Ticket #4810: curl_ssl_verify.patch

File curl_ssl_verify.patch, 1.8 KB (added by infinity0, 10 years ago)
  • libtransmission/web.c

    a b  
    9595struct tr_web
    9696{
    9797    bool curl_verbose;
     98    bool curl_ssl_verify;
     99    char * curl_ca_bundle;
    98100    int close_mode;
    99101    struct tr_web_task * tasks;
    100102    tr_lock * taskLock;
     
    171173    curl_easy_setopt( e, CURLOPT_SOCKOPTFUNCTION, sockoptfunction );
    172174    curl_easy_setopt( e, CURLOPT_SOCKOPTDATA, task );
    173175#endif
    174     curl_easy_setopt( e, CURLOPT_SSL_VERIFYHOST, 0L );
    175     curl_easy_setopt( e, CURLOPT_SSL_VERIFYPEER, 0L );
     176    if( !web->curl_ssl_verify ) {
     177      curl_easy_setopt( e, CURLOPT_SSL_VERIFYHOST, 0L );
     178      curl_easy_setopt( e, CURLOPT_SSL_VERIFYPEER, 0L );
     179    }
     180    curl_easy_setopt( e, CURLOPT_CAINFO, web->curl_ca_bundle );
    176181    curl_easy_setopt( e, CURLOPT_TIMEOUT, task->timeout_secs );
    177182    curl_easy_setopt( e, CURLOPT_URL, task->url );
    178183    curl_easy_setopt( e, CURLOPT_USERAGENT, TR_NAME "/" SHORT_VERSION_STRING );
     
    321326    web->taskLock = tr_lockNew( );
    322327    web->tasks = NULL;
    323328    web->curl_verbose = getenv( "TR_CURL_VERBOSE" ) != NULL;
     329    web->curl_ssl_verify = getenv( "TR_CURL_SSL_VERIFY" ) != NULL;
     330    web->curl_ca_bundle = getenv( "CURL_CA_BUNDLE" );
     331    if( web->curl_ssl_verify ) {
     332        tr_ninf( "web", "will verify tracker certs using envvar CURL_CA_BUNDLE: %s",
     333                  web->curl_ca_bundle == NULL ? "none" : web->curl_ca_bundle );
     334        tr_ninf( "web", "NB: this only works if you built against libcurl with openssl or gnutls, NOT nss" );
     335        tr_ninf( "web", "NB: invalid certs will show up as 'Could not connect to tracker' like many other errors" );
     336    }
    324337    web->cookie_filename = tr_buildPath( session->configDir, "cookies.txt", NULL );
    325338
    326339    multi = curl_multi_init( );