2 * Copyright 2008 Hans Leidekker for CodeWeavers
3 * Copyright 2013 Jacek Caban for CodeWeavers
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 #include "winhttp_private.h"
25 #ifdef HAVE_SYS_SOCKET_H
26 # include <sys/socket.h>
28 #ifdef HAVE_SYS_IOCTL_H
29 # include <sys/ioctl.h>
31 #ifdef HAVE_SYS_FILIO_H
32 # include <sys/filio.h>
38 #ifndef HAVE_GETADDRINFO
40 /* critical section to protect non-reentrant gethostbyname() */
41 static CRITICAL_SECTION cs_gethostbyname
;
42 static CRITICAL_SECTION_DEBUG critsect_debug
=
44 0, 0, &cs_gethostbyname
,
45 { &critsect_debug
.ProcessLocksList
, &critsect_debug
.ProcessLocksList
},
46 0, 0, { (DWORD_PTR
)(__FILE__
": cs_gethostbyname") }
48 static CRITICAL_SECTION cs_gethostbyname
= { &critsect_debug
, -1, 0, 0, 0, 0 };
52 /* translate a unix error code into a winsock error code */
54 static int sock_get_error( int err
)
56 #if !defined(__MINGW32__) && !defined (_MSC_VER)
59 case EINTR
: return WSAEINTR
;
60 case EBADF
: return WSAEBADF
;
62 case EACCES
: return WSAEACCES
;
63 case EFAULT
: return WSAEFAULT
;
64 case EINVAL
: return WSAEINVAL
;
65 case EMFILE
: return WSAEMFILE
;
66 case EWOULDBLOCK
: return WSAEWOULDBLOCK
;
67 case EINPROGRESS
: return WSAEINPROGRESS
;
68 case EALREADY
: return WSAEALREADY
;
69 case ENOTSOCK
: return WSAENOTSOCK
;
70 case EDESTADDRREQ
: return WSAEDESTADDRREQ
;
71 case EMSGSIZE
: return WSAEMSGSIZE
;
72 case EPROTOTYPE
: return WSAEPROTOTYPE
;
73 case ENOPROTOOPT
: return WSAENOPROTOOPT
;
74 case EPROTONOSUPPORT
: return WSAEPROTONOSUPPORT
;
75 case ESOCKTNOSUPPORT
: return WSAESOCKTNOSUPPORT
;
76 case EOPNOTSUPP
: return WSAEOPNOTSUPP
;
77 case EPFNOSUPPORT
: return WSAEPFNOSUPPORT
;
78 case EAFNOSUPPORT
: return WSAEAFNOSUPPORT
;
79 case EADDRINUSE
: return WSAEADDRINUSE
;
80 case EADDRNOTAVAIL
: return WSAEADDRNOTAVAIL
;
81 case ENETDOWN
: return WSAENETDOWN
;
82 case ENETUNREACH
: return WSAENETUNREACH
;
83 case ENETRESET
: return WSAENETRESET
;
84 case ECONNABORTED
: return WSAECONNABORTED
;
86 case ECONNRESET
: return WSAECONNRESET
;
87 case ENOBUFS
: return WSAENOBUFS
;
88 case EISCONN
: return WSAEISCONN
;
89 case ENOTCONN
: return WSAENOTCONN
;
90 case ESHUTDOWN
: return WSAESHUTDOWN
;
91 case ETOOMANYREFS
: return WSAETOOMANYREFS
;
92 case ETIMEDOUT
: return WSAETIMEDOUT
;
93 case ECONNREFUSED
: return WSAECONNREFUSED
;
94 case ELOOP
: return WSAELOOP
;
95 case ENAMETOOLONG
: return WSAENAMETOOLONG
;
96 case EHOSTDOWN
: return WSAEHOSTDOWN
;
97 case EHOSTUNREACH
: return WSAEHOSTUNREACH
;
98 case ENOTEMPTY
: return WSAENOTEMPTY
;
100 case EPROCLIM
: return WSAEPROCLIM
;
103 case EUSERS
: return WSAEUSERS
;
106 case EDQUOT
: return WSAEDQUOT
;
109 case ESTALE
: return WSAESTALE
;
112 case EREMOTE
: return WSAEREMOTE
;
114 default: errno
= err
; perror( "sock_set_error" ); return WSAEFAULT
;
