freecwmp
[Top] [All Lists]

Re: [PATCH] freecwmp: add libcurl support for SSL

To: Kaspar Schleiser <kaspar@schleiser.de>
Subject: Re: [PATCH] freecwmp: add libcurl support for SSL
From: Luka Perkov <freecwmp@lukaperkov.net>
Date: Sun, 26 Feb 2012 22:58:28 +0100
Authentication-results: mr.google.com; spf=pass (google.com: domain of freecwmp@lukaperkov.net designates 10.14.94.66 as permitted sender) smtp.mail=freecwmp@lukaperkov.net
Cc: freecwmp@linux-mips.org
In-reply-to: <1330020438-15336-1-git-send-email-kaspar@schleiser.de>
Mail-followup-to: Kaspar Schleiser <kaspar@schleiser.de>, freecwmp@linux-mips.org
Original-recipient: rfc822;freecwmp@linux-mips.org
References: <1330020438-15336-1-git-send-email-kaspar@schleiser.de>
Sender: freecwmp-bounce@linux-mips.org
User-agent: Mutt/1.5.21 (2010-09-15)
Hi Kaspar,

I can not merge this one as it is. I have made some changes. Can you
please test it?

Regards,
Luka

diff --git a/src/config.c b/src/config.c
index ea73c51..8bee77c 100644
--- a/src/config.c
+++ b/src/config.c
@@ -176,6 +176,29 @@ section_found:
                        goto next;
                }
 
+#ifdef HTTP_CURL
+               /* ssl_cert */
+               status = strcmp((uci_to_option(e))->e.name, "ssl_cert");
+               if (status == FC_SUCCESS) {
+                       acs_set_ssl_cert((uci_to_option(e))->v.string);
+                       goto next;
+               }
+
+               /* ssl_cacert */
+               status = strcmp((uci_to_option(e))->e.name, "ssl_cacert");
+               if (status == FC_SUCCESS) {
+                       acs_set_ssl_cacert((uci_to_option(e))->v.string);
+                       goto next;
+               }
+
+               /* ssl_verify */
+               status = strcmp((uci_to_option(e))->e.name, "ssl_verify");
+               if (status == FC_SUCCESS) {
+                       acs_set_ssl_verify((uci_to_option(e))->v.string);
+                       goto next;
+               }
+#endif /* HTTP_CURL */
+
 next:
                ;
        }
diff --git a/src/cwmp/acs.c b/src/cwmp/acs.c
index 5330a1a..3594623 100644
--- a/src/cwmp/acs.c
+++ b/src/cwmp/acs.c
@@ -26,6 +26,11 @@ acs_init()
        acs.hostname = NULL;
        acs.port = 0;
        acs.path = NULL;
+#ifdef HTTP_CURL
+       acs.ssl_cert = NULL;
+       acs.ssl_cacert = NULL;
+       acs.ssl_verify = 0;
+#endif /* HTTP_CURL */
 
        FC_DEVEL_DEBUG("exit");
 }
@@ -48,6 +53,13 @@ acs_clean()
        acs.port = 0;
        if (acs.path) free(acs.path);
        acs.path = NULL;
+#ifdef HTTP_CURL
+       if (acs.ssl_cert) free(acs.ssl_cert);
+       acs.ssl_cert = NULL;
+       if (acs.ssl_cacert) free(acs.ssl_cacert);
+       acs.ssl_cacert = NULL;
+       acs.ssl_verify = 0;
+#endif /* HTTP_CURL */
 
        FC_DEVEL_DEBUG("exit");
 }
@@ -164,3 +176,64 @@ acs_set_path(char *c)
        FC_DEVEL_DEBUG("exit");
 }
 
+#ifdef HTTP_CURL
+char *
+acs_get_ssl_cert(void)
+{
+       FC_DEVEL_DEBUG("enter & exit");
+       return acs.ssl_cert;
+}
+
+void
+acs_set_ssl_cert(char *c)
+{
+       FC_DEVEL_DEBUG("enter");
+
+       if (acs.ssl_cert)
+               free(acs.ssl_cert);
+       acs.ssl_cert = strdup(c);
+
+       FC_DEVEL_DEBUG("exit");
+}
+
+char *
+acs_get_ssl_cacert(void)
+{
+       FC_DEVEL_DEBUG("enter & exit");
+       return acs.ssl_cacert;
+}
+
+void
+acs_set_ssl_cacert(char *c)
+{
+       FC_DEVEL_DEBUG("enter");
+
+       if (acs.ssl_cacert)
+               free(acs.ssl_cacert);
+       acs.ssl_cacert = strdup(c);
+
+       FC_DEVEL_DEBUG("exit");
+}
+
+uint8_t
+acs_get_ssl_verify(void)
+{
+       FC_DEVEL_DEBUG("enter & exit");
+       return acs.ssl_verify;
+}
+
+void
+acs_set_ssl_verify(char *c)
+{
+       FC_DEVEL_DEBUG("enter");
+
+       if (strcmp(c, "disabled") == 0) {
+               acs.ssl_verify = 0;
+       } else if (strcmp(c, "enabled") == 0) {
+               acs.ssl_verify = 1;
+       }
+
+       FC_DEVEL_DEBUG("exit");
+}
+#endif /* HTTP_CURL */
+
diff --git a/src/cwmp/acs.h b/src/cwmp/acs.h
index b502f72..025a8d4 100644
--- a/src/cwmp/acs.h
+++ b/src/cwmp/acs.h
@@ -19,6 +19,11 @@ struct acs
        char *hostname;
        uint16_t port;
        char *path;
+#ifdef HTTP_CURL
+       char *ssl_cert;
+       char *ssl_cacert;
+       uint8_t ssl_verify;
+#endif /* HTTP_CURL */
 };
 
