add option to mod_xml_curl as well to make libcurl ignore ca cert roots

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5811 d0543943-73ff-0310-b7d9-9358b9ac24b2
2007-10-05 03:41:53 +00:00 · 2007-10-05 03:41:53 +00:00 · d8b5b417ee
parent e008b1be43
commit d8b5b417ee
3 changed files with 16 additions and 1 deletions
--- a/conf/xml_curl.conf.xml
+++ b/conf/xml_curl.conf.xml
@ -10,6 +10,10 @@
      <!--<param name="gateway-credentials" value="muser:mypass"/>-->
      <!-- set to true to disable Expect: 100-continue lighttpd requires this setting -->
      <!--<param name="disable-100-continue" value="true"/>-->
+
+      <!-- optional: if enabled this will disable CA root certificate checks by libcurl -->
+      <!-- note: default value is disabled. only enable if you want this! -->
+      <!-- <param name="ignore-cacert-check" value="true" /> -->
    </binding>
  </bindings>
 </configuration>
--- a/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
+++ b/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
@ -25,6 +25,7 @@
 * 
 * Brian West <brian.west@mac.com>
 * Bret McDanel <trixter AT 0xdecafbad.com>
+ * Justin Cassidy <xachenant@hotmail.com>
 *
 * mod_xml_cdr.c -- XML CDR Module to files or curl
 *
@ -41,7 +42,7 @@ static struct {
 	uint32_t delay;
 	uint32_t retries;
 	uint32_t shutdown;
-	int ignore_cacert_check;
+	uint32_t ignore_cacert_check;
 } globals;

 SWITCH_MODULE_LOAD_FUNCTION(mod_xml_cdr_load);
--- a/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c
+++ b/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c
@ -24,6 +24,7 @@
 * Contributor(s):
 * 
 * Anthony Minessale II <anthmct@yahoo.com>
+ * Justin Cassidy <xachenant@hotmail.com>
 *
 * mod_xml_curl.c -- CURL XML Gateway
 *
@ -40,6 +41,7 @@ struct xml_binding {
 	char *bindings;
 	char *cred;
 	int disable100continue;
+	uint32_t ignore_cacert_check;
 };

 typedef struct xml_binding xml_binding_t;
@ -126,6 +128,10 @@ static switch_xml_t xml_url_fetch(const char *section, const char *tag_name, con
 			curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, slist); 
 		}

+		if (binding->ignore_cacert_check) {
+			curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
+		}
+
 		curl_easy_perform(curl_handle);
 		curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE,&httpRes);
 		curl_easy_cleanup(curl_handle);
@ -173,6 +179,7 @@ static switch_status_t do_config(void)
 		char *bind_cred = NULL;
 		char *bind_mask = NULL;
 		int disable100continue = 0;
+		uint32_t ignore_cacert_check = 0;

 		for (param = switch_xml_child(binding_tag, "param"); param; param = param->next) {
 			char *var = (char *) switch_xml_attr_soft(param, "name");
@ -186,6 +193,8 @@ static switch_status_t do_config(void)
 				bind_cred = val;
 			} else if (!strcasecmp(var, "disable-100-continue") && switch_true(val)) {
 				disable100continue = 1;
+			} else if (!strcasecmp(var, "ignore-cacert-check") && switch_true(val)) {
+				ignore_cacert_check = 1;
 			}
 		}

@ -210,6 +219,7 @@ static switch_status_t do_config(void)
 		}

 		binding->disable100continue = disable100continue;
+		binding->ignore_cacert_check = ignore_cacert_check;

 		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Binding [%s] XML Fetch Function [%s] [%s]\n",
 						  switch_strlen_zero(bname) ? "N/A" : bname, binding->url, binding->bindings ? binding->bindings : "all");