120 #define sock_get_error(x) WSAGetLastError()
122 static inline int unix_ioctl(int filedes
, long request
, void *arg
)
124 return ioctlsocket(filedes
, request
, arg
);
126 #define ioctlsocket unix_ioctl
129 static int sock_send(int fd
, const void *msg
, size_t len
, int flags
)
134 ret
= send(fd
, msg
, len
, flags
);
136 while(ret
== -1 && errno
== EINTR
);
140 static int sock_recv(int fd
, void *msg
, size_t len
, int flags
)
145 ret
= recv(fd
, msg
, len
, flags
);
147 while(ret
== -1 && errno
== EINTR
);
151 static DWORD
netconn_verify_cert( PCCERT_CONTEXT cert
, WCHAR
*server
, DWORD security_flags
)
153 HCERTSTORE store
= cert
->hCertStore
;
155 CERT_CHAIN_PARA chainPara
= { sizeof(chainPara
), { 0 } };
156 PCCERT_CHAIN_CONTEXT chain
;
157 char oid_server_auth
[] = szOID_PKIX_KP_SERVER_AUTH
;
158 char *server_auth
[] = { oid_server_auth
};
159 DWORD err
= ERROR_SUCCESS
;
161 TRACE("verifying %s\n", debugstr_w( server
));
162 chainPara
.RequestedUsage
.Usage
.cUsageIdentifier
= 1;
163 chainPara
.RequestedUsage
.Usage
.rgpszUsageIdentifier
= server_auth
;
164 if ((ret
= CertGetCertificateChain( NULL
, cert
, NULL
, store
, &chainPara
,
165 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
,
168 if (chain
->TrustStatus
.dwErrorStatus
)
170 static const DWORD supportedErrors
=
171 CERT_TRUST_IS_NOT_TIME_VALID
|
172 CERT_TRUST_IS_UNTRUSTED_ROOT
|
173 CERT_TRUST_IS_NOT_VALID_FOR_USAGE
;
175 if (chain
->TrustStatus
.dwErrorStatus
& CERT_TRUST_IS_NOT_TIME_VALID
)
177 if (!(security_flags
& SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
))
178 err
= ERROR_WINHTTP_SECURE_CERT_DATE_INVALID
;
180 else if (chain
->TrustStatus
.dwErrorStatus
&
181 CERT_TRUST_IS_UNTRUSTED_ROOT
)
183 if (!(security_flags
& SECURITY_FLAG_IGNORE_UNKNOWN_CA
))
184 err
= ERROR_WINHTTP_SECURE_INVALID_CA
;
186 else if ((chain
->TrustStatus
.dwErrorStatus
&
187 CERT_TRUST_IS_OFFLINE_REVOCATION
) ||
188 (chain
->TrustStatus
.dwErrorStatus
&
189 CERT_TRUST_REVOCATION_STATUS_UNKNOWN
))
190 err
= ERROR_WINHTTP_SECURE_CERT_REV_FAILED
;
191 else if (chain
->TrustStatus
.dwErrorStatus
& CERT_TRUST_IS_REVOKED
)
192 err
= ERROR_WINHTTP_SECURE_CERT_REVOKED
;
193 else if (chain
->TrustStatus
.dwErrorStatus
&
194 CERT_TRUST_IS_NOT_VALID_FOR_USAGE
)
196 if (!(security_flags
& SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE
))
197 err
= ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE
;
199 else if (chain
->TrustStatus
.dwErrorStatus
& ~supportedErrors
)
200 err
= ERROR_WINHTTP_SECURE_INVALID_CERT
;
204 CERT_CHAIN_POLICY_PARA policyPara
;
205 SSL_EXTRA_CERT_CHAIN_POLICY_PARA sslExtraPolicyPara
;
206 CERT_CHAIN_POLICY_STATUS policyStatus
;
207 CERT_CHAIN_CONTEXT chainCopy
;
209 /* Clear chain->TrustStatus.dwErrorStatus so
210 * CertVerifyCertificateChainPolicy will verify additional checks
211 * rather than stopping with an existing, ignored error.
