diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-05-01 16:48:20 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-05-01 16:54:03 +0200 |
| commit | 2fdc5d2a95a4db8ab9600cc95632647a3da98e23 (patch) | |
| tree | 930564fee3699bec9a11314465f22639b5cf428f /adapter/protocol | |
| parent | 7bd7f887137d67668846a37a12ef333e6029d2fa (diff) | |
| download | chawan-2fdc5d2a95a4db8ab9600cc95632647a3da98e23.tar.gz | |
config: add insecure-ssl-no-verify option to siteconf
Equivalent to curl --insecure. Note: unfortunately this does not help if the server is using unsafe legacy renegotiation, you have to allow that in the OpenSSL config.
Diffstat (limited to 'adapter/protocol')
| -rw-r--r-- | adapter/protocol/curl.nim | 2 | ||||
| -rw-r--r-- | adapter/protocol/http.nim | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/adapter/protocol/curl.nim b/adapter/protocol/curl.nim index 9e6aeda3..62df5f51 100644 --- a/adapter/protocol/curl.nim +++ b/adapter/protocol/curl.nim @@ -103,7 +103,9 @@ type CURLOPT_DIRLISTONLY = CURLOPTTYPE_LONG + 48 CURLOPT_FOLLOWLOCATION = CURLOPTTYPE_LONG + 52 CURLOPT_POSTFIELDSIZE = CURLOPTTYPE_LONG + 60 + CURLOPT_SSL_VERIFYPEER = CURLOPTTYPE_LONG + 64 CURLOPT_HTTPGET = CURLOPTTYPE_LONG + 80 + CURLOPT_SSL_VERIFYHOST = CURLOPTTYPE_LONG + 81 CURLOPT_FTP_FILEMETHOD = CURLOPTTYPE_VALUES + 138 CURLOPT_CONNECT_ONLY = CURLOPTTYPE_LONG + 141 CURLOPT_SUPPRESS_CONNECT_HEADERS = CURLOPTTYPE_LONG + 265 diff --git a/adapter/protocol/http.nim b/adapter/protocol/http.nim index f5e3249c..3dc52f13 100644 --- a/adapter/protocol/http.nim +++ b/adapter/protocol/http.nim @@ -100,6 +100,9 @@ proc main() = let query = getEnv("MAPPED_URI_QUERY") if query != "": url.set(CURLUPART_QUERY, query, flags) + if getEnv("CHA_INSECURE_SSL_NO_VERIFY") == "1": + curl.setopt(CURLOPT_SSL_VERIFYPEER, 0) + curl.setopt(CURLOPT_SSL_VERIFYHOST, 0) curl.setopt(CURLOPT_CURLU, url) let op = HttpHandle(curl: curl) curl.setopt(CURLOPT_SUPPRESS_CONNECT_HEADERS, 1) |