From d8b5b417ee1a458dd4a485f74dd3faa405c10770 Mon Sep 17 00:00:00 2001
From: Justin Cassidy <xachen@mac.com>
Date: Fri, 5 Oct 2007 03:41:53 +0000
Subject: [PATCH] add option to mod_xml_curl as well to make libcurl ignore ca
 cert roots

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5811 d0543943-73ff-0310-b7d9-9358b9ac24b2
---
 conf/xml_curl.conf.xml                      |  4 ++++
 src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c   |  3 ++-
 src/mod/xml_int/mod_xml_curl/mod_xml_curl.c | 10 ++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/conf/xml_curl.conf.xml b/conf/xml_curl.conf.xml
index 7240ea43b8..dc46ac19c9 100644
--- a/conf/xml_curl.conf.xml
+++ b/conf/xml_curl.conf.xml
@@ -10,6 +10,10 @@
       <!--<param name="gateway-credentials" value="muser:mypass"/>-->
       <!-- set to true to disable Expect: 100-continue lighttpd requires this setting -->
       <!--<param name="disable-100-continue" value="true"/>-->
+
+      <!-- optional: if enabled this will disable CA root certificate checks by libcurl -->
+      <!-- note: default value is disabled. only enable if you want this! -->
+      <!-- <param name="ignore-cacert-check" value="true" /> -->
     </binding>
   </bindings>
 </configuration>
diff --git a/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c b/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
index 5cea6cd16a..cd0f34b7c1 100644
--- a/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
+++ b/src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
@@ -25,6 +25,7 @@
  * 
  * Brian West <brian.west@mac.com>
  * Bret McDanel <trixter AT 0xdecafbad.com>
+ * Justin Cassidy <xachenant@hotmail.com>
  *
  * mod_xml_cdr.c -- XML CDR Module to files or curl
  *
@@ -41,7 +42,7 @@ static struct {
 	uint32_t delay;
 	uint32_t retries;
 	uint32_t shutdown;
-	int ignore_cacert_check;
+	uint32_t ignore_cacert_check;
 } globals;
 
 SWITCH_MODULE_LOAD_FUNCTION(mod_xml_cdr_load);
diff --git a/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c b/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c
index a1c8eec930..c6b91891d6 100644
--- a/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c
+++ b/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c
@@ -24,6 +24,7 @@
  * Contributor(s):
  * 
  * Anthony Minessale II <anthmct@yahoo.com>
+ * Justin Cassidy <xachenant@hotmail.com>
  *
  * mod_xml_curl.c -- CURL XML Gateway
  *
@@ -40,6 +41,7 @@ struct xml_binding {
 	char *bindings;
 	char *cred;
 	int disable100continue;
+	uint32_t ignore_cacert_check;
 };
 
 typedef struct xml_binding xml_binding_t;
@@ -126,6 +128,10 @@ static switch_xml_t xml_url_fetch(const char *section, const char *tag_name, con
 			curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, slist); 
 		}
 
+		if (binding->ignore_cacert_check) {
+			curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
+		}
+
 		curl_easy_perform(curl_handle);
 		curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE,&httpRes);
 		curl_easy_cleanup(curl_handle);
@@ -173,6 +179,7 @@ static switch_status_t do_config(void)
 		char *bind_cred = NULL;
 		char *bind_mask = NULL;
 		int disable100continue = 0;
+		uint32_t ignore_cacert_check = 0;
 
 		for (param = switch_xml_child(binding_tag, "param"); param; param = param->next) {
 			char *var = (char *) switch_xml_attr_soft(param, "name");
@@ -186,6 +193,8 @@ static switch_status_t do_config(void)
 				bind_cred = val;
 			} else if (!strcasecmp(var, "disable-100-continue") && switch_true(val)) {
 				disable100continue = 1;
+			} else if (!strcasecmp(var, "ignore-cacert-check") && switch_true(val)) {
+				ignore_cacert_check = 1;
 			}
 		}
 
@@ -210,6 +219,7 @@ static switch_status_t do_config(void)
 		}
 
 		binding->disable100continue = disable100continue;
+		binding->ignore_cacert_check = ignore_cacert_check;
 
 		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Binding [%s] XML Fetch Function [%s] [%s]\n",
 						  switch_strlen_zero(bname) ? "N/A" : bname, binding->url, binding->bindings ? binding->bindings : "all");