213 memcpy(&chainCopy
, chain
, sizeof(chainCopy
));
214 chainCopy
.TrustStatus
.dwErrorStatus
= 0;
215 sslExtraPolicyPara
.u
.cbSize
= sizeof(sslExtraPolicyPara
);
216 sslExtraPolicyPara
.dwAuthType
= AUTHTYPE_SERVER
;
217 sslExtraPolicyPara
.pwszServerName
= server
;
218 sslExtraPolicyPara
.fdwChecks
= security_flags
;
219 policyPara
.cbSize
= sizeof(policyPara
);
220 policyPara
.dwFlags
= 0;
221 policyPara
.pvExtraPolicyPara
= &sslExtraPolicyPara
;
222 ret
= CertVerifyCertificateChainPolicy( CERT_CHAIN_POLICY_SSL
,
223 &chainCopy
, &policyPara
,
225 /* Any error in the policy status indicates that the
226 * policy couldn't be verified.
228 if (ret
&& policyStatus
.dwError
)
230 if (policyStatus
.dwError
== CERT_E_CN_NO_MATCH
)
231 err
= ERROR_WINHTTP_SECURE_CERT_CN_INVALID
;
233 err
= ERROR_WINHTTP_SECURE_INVALID_CERT
;
236 CertFreeCertificateChain( chain
);
239 err
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
240 TRACE("returning %08x\n", err
);
244 static SecHandle cred_handle
;
245 static BOOL cred_handle_initialized
;
247 static CRITICAL_SECTION init_sechandle_cs
;
248 static CRITICAL_SECTION_DEBUG init_sechandle_cs_debug
= {
249 0, 0, &init_sechandle_cs
,
250 { &init_sechandle_cs_debug
.ProcessLocksList
,
251 &init_sechandle_cs_debug
.ProcessLocksList
},
252 0, 0, { (DWORD_PTR
)(__FILE__
": init_sechandle_cs") }
254 static CRITICAL_SECTION init_sechandle_cs
= { &init_sechandle_cs_debug
, -1, 0, 0, 0, 0 };
256 static BOOL
ensure_cred_handle(void)
260 EnterCriticalSection(&init_sechandle_cs
);
262 if(!cred_handle_initialized
) {
265 res
= AcquireCredentialsHandleW(NULL
, (WCHAR
*)UNISP_NAME_W
, SECPKG_CRED_OUTBOUND
, NULL
, NULL
,
266 NULL
, NULL
, &cred_handle
, NULL
);
267 if(res
== SEC_E_OK
) {
268 cred_handle_initialized
= TRUE
;
270 WARN("AcquireCredentialsHandleW failed: %u\n", res
);
275 LeaveCriticalSection(&init_sechandle_cs
);
280 static BOOL winsock_initialized
= FALSE
;
281 BOOL
netconn_init_winsock()
285 if (!winsock_initialized
)
287 error
= WSAStartup(MAKEWORD(1, 1), &wsaData
);
290 ERR("WSAStartup failed: %d\n", error
);
294 winsock_initialized
= TRUE
;
296 return winsock_initialized
;
301 BOOL
netconn_init( netconn_t
*conn
)
303 memset(conn
, 0, sizeof(*conn
));
308 void netconn_unload( void )
310 if(cred_handle_initialized
)
311 FreeCredentialsHandle(&cred_handle
);
312 DeleteCriticalSection(&init_sechandle_cs
);
313 #ifndef HAVE_GETADDRINFO
314 DeleteCriticalSection(&cs_gethostbyname
);
317 if(winsock_initialized
)
322 BOOL
netconn_connected( netconn_t
*conn
)
324 return (conn
->socket
!= -1);
327 BOOL
netconn_create( netconn_t
*conn
