Hi Kaspar,
I can not merge this one as it is. I have made some changes. Can you
please test it?
Regards,
Luka
diff --git a/src/config.c b/src/config.c
index ea73c51..8bee77c 100644
--- a/src/config.c
+++ b/src/config.c
@@ -176,6 +176,29 @@ section_found:
goto next;
}
+#ifdef HTTP_CURL
+ /* ssl_cert */
+ status = strcmp((uci_to_option(e))->e.name, "ssl_cert");
+ if (status == FC_SUCCESS) {
+ acs_set_ssl_cert((uci_to_option(e))->v.string);
+ goto next;
+ }
+
+ /* ssl_cacert */
+ status = strcmp((uci_to_option(e))->e.name, "ssl_cacert");
+ if (status == FC_SUCCESS) {
+ acs_set_ssl_cacert((uci_to_option(e))->v.string);
+ goto next;
+ }
+
+ /* ssl_verify */
+ status = strcmp((uci_to_option(e))->e.name, "ssl_verify");
+ if (status == FC_SUCCESS) {
+ acs_set_ssl_verify((uci_to_option(e))->v.string);
+ goto next;
+ }
+#endif /* HTTP_CURL */
+
next:
;
}
diff --git a/src/cwmp/acs.c b/src/cwmp/acs.c
index 5330a1a..3594623 100644
--- a/src/cwmp/acs.c
+++ b/src/cwmp/acs.c
@@ -26,6 +26,11 @@ acs_init()
acs.hostname = NULL;
acs.port = 0;
acs.path = NULL;
+#ifdef HTTP_CURL
+ acs.ssl_cert = NULL;
+ acs.ssl_cacert = NULL;
+ acs.ssl_verify = 0;
+#endif /* HTTP_CURL */
FC_DEVEL_DEBUG("exit");
}
@@ -48,6 +53,13 @@ acs_clean()
acs.port = 0;
if (acs.path) free(acs.path);
acs.path = NULL;
+#ifdef HTTP_CURL
+ if (acs.ssl_cert) free(acs.ssl_cert);
+ acs.ssl_cert = NULL;
+ if (acs.ssl_cacert) free(acs.ssl_cacert);
+ acs.ssl_cacert = NULL;
+ acs.ssl_verify = 0;
+#endif /* HTTP_CURL */
FC_DEVEL_DEBUG("exit");
}
@@ -164,3 +176,64 @@ acs_set_path(char *c)
FC_DEVEL_DEBUG("exit");
}
+#ifdef HTTP_CURL
+char *
+acs_get_ssl_cert(void)
+{
+ FC_DEVEL_DEBUG("enter & exit");
+ return acs.ssl_cert;
+}
+
+void
+acs_set_ssl_cert(char *c)
+{
+ FC_DEVEL_DEBUG("enter");
+
+ if (acs.ssl_cert)
+ free(acs.ssl_cert);
+ acs.ssl_cert = strdup(c);
+
+ FC_DEVEL_DEBUG("exit");
+}
+
+char *
+acs_get_ssl_cacert(void)
+{
+ FC_DEVEL_DEBUG("enter & exit");
+ return acs.ssl_cacert;
+}
+
+void
+acs_set_ssl_cacert(char *c)
+{
+ FC_DEVEL_DEBUG("enter");
+
+ if (acs.ssl_cacert)
+ free(acs.ssl_cacert);
+ acs.ssl_cacert = strdup(c);
+
+ FC_DEVEL_DEBUG("exit");
+}
+
+uint8_t
+acs_get_ssl_verify(void)
+{
+ FC_DEVEL_DEBUG("enter & exit");
+ return acs.ssl_verify;
+}
+
+void
+acs_set_ssl_verify(char *c)
+{
+ FC_DEVEL_DEBUG("enter");
+
+ if (strcmp(c, "disabled") == 0) {
+ acs.ssl_verify = 0;
+ } else if (strcmp(c, "enabled") == 0) {
+ acs.ssl_verify = 1;
+ }
+
+ FC_DEVEL_DEBUG("exit");
+}
+#endif /* HTTP_CURL */
+
diff --git a/src/cwmp/acs.h b/src/cwmp/acs.h
index b502f72..025a8d4 100644
--- a/src/cwmp/acs.h
+++ b/src/cwmp/acs.h
@@ -19,6 +19,11 @@ struct acs
char *hostname;
