Changeset 13245


Ignore:
Timestamp:
Mar 4, 2012, 1:21:42 PM (9 years ago)
Author:
jordan
Message:

(trunk libT) #4810 "add environment variable option to have libcurl verify SSL certs" -- patch by infinity0

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/web.c

    r13112 r13245  
    9696{
    9797    bool curl_verbose;
     98    bool curl_ssl_verify;
     99    const char * curl_ca_bundle;
    98100    int close_mode;
    99101    struct tr_web_task * tasks;
     
    172174    curl_easy_setopt( e, CURLOPT_SOCKOPTDATA, task );
    173175#endif
    174     curl_easy_setopt( e, CURLOPT_SSL_VERIFYHOST, 0L );
    175     curl_easy_setopt( e, CURLOPT_SSL_VERIFYPEER, 0L );
     176    if( web->curl_ssl_verify )
     177        curl_easy_setopt( e, CURLOPT_CAINFO, web->curl_ca_bundle );
     178    else {
     179        curl_easy_setopt( e, CURLOPT_SSL_VERIFYHOST, 0L );
     180        curl_easy_setopt( e, CURLOPT_SSL_VERIFYPEER, 0L );
     181    }
    176182    curl_easy_setopt( e, CURLOPT_TIMEOUT, task->timeout_secs );
    177183    curl_easy_setopt( e, CURLOPT_URL, task->url );
     
    322328    web->tasks = NULL;
    323329    web->curl_verbose = getenv( "TR_CURL_VERBOSE" ) != NULL;
     330    web->curl_ssl_verify = getenv( "TR_CURL_SSL_VERIFY" ) != NULL;
     331    web->curl_ca_bundle = getenv( "CURL_CA_BUNDLE" );
     332    if( web->curl_ssl_verify ) {
     333        tr_ninf( "web", "will verify tracker certs using envvar CURL_CA_BUNDLE: %s",
     334                  web->curl_ca_bundle == NULL ? "none" : web->curl_ca_bundle );
     335        tr_ninf( "web", "NB: this only works if you built against libcurl with openssl or gnutls, NOT nss" );
     336        tr_ninf( "web", "NB: invalid certs will show up as 'Could not connect to tracker' like many other errors" );
     337    }
    324338    web->cookie_filename = tr_buildPath( session->configDir, "cookies.txt", NULL );
    325339
Note: See TracChangeset for help on using the changeset viewer.