Patch over https

5 years ago · c914e6fdf6
parent ad4290f2c9
commit c914e6fdf6
13 changed files with 98 additions and 54 deletions
--- a/code/nel/include/nel/misc/curl_certificates.h
+++ b/code/nel/include/nel/misc/curl_certificates.h
@ -22,7 +22,7 @@
 // forward declaration to avoid curl.h inclusion everywhere
 typedef void CURL;

-namespace NLGUI
+namespace NLMISC
 {
 	class CCurlCertificates
 	{
@ -36,3 +36,5 @@ namespace NLGUI

 } // namespace
 #endif
+
+/* end of file */
--- a/code/nel/include/nel/misc/http_client_curl.h
+++ b/code/nel/include/nel/misc/http_client_curl.h
@ -20,10 +20,12 @@
 #include "nel/misc/types_nl.h"
 #include <string>

+namespace NLMISC
+{

 /**
- * HTTP client with SSL capabilities
- */
+	* HTTP client with SSL capabilities
+	*/
 class CCurlHttpClient
 {
 public:
@ -41,19 +43,19 @@ public:
 	bool verifyServer(bool verify);

 	/// Send a 'get' request
-	bool sendGet(const std::string &url, const std::string& params=std::string(), bool verbose=false);
+	bool sendGet(const std::string &url, const std::string &params = std::string(), bool verbose = false);

 	/// Send a 'get' request with a cookie
-	bool sendGetWithCookie(const std::string &url, const std::string &name, const std::string &value, const std::string& params=std::string(), bool verbose=false);
+	bool sendGetWithCookie(const std::string &url, const std::string &name, const std::string &value, const std::string &params = std::string(), bool verbose = false);

 	/// Send a 'post' request
-	bool sendPost(const std::string &url, const std::string& params=std::string(), bool verbose=false);
+	bool sendPost(const std::string &url, const std::string &params = std::string(), bool verbose = false);

 	/// Send a 'post' request with a cookie
-	bool sendPostWithCookie(const std::string &url, const std::string &name, const std::string &value, const std::string& params=std::string(), bool verbose=false);
+	bool sendPostWithCookie(const std::string &url, const std::string &name, const std::string &value, const std::string &params = std::string(), bool verbose = false);

 	/// Wait for a response
-	bool receive(std::string &res, bool verbose=false);
+	bool receive(std::string &res, bool verbose = false);

 	/// Disconnect if connected (otherwise does nothing)
 	void disconnect();
@ -61,7 +63,7 @@ public:
 protected:

 	/// Helper
-	bool sendRequest(const std::string& methodWB, const std::string &url, const std::string &cookieName, const std::string &cookieValue, const std::string& postParams, bool verbose);
+	bool sendRequest(const std::string &methodWB, const std::string &url, const std::string &cookieName, const std::string &cookieValue, const std::string &postParams, bool verbose);

 	/// Helper
 	void pushReceivedData(uint8 *buffer, uint size);
@ -69,7 +71,7 @@ protected:
 	static size_t writeDataFromCurl(void *buffer, size_t size, size_t nmemb, void *pHttpClient);
 private:

-	void*				_CurlStruct; // void* to prevent including curl.h in a header file
+	void *_CurlStruct; // void* to prevent including curl.h in a header file

 	std::vector<uint8>	_ReceiveBuffer;
 	std::string			_Auth; // must be kept here because curl only stores the char pointer
@ -77,6 +79,8 @@ private:

 extern CCurlHttpClient CurlHttpClient;

+}
+
 #endif // NL_HTTP_CLIENT_H

 /* End of http_client_curl.h */
--- a/code/nel/src/gui/group_html.cpp
+++ b/code/nel/src/gui/group_html.cpp
@ -47,7 +47,7 @@
 #include "nel/gui/url_parser.h"
 #include "nel/gui/http_cache.h"
 #include "nel/gui/http_hsts.h"
-#include "nel/gui/curl_certificates.h"
+#include "nel/misc/curl_certificates.h"
 #include "nel/gui/html_parser.h"
 #include "nel/gui/html_element.h"
 #include "nel/gui/css_style.h"
--- a/code/nel/src/misc/curl_certificates.cpp
+++ b/code/nel/src/misc/curl_certificates.cpp
@ -14,10 +14,12 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-//#include <crtdbg.h>
-
-#include "stdpch.h"
-#include "nel/gui/curl_certificates.h"
+#include "stdmisc.h"
+#include <nel/misc/curl_certificates.h>
+#include <nel/misc/common.h>
+#include <nel/misc/debug.h>
+#include <nel/misc/path.h>
+#include <nel/misc/file.h>

 #include <openssl/x509.h>
 #include <openssl/ssl.h>
@ -25,6 +27,13 @@

 #include <curl/curl.h>

+#ifdef NL_OS_WINDOWS
+#include <wincrypt.h>
+#ifdef X509_NAME
+#undef X509_NAME
+#endif
+#endif
+
 // for compatibility with older versions
 #ifndef CURL_AT_LEAST_VERSION
 #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z)
@ -40,7 +49,7 @@ using namespace NLMISC;
 #define new DEBUG_NEW
 #endif

-namespace NLGUI
+namespace NLMISC
 {
 	//
 	// x509CertList lifetime manager
@ -385,3 +394,4 @@ namespace NLGUI

 }// namespace

+/* end of file */
--- a/code/ryzom/client/src/http_client_curl.cpp
+++ b/code/ryzom/client/src/http_client_curl.cpp
@ -14,15 +14,15 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-#include "stdpch.h"
-#include "http_client_curl.h"
+#include "stdmisc.h"
+#include <nel/misc/http_client_curl.h>
+#include <nel/misc/debug.h>

 #include <curl/curl.h>

-#include "nel/gui/curl_certificates.h"
+#include <nel/misc/curl_certificates.h>

 using namespace NLMISC;
-using namespace NLNET;
 using namespace std;

 #ifdef DEBUG_NEW
@ -31,6 +31,8 @@ using namespace std;

 #define _Curl (CURL *)_CurlStruct

+namespace NLMISC
+{

 // Ugly CURL callback
 size_t CCurlHttpClient::writeDataFromCurl(void *buffer, size_t size, size_t nmemb, void *pHttpClient)
@ -72,10 +74,10 @@ bool CCurlHttpClient::verifyServer(bool verify)
 	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYPEER, verify ? 1 : 0);

 	// specify custom CA certs
-	NLGUI::CCurlCertificates::addCertificateFile(CAFilename);
+	CCurlCertificates::addCertificateFile(CAFilename);

 	// if supported, use custom SSL context function to load certificates
-	NLGUI::CCurlCertificates::useCertificates(_Curl);
+	CCurlCertificates::useCertificates(_Curl);

 	return true;
 }
@ -88,6 +90,11 @@ bool CCurlHttpClient::sendRequest(const std::string& methodWB, const std::string

 	// Set URL
 	curl_easy_setopt(_Curl, CURLOPT_URL, url.c_str());
+	if (url.length() > 8 && (url[4] == 's' || url[4] == 'S')) // 01234 https
+	{
+		curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYPEER, 1L);
+		curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYHOST, 2L);
+	}

 	// Authentication
 	if (!_Auth.empty())
@ -188,5 +195,6 @@ void CCurlHttpClient::disconnect()

 CCurlHttpClient CurlHttpClient;

+}

-
+/* end of file */
--- a/code/nel/src/misc/seven_zip.cpp
+++ b/code/nel/src/misc/seven_zip.cpp
@ -14,6 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

+#include "stdmisc.h"
 #include <nel/misc/seven_zip.h>

 #include <nel/misc/types_nl.h>
--- a/code/nel/src/misc/streamed_package_manager.cpp
+++ b/code/nel/src/misc/streamed_package_manager.cpp
@ -136,7 +136,7 @@ bool CStreamedPackageManager::getFile(std::string &filePath, const std::string &
 		if (curl)
 		{
 			curl_easy_setopt(curl, CURLOPT_URL, downloadUrl.c_str());
-			if (downloadUrl.length() > 8 && downloadUrl[4] == 's') // 01234 https
+			if (downloadUrl.length() > 8 && (downloadUrl[4] == 's' || downloadUrl[4] == 'S')) // 01234 https
 			{
 				// Don't need to verify, since we check the hash
 				curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
--- a/code/ryzom/client/src/init_main_loop.cpp
+++ b/code/ryzom/client/src/init_main_loop.cpp
@ -28,6 +28,7 @@
 #include "nel/misc/path.h"
 #include "nel/misc/sheet_id.h"
 #include "nel/misc/big_file.h"
+#include "nel/misc/curl_certificates.h"
 // 3D Interface.
 #include "nel/3d/bloom_effect.h"
 #include "nel/3d/u_driver.h"
@ -191,6 +192,13 @@ struct CStatThread : public NLMISC::IRunnable
 		curl_easy_setopt(curl, CURLOPT_REFERER, string("https://ryzom.dev/" + referer).c_str());
 #endif
 		curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
+		if (url.length() > 8 && (url[4] == 's' || url[4] == 'S')) // 01234 https
+		{
+			NLMISC::CCurlCertificates::addCertificateFile("cacert.pem");
+			NLMISC::CCurlCertificates::useCertificates(curl);
+			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
+		}
 		CURLcode res = curl_easy_perform(curl);
 		curl_easy_cleanup(curl);
 		//curl_global_cleanup();
--- a/code/ryzom/client/src/interface_v3/group_html_webig.cpp
+++ b/code/ryzom/client/src/interface_v3/group_html_webig.cpp
@ -30,7 +30,7 @@
 #include "../connection.h"

