From c2764e25ff72c22dab9b210bc17ea8891fcf721d Mon Sep 17 00:00:00 2001 From: jvelilla Date: Thu, 14 Sep 2017 10:21:32 -0300 Subject: [PATCH 1/4] Update HTTP Client cURL implementation: Added the option to set cipher list used to negotiate security settings (SSL handshake) --- .../http_client/src/http_client_session.e | 16 ++++++++++++++++ .../spec/libcurl/libcurl_http_client_request.e | 5 +++++ 2 files changed, 21 insertions(+) diff --git a/library/network/http_client/src/http_client_session.e b/library/network/http_client/src/http_client_session.e index 5272173e..b2021cc0 100644 --- a/library/network/http_client/src/http_client_session.e +++ b/library/network/http_client/src/http_client_session.e @@ -272,6 +272,15 @@ feature -- Authentication -- Associated optional credentials value. -- Computed as `username':`password'. + cipher_list: detachable READABLE_STRING_32 + -- SSL cipher preference lists + -- examples: DEFAULT, ALL, TLSv1 + -- check https://www.openssl.org/docs/man1.1.0/apps/ciphers.html + --! At the moment only used for LIB_CURL_HTTP_CLIENT + --! Net implementation set all the ciphers using the OpenSSL at + --! initialization time. + + feature -- Status setting set_is_debug (b: BOOLEAN) @@ -401,6 +410,13 @@ feature -- Element change chunk_size := a_size end + set_cipher_list (a_list: READABLE_STRING_GENERAL) + do + create {STRING_32} cipher_list.make_from_string_general (a_list) + ensure + cipher_list_set: attached cipher_list as c_list and then c_list.same_string_general (a_list) + end + note copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" diff --git a/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e b/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e index 13e44bbb..b0091e80 100644 --- a/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e +++ b/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e @@ -372,6 +372,11 @@ feature -- Execution curl_easy.setopt_integer (curl_handle, {CURL_OPT_CONSTANTS}.curlopt_ssl_verifypeer, 0) end + --| Cipher List + if attached session.cipher_list as c_list then + curl_easy.setopt_string (curl_handle, {CURL_OPT_CONSTANTS}.curlopt_ssl_cipher_list, c_list ) + end + --| Request method if request_method.is_case_insensitive_equal ("GET") then curl_easy.setopt_integer (curl_handle, {CURL_OPT_CONSTANTS}.curlopt_httpget, 1) From bb334aef80f820082ef76615a27bba387d3418c6 Mon Sep 17 00:00:00 2001 From: jvelilla Date: Thu, 14 Sep 2017 11:58:43 -0300 Subject: [PATCH 2/4] Updated HTTP client cURL implementation. Refactor rename cipher_list by ciphers_settings and description. Updated ciphers_settings representation to STIRNG_8 Refactor rename set_cipher_list by set_ciphers. --- .../network/http_client/src/http_client_session.e | 14 +++++++------- .../src/spec/libcurl/libcurl_http_client_request.e | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/network/http_client/src/http_client_session.e b/library/network/http_client/src/http_client_session.e index b2021cc0..78f8323a 100644 --- a/library/network/http_client/src/http_client_session.e +++ b/library/network/http_client/src/http_client_session.e @@ -272,13 +272,13 @@ feature -- Authentication -- Associated optional credentials value. -- Computed as `username':`password'. - cipher_list: detachable READABLE_STRING_32 + ciphers_settings: detachable READABLE_STRING_8 -- SSL cipher preference lists -- examples: DEFAULT, ALL, TLSv1 -- check https://www.openssl.org/docs/man1.1.0/apps/ciphers.html - --! At the moment only used for LIB_CURL_HTTP_CLIENT - --! Net implementation set all the ciphers using the OpenSSL at - --! initialization time. + --Warning At the moment only used for LIB_CURL_HTTP_CLIENT + --Warning Net implementation set all the ciphers using the OpenSSL at + --Warning initialization time. feature -- Status setting @@ -410,11 +410,11 @@ feature -- Element change chunk_size := a_size end - set_cipher_list (a_list: READABLE_STRING_GENERAL) + set_ciphers (a_list: READABLE_STRING_8) do - create {STRING_32} cipher_list.make_from_string_general (a_list) + create {STRING_8} ciphers_settings.make_from_string (a_list) ensure - cipher_list_set: attached cipher_list as c_list and then c_list.same_string_general (a_list) + cipher_settings_set: attached ciphers_settings as c_list and then c_list.same_string (a_list) end note diff --git a/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e b/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e index b0091e80..5fda6c06 100644 --- a/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e +++ b/library/network/http_client/src/spec/libcurl/libcurl_http_client_request.e @@ -373,7 +373,7 @@ feature -- Execution end --| Cipher List - if attached session.cipher_list as c_list then + if attached session.ciphers_settings as c_list then curl_easy.setopt_string (curl_handle, {CURL_OPT_CONSTANTS}.curlopt_ssl_cipher_list, c_list ) end From 6ed91699b8034f7f60e5768372f66d4856fe45aa Mon Sep 17 00:00:00 2001 From: jvelilla Date: Tue, 19 Sep 2017 10:32:17 -0300 Subject: [PATCH 3/4] Renamed feature 'set_ciphers' to 'set_ciphers_settings' and added description. --- library/network/http_client/src/http_client_session.e | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/network/http_client/src/http_client_session.e b/library/network/http_client/src/http_client_session.e index 78f8323a..ae9177f6 100644 --- a/library/network/http_client/src/http_client_session.e +++ b/library/network/http_client/src/http_client_session.e @@ -410,11 +410,12 @@ feature -- Element change chunk_size := a_size end - set_ciphers (a_list: READABLE_STRING_8) + set_ciphers_settings (a_ciphers_settings: READABLE_STRING_8) + -- Set 'ciphers_settings' with 'a_ciphers_settings'. do - create {STRING_8} ciphers_settings.make_from_string (a_list) + create {STRING_8} ciphers_settings.make_from_string (a_ciphers_settings) ensure - cipher_settings_set: attached ciphers_settings as c_list and then c_list.same_string (a_list) + cipher_settings_set: attached ciphers_settings as c_settings and then c_settings.same_string (a_ciphers_settings) end note From 85c8a46c892908d9bee4a17c40b94ec0661c194d Mon Sep 17 00:00:00 2001 From: jvelilla Date: Thu, 21 Sep 2017 08:07:11 -0300 Subject: [PATCH 4/4] Update Readme.md with a note about ciphers implementation. --- library/network/http_client/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/network/http_client/README.md b/library/network/http_client/README.md index 288ad58d..6a995c8c 100644 --- a/library/network/http_client/README.md +++ b/library/network/http_client/README.md @@ -10,6 +10,9 @@ It provides simple routine to perform http requests, and get response. - Eiffel Net library - and optionally Eiffel NetSSL library to support `https://...` +* Note: set ciphers settings is supported only with libcurl implementation for now, net implementation +set all the ciphers as part of the OpenSSL initialization. + This means on Windows, do not forget to copy the libcurl.dll (and related) either in the same directory of the executable, or ensure the .dll are in the PATH environment. It is possible to exclude the libcurl implementation xor the Eiffel Net implementation: