mirrors/netsurf
1
0
Fork 0
mirror of https://github.com/netsurf-browser/netsurf synced 2024-11-21 22:11:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

Experiment with CURLOPT_CAINFO_BLOB

Browse Source
This commit is contained in:
Michael Drake 2022-09-30 15:47:22 +01:00
parent c6eea438ac
commit 7e25bc6de1
1 changed files with 60 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
content/fetchers/curl.c
View File

@ -274,6 +274,10 @@ static char fetch_proxy_userpwd[100];
/** Interlock to prevent initiation during callbacks */ /** Interlock to prevent initiation during callbacks */
static bool inside_curl = false; static bool inside_curl = false;
static struct curl_blob cert_data = {
.flags = CURL_BLOB_NOCOPY,
};
/** /**
* Initialise a cURL fetcher. * Initialise a cURL fetcher.
@ -314,6 +318,9 @@ static void fetch_curl_finalise(lwc_string *scheme)
curl_global_cleanup(); curl_global_cleanup();
free(cert_data.data);
cert_data.data = NULL;
NSLOG(netsurf, DEBUG, "Cleaning up SSL cert chain hashmap"); NSLOG(netsurf, DEBUG, "Cleaning up SSL cert chain hashmap");
hashmap_destroy(curl_fetch_ssl_hashmap); hashmap_destroy(curl_fetch_ssl_hashmap);
curl_fetch_ssl_hashmap = NULL; curl_fetch_ssl_hashmap = NULL;
@ -1757,15 +1764,59 @@ nserror fetch_curl_register(void)
SETOPT(CURLOPT_NOSIGNAL, 1L); SETOPT(CURLOPT_NOSIGNAL, 1L);
SETOPT(CURLOPT_CONNECTTIMEOUT, nsoption_uint(curl_fetch_timeout)); SETOPT(CURLOPT_CONNECTTIMEOUT, nsoption_uint(curl_fetch_timeout));
if (nsoption_charp(ca_bundle) && if ((nsoption_charp(ca_bundle) &&
strcmp(nsoption_charp(ca_bundle), "")) { strcmp(nsoption_charp(ca_bundle), "")) &&
NSLOG(netsurf, INFO, "ca_bundle: '%s'", (nsoption_charp(ca_path) == NULL ||
nsoption_charp(ca_bundle)); strcmp(nsoption_charp(ca_path), "") == 0) &&
SETOPT(CURLOPT_CAINFO, nsoption_charp(ca_bundle)); cert_data.data == NULL) {
} FILE *f;
if (nsoption_charp(ca_path) && strcmp(nsoption_charp(ca_path), "")) { long tell_len;
NSLOG(netsurf, INFO, "ca_path: '%s'", nsoption_charp(ca_path));
SETOPT(CURLOPT_CAPATH, nsoption_charp(ca_path)); f = fopen(nsoption_charp(ca_bundle), "r");
if (f == NULL) {
goto curl_easy_setopt_failed;
}
if (fseek(f, 0, SEEK_END) != 0) {
fclose(f);
goto curl_easy_setopt_failed;
}
tell_len = ftell(f);
if (tell_len == -1) {
fclose(f);
goto curl_easy_setopt_failed;
}
if (fseek(f, 0, SEEK_SET) != 0) {
fclose(f);
goto curl_easy_setopt_failed;
}
cert_data.data = malloc(tell_len);
if (cert_data.data == NULL) {
fclose(f);
goto curl_easy_setopt_failed;
}
cert_data.len = fread(cert_data.data, 1, tell_len, f);
fclose(f);
NSLOG(netsurf, INFO, "ca_bundle: '%s' (as blob tell_len: %ld, len: %zu)",
nsoption_charp(ca_bundle), tell_len, cert_data.len);
SETOPT(CURLOPT_CAINFO_BLOB, &cert_data);
} else {
if (nsoption_charp(ca_bundle) &&
strcmp(nsoption_charp(ca_bundle), "")) {
NSLOG(netsurf, INFO, "ca_bundle: '%s'",
nsoption_charp(ca_bundle));
SETOPT(CURLOPT_CAINFO, nsoption_charp(ca_bundle));
}
if (nsoption_charp(ca_path) &&
strcmp(nsoption_charp(ca_path), "")) {
NSLOG(netsurf, INFO, "ca_path: '%s'",
nsoption_charp(ca_path));
SETOPT(CURLOPT_CAPATH, nsoption_charp(ca_path));
}
} }
#if LIBCURL_VERSION_NUM < 0x073800 #if LIBCURL_VERSION_NUM < 0x073800