Re: [osg-users] CURL + SSL
Hi Danny, Could you post the changes you've made to osg-submissions as a full modified file as copy and pasting simply is not reliable enough. Could you also put together a suggest guide for testing this functionality out so when it comes to me merging changes I can make sure that everything is working correctly. Thanks, Robert. On Fri, Dec 25, 2009 at 12:02 AM, Danny Lesnik wrote: > Hi, > > I solved this problem in order to get it working with SSL the following code > should be changed: > > 1) It's needed to fix the following functions for https support: > > Code: > > bool osgDB::containsServerAddress(const std::string& filename) > std::string osgDB::getServerAddress(const std::string& filename) > std::string osgDB::getServerFileName(const std::string& filename) > > > > Currently these functions suport only http requests and the fix there is very > easy. > > 2) There are two ways to handle ssl in curl the "secure" way and the "ugly" > way. > > the "ugly" way means that client will not validate server certificate. This > is less prefered method, but http stream is still encrypted, it means that > every server certificate will be accepted regardless the fact that it's > issued to another machine,domain, etc... > > If decided to go on this derection then the following line should be added in > EasyCurl::EasyCurl() contructor: > > > Code: > > curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false); > > > > > If decided to go on "secure" way then end user should download server > certifiace store it in X.509 Certificate (PEM) format in any place on the > machine. > > in EasyCurl::EasyCurl() constructor following code should be added: > > > Code: > > curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, true); > curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYHOST, 2); > curl_easy_setopt(_curl,l_setopt($ch, CURLOPT_CAINFO, certifiacePath); > > > > > CURLOPT_SSL_VERIFYHOST can be set to the following integer values: > > 0: Don’t check the common name (CN) attribute > 1: Check that the common name attribute at least exists > 2: Check that the common name exists and that it matches the host name of the > server. > > Hope it helps > > Thank you! > > Cheers, > Danny.[/code] > > -- > Read this topic online here: > http://forum.openscenegraph.org/viewtopic.php?p=21870#21870 > > > > > > ___ > osg-users mailing list > osg-users@lists.openscenegraph.org > http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org > ___ osg-users mailing list osg-users@lists.openscenegraph.org http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
Re: [osg-users] CURL + SSL
Hi, I solved this problem in order to get it working with SSL the following code should be changed: 1) It's needed to fix the following functions for https support: Code: bool osgDB::containsServerAddress(const std::string& filename) std::string osgDB::getServerAddress(const std::string& filename) std::string osgDB::getServerFileName(const std::string& filename) Currently these functions suport only http requests and the fix there is very easy. 2) There are two ways to handle ssl in curl the "secure" way and the "ugly" way. the "ugly" way means that client will not validate server certificate. This is less prefered method, but http stream is still encrypted, it means that every server certificate will be accepted regardless the fact that it's issued to another machine,domain, etc... If decided to go on this derection then the following line should be added in EasyCurl::EasyCurl() contructor: Code: curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false); If decided to go on "secure" way then end user should download server certifiace store it in X.509 Certificate (PEM) format in any place on the machine. in EasyCurl::EasyCurl() constructor following code should be added: Code: curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, true); curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYHOST, 2); curl_easy_setopt(_curl,l_setopt($ch, CURLOPT_CAINFO, certifiacePath); CURLOPT_SSL_VERIFYHOST can be set to the following integer values: 0: Don’t check the common name (CN) attribute 1: Check that the common name attribute at least exists 2: Check that the common name exists and that it matches the host name of the server. Hope it helps Thank you! Cheers, Danny.[/code] -- Read this topic online here: http://forum.openscenegraph.org/viewtopic.php?p=21870#21870 ___ osg-users mailing list osg-users@lists.openscenegraph.org http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
Re: [osg-users] CURL + SSL
HI Danny, I haven't ever tried mixing SSL with the curl plugin, and don't have an experience with using CURL with SSL so you are working right at the bleeding edge. You'll need to dig into the code and start debugging what is happening between the OSG's curl plugin and CURL. Let me know how you get on, as fixes that you might be able to come up with is something that would be good to get checked into svn/trunk. Cheers, Robert. On Thu, Dec 24, 2009 at 2:29 AM, Danny Lesnik wrote: > Hi, > > I have new issue with SSL and CURL, so I have decided to open new thread. > > I conifured my site with SSL and I'm able to download ive file perfectly from > https://servername/1.ive, > > however, when I'm using > Node = osgDB::readNodeFile("https://servernmae/1.ive";); > Node is getting NULL. > > In order to be sure that there is no issue with Certificate (although the > certificate was issue by Verisign as 14 day trial) I modified > ReaderWriterCURL.cpp by adding > > curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false); > > in EasyCurl() constructor and recompile entire OpenSceneGrpaph project. > > The result is still the same. > > Am I missing something? How can I this feature working? > > Thank you! > > Cheers, > Danny > > -- > Read this topic online here: > http://forum.openscenegraph.org/viewtopic.php?p=21841#21841 > > > > > > ___ > osg-users mailing list > osg-users@lists.openscenegraph.org > http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org > ___ osg-users mailing list osg-users@lists.openscenegraph.org http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
[osg-users] CURL + SSL
Hi, I have new issue with SSL and CURL, so I have decided to open new thread. I conifured my site with SSL and I'm able to download ive file perfectly from https://servername/1.ive, however, when I'm using Node = osgDB::readNodeFile("https://servernmae/1.ive";); Node is getting NULL. In order to be sure that there is no issue with Certificate (although the certificate was issue by Verisign as 14 day trial) I modified ReaderWriterCURL.cpp by adding curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, false); in EasyCurl() constructor and recompile entire OpenSceneGrpaph project. The result is still the same. Am I missing something? How can I this feature working? Thank you! Cheers, Danny -- Read this topic online here: http://forum.openscenegraph.org/viewtopic.php?p=21841#21841 ___ osg-users mailing list osg-users@lists.openscenegraph.org http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org