1
1
mirror of https://github.com/profanity-im/profanity.git synced 2025-01-03 14:57:42 -05:00

apply tls.policy to cURL calls

In case the user decides to ignore the validity-state of certificates
we also have to configure libcurl accordingly.

`tls.policy` can be set via
```
/account set <account> tls trust
```

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This commit is contained in:
Steffen Jaeckel 2022-03-22 11:33:08 +01:00
parent 7f1f9787cb
commit 3a86b8c29b
2 changed files with 14 additions and 0 deletions

View File

@ -127,6 +127,9 @@ http_file_get(void* userdata)
char* cert_path = prefs_get_string(PREF_TLS_CERTPATH); char* cert_path = prefs_get_string(PREF_TLS_CERTPATH);
gchar* cafile = cafile_get_name(); gchar* cafile = cafile_get_name();
ProfAccount* account = accounts_get_account(session_get_account_name());
gboolean insecure = strcmp(account->tls_policy, "trust") == 0;
account_free(account);
pthread_mutex_unlock(&lock); pthread_mutex_unlock(&lock);
curl_global_init(CURL_GLOBAL_ALL); curl_global_init(CURL_GLOBAL_ALL);
@ -153,6 +156,10 @@ http_file_get(void* userdata)
if (cert_path) { if (cert_path) {
curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path); curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path);
} }
if (insecure) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
}
if ((res = curl_easy_perform(curl)) != CURLE_OK) { if ((res = curl_easy_perform(curl)) != CURLE_OK) {
err = strdup(curl_easy_strerror(res)); err = strdup(curl_easy_strerror(res));

View File

@ -186,6 +186,9 @@ http_file_put(void* userdata)
char* cert_path = prefs_get_string(PREF_TLS_CERTPATH); char* cert_path = prefs_get_string(PREF_TLS_CERTPATH);
gchar* cafile = cafile_get_name(); gchar* cafile = cafile_get_name();
ProfAccount* account = accounts_get_account(session_get_account_name());
gboolean insecure = strcmp(account->tls_policy, "trust") == 0;
account_free(account);
pthread_mutex_unlock(&lock); pthread_mutex_unlock(&lock);
curl_global_init(CURL_GLOBAL_ALL); curl_global_init(CURL_GLOBAL_ALL);
@ -252,6 +255,10 @@ http_file_put(void* userdata)
if (cert_path) { if (cert_path) {
curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path); curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path);
} }
if (insecure) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
}
curl_easy_setopt(curl, CURLOPT_READDATA, fh); curl_easy_setopt(curl, CURLOPT_READDATA, fh);
curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)(upload->filesize)); curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)(upload->filesize));