PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /usr/share/doc/libcurl-devel
/usr/share/doc/libcurl-devel/
Viewing File: /usr/share/doc/libcurl-devel/curlx.c
/* curlx.c Authors: Peter Sylvester, Jean-Paul Merlin This is a little program to demonstrate the usage of - an ssl initialisation callback setting a user key and trustbases coming from a pkcs12 file - using an ssl application callback to find a URI in the certificate presented during ssl session establishment. */ /* <DESC> * demonstrates use of SSL context callback, requires OpenSSL * </DESC> */ /* * Copyright (c) 2003 The OpenEvidence Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions, the following disclaimer, * and the original OpenSSL and SSLeay Licences below. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions, the following disclaimer * and the original OpenSSL and SSLeay Licences below in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgments: * "This product includes software developed by the Openevidence Project * for use in the OpenEvidence Toolkit. (http://www.openevidence.org/)" * This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (https://www.openssl.org/)" * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com)." * * 4. The names "OpenEvidence Toolkit" and "OpenEvidence Project" must not be * used to endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openevidence-core@openevidence.org. * * 5. Products derived from this software may not be called "OpenEvidence" * nor may "OpenEvidence" appear in their names without prior written * permission of the OpenEvidence Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgments: * "This product includes software developed by the OpenEvidence Project * for use in the OpenEvidence Toolkit (http://www.openevidence.org/) * This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (https://www.openssl.org/)" * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com)." * * THIS SOFTWARE IS PROVIDED BY THE OpenEvidence PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenEvidence PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (https://www.openssl.org/) * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <curl/curl.h> #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> #include <openssl/crypto.h> #include <openssl/lhash.h> #include <openssl/objects.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pkcs12.h> #include <openssl/bio.h> #include <openssl/ssl.h> static const char *curlx_usage[]={ "usage: curlx args\n", " -p12 arg - tia file ", " -envpass arg - environment variable which content the tia private" " key password", " -out arg - output file (response)- default stdout", " -in arg - input file (request)- default stdin", " -connect arg - URL of the server for the connection ex:" " www.openevidence.org", " -mimetype arg - MIME type for data in ex : application/timestamp-query" " or application/dvcs -default application/timestamp-query", " -acceptmime arg - MIME type acceptable for the response ex : " "application/timestamp-response or application/dvcs -default none", " -accesstype arg - an Object identifier in an AIA/SIA method, e.g." " AD_DVCS or ad_timestamping", NULL }; /* ./curlx -p12 psy.p12 -envpass XX -in request -verbose -accesstype AD_DVCS -mimetype application/dvcs -acceptmime application/dvcs -out response */ /* * We use this ZERO_NULL to avoid picky compiler warnings, * when assigning a NULL pointer to a function pointer var. */ #define ZERO_NULL 0 /* This is a context that we pass to all callbacks */ typedef struct sslctxparm_st { unsigned char *p12file; const char *pst; PKCS12 *p12; EVP_PKEY *pkey; X509 *usercert; STACK_OF(X509) * ca; CURL *curl; BIO *errorbio; int accesstype; int verbose; } sslctxparm; /* some helper function. */ static char *ia5string(ASN1_IA5STRING *ia5) { char *tmp; if(!ia5 || !ia5->length) return NULL; tmp = OPENSSL_malloc(ia5->length + 1); memcpy(tmp, ia5->data, ia5->length); tmp[ia5->length] = 0; return tmp; } /* A convenience routine to get an access URI. */ static unsigned char *my_get_ext(X509 *cert, const int type, int extensiontype) { int i; STACK_OF(ACCESS_DESCRIPTION) * accessinfo; accessinfo = X509_get_ext_d2i(cert, extensiontype, NULL, NULL); if(!sk_ACCESS_DESCRIPTION_num(accessinfo)) return NULL; for(i = 0; i < sk_ACCESS_DESCRIPTION_num(accessinfo); i++) { ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(accessinfo, i); if(OBJ_obj2nid(ad->method) == type) { if(ad->location->type == GEN_URI) { return ia5string(ad->location->d.ia5); } return NULL; } } return NULL; } /* This is an application verification call back, it does not perform any addition verification but tries to find a URL in the presented certificate. If found, this will become the URL to be used in the POST. */ static int ssl_app_verify_callback(X509_STORE_CTX *ctx, void *arg) { sslctxparm * p = (sslctxparm *) arg; int ok; if(p->verbose > 2) BIO_printf(p->errorbio, "entering ssl_app_verify_callback\n"); ok = X509_verify_cert(ctx); if(ok && ctx->cert) { unsigned char *accessinfo; if(p->verbose > 1) X509_print_ex(p->errorbio, ctx->cert, 0, 0); accessinfo = my_get_ext(ctx->cert, p->accesstype, NID_sinfo_access); if(accessinfo) { if(p->verbose) BIO_printf(p->errorbio, "Setting URL from SIA to: %s\n", accessinfo); curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo); } else if(accessinfo = my_get_ext(ctx->cert, p->accesstype, NID_info_access)) { if(p->verbose) BIO_printf(p->errorbio, "Setting URL from AIA to: %s\n", accessinfo); curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo); } } if(p->verbose > 2) BIO_printf(p->errorbio, "leaving ssl_app_verify_callback with %d\n", ok); return ok; } /* The SSL initialisation callback. The callback sets: - a private key and certificate - a trusted ca certificate - a preferred cipherlist - an application verification callback (the function above) */ static CURLcode sslctxfun(CURL *curl, void *sslctx, void *parm) { sslctxparm *p = (sslctxparm *) parm; SSL_CTX *ctx = (SSL_CTX *) sslctx; if(!SSL_CTX_use_certificate(ctx, p->usercert)) { BIO_printf(p->errorbio, "SSL_CTX_use_certificate problem\n"); goto err; } if(!SSL_CTX_use_PrivateKey(ctx, p->pkey)) { BIO_printf(p->errorbio, "SSL_CTX_use_PrivateKey\n"); goto err; } if(!SSL_CTX_check_private_key(ctx)) { BIO_printf(p->errorbio, "SSL_CTX_check_private_key\n"); goto err; } SSL_CTX_set_quiet_shutdown(ctx, 1); SSL_CTX_set_cipher_list(ctx, "RC4-MD5"); SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), sk_X509_value(p->ca, sk_X509_num(p->ca)-1)); SSL_CTX_set_verify_depth(ctx, 2); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ZERO_NULL); SSL_CTX_set_cert_verify_callback(ctx, ssl_app_verify_callback, parm); return CURLE_OK; err: ERR_print_errors(p->errorbio); return CURLE_SSL_CERTPROBLEM; } int main(int argc, char **argv) { BIO* in = NULL; BIO* out = NULL; char *outfile = NULL; char *infile = NULL; int tabLength = 100; char *binaryptr; char *mimetype; char *mimetypeaccept = NULL; char *contenttype; const char **pp; unsigned char *hostporturl = NULL; BIO *p12bio; char **args = argv + 1; unsigned char *serverurl; sslctxparm p; char *response; CURLcode res; struct curl_slist *headers = NULL; int badarg = 0; binaryptr = malloc(tabLength); p.verbose = 0; p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE); curl_global_init(CURL_GLOBAL_DEFAULT); /* we need some more for the P12 decoding */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); while(*args && *args[0] == '-') { if(!strcmp (*args, "-in")) { if(args[1]) { infile = *(++args); } else badarg = 1; } else if(!strcmp (*args, "-out")) { if(args[1]) { outfile = *(++args); } else badarg = 1; } else if(!strcmp (*args, "-p12")) { if(args[1]) { p.p12file = *(++args); } else badarg = 1; } else if(strcmp(*args, "-envpass") == 0) { if(args[1]) { p.pst = getenv(*(++args)); } else badarg = 1; } else if(strcmp(*args, "-connect") == 0) { if(args[1]) { hostporturl = *(++args); } else badarg = 1; } else if(strcmp(*args, "-mimetype") == 0) { if(args[1]) { mimetype = *(++args); } else badarg = 1; } else if(strcmp(*args, "-acceptmime") == 0) { if(args[1]) { mimetypeaccept = *(++args); } else badarg = 1; } else if(strcmp(*args, "-accesstype") == 0) { if(args[1]) { p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0)); if(p.accesstype == 0) badarg = 1; } else badarg = 1; } else if(strcmp(*args, "-verbose") == 0) { p.verbose++; } else badarg = 1; args++; } if(mimetype == NULL || mimetypeaccept == NULL) badarg = 1; if(badarg) { for(pp = curlx_usage; (*pp != NULL); pp++) BIO_printf(p.errorbio, "%s\n", *pp); BIO_printf(p.errorbio, "\n"); goto err; } /* set input */ in = BIO_new(BIO_s_file()); if(in == NULL) { BIO_printf(p.errorbio, "Error setting input bio\n"); goto err; } else if(infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE|BIO_FP_TEXT); else if(BIO_read_filename(in, infile) <= 0) { BIO_printf(p.errorbio, "Error opening input file %s\n", infile); BIO_free(in); goto err; } /* set output */ out = BIO_new(BIO_s_file()); if(out == NULL) { BIO_printf(p.errorbio, "Error setting output bio.