Mercurial > trustbridge
diff ui/sslconnection_curl.cpp @ 956:879a634d0a40
(issue41) Add proxy support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 27 Aug 2014 16:31:40 +0200 |
parents | c8be25c83ff6 |
children | 6a3d284b9c16 |
line wrap: on
line diff
--- a/ui/sslconnection_curl.cpp Wed Aug 27 16:31:11 2014 +0200 +++ b/ui/sslconnection_curl.cpp Wed Aug 27 16:31:40 2014 +0200 @@ -17,7 +17,19 @@ mCurl (NULL) { if (certificate.isEmpty()) { - QFile certResource(":certs/intevation.de"); + /* Security: curl does not support leaf certificate pinning. So + * while the bare connection pins the certificate directly the + * curl implementation pins the issuer of the peer certificate + * + * CURLINFO_TLS_SESSION is also not implmented for polarssl + * so there is no way to obtain / verify peer certificate manually + * at this point. + **/ +#ifdef RELEASE_BUILD +#error "Curl release build is not supported at this moment." +#else + QFile certResource(":certs/geotrust"); +#endif certResource.open(QFile::ReadOnly); mPinnedCert = certResource.readAll(); certResource.close(); @@ -37,12 +49,6 @@ return; } - if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) { - /* There are no limitiations for the pinned certificate */ - qDebug() << "Setting verifyhost failed"; - return; - } - if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { qDebug() << "Setting errorbuf failed"; return; @@ -229,3 +235,11 @@ } return QDateTime::fromTime_t(filetime); } + +void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) { + if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) { + qDebug() << "Failed to set proxy"; + return; + } + qDebug() << "Set proxy to: " << proxyUrl; +}