1 = AllocateStringM(strlen(Certificate) * 2 + 1024)) |
| 3618 | 3618 | { |
| 3619 | - sprintf(pm0, MSGJPN326, IsHostNameMatched(AskHostAdrs(), CommonName) ? MSGJPN327 : MSGJPN328, bVerified ? MSGJPN327 : MSGJPN328, Certificate); | |
| 3619 | + sprintf(pm0, MSGJPN326, bVerified ? MSGJPN327 : MSGJPN328, Certificate); | |
| 3620 | 3620 | ReplaceAllStrings(pm1, pm0, "\n", "\r\n"); |
| 3621 | 3621 | if(DialogBoxParam(GetFtpInst(), MAKEINTRESOURCE(ssl_confirm_dlg), GetMainHwnd(), ExeEscTextDialogProc, (LPARAM)pm1) == YES) |
| 3622 | 3622 | { |
| @@ -324,7 +324,7 @@ | ||
| 324 | 324 | #define MSGJPN323 _Tu8("Failed to unload untrustworthy DLLs.", "Failed to unload untrustworthy DLLs.") |
| 325 | 325 | #define MSGJPN324 _Tu8("Failed to hook required functions to protect the process.", "Failed to hook required functions to protect the process.") |
| 326 | 326 | #define MSGJPN325 _Tu8("New master passwords are not identical.", "New master passwords are not identical.") |
| 327 | -#define MSGJPN326 _Tu8("Summary\nCN is identical: %s\nVerified successfully: %s\n\nDetailed information\n%s", "Summary\nCN is identical: %s\nVerified successfully: %s\n\nDetailed information\n%s") | |
| 327 | +#define MSGJPN326 _Tu8("Summary\nVerified successfully: %s\n\nDetailed information\n%s", "Summary\nVerified successfully: %s\n\nDetailed information\n%s") | |
| 328 | 328 | #define MSGJPN327 _Tu8("Yes", "Yes") |
| 329 | 329 | #define MSGJPN328 _Tu8("No", "No") |
| 330 | 330 | #define MSGJPN329 _Tu8("UTF-8 BOM", "UTF-8 BOM") |
| @@ -324,7 +324,7 @@ | ||
| 324 | 324 | #define MSGJPN323 _Tu8("信頼できないDLLをアンロードできませんでした.", "\xE4\xBF\xA1\xE9\xA0\xBC\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xAA\xE3\x81\x84\x44LL\xE3\x82\x92\xE3\x82\xA2\xE3\x83\xB3\xE3\x83\xAD\xE3\x83\xBC\xE3\x83\x89\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F.") |
| 325 | 325 | #define MSGJPN324 _Tu8("プロセスの保護に必要な関数をフックできませんでした.", "\xE3\x83\x97\xE3\x83\xAD\xE3\x82\xBB\xE3\x82\xB9\xE3\x81\xAE\xE4\xBF\x9D\xE8\xAD\xB7\xE3\x81\xAB\xE5\xBF\x85\xE8\xA6\x81\xE3\x81\xAA\xE9\x96\xA2\xE6\x95\xB0\xE3\x82\x92\xE3\x83\x95\xE3\x83\x83\xE3\x82\xAF\xE3\x81\xA7\xE3\x81\x8D\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93\xE3\x81\xA7\xE3\x81\x97\xE3\x81\x9F.") |
| 326 | 326 | #define MSGJPN325 _Tu8("新しいマスターパスワードが一致しません.", "\xE6\x96\xB0\xE3\x81\x97\xE3\x81\x84\xE3\x83\x9E\xE3\x82\xB9\xE3\x82\xBF\xE3\x83\xBC\xE3\x83\x91\xE3\x82\xB9\xE3\x83\xAF\xE3\x83\xBC\xE3\x83\x89\xE3\x81\x8C\xE4\xB8\x80\xE8\x87\xB4\xE3\x81\x97\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93.") |
| 327 | -#define MSGJPN326 _Tu8("概要\nCNの一致: %s\n検証に成功: %s\n\n詳細情報\n%s", "\xE6\xA6\x82\xE8\xA6\x81\nCN\xE3\x81\xAE\xE4\xB8\x80\xE8\x87\xB4: %s\n\xE6\xA4\x9C\xE8\xA8\xBC\xE3\x81\xAB\xE6\x88\x90\xE5\x8A\x9F: %s\n\n\xE8\xA9\xB3\xE7\xB4\xB0\xE6\x83\x85\xE5\xA0\xB1\n%s") | |
| 327 | +#define MSGJPN326 _Tu8("概要\n検証に成功: %s\n\n詳細情報\n%s", "\xE6\xA6\x82\xE8\xA6\x81\n\xE6\xA4\x9C\xE8\xA8\xBC\xE3\x81\xAB\xE6\x88\x90\xE5\x8A\x9F: %s\n\n\xE8\xA9\xB3\xE7\xB4\xB0\xE6\x83\x85\xE5\xA0\xB1\n%s") | |
| 328 | 328 | #define MSGJPN327 _Tu8("はい", "\xE3\x81\xAF\xE3\x81\x84") |
| 329 | 329 | #define MSGJPN328 _Tu8("いいえ", "\xE3\x81\x84\xE3\x81\x84\xE3\x81\x88") |
| 330 | 330 | #define MSGJPN329 _Tu8("UTF-8 BOM", "UTF-8 BOM") |