 #include <curl/curl.h>
-#include "nel/gui/curl_certificates.h"
+#include "nel/misc/curl_certificates.h"

 using namespace std;
 using namespace NLMISC;
@ -188,7 +188,7 @@ public:
 		curl_easy_setopt(Curl, CURLOPT_FOLLOWLOCATION, 1);
 		curl_easy_setopt(Curl, CURLOPT_WRITEFUNCTION, writeDataFromCurl);

-		NLGUI::CCurlCertificates::useCertificates(Curl);
+		NLMISC::CCurlCertificates::useCertificates(Curl);
 	}

 	~CWebigNotificationThread()
--- a/code/ryzom/client/src/interface_v3/interface_manager.cpp
+++ b/code/ryzom/client/src/interface_v3/interface_manager.cpp
@ -113,7 +113,7 @@
 #include "nel/gui/lua_helper.h"
 using namespace NLGUI;
 #include "nel/gui/lua_ihm.h"
-#include "nel/gui/curl_certificates.h"
+#include "nel/misc/curl_certificates.h"

 #include "lua_ihm_ryzom.h"

@ -480,7 +480,7 @@ CInterfaceManager::CInterfaceManager()
 	if (!ClientCfg.CurlCABundle.empty())
 	{
 		// specify custom CA certs, lookup will be made in this function
-		NLGUI::CCurlCertificates::addCertificateFile(ClientCfg.CurlCABundle);
+		NLMISC::CCurlCertificates::addCertificateFile(ClientCfg.CurlCABundle);
 	}

 	NLGUI::CDBManager::getInstance()->resizeBanks( NB_CDB_BANKS );
--- a/code/ryzom/client/src/login.cpp
+++ b/code/ryzom/client/src/login.cpp
@ -51,7 +51,7 @@
 #include "global.h"
 #include "input.h"
 #include "nel/gui/libwww.h"
-#include "http_client_curl.h"
+#include "nel/misc/http_client_curl.h"
 #include "login_progress_post_thread.h"

 #include "init.h"
--- a/code/ryzom/client/src/login.h
+++ b/code/ryzom/client/src/login.h
@ -18,8 +18,8 @@
 #ifndef CL_LOGIN_H
 #define CL_LOGIN_H

-#include "nel/misc/types_nl.h"
-#include "http_client_curl.h"
+#include <nel/misc/types_nl.h>
+#include <nel/misc/http_client_curl.h>
 #include <string>
 #include <vector>

@ -74,7 +74,7 @@ extern sint32		ShardSelected;
 /*
 * HTTP client preconfigured to connect to the startup login host
 */
-class CStartupHttpClient : public CCurlHttpClient
+class CStartupHttpClient : public NLMISC::CCurlHttpClient
 {
 public:

--- a/code/ryzom/client/src/login_patch.cpp
+++ b/code/ryzom/client/src/login_patch.cpp
@ -49,6 +49,7 @@
 #include "nel/misc/i18n.h"
 #include "nel/misc/cmd_args.h"
 #include "nel/misc/seven_zip.h"
+#include "nel/misc/curl_certificates.h"

 #include "game_share/bg_downloader_msg.h"

@ -239,12 +240,10 @@ void CPatchManager::init(const std::vector<std::string>& patchURIs, const std::s
 		cf = &ClientCfg.ConfigFile;
 #endif