, int domain
, int type
, int protocol
)
329 if ((conn
->socket
= socket( domain
, type
, protocol
)) == -1)
331 WARN("unable to create socket (%s)\n", strerror(errno
));
332 set_last_error( sock_get_error( errno
) );
338 BOOL
netconn_close( netconn_t
*conn
)
344 heap_free( conn
->peek_msg_mem
);
345 conn
->peek_msg_mem
= NULL
;
346 conn
->peek_msg
= NULL
;
348 heap_free(conn
->ssl_buf
);
349 conn
->ssl_buf
= NULL
;
350 heap_free(conn
->extra_buf
);
351 conn
->extra_buf
= NULL
;
353 DeleteSecurityContext(&conn
->ssl_ctx
);
354 conn
->secure
= FALSE
;
356 res
= closesocket( conn
->socket
);
360 set_last_error( sock_get_error( errno
) );
366 BOOL
netconn_connect( netconn_t
*conn
, const struct sockaddr
*sockaddr
, unsigned int addr_len
, int timeout
)
375 ioctlsocket( conn
->socket
, FIONBIO
, &state
);
381 if (connect( conn
->socket
, sockaddr
, addr_len
) < 0)
383 res
= sock_get_error( errno
);
384 if (res
== WSAEWOULDBLOCK
|| res
== WSAEINPROGRESS
)
387 /* ReactOS: use select instead of poll */
392 FD_SET(conn
->socket
, &outfd
);
395 tv
.tv_usec
= timeout
* 1000;
400 if (select( 0, NULL
, &outfd
, NULL
, &tv
) > 0)
404 pfd
.fd
= conn
->socket
;
405 pfd
.events
= POLLOUT
;
409 if (poll( &pfd
, 1, timeout
) > 0)
417 res
= sock_get_error( errno
);
418 if (res
!= WSAEINTR
) break;
422 if (res
!= WSAEINTR
) break;
433 ioctlsocket( conn
->socket
, FIONBIO
, &state
);
437 WARN("unable to connect to host (%d)\n", res
);
438 set_last_error( res
);
443 BOOL
netconn_secure_connect( netconn_t
*conn
, WCHAR
*hostname
)
445 SecBuffer out_buf
= {0, SECBUFFER_TOKEN
, NULL
}, in_bufs
[2] = {{0, SECBUFFER_TOKEN
}, {0, SECBUFFER_EMPTY
}};
446 SecBufferDesc out_desc
= {SECBUFFER_VERSION
, 1, &out_buf
}, in_desc
= {SECBUFFER_VERSION
, 2, in_bufs
};
448 SIZE_T read_buf_size
= 2048;
452 const CERT_CONTEXT
*cert
;
453 SECURITY_STATUS status
;
454 DWORD res
= ERROR_SUCCESS
;
456 const DWORD isc_req_flags
= ISC_REQ_ALLOCATE_MEMORY
|ISC_REQ_USE_SESSION_KEY
|ISC_REQ_CONFIDENTIALITY
457 |ISC_REQ_SEQUENCE_DETECT
|ISC_REQ_REPLAY_DETECT
|ISC_REQ_MANUAL_CRED_VALIDATION
;
459 if(!ensure_cred_handle())
462 read_buf
= heap_alloc(read_buf_size
);
466 status
= InitializeSecurityContextW(&cred_handle
, NULL
, hostname
, isc_req_flags
, 0, 0, NULL
, 0,
467 &ctx
, &out_desc
, &attrs
, NULL
);
469 assert(status
!= SEC_E_OK
);
471 while(status
== SEC_I_CONTINUE_NEEDED
|| status
== SEC_E_INCOMPLETE_MESSAGE
) {
472 if(out_buf
.cbBuffer
) {
473 assert(status
== SEC_I_CONTINUE_NEEDED
);
475 TRACE("sending %u bytes\n", out_buf
.cbBuffer
);
477 size
= sock_send(conn
->socket
, out_buf
.pvBuffer
, out_buf
.cbBuffer