uint16_t port;
char *path;
+#ifdef HTTP_CURL
+ char *ssl_cert;
+ char *ssl_cacert;
+ uint8_t ssl_verify;
+#endif /* HTTP_CURL */
};
void acs_init();
@@ -34,6 +39,14 @@ uint16_t acs_get_port(void);
void acs_set_port(char *c);
char * acs_get_path(void);
void acs_set_path(char *c);
+#ifdef HTTP_CURL
+char * acs_get_ssl_cert(void);
+void acs_set_ssl_cert(char *c);
+char * acs_get_ssl_cacert(void);
+void acs_set_ssl_cacert(char *c);
+uint8_t acs_get_ssl_verify(void);
+void acs_set_ssl_verify(char *c);
+#endif /* HTTP_CURL */
#endif
diff --git a/src/http/http.c b/src/http/http.c
index b626068..479a627 100644
--- a/src/http/http.c
+++ b/src/http/http.c
@@ -50,6 +50,10 @@ http_client_init(void)
hostname = acs_get_hostname();
port = acs_get_port();
path = acs_get_path();
+#ifdef HTTP_CURL
+ http_c.ssl_cacert = acs_get_ssl_cacert();
+ http_c.ssl_cert = acs_get_ssl_cert();
+#endif /* HTTP_CURL */
len = snprintf(NULL, 0, "%s://%s:%s@%s:%d%s",
scheme,
@@ -73,6 +77,14 @@ http_client_init(void)
#ifdef DEBUG
printf("+++ HTTP CLIENT CONFIGURATION +++\n");
printf("URL: '%s'\n", http_c.url);
+# ifdef HTTP_CURL
+ if (http_c.ssl_cert)
+ printf("ssl_cert: '%s\n", http_c.ssl_cert);
+ if (http_c.ssl_cacert)
+ printf("ssl_cacert: '%s\n", http_c.ssl_cacert);
+ if (!acs_get_ssl_verify())
+ printf("ssl_verify: SSL certificate validation disabled.\n");
+# endif /* HTTP_CURL */
printf("--- HTTP CLIENT CONFIGURATION ---\n");
#endif
@@ -217,6 +229,14 @@ http_send_message(char *msg_out, char **msg_in)
curl_easy_setopt(curl, CURLOPT_COOKIEFILE, fc_cookies);
curl_easy_setopt(curl, CURLOPT_COOKIEJAR, fc_cookies);
+ if (http_c.ssl_cacert)
+ curl_easy_setopt(curl, CURLOPT_CAINFO, http_c.ssl_cacert);
+ /* TODO: test this with real ACS configuration */
+ if (http_c.ssl_cert)
+ curl_easy_setopt(curl, CURLOPT_SSLCERT, http_c.ssl_cert);
+ if (!acs_get_ssl_verify())
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+
*msg_in = (char *) calloc (1, sizeof(char));
res = curl_easy_perform(curl);
diff --git a/src/http/http.h b/src/http/http.h
index e60f1ac..bcad436 100644
--- a/src/http/http.h
+++ b/src/http/http.h
@@ -31,11 +31,15 @@ struct http_client
{
#ifdef HTTP_CURL
struct curl_slist *header_list;
-#endif
+#endif /* HTTP_CURL */
#ifdef HTTP_ZSTREAM
zstream_t *stream;
-#endif
+#endif /* HTTP_ZSTREAM */
char *url;
+#ifdef HTTP_CURL
+ char *ssl_cert;
+ char *ssl_cacert;
+#endif /* HTTP_CURL */
};
struct http_server
@@ -45,7 +49,7 @@ struct http_server
#ifdef HTTP_CURL
static uint64_t http_get_response(void *buffer, size_t size, size_t rxed, char
**msg_in);
-#endif
+#endif /* HTTP_CURL */
int8_t http_client_init(void);
int8_t http_client_exit(void);
|