Add option for HTTPS clients to not verify the peer's certificate
This commit is contained in:
+12
-1
@@ -197,6 +197,17 @@ void http_request_builder_trace(HTTP_RequestBuilder builder, bool trace_bytes)
|
||||
conn->trace_bytes = trace_bytes;
|
||||
}
|
||||
|
||||
// TODO: comment
|
||||
void http_request_builder_insecure(HTTP_RequestBuilder builder,
|
||||
bool insecure)
|
||||
{
|
||||
HTTP_ClientConn *conn = request_builder_to_conn(builder);
|
||||
if (conn == NULL)
|
||||
return; // Invalid builder
|
||||
|
||||
conn->dont_verify_cert = insecure;
|
||||
}
|
||||
|
||||
void http_request_builder_method(HTTP_RequestBuilder builder,
|
||||
HTTP_Method method)
|
||||
{
|
||||
@@ -413,7 +424,7 @@ int http_request_builder_send(HTTP_RequestBuilder builder)
|
||||
|
||||
ConnectTarget target = url_to_connect_target(conn->url);
|
||||
bool secure = http_streq(conn->url.scheme, HTTP_STR("https"));
|
||||
if (socket_connect(&client->sockets, 1, &target, secure, conn) < 0)
|
||||
if (socket_connect(&client->sockets, 1, &target, secure, conn->dont_verify_cert, conn) < 0)
|
||||
goto error;
|
||||
|
||||
conn->state = HTTP_CLIENT_CONN_FLUSHING;
|
||||
|
||||
@@ -81,6 +81,9 @@ typedef struct {
|
||||
// TODO: comment
|
||||
bool trace_bytes;
|
||||
|
||||
// TODO: comment
|
||||
bool dont_verify_cert;
|
||||
|
||||
// Allocated copy of the URL string
|
||||
HTTP_String url_buffer;
|
||||
|
||||
@@ -170,6 +173,10 @@ void http_request_builder_set_user(HTTP_RequestBuilder builder,
|
||||
void http_request_builder_trace(HTTP_RequestBuilder builder,
|
||||
bool trace_bytes);
|
||||
|
||||
// TODO: comment
|
||||
void http_request_builder_insecure(HTTP_RequestBuilder builder,
|
||||
bool insecure);
|
||||
|
||||
// Set the method of the current request. This is the first
|
||||
// function of the request builder that the user must call.
|
||||
void http_request_builder_method(HTTP_RequestBuilder builder,
|
||||
|
||||
+1
-1
@@ -229,7 +229,7 @@ void http_server_process_events(HTTP_Server *server,
|
||||
|
||||
if (events[i].type == SOCKET_EVENT_DISCONNECT) {
|
||||
|
||||
http_server_conn_free(conn);
|
||||
http_server_conn_free(conn); // TODO: what if this was in the ready queue?
|
||||
server->num_conns--;
|
||||
|
||||
} else if (events[i].type == SOCKET_EVENT_READY) {
|
||||
|
||||
+9
-2
@@ -524,6 +524,9 @@ static void socket_update(Socket *s)
|
||||
break;
|
||||
}
|
||||
|
||||
SSL_set_verify(s->ssl, s->dont_verify_cert
|
||||
? SSL_VERIFY_NONE : SSL_VERIFY_PEER, NULL);
|
||||
|
||||
AddressAndPort addr;
|
||||
if (s->num_addr > 1)
|
||||
addr = s->addrs[s->next_addr];
|
||||
@@ -1007,7 +1010,8 @@ static int resolve_connect_targets(ConnectTarget *targets,
|
||||
#define MAX_CONNECT_TARGETS 16
|
||||
|
||||
int socket_connect(SocketManager *sm, int num_targets,
|
||||
ConnectTarget *targets, bool secure, void *user)
|
||||
ConnectTarget *targets, bool secure, bool dont_verify_cert,
|
||||
void *user)
|
||||
{
|
||||
if (sm->num_used == sm->max_used)
|
||||
return HTTP_ERROR_UNSPECIFIED;
|
||||
@@ -1057,8 +1061,11 @@ int socket_connect(SocketManager *sm, int num_targets,
|
||||
s->server_secure_context = NULL;
|
||||
s->client_secure_context = NULL;
|
||||
s->ssl = NULL;
|
||||
if (secure)
|
||||
s->dont_verify_cert = false;
|
||||
if (secure) {
|
||||
s->client_secure_context = &sm->client_secure_context;
|
||||
s->dont_verify_cert = dont_verify_cert;
|
||||
}
|
||||
#endif
|
||||
sm->num_used++;
|
||||
|
||||
|
||||
+3
-1
@@ -173,6 +173,7 @@ typedef struct {
|
||||
ClientSecureContext *client_secure_context;
|
||||
ServerSecureContext *server_secure_context;
|
||||
SSL *ssl;
|
||||
bool dont_verify_cert;
|
||||
#endif
|
||||
|
||||
} Socket;
|
||||
@@ -312,7 +313,8 @@ typedef struct {
|
||||
// one succedes. If secure=true, the socket uses TLS.
|
||||
// Returns 0 on success, -1 on error.
|
||||
int socket_connect(SocketManager *sm, int num_targets,
|
||||
ConnectTarget *targets, bool secure, void *user);
|
||||
ConnectTarget *targets, bool secure, bool dont_verify_cert,
|
||||
void *user);
|
||||
|
||||
int socket_recv(SocketManager *sm, SocketHandle handle,
|
||||
char *dst, int max);
|
||||
|
||||
Reference in New Issue
Block a user