Those options may be used to disable peer SSL certificate or peer host name
verification respectively. The apache and nginx plugins already support those
options, so this makes configuration of plugins using libcurl more consistent.
Signed-off-by: Sebastian Harl <sh@tokkee.org>
Signed-off-by: Florian Forster <octo@huhu.verplant.org>
typedef struct player_info_s player_info_t;
#define PLAYER_INFO_STATIC_INIT { -1, -1, -1, -1, -1 }
typedef struct player_info_s player_info_t;
#define PLAYER_INFO_STATIC_INIT { -1, -1, -1, -1, -1 }
-static char *url = NULL;
-static char *user = NULL;
-static char *pass = NULL;
-static char *cacert = NULL;
+static char *url = NULL;
+static char *user = NULL;
+static char *pass = NULL;
+static char *verify_peer = NULL;
+static char *verify_host = NULL;
+static char *cacert = NULL;
static CURL *curl = NULL;
static CURL *curl = NULL;
"URL",
"User",
"Password",
"URL",
"User",
"Password",
+ "VerifyPeer",
+ "VerifyHost",
"CACert"
};
static int config_keys_num = STATIC_ARRAY_SIZE (config_keys);
"CACert"
};
static int config_keys_num = STATIC_ARRAY_SIZE (config_keys);
return (config_set (&user, value));
else if (strcasecmp (key, "Password") == 0)
return (config_set (&pass, value));
return (config_set (&user, value));
else if (strcasecmp (key, "Password") == 0)
return (config_set (&pass, value));
+ else if (strcasecmp (key, "VerifyPeer") == 0)
+ return (config_set (&verify_peer, value));
+ else if (strcasecmp (key, "VerifyHost") == 0)
+ return (config_set (&verify_host, value));
else if (strcasecmp (key, "CACert") == 0)
return (config_set (&cacert, value));
else
else if (strcasecmp (key, "CACert") == 0)
return (config_set (&cacert, value));
else
curl_easy_setopt (curl, CURLOPT_URL, url);
curl_easy_setopt (curl, CURLOPT_URL, url);
+ if ((verify_peer == NULL) || (strcmp (verify_peer, "true") == 0))
+ curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 1);
+ else
+ curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0);
+
+ if ((verify_host == NULL) || (strcmp (verify_host, "true") == 0))
+ curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 2);
+ else
+ curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0);
+
if (cacert != NULL)
curl_easy_setopt (curl, CURLOPT_CAINFO, cacert);
if (cacert != NULL)
curl_easy_setopt (curl, CURLOPT_CAINFO, cacert);
Optional password needed for authentication.
Optional password needed for authentication.
+=item B<VerifyPeer> B<true|false>
+
+Enable or disable peer SSL certificate verification. See
+L<http://curl.haxx.se/docs/sslcerts.html> for details. Enabled by default.
+
+=item B<VerifyHost> B<true|false>
+
+Enable or disable peer host name verification. If enabled, the plugin checks
+if the C<Common Name> or a C<Subject Alternate Name> field of the SSL
+certificate matches the host name provided by the B<URL> option. If this
+identity check fails, the connection is aborted. Obviously, only works when
+connecting to a SSL enabled server. Enabled by default.
+
=item B<CACert> I<File>
File that holds one or more SSL certificates. If you want to use HTTPS you will
=item B<CACert> I<File>
File that holds one or more SSL certificates. If you want to use HTTPS you will