Mercurial > trustbridge
comparison ui/sslconnection_curl.cpp @ 956:879a634d0a40
(issue41) Add proxy support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 27 Aug 2014 16:31:40 +0200 |
parents | c8be25c83ff6 |
children | 6a3d284b9c16 |
comparison
equal
deleted
inserted
replaced
955:0f7aeb12e5e9 | 956:879a634d0a40 |
---|---|
15 const QByteArray& certificate): | 15 const QByteArray& certificate): |
16 SSLConnection (url, certificate), | 16 SSLConnection (url, certificate), |
17 mCurl (NULL) | 17 mCurl (NULL) |
18 { | 18 { |
19 if (certificate.isEmpty()) { | 19 if (certificate.isEmpty()) { |
20 QFile certResource(":certs/intevation.de"); | 20 /* Security: curl does not support leaf certificate pinning. So |
21 * while the bare connection pins the certificate directly the | |
22 * curl implementation pins the issuer of the peer certificate | |
23 * | |
24 * CURLINFO_TLS_SESSION is also not implmented for polarssl | |
25 * so there is no way to obtain / verify peer certificate manually | |
26 * at this point. | |
27 **/ | |
28 #ifdef RELEASE_BUILD | |
29 #error "Curl release build is not supported at this moment." | |
30 #else | |
31 QFile certResource(":certs/geotrust"); | |
32 #endif | |
21 certResource.open(QFile::ReadOnly); | 33 certResource.open(QFile::ReadOnly); |
22 mPinnedCert = certResource.readAll(); | 34 mPinnedCert = certResource.readAll(); |
23 certResource.close(); | 35 certResource.close(); |
24 } | 36 } |
25 | 37 |
32 } | 44 } |
33 | 45 |
34 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { | 46 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { |
35 /* Should be default anyway */ | 47 /* Should be default anyway */ |
36 qDebug() << "Setting verifypeer failed"; | 48 qDebug() << "Setting verifypeer failed"; |
37 return; | |
38 } | |
39 | |
40 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) { | |
41 /* There are no limitiations for the pinned certificate */ | |
42 qDebug() << "Setting verifyhost failed"; | |
43 return; | 49 return; |
44 } | 50 } |
45 | 51 |
46 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { | 52 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { |
47 qDebug() << "Setting errorbuf failed"; | 53 qDebug() << "Setting errorbuf failed"; |
227 qDebug() << "Invalid Time"; | 233 qDebug() << "Invalid Time"; |
228 return QDateTime(); | 234 return QDateTime(); |
229 } | 235 } |
230 return QDateTime::fromTime_t(filetime); | 236 return QDateTime::fromTime_t(filetime); |
231 } | 237 } |
238 | |
239 void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) { | |
240 if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) { | |
241 qDebug() << "Failed to set proxy"; | |
242 return; | |
243 } | |
244 qDebug() << "Set proxy to: " << proxyUrl; | |
245 } |