kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1192 from signalwire/curl_cert 

[mod_curl] look for cacert in certs dir
This commit is contained in:
Andrey Volk 2021-05-11 01:54:24 +03:00 committed by GitHub
parent 954056c009 21c113ba2c
commit 4d47a0988b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/mod/applications/mod_curl/mod_curl.c
View File

@ -85,6 +85,7 @@ struct http_data_obj {
int err; int err;
long http_response_code; long http_response_code;
char *http_response; char *http_response;
char *cacert;
switch_curl_slist_t *headers; switch_curl_slist_t *headers;
}; };
typedef struct http_data_obj http_data_t; typedef struct http_data_obj http_data_t;
@ -102,6 +103,7 @@ struct http_sendfile_data_obj {
char *filename_element_name; char *filename_element_name;
char *extrapost_elements; char *extrapost_elements;
switch_CURL *curl_handle; switch_CURL *curl_handle;
char *cacert;
struct curl_httppost *formpost; struct curl_httppost *formpost;
struct curl_httppost *lastptr; struct curl_httppost *lastptr;
uint8_t flags; /* This is for where to send output of the curl_sendfile commands */ uint8_t flags; /* This is for where to send output of the curl_sendfile commands */
@ -211,6 +213,12 @@ static http_data_t *do_lookup_url(switch_memory_pool_t *pool, const char *url, c
} }
if (!strncasecmp(url, "https", 5)) { if (!strncasecmp(url, "https", 5)) {
http_data->cacert = switch_core_sprintf(http_data->pool, "%s%scacert.pem", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
if (switch_file_exists(http_data->cacert, http_data->pool) == SWITCH_STATUS_SUCCESS) {
switch_curl_easy_setopt(curl_handle, CURLOPT_CAINFO, http_data->cacert);
} else {
http_data->cacert = NULL;
if (options->insecure) { if (options->insecure) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", url); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", url);
switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0); switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
@ -220,6 +228,7 @@ static http_data_t *do_lookup_url(switch_memory_pool_t *pool, const char *url, c
switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 1); switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 1);
} }
} }
}
if (append_headers) { if (append_headers) {
int ah_index = 0; int ah_index = 0;
@ -413,10 +422,17 @@ static void http_sendfile_initialize_curl(http_sendfile_data_t *http_data)
if (!strncasecmp(http_data->url, "https", 5)) if (!strncasecmp(http_data->url, "https", 5))
{ {
http_data->cacert = switch_core_sprintf(http_data->pool, "%s%scacert.pem", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
if (switch_file_exists(http_data->cacert, http_data->pool) == SWITCH_STATUS_SUCCESS) {
switch_curl_easy_setopt(http_data->curl_handle, CURLOPT_CAINFO, http_data->cacert);
} else {
http_data->cacert = NULL;
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", http_data->url); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", http_data->url);
curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
} }
}
/* From the docs: /* From the docs:
* Optionally, you can provide data to POST using the CURLOPT_READFUNCTION and CURLOPT_READDATA * Optionally, you can provide data to POST using the CURLOPT_READFUNCTION and CURLOPT_READDATA