, 0);
478 if(size
!= out_buf
.cbBuffer
) {
479 ERR("send failed\n");
480 res
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
484 FreeContextBuffer(out_buf
.pvBuffer
);
485 out_buf
.pvBuffer
= NULL
;
486 out_buf
.cbBuffer
= 0;
489 if(status
== SEC_I_CONTINUE_NEEDED
) {
490 assert(in_bufs
[1].cbBuffer
< read_buf_size
);
492 memmove(read_buf
, (BYTE
*)in_bufs
[0].pvBuffer
+in_bufs
[0].cbBuffer
-in_bufs
[1].cbBuffer
, in_bufs
[1].cbBuffer
);
493 in_bufs
[0].cbBuffer
= in_bufs
[1].cbBuffer
;
495 in_bufs
[1].BufferType
= SECBUFFER_EMPTY
;
496 in_bufs
[1].cbBuffer
= 0;
497 in_bufs
[1].pvBuffer
= NULL
;
500 assert(in_bufs
[0].BufferType
== SECBUFFER_TOKEN
);
501 assert(in_bufs
[1].BufferType
== SECBUFFER_EMPTY
);
503 if(in_bufs
[0].cbBuffer
+ 1024 > read_buf_size
) {
506 new_read_buf
= heap_realloc(read_buf
, read_buf_size
+ 1024);
508 status
= E_OUTOFMEMORY
;
512 in_bufs
[0].pvBuffer
= read_buf
= new_read_buf
;
513 read_buf_size
+= 1024;
516 size
= sock_recv(conn
->socket
, read_buf
+in_bufs
[0].cbBuffer
, read_buf_size
-in_bufs
[0].cbBuffer
, 0);
518 WARN("recv error\n");
519 status
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
523 TRACE("recv %lu bytes\n", size
);
525 in_bufs
[0].cbBuffer
+= size
;
526 in_bufs
[0].pvBuffer
= read_buf
;
527 status
= InitializeSecurityContextW(&cred_handle
, &ctx
, hostname
, isc_req_flags
, 0, 0, &in_desc
,
528 0, NULL
, &out_desc
, &attrs
, NULL
);
529 TRACE("InitializeSecurityContext ret %08x\n", status
);
531 if(status
== SEC_E_OK
) {
532 if(in_bufs
[1].BufferType
== SECBUFFER_EXTRA
)
533 FIXME("SECBUFFER_EXTRA not supported\n");
535 status
= QueryContextAttributesW(&ctx
, SECPKG_ATTR_STREAM_SIZES
, &conn
->ssl_sizes
);
536 if(status
!= SEC_E_OK
) {
537 WARN("Could not get sizes\n");
541 status
= QueryContextAttributesW(&ctx
, SECPKG_ATTR_REMOTE_CERT_CONTEXT
, (void*)&cert
);
542 if(status
== SEC_E_OK
) {
543 res
= netconn_verify_cert(cert
, hostname
, conn
->security_flags
);
544 CertFreeCertificateContext(cert
);
545 if(res
!= ERROR_SUCCESS
) {
546 WARN("cert verify failed: %u\n", res
);
550 WARN("Could not get cert\n");
554 conn
->ssl_buf
= heap_alloc(conn
->ssl_sizes
.cbHeader
+ conn
->ssl_sizes
.cbMaximumMessage
+ conn
->ssl_sizes
.cbTrailer
);
556 res
= GetLastError();
564 if(status
!= SEC_E_OK
|| res
!= ERROR_SUCCESS
) {
565 WARN("Failed to initialize security context failed: %08x\n", status
);
566 heap_free(conn
->ssl_buf
);
567 conn
->ssl_buf
= NULL
;
568 DeleteSecurityContext(&ctx
);
569 set_last_error(res
? res
: ERROR_WINHTTP_SECURE_CHANNEL_ERROR
);
574 TRACE("established SSL connection\n");
580 static BOOL
