From 4b13992ed89e73db50c19f54ee731e2aee8d42cd Mon Sep 17 00:00:00 2001 From: David Rose Date: Fri, 27 Sep 2002 16:08:47 +0000 Subject: [PATCH] add set_verify_ssl --- panda/src/downloader/httpClient.I | 16 ++++++++++++++++ panda/src/downloader/httpClient.cxx | 6 +++++- panda/src/downloader/httpClient.h | 2 ++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/panda/src/downloader/httpClient.I b/panda/src/downloader/httpClient.I index 3cef58f3e8..0edcc818b4 100644 --- a/panda/src/downloader/httpClient.I +++ b/panda/src/downloader/httpClient.I @@ -79,3 +79,19 @@ get_proxy() const { return _proxy; } +//////////////////////////////////////////////////////////////////// +// Function: HTTPClient::set_verify_ssl +// Access: Published +// Description: Specifies whether the client will insist on verifying +// the identity of the servers it connects to via SSL +// (that is, https). If this is true (the default), +// connections will only be allowed to trusted servers. +//////////////////////////////////////////////////////////////////// +INLINE void HTTPClient:: +set_verify_ssl(bool verify_ssl) { + if (verify_ssl) { + SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_PEER, NULL); + } else { + SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_NONE, NULL); + } +} diff --git a/panda/src/downloader/httpClient.cxx b/panda/src/downloader/httpClient.cxx index 4b9ff0f460..1a70fed763 100644 --- a/panda/src/downloader/httpClient.cxx +++ b/panda/src/downloader/httpClient.cxx @@ -21,6 +21,7 @@ #include "filename.h" #include "config_express.h" #include "virtualFileSystem.h" +#include "executionEnvironment.h" #ifdef HAVE_SSL @@ -107,6 +108,9 @@ make_ctx() { } _ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + // By default, insist on verifying servers. + SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_PEER, NULL); + // Load in any default certificates listed in the Configrc file. Config::ConfigTable::Symbol cert_files; config_express.GetAll("ssl-certificates", cert_files); @@ -119,7 +123,7 @@ make_ctx() { for (si = cert_files.begin(); si != cert_files.end(); ++si) { string cert_file = (*si).Val(); if (already_read.insert(cert_file).second) { - Filename filename = Filename::from_os_specific(cert_file); + Filename filename = Filename::from_os_specific(ExecutionEnvironment::expand_string(cert_file)); if (load_certificates(filename)) { downloader_cat.info() << "Appending SSL certificates from " << cert_file << "\n"; diff --git a/panda/src/downloader/httpClient.h b/panda/src/downloader/httpClient.h index 35ef9dbb27..bbb01f2f5f 100644 --- a/panda/src/downloader/httpClient.h +++ b/panda/src/downloader/httpClient.h @@ -53,6 +53,8 @@ PUBLISHED: bool load_certificates(const Filename &filename); + INLINE void set_verify_ssl(bool verify_ssl); + PT(HTTPDocument) get_document(const URLSpec &url, const string &body = string()); private: