From 3a86b8c29b1ccff7383478e980a7edf3aec3979a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 22 Mar 2022 11:33:08 +0100 Subject: apply `tls.policy` to cURL calls In case the user decides to ignore the validity-state of certificates we also have to configure libcurl accordingly. `tls.policy` can be set via ``` /account set tls trust ``` Signed-off-by: Steffen Jaeckel --- src/tools/http_upload.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/tools/http_upload.c') diff --git a/src/tools/http_upload.c b/src/tools/http_upload.c index ca336c9b..5b783441 100644 --- a/src/tools/http_upload.c +++ b/src/tools/http_upload.c @@ -186,6 +186,9 @@ http_file_put(void* userdata) char* cert_path = prefs_get_string(PREF_TLS_CERTPATH); gchar* cafile = cafile_get_name(); + ProfAccount* account = accounts_get_account(session_get_account_name()); + gboolean insecure = strcmp(account->tls_policy, "trust") == 0; + account_free(account); pthread_mutex_unlock(&lock); curl_global_init(CURL_GLOBAL_ALL); @@ -252,6 +255,10 @@ http_file_put(void* userdata) if (cert_path) { curl_easy_setopt(curl, CURLOPT_CAPATH, cert_path); } + if (insecure) { + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + } curl_easy_setopt(curl, CURLOPT_READDATA, fh); curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)(upload->filesize)); -- cgit 1.4.1-2-gfad0