send_ssl_chunk(netconn_t
*conn
, const void *msg
, size_t size
)
582 SecBuffer bufs
[4] = {
583 {conn
->ssl_sizes
.cbHeader
, SECBUFFER_STREAM_HEADER
, conn
->ssl_buf
},
584 {size
, SECBUFFER_DATA
, conn
->ssl_buf
+conn
->ssl_sizes
.cbHeader
},
585 {conn
->ssl_sizes
.cbTrailer
, SECBUFFER_STREAM_TRAILER
, conn
->ssl_buf
+conn
->ssl_sizes
.cbHeader
+size
},
586 {0, SECBUFFER_EMPTY
, NULL
}
588 SecBufferDesc buf_desc
= {SECBUFFER_VERSION
, sizeof(bufs
)/sizeof(*bufs
), bufs
};
591 memcpy(bufs
[1].pvBuffer
, msg
, size
);
592 res
= EncryptMessage(&conn
->ssl_ctx
, 0, &buf_desc
, 0);
593 if(res
!= SEC_E_OK
) {
594 WARN("EncryptMessage failed\n");
598 if(sock_send(conn
->socket
, conn
->ssl_buf
, bufs
[0].cbBuffer
+bufs
[1].cbBuffer
+bufs
[2].cbBuffer
, 0) < 1) {
599 WARN("send failed\n");
606 BOOL
netconn_send( netconn_t
*conn
, const void *msg
, size_t len
, int *sent
)
608 if (!netconn_connected( conn
)) return FALSE
;
611 const BYTE
*ptr
= msg
;
617 chunk_size
= min(len
, conn
->ssl_sizes
.cbMaximumMessage
);
618 if(!send_ssl_chunk(conn
, ptr
, chunk_size
))
628 if ((*sent
= sock_send( conn
->socket
, msg
, len
, 0 )) == -1)
630 set_last_error( sock_get_error( errno
) );
636 static BOOL
read_ssl_chunk(netconn_t
*conn
, void *buf
, SIZE_T buf_size
, SIZE_T
*ret_size
, BOOL
*eof
)
638 const SIZE_T ssl_buf_size
= conn
->ssl_sizes
.cbHeader
+conn
->ssl_sizes
.cbMaximumMessage
+conn
->ssl_sizes
.cbTrailer
;
640 SecBufferDesc buf_desc
= {SECBUFFER_VERSION
, sizeof(bufs
)/sizeof(*bufs
), bufs
};
641 SSIZE_T size
, buf_len
;
645 assert(conn
->extra_len
< ssl_buf_size
);
647 if(conn
->extra_len
) {
648 memcpy(conn
->ssl_buf
, conn
->extra_buf
, conn
->extra_len
);
649 buf_len
= conn
->extra_len
;
651 heap_free(conn
->extra_buf
);
652 conn
->extra_buf
= NULL
;
654 buf_len
= sock_recv(conn
->socket
, conn
->ssl_buf
+conn
->extra_len
, ssl_buf_size
-conn
->extra_len
, 0);
656 WARN("recv failed\n");
670 memset(bufs
, 0, sizeof(bufs
));
671 bufs
[0].BufferType
= SECBUFFER_DATA
;
672 bufs
[0].cbBuffer
= buf_len
;
673 bufs
[0].pvBuffer
= conn
->ssl_buf
;
675 res
= DecryptMessage(&conn
->ssl_ctx
, &buf_desc
, 0, NULL
);
679 case SEC_I_CONTEXT_EXPIRED
:
680 TRACE("context expired\n");
683 case SEC_E_INCOMPLETE_MESSAGE
:
684 assert(buf_len
< ssl_buf_size
);
686 size
= sock_recv(conn
->socket
, conn
->ssl_buf
+buf_len
, ssl_buf_size
-buf_len
, 0);
693 WARN("failed: %08x\n", res
);
696 } while(res
!= SEC_E_OK
);
698 for(i
=0; i
< sizeof(bufs
)/sizeof(*bufs
); i
++) {
699 if(bufs
[i
].BufferType
== SECBUFFER_DATA
) {
700 size
= min(buf_size
, bufs
[i
].cbBuffer
);
701 memcpy(buf
, bufs
[i
].pvBuffer
