diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-05-01 16:48:20 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-05-01 16:54:03 +0200 |
| commit | 2fdc5d2a95a4db8ab9600cc95632647a3da98e23 (patch) | |
| tree | 930564fee3699bec9a11314465f22639b5cf428f /src/loader/cgi.nim | |
| parent | 7bd7f887137d67668846a37a12ef333e6029d2fa (diff) | |
| download | chawan-2fdc5d2a95a4db8ab9600cc95632647a3da98e23.tar.gz | |
config: add insecure-ssl-no-verify option to siteconf
Equivalent to curl --insecure. Note: unfortunately this does not help if the server is using unsafe legacy renegotiation, you have to allow that in the OpenSSL config.
Diffstat (limited to 'src/loader/cgi.nim')
| -rw-r--r-- | src/loader/cgi.nim | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/loader/cgi.nim b/src/loader/cgi.nim index 79344b6f..2c395e95 100644 --- a/src/loader/cgi.nim +++ b/src/loader/cgi.nim @@ -24,7 +24,8 @@ proc putMappedURL(url: URL) = putEnv("MAPPED_URI_QUERY", url.query.get("")) proc setupEnv(cmd, scriptName, pathInfo, requestURI, myDir: string; - request: Request; contentLen: int; prevURL: URL) = + request: Request; contentLen: int; prevURL: URL; + insecureSSLNoVerify: bool) = let url = request.url putEnv("SCRIPT_NAME", scriptName) putEnv("SCRIPT_FILENAME", cmd) @@ -52,6 +53,8 @@ proc setupEnv(cmd, scriptName, pathInfo, requestURI, myDir: string; putEnv("HTTP_REFERER", $request.referrer) if request.proxy != nil: putEnv("ALL_PROXY", $request.proxy) + if insecureSSLNoVerify: + putEnv("CHA_INSECURE_SSL_NO_VERIFY", "1") setCurrentDir(myDir) type ControlResult = enum @@ -123,7 +126,7 @@ proc handleLine(handle: LoaderHandle; line: string; headers: Headers) = headers.add(k, v) proc loadCGI*(handle: LoaderHandle; request: Request; cgiDir: seq[string]; - prevURL: URL) = + prevURL: URL; insecureSSLNoVerify: bool) = if cgiDir.len == 0: handle.sendResult(ERROR_NO_CGI_DIR) return @@ -205,7 +208,7 @@ proc loadCGI*(handle: LoaderHandle; request: Request; cgiDir: seq[string]; closeStdin() # we leave stderr open, so it can be seen in the browser console setupEnv(cmd, scriptName, pathInfo, requestURI, myDir, request, contentLen, - prevURL) + prevURL, insecureSSLNoVerify) # reset SIGCHLD to the default handler. this is useful if the child process # expects SIGCHLD to be untouched. (e.g. git dies a horrible death with # SIGCHLD as SIG_IGN) |