| @@ -38,6 +38,7 @@ typedef int (__cdecl* _SSL_write)(SSL*, const void*, int); | ||
| 38 | 38 | typedef int (__cdecl* _SSL_peek)(SSL*, void*, int); |
| 39 | 39 | typedef int (__cdecl* _SSL_read)(SSL*, void*, int); |
| 40 | 40 | typedef int (__cdecl* _SSL_get_error)(SSL*, int); |
| 41 | +typedef int (__cdecl* _SSL_set1_param)(SSL*, X509_VERIFY_PARAM*); | |
| 41 | 42 | typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*); |
| 42 | 43 | typedef long (__cdecl* _SSL_get_verify_result)(const SSL*); |
| 43 | 44 | typedef SSL_SESSION* (__cdecl* _SSL_get_session)(SSL*); |
| @@ -56,6 +57,9 @@ typedef void (__cdecl* _X509_free)(X509*); | ||
| 56 | 57 | typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long); |
| 57 | 58 | typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*); |
| 58 | 59 | typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long); |
| 60 | +typedef X509_VERIFY_PARAM* (__cdecl* _X509_VERIFY_PARAM_new)(); | |
| 61 | +typedef void (__cdecl* _X509_VERIFY_PARAM_free)(X509_VERIFY_PARAM*); | |
| 62 | +typedef int (__cdecl* _X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM*, const char*, size_t); | |
| 59 | 63 | typedef void (__cdecl* _X509_CRL_free)(X509_CRL*); |
| 60 | 64 | typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PrivateKey)(BIO*, EVP_PKEY**, pem_password_cb*, void*); |
| 61 | 65 | typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PUBKEY)(BIO*, EVP_PKEY**, pem_password_cb*, void*); |
| @@ -94,6 +98,7 @@ _SSL_write p_SSL_write; | ||
| 94 | 98 | _SSL_peek p_SSL_peek; |
| 95 | 99 | _SSL_read p_SSL_read; |
| 96 | 100 | _SSL_get_error p_SSL_get_error; |
| 101 | +_SSL_set1_param p_SSL_set1_param; | |
| 97 | 102 | _SSL_get_peer_certificate p_SSL_get_peer_certificate; |
| 98 | 103 | _SSL_get_verify_result p_SSL_get_verify_result; |
| 99 | 104 | _SSL_get_session p_SSL_get_session; |
| @@ -112,6 +117,9 @@ _X509_free p_X509_free; | ||
| 112 | 117 | _X509_print_ex p_X509_print_ex; |
| 113 | 118 | _X509_get_subject_name p_X509_get_subject_name; |
| 114 | 119 | _X509_NAME_print_ex p_X509_NAME_print_ex; |
| 120 | +_X509_VERIFY_PARAM_new p_X509_VERIFY_PARAM_new; | |
| 121 | +_X509_VERIFY_PARAM_free p_X509_VERIFY_PARAM_free; | |
| 122 | +_X509_VERIFY_PARAM_set1_host p_X509_VERIFY_PARAM_set1_host; | |
| 115 | 123 | _X509_CRL_free p_X509_CRL_free; |
| 116 | 124 | _PEM_read_bio_PrivateKey p_PEM_read_bio_PrivateKey; |
| 117 | 125 | _PEM_read_bio_PUBKEY p_PEM_read_bio_PUBKEY; |
| @@ -149,7 +157,7 @@ BOOL __stdcall DefaultSSLTimeoutCallback(BOOL* pbAborted) | ||
| 149 | 157 | return *pbAborted; |
| 150 | 158 | } |
| 151 | 159 | |
| 152 | -BOOL __stdcall DefaultSSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName) | |
| 160 | +BOOL __stdcall DefaultSSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate) | |
| 153 | 161 | { |
| 154 | 162 | return bVerified; |
| 155 | 163 | } |
| @@ -195,6 +203,7 @@ BOOL LoadOpenSSL() | ||
| 195 | 203 | || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek")) |
| 196 | 204 | || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read")) |
| 197 | 205 | || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error")) |
| 206 | + || !(p_SSL_set1_param = (_SSL_set1_param)GetProcAddress(g_hOpenSSL, "SSL_set1_param")) | |
| 198 | 207 | || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate")) |
