2021-01-18 13:20:06 +01:00
|
|
|
// Copyright (c) 2019-2021 Alexander Medvednikov. All rights reserved.
|
2019-08-06 05:54:47 +02:00
|
|
|
// Use of this source code is governed by an MIT license
|
|
|
|
// that can be found in the LICENSE file.
|
|
|
|
module http
|
|
|
|
|
2019-11-24 04:27:02 +01:00
|
|
|
import strings
|
2020-07-12 14:21:40 +02:00
|
|
|
import net.openssl
|
2020-05-20 08:58:57 +02:00
|
|
|
|
2020-07-12 14:21:40 +02:00
|
|
|
const (
|
|
|
|
is_used = openssl.is_used
|
|
|
|
)
|
2019-08-06 05:54:47 +02:00
|
|
|
|
2020-10-15 15:17:52 +02:00
|
|
|
fn (req &Request) ssl_do(port int, method Method, host_name string, path string) ?Response {
|
2019-12-21 23:41:42 +01:00
|
|
|
// ssl_method := C.SSLv23_method()
|
2021-04-14 11:47:24 +02:00
|
|
|
ctx := C.SSL_CTX_new(C.TLS_method())
|
2021-09-01 00:43:35 +02:00
|
|
|
defer {
|
|
|
|
if ctx != 0 {
|
|
|
|
C.SSL_CTX_free(ctx)
|
|
|
|
}
|
|
|
|
}
|
2019-11-24 04:27:02 +01:00
|
|
|
C.SSL_CTX_set_verify_depth(ctx, 4)
|
|
|
|
flags := C.SSL_OP_NO_SSLv2 | C.SSL_OP_NO_SSLv3 | C.SSL_OP_NO_COMPRESSION
|
|
|
|
C.SSL_CTX_set_options(ctx, flags)
|
2021-09-01 00:43:35 +02:00
|
|
|
// Support client certificates:
|
|
|
|
mut res := 0
|
|
|
|
if req.verify != '' {
|
|
|
|
res = C.SSL_CTX_load_verify_locations(ctx, &char(req.verify.str), 0)
|
|
|
|
if req.validate && res != 1 {
|
|
|
|
return error('http: openssl: SSL_CTX_load_verify_locations failed')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if req.cert != '' {
|
|
|
|
res = C.SSL_CTX_use_certificate_file(ctx, &char(req.cert.str), C.SSL_FILETYPE_PEM)
|
|
|
|
if req.validate && res != 1 {
|
|
|
|
return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if req.cert_key != '' {
|
|
|
|
res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(req.cert_key.str), C.SSL_FILETYPE_PEM)
|
|
|
|
if req.validate && res != 1 {
|
|
|
|
return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// the setup is done, prepare an ssl connection from the SSL context:
|
2019-11-24 04:27:02 +01:00
|
|
|
web := C.BIO_new_ssl_connect(ctx)
|
2021-09-01 00:43:35 +02:00
|
|
|
defer {
|
|
|
|
if web != 0 {
|
|
|
|
C.BIO_free_all(web)
|
|
|
|
}
|
|
|
|
}
|
2019-08-21 19:04:06 +02:00
|
|
|
addr := host_name + ':' + port.str()
|
2019-11-24 04:27:02 +01:00
|
|
|
res = C.BIO_set_conn_hostname(web, addr.str)
|
2020-07-12 14:21:40 +02:00
|
|
|
ssl := &openssl.SSL(0)
|
2019-11-24 04:27:02 +01:00
|
|
|
C.BIO_get_ssl(web, &ssl)
|
|
|
|
preferred_ciphers := 'HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4'
|
2021-04-14 11:47:24 +02:00
|
|
|
res = C.SSL_set_cipher_list(voidptr(ssl), &char(preferred_ciphers.str))
|
