input/curl: options "verify_peer" and "verify_host"

681643ea · Max Kellermann · fa947e02 · 681643ea · 681643ea · 681643ea
Commit 681643ea authored Jul 11, 2014 by Max Kellermann
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 0 deletions

NEWS NEWS +1 -0

user.xml doc/user.xml +24 -0

CurlInputPlugin.cxx src/input/plugins/CurlInputPlugin.cxx +8 -0

No files found.
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,7 @@ ver 0.19 (not yet released)
  - read tags from songs in an archive
 * input
  - alsa: new input plugin
+  - curl: options "verify_peer" and "verify_host"
  - mms: non-blocking I/O
  - nfs: new input plugin
  - smbclient: new input plugin

--- a/doc/user.xml
+++ b/doc/user.xml
@@ -1106,6 +1106,30 @@ systemctl start mpd.socket</programlisting>
                  Configures proxy authentication.
                </entry>
              </row>
+
+              <row>
+                <entry>
+                  <varname>verify_peer</varname>
+                  <parameter>yes|no</parameter>
+                </entry>
+                <entry>
+                  Verify the peer's SSL certificate?  <ulink
+                  url="http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html">More
+                  information</ulink>.
+                </entry>
+              </row>
+
+              <row>
+                <entry>
+                  <varname>verify_host</varname>
+                  <parameter>yes|no</parameter>
+                </entry>
+                <entry>
+                  Verify the certificate's name against host?  <ulink
+                  url="http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html">More
+                  information</ulink>.
+                </entry>
+              </row>
            </tbody>
          </tgroup>
        </informaltable>

--- a/src/input/plugins/CurlInputPlugin.cxx
+++ b/src/input/plugins/CurlInputPlugin.cxx
@@ -245,6 +245,8 @@ static struct curl_slist *http_200_aliases;
 static const char *proxy, *proxy_user, *proxy_password;
 static unsigned proxy_port;

+static bool verify_peer, verify_host;
+
 static CurlMulti *curl_multi;

 static constexpr Domain http_domain("http");
@@ -562,6 +564,9 @@ input_curl_init(const config_param &param, Error &error)
 						   "");
 	}

+	verify_peer = param.GetBlockValue("verify_peer", true);
+	verify_host = param.GetBlockValue("verify_host", true);
+
 	CURLM *multi = curl_multi_init();
 	if (multi == nullptr) {
 		curl_slist_free_all(http_200_aliases);
@@ -740,6 +745,9 @@ CurlInputStream::InitEasy(Error &error)
 		curl_easy_setopt(easy, CURLOPT_PROXYUSERPWD, proxy_auth_str);
 	}

+	curl_easy_setopt(easy, CURLOPT_SSL_VERIFYPEER, verify_peer ? 1l : 0l);
+	curl_easy_setopt(easy, CURLOPT_SSL_VERIFYHOST, verify_host ? 2l : 0l);
+
 	CURLcode code = curl_easy_setopt(easy, CURLOPT_URL, GetURI());
 	if (code != CURLE_OK) {
 		error.Format(curl_domain, code,