Mercurial > hg > orthanc
diff Core/HttpClient.cpp @ 1534:95b3b0260240
Options to validate peers against CA certificates in HTTPS requests
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 13 Aug 2015 12:42:32 +0200 |
parents | 0011cc99443c |
children | ba0226474e22 |
line wrap: on
line diff
--- a/Core/HttpClient.cpp Wed Aug 12 17:52:10 2015 +0200 +++ b/Core/HttpClient.cpp Thu Aug 13 12:42:32 2015 +0200 @@ -42,8 +42,8 @@ #include <boost/algorithm/string/predicate.hpp> -static std::string cacert_; -static bool httpsVerifyPeers_ = true; +static std::string globalCACertificates_; +static bool globalVerifyPeers_ = true; extern "C" { @@ -131,18 +131,6 @@ CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADER, 0)); CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 1)); -#if ORTHANC_SSL_ENABLED == 1 - if (httpsVerifyPeers_) - { - CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CAINFO, cacert_.c_str())); - CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 1)); - } - else - { - CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 0)); - } -#endif - // This fixes the "longjmp causes uninitialized stack frame" crash // that happens on modern Linux versions. // http://stackoverflow.com/questions/9191668/error-longjmp-causes-uninitialized-stack-frame @@ -153,6 +141,7 @@ lastStatus_ = HttpStatus_200_Ok; isVerbose_ = false; timeout_ = 0; + verifyPeers_ = globalVerifyPeers_; } @@ -206,6 +195,19 @@ CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_URL, url_.c_str())); CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_WRITEDATA, &answer)); + // Setup HTTPS-related options +#if ORTHANC_SSL_ENABLED == 1 + if (IsHttpsVerifyPeers()) + { + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CAINFO, GetHttpsCACertificates().c_str())); + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 1)); + } + else + { + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 0)); + } +#endif + // Reset the parameters from previous calls to Apply() CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, NULL)); CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPGET, 0L)); @@ -336,29 +338,36 @@ } + const std::string& HttpClient::GetHttpsCACertificates() const + { + if (caCertificates_.empty()) + { + return globalCACertificates_; + } + else + { + return caCertificates_; + } + } + + void HttpClient::GlobalInitialize(bool httpsVerifyPeers, const std::string& httpsVerifyCertificates) { -#if ORTHANC_SSL_ENABLED == 1 - httpsVerifyPeers_ = httpsVerifyPeers; - cacert_ = httpsVerifyCertificates; + globalVerifyPeers_ = httpsVerifyPeers; + globalCACertificates_ = httpsVerifyCertificates; - // TODO - /*if (cacert_.empty()) - { - cacert_ = "/etc/ssl/certs/ca-certificates.crt"; - }*/ - +#if ORTHANC_SSL_ENABLED == 1 if (httpsVerifyPeers) { - if (cacert_.empty()) + if (globalCACertificates_.empty()) { LOG(WARNING) << "No certificates are provided to validate peers, " - << "set \"HttpsCertificatesFile\" if you need to do HTTPS requests"; + << "set \"HttpsCACertificates\" if you need to do HTTPS requests"; } else { - LOG(WARNING) << "HTTPS will use the certificates from this file: " << cacert_; + LOG(WARNING) << "HTTPS will use the CA certificates from this file: " << globalCACertificates_; } } else