mirror of
https://github.com/curl/curl.git
synced 2025-03-01 15:15:34 +08:00
Cris Bailiff's CAPATH support added
This commit is contained in:
Daniel Stenberg
parent
98871d1e9e
commit
59c11b82d5
12
docs/curl.1
12
docs/curl.1
@ -211,7 +211,17 @@ certificate concatenated!
|
|||||||
If this option is used several times, the last one will be used.
|
If this option is used several times, the last one will be used.
|
||||||
.IP "--cacert <CA certificate>"
|
.IP "--cacert <CA certificate>"
|
||||||
(HTTPS) Tells curl to use the specified certificate file to verify the
|
(HTTPS) Tells curl to use the specified certificate file to verify the
|
||||||
peer. The certificate must be in PEM format.
|
peer. The file may contain multiple CA certificates. The certificate(s) must
|
||||||
|
be in PEM format.
|
||||||
|
|
||||||
|
If this option is used several times, the last one will be used.
|
||||||
|
.IP "--capath <CA certificate directory>"
|
||||||
|
(HTTPS) Tells curl to use the specified certificate directory to verify the
|
||||||
|
peer. The certificates must be in PEM format, and the directory must have been
|
||||||
|
processed using the c_rehash utility supplied with openssl. Certificate directories
|
||||||
|
are not supported under Windows (because c_rehash uses symbolink links to
|
||||||
|
create them). Using --capath can allow curl to make https connections much
|
||||||
|
more efficiently than using --cacert if the --cacert file contains many CA certificates.
|
||||||
|
|
||||||
If this option is used several times, the last one will be used.
|
If this option is used several times, the last one will be used.
|
||||||
.IP "-f/--fail"
|
.IP "-f/--fail"
|
||||||
|
|||||||
@ -514,12 +514,20 @@ argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
|
|||||||
.B CURLOPT_SSL_VERIFYPEER
|
.B CURLOPT_SSL_VERIFYPEER
|
||||||
Pass a long that is set to a non-zero value to make curl verify the peer's
|
Pass a long that is set to a non-zero value to make curl verify the peer's
|
||||||
certificate. The certificate to verify against must be specified with the
|
certificate. The certificate to verify against must be specified with the
|
||||||
CURLOPT_CAINFO option. (Added in 7.4.2)
|
CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified
|
||||||
|
with the CURLOPT_CAPATH option (Added in 7.9.8).
|
||||||
.TP
|
.TP
|
||||||
.B CURLOPT_CAINFO
|
.B CURLOPT_CAINFO
|
||||||
Pass a char * to a zero terminated file naming holding the certificate to
|
Pass a char * to a zero terminated string naming a file holding one or more
|
||||||
verify the peer with. This only makes sense when used in combination with the
|
certificates to verify the peer with. This only makes sense when used in
|
||||||
CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2)
|
combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2)
|
||||||
|
.TP
|
||||||
|
.B CURLOPT_CAPATH
|
||||||
|
Pass a char * to a zero terminated string naming a directory holding multiple CA
|
||||||
|
certificates to verify the peer with. The certificate directory must be prepared using
|
||||||
|
the openssl c_rehash utility. This only makes sense when used in combination with the
|
||||||
|
CURLOPT_SSL_VERIFYPEER option. The CAPATH function apparently does not work in Windows
|
||||||
|
due to some limitation in openssl. (Added in 7.9.8)
|
||||||
.TP
|
.TP
|
||||||
.B CURLOPT_PASSWDFUNCTION
|
.B CURLOPT_PASSWDFUNCTION
|
||||||
Pass a pointer to a \fIcurl_passwd_callback\fP function that will be called
|
Pass a pointer to a \fIcurl_passwd_callback\fP function that will be called
|
||||||
|
|||||||
@ -544,6 +544,10 @@ typedef enum {
|
|||||||
|
|
||||||
/* mark this as start of a cookie session */
|
/* mark this as start of a cookie session */
|
||||||
CINIT(COOKIESESSION, LONG, 96),
|
CINIT(COOKIESESSION, LONG, 96),
|
||||||
|
|
||||||
|
/* The CApath directory used to validate the peer certificate
|
||||||
|
this option is used only if SSL_VERIFYPEER is true */
|
||||||
|
CINIT(CAPATH, OBJECTPOINT, 97),
|
||||||
|
|
||||||
CURLOPT_LASTENTRY /* the last unusued */
|
CURLOPT_LASTENTRY /* the last unusued */
|
||||||
} CURLoption;
|
} CURLoption;
|
||||||
@ -728,8 +732,8 @@ CURLcode curl_global_init(long flags);
|
|||||||
void curl_global_cleanup(void);
|
void curl_global_cleanup(void);
|
||||||
|
|
||||||
/* This is the version number */
|
/* This is the version number */
|
||||||
#define LIBCURL_VERSION "7.9.7"
|
#define LIBCURL_VERSION "7.9.8-pre1"
|
||||||
#define LIBCURL_VERSION_NUM 0x070907
|
#define LIBCURL_VERSION_NUM 0x070908
|
||||||
|
|
||||||
/* linked-list structure for the CURLOPT_QUOTE option (and other) */
|
/* linked-list structure for the CURLOPT_QUOTE option (and other) */
|
||||||
struct curl_slist {
|
struct curl_slist {
|
||||||
|
|||||||
@ -981,7 +981,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
|
|||||||
* Set CA info for SSL connection. Specify file name of the CA certificate
|
* Set CA info for SSL connection. Specify file name of the CA certificate
|
||||||
*/
|
*/
|
||||||
data->set.ssl.CAfile = va_arg(param, char *);
|
data->set.ssl.CAfile = va_arg(param, char *);
|
||||||
data->set.ssl.CApath = NULL; /*This does not work on windows.*/
|
break;
|
||||||
|
case CURLOPT_CAPATH:
|
||||||
|
/*
|
||||||
|
* Set CA path info for SSL connection. Specify directory name of the CA certificates
|
||||||
|
* which have been prepared using openssl c_rehash utility.
