From e6cec7dbe832c47915f0ce3a0e82004c497b00e8 Mon Sep 17 00:00:00 2001 From: John Mark Bell Date: Thu, 10 Jun 2004 22:40:56 +0000 Subject: [PATCH] [project @ 2004-06-10 22:40:56 by jmb] Allow configuration of SSL certificate verification svn path=/import/netsurf/; revision=955 --- content/fetch.c | 18 +++++++++++++----- desktop/options.c | 3 +++ desktop/options.h | 1 + 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/content/fetch.c b/content/fetch.c index 52d7effc5..b42e48ea7 100644 --- a/content/fetch.c +++ b/content/fetch.c @@ -149,6 +149,14 @@ void fetch_init(void) SETOPT(CURLOPT_CAINFO, ca_bundle); #endif + if (!option_ssl_verify_certificates) { + /* disable verification of SSL certificates. + * security? we've heard of it... + */ + SETOPT(CURLOPT_SSL_VERIFYPEER, 0L); + SETOPT(CURLOPT_SSL_VERIFYHOST, 0L); + } + return; curl_easy_setopt_failed: @@ -601,7 +609,7 @@ size_t fetch_curl_data(void * data, size_t size, size_t nmemb, struct fetch *f) size_t fetch_curl_header(char * data, size_t size, size_t nmemb, struct fetch *f) { - unsigned int i; + int i; size *= nmemb; if (12 < size && strncasecmp(data, "Location:", 9) == 0) { /* extract Location header */ @@ -611,7 +619,7 @@ size_t fetch_curl_header(char * data, size_t size, size_t nmemb, struct fetch *f LOG(("malloc failed")); return size; } - for (i = 9; i < size && (data[i] == ' ' || data[i] == '\t'); i++) + for (i = 9; i < (int)size && (data[i] == ' ' || data[i] == '\t'); i++) /* */; strncpy(f->location, data + i, size - i); f->location[size - i] = '\0'; @@ -623,7 +631,7 @@ size_t fetch_curl_header(char * data, size_t size, size_t nmemb, struct fetch *f f->location[i] = '\0'; } else if (15 < size && strncasecmp(data, "Content-Length:", 15) == 0) { /* extract Content-Length header */ - for (i = 15; i < size && (data[i] == ' ' || data[i] == '\t'); i++) + for (i = 15; i < (int)size && (data[i] == ' ' || data[i] == '\t'); i++) /* */; if ('0' <= data[i] && data[i] <= '9') f->content_length = atol(data + i); @@ -636,9 +644,9 @@ size_t fetch_curl_header(char * data, size_t size, size_t nmemb, struct fetch *f LOG(("malloc failed")); return size; } - for (i = 16; i < size && data[i] != '='; i++) + for (i = 16; i < (int)size && data[i] != '='; i++) /* */; - while (i < size && data[++i] == '"') + while (i < (int)size && data[++i] == '"') /* */; strncpy(f->realm, data + i, size - i); f->realm[size - i] = '\0'; diff --git a/desktop/options.c b/desktop/options.c index 45bfa50b0..1748fc6b1 100644 --- a/desktop/options.c +++ b/desktop/options.c @@ -41,6 +41,8 @@ int option_font_size = 100; int option_font_min_size = 70; /** Accept-Language header. */ char *option_accept_language = 0; +/** Strict verification of SSL sertificates */ +bool option_ssl_verify_certificates = true; EXTRA_OPTION_DEFINE @@ -56,6 +58,7 @@ struct { { "font_size", OPTION_INTEGER, &option_font_size }, { "font_min_size", OPTION_INTEGER, &option_font_min_size }, { "accept_language", OPTION_STRING, &option_accept_language }, + { "ssl_verify_certificates", OPTION_BOOL, &option_ssl_verify_certificates }, EXTRA_OPTION_TABLE }; diff --git a/desktop/options.h b/desktop/options.h index e903c31c3..efec32f33 100644 --- a/desktop/options.h +++ b/desktop/options.h @@ -30,6 +30,7 @@ extern int option_http_proxy_port; extern int option_font_size; extern int option_font_min_size; extern char *option_accept_language; +extern bool option_ssl_verify_certificates; void options_read(const char *path); void options_write(const char *path);