113498266Sopenharmony_ci/*************************************************************************** 213498266Sopenharmony_ci * _ _ ____ _ 313498266Sopenharmony_ci * Project ___| | | | _ \| | 413498266Sopenharmony_ci * / __| | | | |_) | | 513498266Sopenharmony_ci * | (__| |_| | _ <| |___ 613498266Sopenharmony_ci * \___|\___/|_| \_\_____| 713498266Sopenharmony_ci * 813498266Sopenharmony_ci * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 913498266Sopenharmony_ci * 1013498266Sopenharmony_ci * This software is licensed as described in the file COPYING, which 1113498266Sopenharmony_ci * you should have received as part of this distribution. The terms 1213498266Sopenharmony_ci * are also available at https://curl.se/docs/copyright.html. 1313498266Sopenharmony_ci * 1413498266Sopenharmony_ci * You may opt to use, copy, modify, merge, publish, distribute and/or sell 1513498266Sopenharmony_ci * copies of the Software, and permit persons to whom the Software is 1613498266Sopenharmony_ci * furnished to do so, under the terms of the COPYING file. 1713498266Sopenharmony_ci * 1813498266Sopenharmony_ci * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 1913498266Sopenharmony_ci * KIND, either express or implied. 2013498266Sopenharmony_ci * 2113498266Sopenharmony_ci * SPDX-License-Identifier: curl 2213498266Sopenharmony_ci * 2313498266Sopenharmony_ci ***************************************************************************/ 2413498266Sopenharmony_ci#include "test.h" 2513498266Sopenharmony_ci 2613498266Sopenharmony_ci#include "memdebug.h" 2713498266Sopenharmony_ci 2813498266Sopenharmony_ci/* 2913498266Sopenharmony_ci * Verify correct order of certificates in the chain by comparing the 3013498266Sopenharmony_ci * subject and issuer attributes of each certificate. 3113498266Sopenharmony_ci */ 3213498266Sopenharmony_cistatic bool is_chain_in_order(struct curl_certinfo *cert_info) 3313498266Sopenharmony_ci{ 3413498266Sopenharmony_ci char *last_issuer = NULL; 3513498266Sopenharmony_ci int cert; 3613498266Sopenharmony_ci 3713498266Sopenharmony_ci /* Chains with only a single certificate are always in order */ 3813498266Sopenharmony_ci if(cert_info->num_of_certs <= 1) 3913498266Sopenharmony_ci return 1; 4013498266Sopenharmony_ci 4113498266Sopenharmony_ci /* Enumerate each certificate in the chain */ 4213498266Sopenharmony_ci for(cert = 0; cert < cert_info->num_of_certs; cert++) { 4313498266Sopenharmony_ci struct curl_slist *slist = cert_info->certinfo[cert]; 4413498266Sopenharmony_ci char *issuer = NULL; 4513498266Sopenharmony_ci char *subject = NULL; 4613498266Sopenharmony_ci 4713498266Sopenharmony_ci /* Find the certificate issuer and subject by enumerating each field */ 4813498266Sopenharmony_ci for(; slist && (!issuer || !subject); slist = slist->next) { 4913498266Sopenharmony_ci const char issuer_prefix[] = "Issuer:"; 5013498266Sopenharmony_ci const char subject_prefix[] = "Subject:"; 5113498266Sopenharmony_ci 5213498266Sopenharmony_ci if(!strncmp(slist->data, issuer_prefix, sizeof(issuer_prefix)-1)) { 5313498266Sopenharmony_ci issuer = slist->data + sizeof(issuer_prefix)-1; 5413498266Sopenharmony_ci } 5513498266Sopenharmony_ci if(!strncmp(slist->data, subject_prefix, sizeof(subject_prefix)-1)) { 5613498266Sopenharmony_ci subject = slist->data + sizeof(subject_prefix)-1; 5713498266Sopenharmony_ci } 5813498266Sopenharmony_ci } 5913498266Sopenharmony_ci 6013498266Sopenharmony_ci if(subject && issuer) { 6113498266Sopenharmony_ci printf("cert %d\n", cert); 6213498266Sopenharmony_ci printf(" subject: %s\n", subject); 6313498266Sopenharmony_ci printf(" issuer: %s\n", issuer); 6413498266Sopenharmony_ci 6513498266Sopenharmony_ci if(last_issuer) { 6613498266Sopenharmony_ci /* If the last certificate's issuer matches the current certificate's 6713498266Sopenharmony_ci * subject, then the chain is in order */ 6813498266Sopenharmony_ci if(strcmp(last_issuer, subject) != 0) { 6913498266Sopenharmony_ci fprintf(stderr, "cert %d issuer does not match cert %d subject\n", 7013498266Sopenharmony_ci cert - 1, cert); 7113498266Sopenharmony_ci fprintf(stderr, "certificate chain is not in order\n"); 7213498266Sopenharmony_ci return false; 7313498266Sopenharmony_ci } 7413498266Sopenharmony_ci } 7513498266Sopenharmony_ci } 7613498266Sopenharmony_ci 7713498266Sopenharmony_ci last_issuer = issuer; 7813498266Sopenharmony_ci } 7913498266Sopenharmony_ci 8013498266Sopenharmony_ci printf("certificate chain is in order\n"); 8113498266Sopenharmony_ci return true; 8213498266Sopenharmony_ci} 8313498266Sopenharmony_ci 8413498266Sopenharmony_cistatic size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream) 8513498266Sopenharmony_ci{ 8613498266Sopenharmony_ci (void)stream; 8713498266Sopenharmony_ci (void)ptr; 8813498266Sopenharmony_ci return size * nmemb; 8913498266Sopenharmony_ci} 9013498266Sopenharmony_ci 9113498266Sopenharmony_ciint test(char *URL) 9213498266Sopenharmony_ci{ 9313498266Sopenharmony_ci CURL *curl; 9413498266Sopenharmony_ci CURLcode res = CURLE_OK; 9513498266Sopenharmony_ci 9613498266Sopenharmony_ci if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { 9713498266Sopenharmony_ci fprintf(stderr, "curl_global_init() failed\n"); 9813498266Sopenharmony_ci return TEST_ERR_MAJOR_BAD; 9913498266Sopenharmony_ci } 10013498266Sopenharmony_ci 10113498266Sopenharmony_ci curl = curl_easy_init(); 10213498266Sopenharmony_ci if(!curl) { 10313498266Sopenharmony_ci fprintf(stderr, "curl_easy_init() failed\n"); 10413498266Sopenharmony_ci curl_global_cleanup(); 10513498266Sopenharmony_ci return TEST_ERR_MAJOR_BAD; 10613498266Sopenharmony_ci } 10713498266Sopenharmony_ci 10813498266Sopenharmony_ci /* Set the HTTPS url to retrieve. */ 10913498266Sopenharmony_ci test_setopt(curl, CURLOPT_URL, URL); 11013498266Sopenharmony_ci 11113498266Sopenharmony_ci /* Capture certificate information */ 11213498266Sopenharmony_ci test_setopt(curl, CURLOPT_CERTINFO, 1L); 11313498266Sopenharmony_ci 11413498266Sopenharmony_ci /* Ignore output */ 11513498266Sopenharmony_ci test_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu); 11613498266Sopenharmony_ci 11713498266Sopenharmony_ci /* No peer verify */ 11813498266Sopenharmony_ci test_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); 11913498266Sopenharmony_ci test_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); 12013498266Sopenharmony_ci 12113498266Sopenharmony_ci /* Perform the request, res will get the return code */ 12213498266Sopenharmony_ci res = curl_easy_perform(curl); 12313498266Sopenharmony_ci if(!res || res == CURLE_GOT_NOTHING) { 12413498266Sopenharmony_ci struct curl_certinfo *cert_info = NULL; 12513498266Sopenharmony_ci /* Get the certificate information */ 12613498266Sopenharmony_ci res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &cert_info); 12713498266Sopenharmony_ci if(!res) { 12813498266Sopenharmony_ci /* Check to see if the certificate chain is ordered correctly */ 12913498266Sopenharmony_ci if(!is_chain_in_order(cert_info)) 13013498266Sopenharmony_ci res = TEST_ERR_FAILURE; 13113498266Sopenharmony_ci } 13213498266Sopenharmony_ci } 13313498266Sopenharmony_ci 13413498266Sopenharmony_citest_cleanup: 13513498266Sopenharmony_ci 13613498266Sopenharmony_ci /* always cleanup */ 13713498266Sopenharmony_ci curl_easy_cleanup(curl); 13813498266Sopenharmony_ci curl_global_cleanup(); 13913498266Sopenharmony_ci 14013498266Sopenharmony_ci return res; 14113498266Sopenharmony_ci} 142