2019-08-06 05:54:47 +02:00
|
|
|
if res != 1 {
|
2021-09-01 00:43:35 +02:00
|
|
|
return error('http: openssl: SSL_set_cipher_list failed, res: $res')
|
2019-11-24 04:27:02 +01:00
|
|
|
}
|
2021-02-22 16:11:02 +01:00
|
|
|
res = C.SSL_set_tlsext_host_name(voidptr(ssl), host_name.str)
|
2019-11-24 04:27:02 +01:00
|
|
|
res = C.BIO_do_connect(web)
|
2019-12-09 11:31:24 +01:00
|
|
|
if res != 1 {
|
2021-09-01 00:43:35 +02:00
|
|
|
return error('http: openssl: BIO_do_connect failed, res: $res')
|
2019-12-09 11:31:24 +01:00
|
|
|
}
|
2019-11-24 04:27:02 +01:00
|
|
|
res = C.BIO_do_handshake(web)
|
2021-09-01 00:43:35 +02:00
|
|
|
pcert := C.SSL_get_peer_certificate(voidptr(ssl))
|
|
|
|
defer {
|
|
|
|
if pcert != 0 {
|
|
|
|
C.X509_free(pcert)
|
|
|
|
}
|
|
|
|
}
|
2021-02-22 16:11:02 +01:00
|
|
|
res = C.SSL_get_verify_result(voidptr(ssl))
|
2021-09-01 00:43:35 +02:00
|
|
|
if req.validate && res != C.X509_V_OK {
|
|
|
|
return error('http: openssl: SSL_get_verify_result failed, res: $res')
|
|
|
|
}
|
2019-12-21 23:41:42 +01:00
|
|
|
// /////
|
2020-05-18 05:10:56 +02:00
|
|
|
req_headers := req.build_request_headers(method, host_name, path)
|
2021-03-30 17:11:00 +02:00
|
|
|
$if trace_http_request ? {
|
|
|
|
eprintln('> $req_headers')
|
|
|
|
}
|
2021-02-22 16:11:02 +01:00
|
|
|
// println(req_headers)
|
2021-04-14 11:47:24 +02:00
|
|
|
C.BIO_puts(web, &char(req_headers.str))
|
2020-05-20 13:32:59 +02:00
|
|
|
mut content := strings.new_builder(100)
|
2020-08-17 20:17:17 +02:00
|
|
|
mut buff := [bufsize]byte{}
|
2021-04-25 20:40:38 +02:00
|
|
|
bp := unsafe { &buff[0] }
|
2020-05-20 11:04:28 +02:00
|
|
|
mut readcounter := 0
|
2019-08-06 05:54:47 +02:00
|
|
|
for {
|
2020-05-20 11:04:28 +02:00
|
|
|
readcounter++
|
2021-02-26 00:28:47 +01:00
|
|
|
len := unsafe { C.BIO_read(web, bp, bufsize) }
|
2020-05-18 05:10:56 +02:00
|
|
|
if len <= 0 {
|
2019-11-24 04:27:02 +01:00
|
|
|
break
|
|
|
|
}
|
2020-05-20 11:04:28 +02:00
|
|
|
$if debug_http ? {
|
2020-05-20 13:32:59 +02:00
|
|
|
eprintln('ssl_do, read ${readcounter:4d} | len: $len')
|
2020-05-20 20:40:29 +02:00
|
|
|
eprintln('-'.repeat(20))
|
2021-02-26 00:28:47 +01:00
|
|
|
eprintln(unsafe { tos(bp, len) })
|
2020-05-20 20:40:29 +02:00
|
|
|
eprintln('-'.repeat(20))
|
2020-05-18 05:10:56 +02:00
|
|
|
}
|
2021-03-20 08:02:28 +01:00
|
|
|
unsafe { content.write_ptr(bp, len) }
|
2019-11-24 04:27:02 +01:00
|
|
|
}
|
2021-03-30 17:11:00 +02:00
|
|
|
response_text := content.str()
|
|
|
|
$if trace_http_response ? {
|
|
|
|
eprintln('< $response_text')
|
|
|
|
}
|
|
|
|
return parse_response(response_text)
|
2019-08-06 05:54:47 +02:00
|
|
|
}
|