| 199 | 208 | || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result")) |
| 200 | 209 | || !(p_SSL_get_session = (_SSL_get_session)GetProcAddress(g_hOpenSSL, "SSL_get_session")) |
| @@ -227,6 +236,9 @@ BOOL LoadOpenSSL() | ||
| 227 | 236 | || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex")) |
| 228 | 237 | || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name")) |
| 229 | 238 | || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex")) |
| 239 | + || !(p_X509_VERIFY_PARAM_new = (_X509_VERIFY_PARAM_new)GetProcAddress(g_hOpenSSLCommon, "X509_VERIFY_PARAM_new")) | |
| 240 | + || !(p_X509_VERIFY_PARAM_free = (_X509_VERIFY_PARAM_free)GetProcAddress(g_hOpenSSLCommon, "X509_VERIFY_PARAM_free")) | |
| 241 | + || !(p_X509_VERIFY_PARAM_set1_host = (_X509_VERIFY_PARAM_set1_host)GetProcAddress(g_hOpenSSLCommon, "X509_VERIFY_PARAM_set1_host")) | |
| 230 | 242 | || !(p_X509_CRL_free = (_X509_CRL_free)GetProcAddress(g_hOpenSSLCommon, "X509_CRL_free")) |
| 231 | 243 | || !(p_PEM_read_bio_PrivateKey = (_PEM_read_bio_PrivateKey)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PrivateKey")) |
| 232 | 244 | || !(p_PEM_read_bio_PUBKEY = (_PEM_read_bio_PUBKEY)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PUBKEY")) |
| @@ -340,8 +352,6 @@ BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted) | ||
| 340 | 352 | BIO* pBIO; |
| 341 | 353 | long Length; |
| 342 | 354 | char* pBuffer; |
| 343 | - char* pCN; | |
| 344 | - char* p; | |
| 345 | 355 | bResult = FALSE; |
| 346 | 356 | bVerified = FALSE; |
| 347 | 357 | pData = NULL; |
| @@ -374,24 +384,10 @@ BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted) | ||
| 374 | 384 | } |
| 375 | 385 | p_BIO_free(pBIO); |
| 376 | 386 | } |
| 377 | - p_X509_free(pX509); | |
| 378 | 387 | } |
| 379 | 388 | if(pX509 && p_SSL_get_verify_result(pSSL) == X509_V_OK) |
| 380 | 389 | bVerified = TRUE; |
| 381 | - pCN = pSubject; | |
| 382 | - while(pCN) | |
| 383 | - { | |
| 384 | - if(strncmp(pCN, "CN=", strlen("CN=")) == 0) | |
| 385 | - { | |
| 386 | - pCN += strlen("CN="); | |
| 387 | - if(p = strchr(pCN, ',')) | |
| 388 | - *p = '\0'; | |
| 389 | - break; | |
| 390 | - } | |
| 391 | - if(pCN = strchr(pCN, ',')) | |
| 392 | - pCN++; | |
| 393 | - } | |
| 394 | - bResult = g_pOpenSSLConfirmCallback(pbAborted, bVerified, pData, pCN); | |
| 390 | + bResult = g_pOpenSSLConfirmCallback(pbAborted, bVerified, pData); | |
| 395 | 391 | if(pData) |
| 396 | 392 | free(pData); |
| 397 | 393 | if(pSubject) |
| @@ -528,55 +524,6 @@ BOOL SetSSLRootCertificate(const void* pData, DWORD Length) | ||
| 528 | 524 | return r; |
| 529 | 525 | } |
| 530 | 526 | |
| 531 | -// ワイルドカードの比較 | |
| 532 | -// 主にSSL証明書のCN確認用 | |
| 533 | -BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName) | |
| 534 | -{ | |
| 535 | - BOOL bResult; | |
| 536 | - char* pa0; | |
| 537 | - const char* pAsterisk; | |
| 538 | - size_t BeforeAsterisk; | |
| 539 | - const char* pBeginAsterisk; | |
| 540 | - const char* pEndAsterisk; | |
| 541 | - const char* pDot; | |
| 542 | - bResult = FALSE; | |
| 543 | - if(HostName && CommonName) | |
| 544 | - { | |
| 545 | - if(pa0 = AllocateStringA(strlen(HostName) * 4)) | |
| 546 | - { | |
| 547 | - if(ConvertNameToPunycode(pa0, HostName)) | |
