ecore: add ecore_con_url_ssl_ca_set.

patch by PnB <Poor.NewBie@gmail.com> SVN revision: 58197
2011-03-30 09:15:24 +00:00 · 2011-03-30 09:15:24 +00:00 · 9c336235b2
parent 672037e416
commit 9c336235b2
4 changed files with 63 additions and 7 deletions
--- a/legacy/ecore/AUTHORS
+++ b/legacy/ecore/AUTHORS
@ -38,3 +38,4 @@ Leif Middelschulte <leif.middelschulte@gmail.com>
 Mike McCormack <mj.mccormack@samsung.com>
 Sangho Park <gouache95@gmail.com>
 Jihoon Kim <jihoon48.kim@samsung.com> <imfine98@gmail.com>
+PnB <Poor.NewBie@gmail.com>
--- a/legacy/ecore/ChangeLog
+++ b/legacy/ecore/ChangeLog
@ -12,7 +12,7 @@

 2011-01-31  Carsten Haitzler (The Rasterman)

-        * Fix: ecore-evas CAN send "render done" messages even if not
+        * Fix ecore-evas CAN send "render done" messages even if not
        waiting for sync counter when using gl engine. new semi-sync
        mode to account for that.

@ -47,7 +47,7 @@

 	* Ecore_Win32: improve resize of windows and fix key up event for
 	the 'space' key.
-	* Ecore_WinCE: do not erase a window background
+	* Ecore_WinCE do not erase a window background

 2011-02-21 Jihoon Kim

@ -60,13 +60,13 @@

 2011-02-22  Carsten Haitzler (The Rasterman)

-        * Fix: ecore-file inotify fd would be duplicated in children
+        * Fix ecore-file inotify fd would be duplicated in children
        on fork. Have it detecti this on next monitor add and re-init the
        inotify fd and fd handler.

 2011-02-24 Vincent Torri

-	* Ecore_File: fix compilation when ecore_con and curl are not
+	* Ecore_File fix compilation when ecore_con and curl are not
 	available

 2011-02-27 Jihoon Kim
@ -91,11 +91,15 @@

 2011-03-23  Carsten Haitzler (The Rasterman)

-        * Fix: ecore-evas interceptor didn't handle override-redirect
+        * Fix ecore-evas interceptor didn't handle override-redirect
        windows correctly, expecting a feed-back event from x, which it didn't
        get.

 2011-03-23  Elixirious

-	* Fix: ecore_con_url_ftp_upload upload the file until the end.
+	* Fix ecore_con_url_ftp_upload upload the file until the end.
+
+2011-03-29  PnB
+
+	* Add ecore_con_url_ssl_ca_set to manually set a certificate authority.

--- a/legacy/ecore/src/lib/ecore_con/Ecore_Con.h
+++ b/legacy/ecore/src/lib/ecore_con/Ecore_Con.h
@ -579,6 +579,8 @@ EAPI void              ecore_con_url_cookies_jar_write(Ecore_Con_Url *url_con);

 EAPI void              ecore_con_url_ssl_verify_peer_set(Ecore_Con_Url *url_con,
                                                         Eina_Bool verify);
+EAPI int               ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con,
+                                                const char *ca_path);

 /**
 * @}
--- a/legacy/ecore/src/lib/ecore_con/ecore_con_url.c
+++ b/legacy/ecore/src/lib/ecore_con/ecore_con_url.c
@ -1416,7 +1416,7 @@ ecore_con_url_ftp_use_epsv_set(Ecore_Con_Url *url_con,
 */
 EAPI void
 ecore_con_url_ssl_verify_peer_set(Ecore_Con_Url *url_con,
-                              Eina_Bool      verify)
+				  Eina_Bool      verify)
 {
 #ifdef HAVE_CURL
   if (!ECORE_MAGIC_CHECK(url_con, ECORE_MAGIC_CON_URL))
@ -1439,6 +1439,55 @@ ecore_con_url_ssl_verify_peer_set(Ecore_Con_Url *url_con,
 #endif
 }

+/**
+ * Set a custom CA to trust for SSL/TLS connections.
+ * 
+ * Specify the path of a file (in PEM format) containing one or more
+ * CA certificate(s) to use for the validation of the server certificate.
+ * 
+ * This function can also disable CA validation if @p ca_path is @c NULL.
+ * However, the server certificate still needs to be valid for the connection
+ * to succeed (i.e., the certificate must concern the server the
+ * connection is made to).
+ * 
+ * @param url_con Connection object that will use the custom CA.
+ * @param ca_path Path to a CA certificate(s) file or @c NULL to disable
+ *                CA validation.
+ * 
+ * @return  @c 0 on success. When cURL is used, non-zero return values
+ *          are equal to cURL error codes.
+ */
+EAPI int
+ecore_con_url_ssl_ca_set(Ecore_Con_Url *url_con, const char *ca_path)
+{
+   int res = -1;
+
+#ifdef HAVE_CURL
+   if (!ECORE_MAGIC_CHECK(url_con, ECORE_MAGIC_CON_URL))
+     {
+       ECORE_MAGIC_FAIL(url_con, ECORE_MAGIC_CON_URL, "ecore_con_url_ssl_ca_set");
+	      return -1;
+     }
+
+   if (url_con->active) return -1;
+   if (!url_con->url) return -1;
+   if (ca_path == NULL)
+     res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 0);
+   else
+     {
+       res = curl_easy_setopt(url_con->curl_easy, CURLOPT_SSL_VERIFYPEER, 1);
+       if (!res)
+         res = curl_easy_setopt(url_con->curl_easy, CURLOPT_CAINFO, ca_path);
+     }
+#else
+   (void)url_con;
+   (void)ca_path;
+#endif
+
+   return res;
+}
+
+
 /**
 * @}
 */