diff --git a/Changes b/Changes index 9ce7cd73e..3844fb03e 100644 --- a/Changes +++ b/Changes @@ -2675,3 +2675,4 @@ seen. gmtime warning still there - Added configure/Config stuff for libcurl - Added a ./curlinstall script to help with installing curl (Read INSTALL.REMOTEINC for more information). +- Added code to make remote includes able to use SSL (HTTPS/FTPS) if SSL support is enabled diff --git a/src/ssl.c b/src/ssl.c index 67103b953..ed38f0972 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45,6 +45,8 @@ static int fatal_ssl_error(int ssl_error, int where, aClient *sptr); SSL_CTX *ctx_server; SSL_CTX *ctx_client; +char *SSLKeyPasswd; + typedef struct { int *size; char **buffer; @@ -143,6 +145,7 @@ int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *password) strncpyzt(buf, (char *)pass, size); strncpyzt(beforebuf, (char *)pass, sizeof(beforebuf)); before = 1; + SSLKeyPasswd = beforebuf; return (strlen(buf)); } return 0; diff --git a/src/url.c b/src/url.c index 3b1f905db..d2c972957 100644 --- a/src/url.c +++ b/src/url.c @@ -25,6 +25,10 @@ #include #include +#ifdef USE_SSL +extern char *SSLKeyPasswd; +#endif + CURLM *multihandle; /* Stores information about the async transfer. @@ -93,6 +97,24 @@ char *url_getfilename(char *url) return NULL; } +#ifdef USE_SSL +/* + * Sets up all of the SSL options necessary to support HTTPS/FTPS + * transfers. + */ +static void set_curl_ssl_options(CURL *curl) +{ + if (USE_EGD) + curl_easy_setopt(curl, CURLOPT_EGDSOCKET, EGD_PATH); + curl_easy_setopt(curl, CURLOPT_SSLCERT, SSL_SERVER_CERT_PEM); + if (SSLKeyPasswd) + curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, SSLKeyPasswd); + curl_easy_setopt(curl, CURLOPT_SSLKEY, SSL_SERVER_KEY_PEM); + if (iConf.trusted_ca_file) + curl_easy_setopt(curl, CURLOPT_CAINFO, iConf.trusted_ca_file); +} +#endif + /* * Used by CURLOPT_WRITEFUNCTION to actually write the data to * a stream. @@ -126,6 +148,9 @@ char *download_file(char *url, char **error) curl_easy_setopt(curl, CURLOPT_WRITEDATA, fd); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, do_download); curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); +#ifdef USE_SSL + set_curl_ssl_options(curl); +#endif bzero(errorbuf, CURL_ERROR_SIZE); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuf); res = curl_easy_perform(curl); @@ -185,6 +210,9 @@ void download_file_async(char *url, time_t cachetime, vFP callback) curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, do_download); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)handle->fd); curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); +#ifdef USE_SSL + set_curl_ssl_options(curl); +#endif bzero(handle->errorbuf, CURL_ERROR_SIZE); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, handle->errorbuf); curl_easy_setopt(curl, CURLOPT_PRIVATE, (char *)handle); @@ -269,3 +297,5 @@ void url_do_transfers_async(void) } } + +