| 548 | - { | |
| 549 | - if(pAsterisk = strchr(CommonName, '*')) | |
| 550 | - { | |
| 551 | - BeforeAsterisk = ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char); | |
| 552 | - pBeginAsterisk = pa0 + BeforeAsterisk; | |
| 553 | - while(*pAsterisk == '*') | |
| 554 | - { | |
| 555 | - pAsterisk++; | |
| 556 | - } | |
| 557 | - pEndAsterisk = pa0 + strlen(pa0) - strlen(pAsterisk); | |
| 558 | - // "*"より前は大文字小文字を無視して完全一致 | |
| 559 | - if(_strnicmp(pa0, CommonName, BeforeAsterisk) == 0) | |
| 560 | - { | |
| 561 | - // "*"より後は大文字小文字を無視して完全一致 | |
| 562 | - if(_stricmp(pEndAsterisk, pAsterisk) == 0) | |
| 563 | - { | |
| 564 | - // "*"と一致する範囲に"."が含まれてはならない | |
| 565 | - pDot = strchr(pBeginAsterisk, '.'); | |
| 566 | - if(!pDot || pDot >= pEndAsterisk) | |
| 567 | - bResult = TRUE; | |
| 568 | - } | |
| 569 | - } | |
| 570 | - } | |
| 571 | - else if(_stricmp(pa0, CommonName) == 0) | |
| 572 | - bResult = TRUE; | |
| 573 | - } | |
| 574 | - } | |
| 575 | - FreeDuplicatedString(pa0); | |
| 576 | - } | |
| 577 | - return bResult; | |
| 578 | -} | |
| 579 | - | |
| 580 | 527 | #pragma warning(push) |
| 581 | 528 | #pragma warning(disable:4090) |
| 582 | 529 |
| @@ -705,6 +652,7 @@ BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted, BOOL bStrengthen, const | ||
| 705 | 652 | SSL** ppSSLParent; |
| 706 | 653 | SSL_SESSION* pSession; |
| 707 | 654 | char* pa0; |
| 655 | + X509_VERIFY_PARAM* pParam; | |
| 708 | 656 | int Return; |
| 709 | 657 | int Error; |
| 710 | 658 | if(!g_bOpenSSLLoaded) |
| @@ -753,7 +701,15 @@ BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted, BOOL bStrengthen, const | ||
| 753 | 701 | if(pa0 = AllocateStringA(strlen(ServerName) * 4)) |
| 754 | 702 | { |
| 755 | 703 | if(ConvertNameToPunycode(pa0, ServerName)) |
| 704 | + { | |
| 756 | 705 | p_SSL_ctrl(*ppSSL, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, pa0); |
| 706 | + if(pParam = p_X509_VERIFY_PARAM_new()) | |
| 707 | + { | |
| 708 | + p_X509_VERIFY_PARAM_set1_host(pParam, pa0, 0); | |
| 709 | + p_SSL_set1_param(*ppSSL, pParam); | |
| 710 | + p_X509_VERIFY_PARAM_free(pParam); | |
| 711 | + } | |
| 712 | + } | |
| 757 | 713 | } |
| 758 | 714 | FreeDuplicatedString(pa0); |
| 759 | 715 | } |
| @@ -11,7 +11,7 @@ | ||
| 11 | 11 | #define USE_OPENSSL |
| 12 | 12 | |
| 13 | 13 | typedef BOOL (__stdcall* LPSSLTIMEOUTCALLBACK)(BOOL*); |
| 14 | -typedef BOOL (__stdcall* LPSSLCONFIRMCALLBACK)(BOOL*, BOOL, LPCSTR, LPCSTR); | |
| 14 | +typedef BOOL (__stdcall* LPSSLCONFIRMCALLBACK)(BOOL*, BOOL, LPCSTR); | |
| 15 | 15 | |
| 16 | 16 | BOOL LoadOpenSSL(); |
| 17 | 17 | void FreeOpenSSL(); |
| @@ -19,7 +19,6 @@ BOOL IsOpenSSLLoaded(); | ||
| 19 | 19 | void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback); |
| 20 | 20 | void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback); |
| 21 | 21 | BOOL SetSSLRootCertificate(const void* pData, DWORD Length); |
| 22 | -BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName); | |
| 23 | 22 | BOOL EncryptSignature(const char* PrivateKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength); |
| 24 | 23 | BOOL DecryptSignature(const char* PublicKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength); |
| 25 | 24 | BOOL GetHashSHA1(const void* pData, DWORD Size, void* pHash); |
Fork