\n"); goto err; } else if(outfile == NULL) BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT); else if(BIO_write_filename(out, outfile) <= 0) { BIO_printf(p.errorbio, "Error opening output file %s\n", outfile); BIO_free(out); goto err; } p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE); p.curl = curl_easy_init(); if(!p.curl) { BIO_printf(p.errorbio, "Cannot init curl lib\n"); goto err; } p12bio = BIO_new_file(p.p12file, "rb"); if(!p12bio) { BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file); goto err; } p.p12 = d2i_PKCS12_bio(p12bio, NULL); if(!p.p12) { BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file); goto err; } p.ca = NULL; if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) { BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file); goto err; } if(sk_X509_num(p.ca) <= 0) { BIO_printf(p.errorbio, "No trustworthy CA given.%s\n", p.p12file); goto err; } if(p.verbose > 1) X509_print_ex(p.errorbio, p.usercert, 0, 0); /* determine URL to go */ if(hostporturl) { size_t len = strlen(hostporturl) + 9; serverurl = malloc(len); snprintf(serverurl, len, "https://%s", hostporturl); } else if(p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */ serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access); if(!serverurl) { int j = 0; BIO_printf(p.errorbio, "no service URL in user cert " "cherching in others certificats\n"); for(j = 0; j<sk_X509_num(p.ca); j++) { serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype, NID_info_access); if(serverurl) break; serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype, NID_sinfo_access); if(serverurl) break; } } } if(!serverurl) { BIO_printf(p.errorbio, "no service URL in certificats," " check '-accesstype (AD_DVCS | ad_timestamping)'" " or use '-connect'\n"); goto err; } if(p.verbose) BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl); curl_easy_setopt(p.curl, CURLOPT_URL, serverurl); /* Now specify the POST binary data */ curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr); curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength); /* pass our list of custom made headers */ contenttype = malloc(15 + strlen(mimetype)); snprintf(contenttype, 15 + strlen(mimetype), "Content-type: %s", mimetype); headers = curl_slist_append(headers, contenttype); curl_easy_setopt(p.curl, CURLOPT_HTTPHEADER, headers); if(p.verbose) BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl); { FILE *outfp; BIO_get_fp(out, &outfp); curl_easy_setopt(p.curl, CURLOPT_WRITEDATA, outfp); } res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun); if(res != CURLE_OK) BIO_printf(p.errorbio, "%d %s=%d %d\n", __LINE__, "CURLOPT_SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, res); curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p); { int lu; int i = 0; while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) { i += lu; if(i == tabLength) { tabLength += 100; binaryptr = realloc(binaryptr, tabLength); /* should be more careful */ } } tabLength = i; } /* Now specify the POST binary data */ curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr); curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength); /* Perform the request, res will get the return code */ BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform", res = curl_easy_perform(p.curl)); { int result = curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response); if(mimetypeaccept && p.verbose) { if(!strcmp(mimetypeaccept, response)) BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n", response); else BIO_printf(p.errorbio, "the response doesn\'t have an acceptable " "mime type, it is %s instead of %s\n", response, mimetypeaccept); } } /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/ /* free the header list*/ curl_slist_free_all(headers); /* always cleanup */ curl_easy_cleanup(p.curl); BIO_free(in); BIO_free(out); return (EXIT_SUCCESS); err: BIO_printf(p.errorbio, "error"); exit(1); }
webs 1.0 - Enhanced UI