, size
);
702 if(size
< bufs
[i
].cbBuffer
) {
703 assert(!conn
->peek_len
);
704 conn
->peek_msg_mem
= conn
->peek_msg
= heap_alloc(bufs
[i
].cbBuffer
- size
);
707 conn
->peek_len
= bufs
[i
].cbBuffer
-size
;
708 memcpy(conn
->peek_msg
, (char*)bufs
[i
].pvBuffer
+size
, conn
->peek_len
);
715 for(i
=0; i
< sizeof(bufs
)/sizeof(*bufs
); i
++) {
716 if(bufs
[i
].BufferType
== SECBUFFER_EXTRA
) {
717 conn
->extra_buf
= heap_alloc(bufs
[i
].cbBuffer
);
721 conn
->extra_len
= bufs
[i
].cbBuffer
;
722 memcpy(conn
->extra_buf
, bufs
[i
].pvBuffer
, conn
->extra_len
);
729 BOOL
netconn_recv( netconn_t
*conn
, void *buf
, size_t len
, int flags
, int *recvd
)
732 if (!netconn_connected( conn
)) return FALSE
;
733 if (!len
) return TRUE
;
742 *recvd
= min( len
, conn
->peek_len
);
743 memcpy( buf
, conn
->peek_msg
, *recvd
);
744 conn
->peek_len
-= *recvd
;
745 conn
->peek_msg
+= *recvd
;
747 if (conn
->peek_len
== 0)
749 heap_free( conn
->peek_msg_mem
);
750 conn
->peek_msg_mem
= NULL
;
751 conn
->peek_msg
= NULL
;
753 /* check if we have enough data from the peek buffer */
754 if (!(flags
& MSG_WAITALL
) || *recvd
== len
) return TRUE
;
759 res
= read_ssl_chunk(conn
, (BYTE
*)buf
+size
, len
-size
, &cread
, &eof
);
761 WARN("read_ssl_chunk failed\n");
773 }while(!size
|| ((flags
& MSG_WAITALL
) && size
< len
));
775 TRACE("received %ld bytes\n", size
);
779 if ((*recvd
= sock_recv( conn
->socket
, buf
, len
, flags
)) == -1)
781 set_last_error( sock_get_error( errno
) );
787 ULONG
netconn_query_data_available( netconn_t
*conn
)
789 if(!netconn_connected(conn
))
793 return conn
->peek_len
;
798 DWORD
netconn_set_timeout( netconn_t
*netconn
, BOOL send
, int value
)
802 /* value is in milliseconds, convert to struct timeval */
803 tv
.tv_sec
= value
/ 1000;
804 tv
.tv_usec
= (value
% 1000) * 1000;
806 if (setsockopt( netconn
->socket
, SOL_SOCKET
, send
? SO_SNDTIMEO
: SO_RCVTIMEO
, (void*)&tv
, sizeof(tv
) ) == -1)
808 WARN("setsockopt failed (%s)\n", strerror( errno
));
809 return sock_get_error( errno
);
811 return ERROR_SUCCESS
;
814 static DWORD
resolve_hostname( const WCHAR
*hostnameW
, INTERNET_PORT port
, struct sockaddr
*sa
, socklen_t
*sa_len
)
817 #ifdef HAVE_GETADDRINFO
818 struct addrinfo
*res
, hints
;
822 struct sockaddr_in
*sin
= (struct sockaddr_in
*)sa
;
825 if (!(hostname
= strdupWA( hostnameW
))) return ERROR_OUTOFMEMORY
;
827 #ifdef HAVE_GETADDRINFO
828 memset( &hints
, 0, sizeof(struct addrinfo
) );
829 /* Prefer IPv4 to IPv6 addresses, since some web servers do not listen on
830 * their IPv6 addresses even though they have IPv6 addresses in the DNS.
