Le 30/12/2010 18:16, Raphael Kubo da Costa a écrit :
From what I see, it will replace the CA bundle it originally uses, right?
Doesn't it mean the original certificates will not be read anymore?

Yes. But it only affects the ecore_con_url you set it on, so it shouldn't break anything I guess. It will be up to the application (or its user) to decide whether it wants to use (or trust) the system CAs or its own.

Coding style-wise, the "}" for the else in ecore_con_url_ssl_ca_set is not
aligned correctly.

Sorry about that. I fixed it in the attachment (as well as another indentation issue).

Trunk-wise, I wonder if this will have to wait for 1.0 to be included, as it
is a new feature?

Actually, it looks more like an interface to a stable libcurl feature than a new feature to me. But I can wait though.

Regards.

--
PnB
Index: ecore/src/lib/ecore_con/ecore_con_url.c
===================================================================
--- ecore/src/lib/ecore_con/ecore_con_url.c     (revision 55780)
+++ ecore/src/lib/ecore_con/ecore_con_url.c     (working copy)
@@ -1061,6 +1061,55 @@
 }
 
 /**
+ * Set a custom CA to trust for SSL/TLS connections.
+ * 
+ * Specify the path of a file (in PEM format) containing one or more
+ * CA certificate(s) to use for the validation of the server certificate.
+ * 
+ * This function can also disable CA validation if @p ca_path is @c NULL.
+ * However, the server certificate still needs to be valid for the connection
+ * to succeed (i.e., the certificate must concern the server the
+ * connection is made to).
+ * 
+ * @param url_con Connection object that will use the custom CA.
+ * @param ca_path Path to a CA certificate(s) file or @c NULL to disable
+ *                CA validation.
+ * 
+ * @return  @c 0 on success. When cURL is used, non-zero return values
+ *          are equal to cURL error codes.
+ */
+EAPI int
+ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con, const char *ca_path)
+{
+   int res = -1;
+
+#ifdef HAVE_CURL
+   if (!ECORE_MAGIC_CHECK(url_con, ECORE_MAGIC_CON_URL))
+     {
+       ECORE_MAGIC_FAIL(url_con, ECORE_MAGIC_CON_URL, 
"ecore_con_url_ssl_ca_set");
+             return -1;
+     }
+
+   if (url_con->active) return -1;
+   if (!url_con->url) return -1;
+   if (ca_path == NULL)
+     res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 0);
+   else
+     {
+       res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 1);
+       if (!res)
+         res = curl_easy_setopt(url_con->curl_easy, CURLOPT_CAINFO, ca_path);
+     }
+#else
+   (void)url_con;
+   (void)ca_path;
+#endif
+
+   return res;
+}
+
+
+/**
  * @}
  */
 
Index: ecore/src/lib/ecore_con/Ecore_Con.h
===================================================================
--- ecore/src/lib/ecore_con/Ecore_Con.h (revision 55780)
+++ ecore/src/lib/ecore_con/Ecore_Con.h (working copy)
@@ -524,6 +524,8 @@
                                                  Eina_Bool verbose);
 EAPI void              ecore_con_url_ftp_use_epsv_set(Ecore_Con_Url *url_con,
                                                       Eina_Bool use_epsv);
+EAPI int               ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con,
+                                                const char *ca_path);
 
 /**
  * @}
 
Index: BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c
===================================================================
--- BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c       
(revision 55780)
+++ BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c       
(working copy)
@@ -1610,6 +1610,27 @@
    return JS_TRUE;
 }
 
+static JSBool
+elixir_ecore_con_url_ssl_ca_set(JSContext *cx, uintN argc, jsval *vp)
+{
+   Ecore_Con_Url *curl;
+   const char *filename;
+   const char *user;
+   const char *pass;
+   const char *upload_dir;
+   elixir_value_t val[2];
+
+   if (!elixir_params_check(cx, _ecore_con_url_string_params, val, argc, 
JS_ARGV(cx, vp)))
+     return JS_FALSE;
+
+   GET_PRIVATE(cx, val[0].v.obj, curl);
+   filename = elixir_file_canonicalize(elixir_get_string_bytes(val[1].v.str, 
NULL));
+
+   JS_SET_RVAL(cx, vp, INT_TO_JSVAL(ecore_con_url_ssl_ca_set(curl, filename)));
+
+   return JS_TRUE;
+}
+
 static void
 _elixir_ecore_con_lookup_cb(const char *canonname,
                            const char *ip,
@@ -1717,6 +1738,7 @@
   ELIXIR_FN(ecore_con_url_time, 3, JSPROP_ENUMERATE, 0 ),
   ELIXIR_FN(ecore_con_url_ftp_upload, 4, JSPROP_ENUMERATE, 0 ),
   ELIXIR_FN(ecore_con_lookup, 3, JSPROP_ENUMERATE, 0),
+  ELIXIR_FN(ecore_con_url_ssl_ca_set, 2, JSPROP_ENUMERATE, 0 ),
   JS_FS_END
 };
 
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to