|
||||||
|
*/
|
||||||
|
data->set.ssl.CApath = va_arg(param, char *); /*This does not work on windows.*/
|
||||||
break;
|
break;
|
||||||
case CURLOPT_TELNETOPTIONS:
|
case CURLOPT_TELNETOPTIONS:
|
||||||
/*
|
/*
|
||||||
|
|||||||
14
src/main.c
14
src/main.c
@ -345,6 +345,7 @@ static void help(void)
|
|||||||
" --pass <pass> Specifies your passphrase for the private key (HTTPS)");
|
" --pass <pass> Specifies your passphrase for the private key (HTTPS)");
|
||||||
puts(" --engine <eng> Specifies the crypto engine to use (HTTPS)\n"
|
puts(" --engine <eng> Specifies the crypto engine to use (HTTPS)\n"
|
||||||
" --cacert <file> CA certifciate to verify peer against (SSL)\n"
|
" --cacert <file> CA certifciate to verify peer against (SSL)\n"
|
||||||
|
" --capath <directory> CA directory (made using c_rehash) to verify peer against (SSL, NOT Windows)\n"
|
||||||
" --ciphers <list> What SSL ciphers to use (SSL)\n"
|
" --ciphers <list> What SSL ciphers to use (SSL)\n"
|
||||||
" --connect-timeout <seconds> Maximum time allowed for connection\n"
|
" --connect-timeout <seconds> Maximum time allowed for connection\n"
|
||||||
" -f/--fail Fail silently (no output at all) on errors (H)\n"
|
" -f/--fail Fail silently (no output at all) on errors (H)\n"
|
||||||
@ -454,6 +455,7 @@ struct Configurable {
|
|||||||
char *cert;
|
char *cert;
|
||||||
char *cert_type;
|
char *cert_type;
|
||||||
char *cacert;
|
char *cacert;
|
||||||
|
char *capath;
|
||||||
char *key;
|
char *key;
|
||||||
char *key_type;
|
char *key_type;
|
||||||
char *key_passwd;
|
char *key_passwd;
|
||||||
@ -999,6 +1001,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
|||||||
{"Ed","key-type", TRUE},
|
{"Ed","key-type", TRUE},
|
||||||
{"Ee","pass", TRUE},
|
{"Ee","pass", TRUE},
|
||||||
{"Ef","engine", TRUE},
|
{"Ef","engine", TRUE},
|
||||||
|
{"Eg","capath ", TRUE},
|
||||||
{"f", "fail", FALSE},
|
{"f", "fail", FALSE},
|
||||||
{"F", "form", TRUE},
|
{"F", "form", TRUE},
|
||||||
{"g", "globoff", FALSE},
|
{"g", "globoff", FALSE},
|
||||||
@ -1335,6 +1338,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
|||||||
case 'f': /* crypto engine */
|
case 'f': /* crypto engine */
|
||||||
GetStr(&config->engine, nextarg);
|
GetStr(&config->engine, nextarg);
|
||||||
break;
|
break;
|
||||||
|
case 'g': /* CA info PEM file */
|
||||||
|
/* CA cert directory */
|
||||||
|
GetStr(&config->capath, nextarg);
|
||||||
|
break;
|
||||||
default: /* certificate file */
|
default: /* certificate file */
|
||||||
{
|
{
|
||||||
char *ptr = strchr(nextarg, ':');
|
char *ptr = strchr(nextarg, ':');
|
||||||
@ -2082,6 +2089,8 @@ void free_config_fields(struct Configurable *config)
|
|||||||
curl_formfree(config->httppost);
|
curl_formfree(config->httppost);
|
||||||
if(config->cacert)
|
if(config->cacert)
|
||||||
free(config->cacert);
|
free(config->cacert);
|
||||||
|
if(config->capath)
|
||||||
|
free(config->capath);
|
||||||
if(config->cookiejar)
|
if(config->cookiejar)
|
||||||
free(config->cookiejar);
|
free(config->cookiejar);
|
||||||
|
|
||||||
@ -2558,8 +2567,9 @@ operate(struct Configurable *config, int argc, char *argv[])
|
|||||||
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type);
|
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type);
|
||||||
curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
|
curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd);
|
||||||
|
|
||||||
if(config->cacert) {
|
if(config->cacert || config->capath) {
|
||||||
curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
|
if (config->cacert) curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
|
||||||
|
if (config->capath) curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath);
|
||||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
|
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
|
||||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
|
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user