comparison ui/sslconnection_curl.cpp @ 1088:508c96e72f62

(issue124) Switch server URL and remove some RELEASE_BUILD options As the test server speaks ECDSA we do not need so much #ifndef RELEASE_BUILD options anymore.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 12 Sep 2014 15:38:42 +0200
parents fe2c6666b462
children e986d3d4705f
comparison
equal deleted inserted replaced
1087:7191addd8a53 1088:508c96e72f62
23 if (!mCurl) { 23 if (!mCurl) {
24 qDebug() << "Failed to initialize curl"; 24 qDebug() << "Failed to initialize curl";
25 return; 25 return;
26 } 26 }
27 27
28 #ifdef RELEASE_BUILD
29 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) { 28 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 1L) != CURLE_OK) {
30 #else
31 /* For testing we do not have to trust the issuer. This should not
32 * be dangerous as we pin the peer certificate directly. */
33 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYPEER, 0L) != CURLE_OK) {
34 #endif
35 /* Should be default anyway */ 29 /* Should be default anyway */
36 qDebug() << "Setting verifypeer failed"; 30 qDebug() << "Setting verifypeer failed";
37 return; 31 return;
38 } 32 }
39 33
40 #ifdef RELEASE_BUILD
41 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 1L) != CURLE_OK) {
42 #else
43 /* For testing we do not have to trust host. This should not
44 * be dangerous as we pin the peer certificate directly. */
45 if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) {
46 #endif
47 /* Should be default anyway */
48 qDebug() << "Setting verifypeer failed";
49 return;
50 }
51
52 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) { 34 if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) {
53 qDebug() << "Setting errorbuf failed"; 35 qDebug() << "Setting errorbuf failed";
54 return; 36 return;
55 } 37 }
56 38
57 #ifdef RELEASE_BUILD
58 if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) { 39 if (curl_easy_setopt(mCurl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2) != CURLE_OK) {
59 qDebug() << "Setting ssl version failed."; 40 qDebug() << "Setting ssl version failed.";
60 return; 41 return;
61 } 42 }
62 #endif
63 43
64 mCertFile.open(); 44 mCertFile.open();
65 if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) { 45 if (mCertFile.write(mPinnedCert) != mPinnedCert.size()) {
66 qDebug() << "Failed to write temporary certificate"; 46 qDebug() << "Failed to write temporary certificate";
67 return; 47 return;

http://wald.intevation.org/projects/trustbridge/