Mercurial > trustbridge
comparison ui/sslconnection_curl.cpp @ 956:879a634d0a40
(issue41) Add proxy support
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 27 Aug 2014 16:31:40 +0200 |
| parents | c8be25c83ff6 |
| children | 6a3d284b9c16 |
comparison
equal
deleted
inserted
replaced
| 955:0f7aeb12e5e9 | 956:879a634d0a40 |
|---|---|
| 15 const QByteArray& certificate): | 15 const QByteArray& certificate): |
| 16 SSLConnection (url, certificate), | 16 SSLConnection (url, certificate), |
| 17 mCurl (NULL) | 17 mCurl (NULL) |
| 18 { | 18 { |
| 19 if (certificate.isEmpty()) { | 19 if (certificate.isEmpty()) { |
| 20 QFile certResource(":certs/intevation.de"); | 20 /* Security: curl does not support leaf certificate pinning. So |
| 21 * while the bare connection pins the certificate directly the | |
| 22 * curl implementation pins the issuer of the peer certificate | |
| 23 * | |
| 24 * CURLINFO_TLS_SESSION is also not implmented for polarssl | |
| 25 * so there is no way to obtain / verify peer certificate manually | |
| 26 * at this point. | |
| 27 **/ | |
| 28 #ifdef RELEASE_BUILD | |
| 29 #error "Curl release build is not supported at this moment." | |
| 30 #else | |
| 31 QFile certResource(":certs/geotrust"); | |
| 32 #endif | |
| 21 certResource.open(QFile::ReadOnly); | 33 certResource.open(QFile::ReadOnly); |
| 22 mPinnedCert = certResource.readAll(); | 34 mPinnedCert = certResource.readAll(); |
| 23 certResource.close(); | 35 certResource.close(); |
| 24 } | 36 } |
| 25 | 37 |
| 32 } | 44 } |
| 33 | 45 |
| 34 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { | 46 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { |
| 35 /* Should be default anyway */ | 47 /* Should be default anyway */ |
| 36 qDebug() << "Setting verifypeer failed"; | 48 qDebug() << "Setting verifypeer failed"; |
| 37 return; | |
| 38 } | |
| 39 | |
| 40 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) { | |
| 41 /* There are no limitiations for the pinned certificate */ | |
| 42 qDebug() << "Setting verifyhost failed"; | |
| 43 return; | 49 return; |
| 44 } | 50 } |
| 45 | 51 |
| 46 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { | 52 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { |
| 47 qDebug() << "Setting errorbuf failed"; | 53 qDebug() << "Setting errorbuf failed"; |
| 227 qDebug() << "Invalid Time"; | 233 qDebug() << "Invalid Time"; |
| 228 return QDateTime(); | 234 return QDateTime(); |
| 229 } | 235 } |
| 230 return QDateTime::fromTime_t(filetime); | 236 return QDateTime::fromTime_t(filetime); |
| 231 } | 237 } |
| 238 | |
| 239 void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) { | |
| 240 if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) { | |
| 241 qDebug() << "Failed to set proxy"; | |
| 242 return; | |
| 243 } | |
| 244 qDebug() << "Set proxy to: " << proxyUrl; | |
| 245 } |