Problem with reinitialization of HTTPS client

Question

Problem with reinitialization of HTTPS client

colintd opened this issue 10 years ago · comments

Colin Tregenza Dancer commented 10 years ago

I've been trying to use your excellent library for repeated HTTPS requests, and have found that if I free and reallocate a client object, then subsequent operations quietly fail.

Having dug through the code I think the issue is to do with the setssl method, where the second time round, the initialized flag stops a ssl object being allocated on the client object.

I've fixed as below in my code and it seems to work fine.

Given that to date I believe you're the only person that has touched the code I thought I'd raise this issue rather than fixing directly, but feel free to let me know otherwise.

Once again, thanks for the excellent library.

Cheers,

Colin.

static bool setssl(qhttpclient_t *client) {

ifdef ENABLE_OPENSSL

static bool initialized = false;

if (client->socket >= 0) {
    // must be set before making a connection.
    return false;
}
if (client->ssl != NULL) {
    // already initialized.
    return true;
}

// init openssl
if (initialized == false)
{
  initialized = true;
  SSL_load_error_strings();
  SSL_library_init();
}

// allocate ssl structure
client->ssl = malloc(sizeof(struct SslConn));
if (client->ssl == NULL) return false;
memset(client->ssl, 0, sizeof(struct SslConn));

return true;

else

return false;

endif

}

Seungyoung Kim (Steve) · Answer 1 · Thu Apr 10 2014 16:52:59 GMT+0800 (China Standard Time)

This is a great finding. Thanks for reporting it.

Your fix looks good to me~
Why don't you go ahead make change by yourself and send a pull request?

And don't forget to give this project a "Star".
Also I'm looking for a person like you to work together. There's many area we need to improve, unit test is one thing, documentation, new features, ... This is your library, not mine, Jump in whatever area you're interested in.

Again, many thanks.

Seungyoung Kim (Steve) · Answer 2 · Thu Apr 10 2014 16:55:40 GMT+0800 (China Standard Time)

If you're working on HTTP/HTTPS, you might be also interested in libasyncd for your future reference. It's an embeddable asynchronous HTTP server for C/C++. Check it out here http://wolkykim.github.io/libasyncd/

Colin Tregenza Dancer · Answer 3 · Thu Apr 10 2014 19:54:52 GMT+0800 (China Standard Time)

Hope I’ve done that right. Feel free to let me know.

Colin.

From: Snow K [mailto:notifications@github.com]
Sent: 10 April 2014 09:53
To: wolkykim/qlibc
Cc: Colin Tregenza Dancer
Subject: Re: [qlibc] Problem with reinitialization of HTTPS client (#1)

This is a great finding. Thanks for reporting it.

Your fix looks good to me~
Why don't you go ahead make change by yourself and send a pull request?

And don't forget to give this project a "Star".
Also I'm looking for a person like you to work together. There's many area we need to improve, unit test is one thing, documentation, new features, ... This is your library, not mine, Jump in whatever area you're interested in.

Again, many thanks.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1#issuecomment-40056063.

Seungyoung Kim (Steve) · Answer 4 · Sun Apr 13 2014 00:08:37 GMT+0800 (China Standard Time)

Hi Colin,

I left some CR feedback on your request.
Did you have a chance to see it?

Colin Tregenza Dancer · Answer 5 · Tue Apr 15 2014 17:15:19 GMT+0800 (China Standard Time)

Hi,

Sorry, I’ve been ill the last few days and not checking email (yes, that ill!). I’ll try and catch up later this week.

Btw, I’ve added an extension to allow specifying a root certificate chain to be used with HTTPS requests, and code after the connect to verify a peer cert was presented, that it was a valid cert and that the host names match. Without this, the current HTTPS support is vulnerable to man-in-the-middle and hijack attacks. When I’m better I’ll submit this for your perusal.

Cheers,

Colin.

From: Seungyoung Kim [mailto:notifications@github.com]
Sent: 12 April 2014 17:09
To: wolkykim/qlibc
Cc: Colin Tregenza Dancer
Subject: Re: [qlibc] Problem with reinitialization of HTTPS client (#1)

Hi Colin,

I left some CR feedback on your request.
Did you have a chance to see it?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1#issuecomment-40284412.

Seungyoung Kim (Steve) · Answer 6 · Wed Apr 16 2014 19:55:58 GMT+0800 (China Standard Time)

Hope you're feeling better. And I'm looking forward to seeing your extension.

Seungyoung Kim (Steve) · Answer 7 · Tue Apr 29 2014 14:12:18 GMT+0800 (China Standard Time)

Hi Colin,

Can you update this file to include your name?

https://github.com/wolkykim/qlibc/blob/master/CONTRIBUTORS

Thanks

Seungyoung

On Tue, Apr 15, 2014 at 2:15 AM, colintd notifications@github.com wrote:

Hi,

Sorry, I've been ill the last few days and not checking email (yes, that
ill!). I'll try and catch up later this week.

Btw, I've added an extension to allow specifying a root certificate chain
to be used with HTTPS requests, and code after the connect to verify a peer
cert was presented, that it was a valid cert and that the host names match.
Without this, the current HTTPS support is vulnerable to man-in-the-middle
and hijack attacks. When I'm better I'll submit this for your perusal.

Cheers,

Colin.

From: Seungyoung Kim [mailto:notifications@github.com]
Sent: 12 April 2014 17:09
To: wolkykim/qlibc
Cc: Colin Tregenza Dancer
Subject: Re: [qlibc] Problem with reinitialization of HTTPS client (#1)

Hi Colin,

I left some CR feedback on your request.
Did you have a chance to see it?

Reply to this email directly or view it on GitHub<
https://github.com/wolkykim/qlibc/issues/1#issuecomment-40284412>.

Reply to this email directly or view it on GitHubhttps://github.com//issues/1#issuecomment-40460834
.