Le 30/12/2010 18:16, Raphael Kubo da Costa a écrit :
From what I see, it will replace the CA bundle it originally uses, right?
Doesn't it mean the original certificates will not be read anymore?
Yes. But it only affects the ecore_con_url you set it on, so it
shouldn't break anything I guess. It will be up to the application (or
its user) to decide whether it wants to use (or trust) the system CAs or
its own.
Coding style-wise, the "}" for the else in ecore_con_url_ssl_ca_set is not
aligned correctly.
Sorry about that. I fixed it in the attachment (as well as another
indentation issue).
Trunk-wise, I wonder if this will have to wait for 1.0 to be included, as it
is a new feature?
Actually, it looks more like an interface to a stable libcurl feature
than a new feature to me. But I can wait though.
Regards.
--
PnB
Index: ecore/src/lib/ecore_con/ecore_con_url.c
===================================================================
--- ecore/src/lib/ecore_con/ecore_con_url.c (revision 55780)
+++ ecore/src/lib/ecore_con/ecore_con_url.c (working copy)
@@ -1061,6 +1061,55 @@
}
/**
+ * Set a custom CA to trust for SSL/TLS connections.
+ *
+ * Specify the path of a file (in PEM format) containing one or more
+ * CA certificate(s) to use for the validation of the server certificate.
+ *
+ * This function can also disable CA validation if @p ca_path is @c NULL.
+ * However, the server certificate still needs to be valid for the connection
+ * to succeed (i.e., the certificate must concern the server the
+ * connection is made to).
+ *
+ * @param url_con Connection object that will use the custom CA.
+ * @param ca_path Path to a CA certificate(s) file or @c NULL to disable
+ * CA validation.
+ *
+ * @return @c 0 on success. When cURL is used, non-zero return values
+ * are equal to cURL error codes.
+ */
+EAPI int
+ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con, const char *ca_path)
+{
+ int res = -1;
+
+#ifdef HAVE_CURL
+ if (!ECORE_MAGIC_CHECK(url_con, ECORE_MAGIC_CON_URL))
+ {
+ ECORE_MAGIC_FAIL(url_con, ECORE_MAGIC_CON_URL,
"ecore_con_url_ssl_ca_set");
+ return -1;
+ }
+
+ if (url_con->active) return -1;
+ if (!url_con->url) return -1;
+ if (ca_path == NULL)
+ res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 0);
+ else
+ {
+ res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 1);
+ if (!res)
+ res = curl_easy_setopt(url_con->curl_easy, CURLOPT_CAINFO, ca_path);
+ }
+#else
+ (void)url_con;
+ (void)ca_path;
+#endif
+
+ return res;
+}
+
+
+/**
* @}
*/
Index: ecore/src/lib/ecore_con/Ecore_Con.h
===================================================================
--- ecore/src/lib/ecore_con/Ecore_Con.h (revision 55780)
+++ ecore/src/lib/ecore_con/Ecore_Con.h (working copy)
@@ -524,6 +524,8 @@
Eina_Bool verbose);
EAPI void ecore_con_url_ftp_use_epsv_set(Ecore_Con_Url *url_con,
Eina_Bool use_epsv);
+EAPI int ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con,
+ const char *ca_path);
/**
* @}
Index: BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c
===================================================================
--- BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c
(revision 55780)
+++ BINDINGS/javascript/elixir/src/modules/bindings/ecore_con/ecore_con.c
(working copy)
@@ -1610,6 +1610,27 @@
return JS_TRUE;
}
+static JSBool
+elixir_ecore_con_url_ssl_ca_set(JSContext *cx, uintN argc, jsval *vp)
+{
+ Ecore_Con_Url *curl;
+ const char *filename;
+ const char *user;
+ const char *pass;
+ const char *upload_dir;
+ elixir_value_t val[2];
+
+ if (!elixir_params_check(cx, _ecore_con_url_string_params, val, argc,
JS_ARGV(cx, vp)))
+ return JS_FALSE;
+
+ GET_PRIVATE(cx, val[0].v.obj, curl);
+ filename = elixir_file_canonicalize(elixir_get_string_bytes(val[1].v.str,
NULL));
+
+ JS_SET_RVAL(cx, vp, INT_TO_JSVAL(ecore_con_url_ssl_ca_set(curl, filename)));
+
+ return JS_TRUE;
+}
+
static void
_elixir_ecore_con_lookup_cb(const char *canonname,
const char *ip,
@@ -1717,6 +1738,7 @@
ELIXIR_FN(ecore_con_url_time, 3, JSPROP_ENUMERATE, 0 ),
ELIXIR_FN(ecore_con_url_ftp_upload, 4, JSPROP_ENUMERATE, 0 ),
ELIXIR_FN(ecore_con_lookup, 3, JSPROP_ENUMERATE, 0),
+ ELIXIR_FN(ecore_con_url_ssl_ca_set, 2, JSPROP_ENUMERATE, 0 ),
JS_FS_END
};
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