832 hints
.ai_family
= AF_INET
;
834 ret
= getaddrinfo( hostname
, NULL
, &hints
, &res
);
837 TRACE("failed to get IPv4 address of %s (%s), retrying with IPv6\n", debugstr_w(hostnameW
), gai_strerror(ret
));
838 hints
.ai_family
= AF_INET6
;
839 ret
= getaddrinfo( hostname
, NULL
, &hints
, &res
);
842 TRACE("failed to get address of %s (%s)\n", debugstr_w(hostnameW
), gai_strerror(ret
));
843 heap_free( hostname
);
844 return ERROR_WINHTTP_NAME_NOT_RESOLVED
;
847 heap_free( hostname
);
848 if (*sa_len
< res
->ai_addrlen
)
850 WARN("address too small\n");
852 return ERROR_WINHTTP_NAME_NOT_RESOLVED
;
854 *sa_len
= res
->ai_addrlen
;
855 memcpy( sa
, res
->ai_addr
, res
->ai_addrlen
);
857 switch (res
->ai_family
)
860 ((struct sockaddr_in
*)sa
)->sin_port
= htons( port
);
863 ((struct sockaddr_in6
*)sa
)->sin6_port
= htons( port
);
868 return ERROR_SUCCESS
;
870 EnterCriticalSection( &cs_gethostbyname
);
872 he
= gethostbyname( hostname
);
873 heap_free( hostname
);
876 TRACE("failed to get address of %s (%d)\n", debugstr_w(hostnameW
), h_errno
);
877 LeaveCriticalSection( &cs_gethostbyname
);
878 return ERROR_WINHTTP_NAME_NOT_RESOLVED
;
880 if (*sa_len
< sizeof(struct sockaddr_in
))
882 WARN("address too small\n");
883 LeaveCriticalSection( &cs_gethostbyname
);
884 return ERROR_WINHTTP_NAME_NOT_RESOLVED
;
886 *sa_len
= sizeof(struct sockaddr_in
);
887 memset( sa
, 0, sizeof(struct sockaddr_in
) );
888 memcpy( &sin
->sin_addr
, he
->h_addr
, he
->h_length
);
889 sin
->sin_family
= he
->h_addrtype
;
890 sin
->sin_port
= htons( port
);
892 LeaveCriticalSection( &cs_gethostbyname
);
893 return ERROR_SUCCESS
;
899 const WCHAR
*hostname
;
905 static DWORD CALLBACK
resolve_proc( LPVOID arg
)
907 struct resolve_args
*ra
= arg
;
908 return resolve_hostname( ra
->hostname
, ra
->port
, ra
->sa
, ra
->sa_len
);
911 BOOL
netconn_resolve( WCHAR
*hostname
, INTERNET_PORT port
, struct sockaddr
*sa
, socklen_t
*sa_len
, int timeout
)
919 struct resolve_args ra
;
921 ra
.hostname
= hostname
;
926 thread
= CreateThread( NULL
, 0, resolve_proc
, &ra
, 0, NULL
);
927 if (!thread
) return FALSE
;
929 status
= WaitForSingleObject( thread
, timeout
);
930 if (status
== WAIT_OBJECT_0
) GetExitCodeThread( thread
, &ret
);
931 else ret
= ERROR_WINHTTP_TIMEOUT
;
932 CloseHandle( thread
);
934 else ret
= resolve_hostname( hostname
, port
, sa
, sa_len
);
938 set_last_error( ret
);
944 const void *netconn_get_certificate( netconn_t
*conn
)
946 const CERT_CONTEXT
*ret
;
949 if (!conn
->secure
) return NULL
;
950 res
= QueryContextAttributesW(&conn
->ssl_ctx
, SECPKG_ATTR_REMOTE_CERT_CONTEXT
, (void*)&ret
);
951 return res
== SEC_E_OK
? ret
: NULL
;
954 int netconn_get_cipher_strength( netconn_t
*conn
)
956 SecPkgContext_ConnectionInfo conn_info
;
959 if (!conn
->secure
) return 0;
960 res
= QueryContextAttributesW(&conn
->ssl_ctx
, SECPKG_ATTR_CONNECTION_INFO
, (void*)&conn_info
);
962 WARN("QueryContextAttributesW failed: %08x\n", res
);
963 return res
== SEC_E_OK
? conn_info
.dwCipherStrength
: 0;