-		std::string appName = "ryzom_live";
-
-		if (cf->getVarPtr("Application"))
-		{
-			appName = cf->getVar("Application").asString(0);
-		}
+		// App name matches Domain on the SQL server
+		std::string appName = cf->getVarPtr("Application") 
+			? cf->getVar("Application").asString(0)
+			: "default";

 		std::string versionFileName = appName + ".version";
 		getServerFile(versionFileName);
@ -252,7 +251,7 @@ void CPatchManager::init(const std::vector<std::string>& patchURIs, const std::s
 		// ok, we have the file, extract version number (aka build number) and the
 		// version name if present

-		CIFile versionFile(ClientPatchPath+versionFileName);
+		CIFile versionFile(ClientPatchPath + versionFileName);
 		char buffer[1024];
 		versionFile.getline(buffer, 1024);
 		CSString line(buffer);
@ -266,8 +265,12 @@ void CPatchManager::init(const std::vector<std::string>& patchURIs, const std::s
 		}
 #endif

-		ServerVersion = line.firstWord(true);
-		VersionName = line.firstWord(true);
+		// Use the version specified in this file, if the file does not contain an asterisk
+		if (line[0] != '*')
+		{
+			ServerVersion = line.firstWord(true);
+			VersionName = line.firstWord(true);
+		}

 		// force the R2ServerVersion
 		R2ServerVersion = ServerVersion;
@ -1258,19 +1261,18 @@ void CPatchManager::readDescFile(sint32 nVersion)

 	if (foundPlatformPatchCategory)
 	{
-		std::vector<std::string> forceRemovePatchCategories;
+		std::set<std::string> forceRemovePatchCategories;

 		// only download binaries for current platform
-		forceRemovePatchCategories.push_back("main_exedll");
-		forceRemovePatchCategories.push_back("main_exedll_win32");
-		forceRemovePatchCategories.push_back("main_exedll_win64");
-		forceRemovePatchCategories.push_back("main_exedll_linux32");
-		forceRemovePatchCategories.push_back("main_exedll_linux64");
-		forceRemovePatchCategories.push_back("main_exedll_osx");
+		forceRemovePatchCategories.insert("main_exedll");
+		forceRemovePatchCategories.insert("main_exedll_win32");
+		forceRemovePatchCategories.insert("main_exedll_win64");
+		forceRemovePatchCategories.insert("main_exedll_linux32");
+		forceRemovePatchCategories.insert("main_exedll_linux64");
+		forceRemovePatchCategories.insert("main_exedll_osx");

 		// remove current platform category from remove list
-		forceRemovePatchCategories.erase(std::remove(forceRemovePatchCategories.begin(),
-			forceRemovePatchCategories.end(), platformPatchCategory), forceRemovePatchCategories.end());
+		forceRemovePatchCategories.erase(platformPatchCategory);

 		CBNPFileSet &bnpFS = const_cast<CBNPFileSet &>(DescFile.getFiles());

@ -1427,6 +1429,13 @@ void CPatchManager::downloadFileWithCurl (const string &source, const string &de
 		curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, downloadProgressFunc);
 		curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, (void *) progress);
 		curl_easy_setopt(curl, CURLOPT_URL, source.c_str());
+		if (source.length() > 8 && (source[4] == 's' || source[4] == 'S')) // 01234 https
+		{
+			NLMISC::CCurlCertificates::addCertificateFile("cacert.pem");
+			NLMISC::CCurlCertificates::useCertificates(curl);
+			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
+		}

 		// create the local file
 		if (NLMISC::CFile::fileExists(dest))
@ -1525,12 +1534,14 @@ void CPatchManager::downloadFileWithCurl (const string &source, const string &de
 void CPatchManager::downloadFile (const string &source, const string &dest, NLMISC::IProgressCallback *progress)
 {
 	// For the moment use only curl
-	const string sHeadHttp = toLower(source.substr(0,5));
-	const string sHeadFtp = toLower(source.substr(0,4));
-	const string sHeadFile = toLower(source.substr(0,5));
+	const string sourceLower = toLower(source.substr(0, 6));

-	if ((sHeadHttp == "http:") || (sHeadFtp == "ftp:") || (sHeadFile == "file:"))
+	if (startsWith(sourceLower, "http:")
+		|| startsWith(sourceLower, "https:")
+		|| startsWith(sourceLower, "ftp:")
+		|| startsWith(sourceLower, "file:"))
 	{
+		nldebug("Download patch file %s", source.c_str());
 		downloadFileWithCurl(source, dest, progress);
 	}
 	else