 void acs_init();
@@ -34,6 +39,14 @@ uint16_t acs_get_port(void);
 void acs_set_port(char *c);
 char * acs_get_path(void);
 void acs_set_path(char *c);
+#ifdef HTTP_CURL
+char * acs_get_ssl_cert(void);
+void acs_set_ssl_cert(char *c);
+char * acs_get_ssl_cacert(void);
+void acs_set_ssl_cacert(char *c);
+uint8_t acs_get_ssl_verify(void);
+void acs_set_ssl_verify(char *c);
+#endif /* HTTP_CURL */
 
 #endif
 
diff --git a/src/http/http.c b/src/http/http.c
index b626068..479a627 100644
--- a/src/http/http.c
+++ b/src/http/http.c
@@ -50,6 +50,10 @@ http_client_init(void)
        hostname = acs_get_hostname();
        port = acs_get_port();
        path = acs_get_path();
+#ifdef HTTP_CURL
+       http_c.ssl_cacert = acs_get_ssl_cacert();
+       http_c.ssl_cert = acs_get_ssl_cert();
+#endif /* HTTP_CURL */
 
        len = snprintf(NULL, 0, "%s://%s:%s@%s:%d%s",
                        scheme,
@@ -73,6 +77,14 @@ http_client_init(void)
 #ifdef DEBUG
        printf("+++ HTTP CLIENT CONFIGURATION +++\n");
        printf("URL: '%s'\n", http_c.url);
+# ifdef HTTP_CURL
+       if (http_c.ssl_cert)
+               printf("ssl_cert: '%s\n", http_c.ssl_cert);
+       if (http_c.ssl_cacert)
+               printf("ssl_cacert: '%s\n", http_c.ssl_cacert);
+       if (!acs_get_ssl_verify())
+               printf("ssl_verify: SSL certificate validation disabled.\n");
+# endif /* HTTP_CURL */
        printf("--- HTTP CLIENT CONFIGURATION ---\n");
 #endif
 
@@ -217,6 +229,14 @@ http_send_message(char *msg_out, char **msg_in)
        curl_easy_setopt(curl, CURLOPT_COOKIEFILE, fc_cookies);
        curl_easy_setopt(curl, CURLOPT_COOKIEJAR, fc_cookies);
 
+       if (http_c.ssl_cacert)
+               curl_easy_setopt(curl, CURLOPT_CAINFO, http_c.ssl_cacert);
+       /* TODO: test this with real ACS configuration */
+       if (http_c.ssl_cert)
+               curl_easy_setopt(curl, CURLOPT_SSLCERT, http_c.ssl_cert);
+       if (!acs_get_ssl_verify())
+               curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+
        *msg_in = (char *) calloc (1, sizeof(char));
 
        res = curl_easy_perform(curl);
diff --git a/src/http/http.h b/src/http/http.h
index e60f1ac..bcad436 100644
--- a/src/http/http.h
+++ b/src/http/http.h
@@ -31,11 +31,15 @@ struct http_client
 {
 #ifdef HTTP_CURL
        struct curl_slist *header_list;
-#endif
+#endif /* HTTP_CURL */
 #ifdef HTTP_ZSTREAM
        zstream_t *stream;
-#endif
+#endif /* HTTP_ZSTREAM */
        char *url;
+#ifdef HTTP_CURL
+       char *ssl_cert;
+       char *ssl_cacert;
+#endif /* HTTP_CURL */
 };
 
 struct http_server
@@ -45,7 +49,7 @@ struct http_server
 
 #ifdef HTTP_CURL
 static uint64_t http_get_response(void *buffer, size_t size, size_t rxed, char 
**msg_in);
-#endif
+#endif /* HTTP_CURL */
 
 int8_t http_client_init(void);
 int8_t http_client_exit(void);

<Prev in Thread] Current Thread [Next in Thread>