add profanity-specific CAfile

The profanity-internal mechanism to allow connecting to a server isn't
easily portable to cURL. Therefor introduce a profanity-specific CAfile
which is managed individually and will be configured in libcurl calls.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This commit is contained in:
Steffen Jaeckel
2022-03-22 11:26:53 +01:00
parent b28ac09368
commit 7f1f9787cb
9 changed files with 226 additions and 0 deletions

View File

@@ -50,6 +50,7 @@
#include "profanity.h"
#include "event/client_events.h"
#include "tools/http_download.h"
#include "config/cafile.h"
#include "config/preferences.h"
#include "ui/ui.h"
#include "ui/window.h"
@@ -125,6 +126,7 @@ http_file_get(void* userdata)
}
char* cert_path = prefs_get_string(PREF_TLS_CERTPATH);
gchar* cafile = cafile_get_name();
pthread_mutex_unlock(&lock);
curl_global_init(CURL_GLOBAL_ALL);
@@ -145,6 +147,9 @@ http_file_get(void* userdata)
curl_easy_setopt(curl, CURLOPT_USERAGENT, "profanity");
if (cafile) {
curl_easy_setopt(curl, CURLOPT_CAINFO, cafile);
}
if (cert_path) {
curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path);
}
@@ -161,6 +166,7 @@ http_file_get(void* userdata)
}
pthread_mutex_lock(&lock);
g_free(cafile);
g_free(cert_path);
if (err) {
if (download->cancel) {

View File

@@ -48,6 +48,7 @@
#include "profanity.h"
#include "event/client_events.h"
#include "tools/http_upload.h"
#include "config/cafile.h"
#include "config/preferences.h"
#include "ui/ui.h"
#include "ui/window.h"
@@ -184,6 +185,7 @@ http_file_put(void* userdata)
g_free(msg);
char* cert_path = prefs_get_string(PREF_TLS_CERTPATH);
gchar* cafile = cafile_get_name();
pthread_mutex_unlock(&lock);
curl_global_init(CURL_GLOBAL_ALL);
@@ -244,6 +246,9 @@ http_file_put(void* userdata)
fh = upload->filehandle;
if (cafile) {
curl_easy_setopt(curl, CURLOPT_CAINFO, cafile);
}
if (cert_path) {
curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path);
}
@@ -288,6 +293,7 @@ http_file_put(void* userdata)
g_free(expires_header);
pthread_mutex_lock(&lock);
g_free(cafile);
g_free(cert_path);
if (err) {