mirror/netcdf-c
2
0
Fork 0
mirror of https://github.com/Unidata/netcdf-c.git synced 2025-02-17 16:50:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix Proxy problem for DAP2

Browse Source 
re: Issue https://github.com/Unidata/netcdf-c/issues/2752

The authorization setup when using a proxy is apparently not
being used, or used incorrectly.

This PR ensures that the relevant curl options, specifically
CURLOPT_VERIFYHOST and CURLOPT_VERIFYPEER, are properly setup.
As part of this, the ability to turn off these options was fixed.
Note that no testing of this PR is currently possible because we
do not have access to a proxy.
This commit is contained in:
Dennis Heimbigner 2023-10-08 14:38:07 -06:00
parent 8b5f1e239c
commit 948304a79f
3 changed files with 88 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
libdap4/d4curlfunctions.c
View File

@ -3,6 +3,11 @@
* See netcdf/COPYRIGHT file for copying and redistribution conditions.
*********************************************************************/
/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c
should be merged since they are essentially the same file.
In the meantime, changes to one should be propagated to the other.
*/
#include "d4includes.h"
#include "d4curlfunctions.h"
@ -123,33 +128,43 @@ set_curlflag(NCD4INFO* state, int flag)
}
}
break;
case CURLOPT_USE_SSL:
case CURLOPT_SSLCERT: case CURLOPT_SSLKEY:
case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST:
{
struct ssl* ssl = &state->auth->ssl;
case CURLOPT_SSL_VERIFYPEER:
/* VERIFYPEER == 0 => VERIFYHOST == 0 */
/* We need to have 2 states: default and a set value */
/* So -1 => default, >= 0 => use value; */
if(ssl->verifypeer >= 0)
SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer));
/* So -1 => default >= 0 => use value */
if(state->auth->ssl.verifypeer >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer));
if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0;
}
break;
case CURLOPT_SSL_VERIFYHOST:
#ifdef HAVE_LIBCURL_766
if(ssl->verifyhost >= 0)
SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost));
if(state->auth->ssl.verifyhost >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost));
}
#endif
if(ssl->certificate)
SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate);
if(ssl->key)
SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key);
if(ssl->keypasswd)
break;
case CURLOPT_SSLCERT:
if(state->auth->ssl.certificate)
SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate);
break;
case CURLOPT_SSLKEY:
if(state->auth->ssl.key)
SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key);
if(state->auth->ssl.keypasswd)
/* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */
SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd);
if(ssl->cainfo)
SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo);
if(ssl->capath)
SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath);
}
break;
SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd);
break;
case CURLOPT_CAINFO:
if(state->auth->ssl.cainfo)
SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo);
break;
case CURLOPT_CAPATH:
if(state->auth->ssl.capath)
SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath);
break;
case CURLOPT_USE_SSL:
break;
#ifdef HAVE_CURLOPT_BUFFERSIZE
case CURLOPT_BUFFERSIZE:
@ -200,6 +215,12 @@ NCD4_set_flags_perlink(NCD4INFO* state)
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_COOKIEJAR);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USERPWD);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_PROXY);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYPEER);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYHOST);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLCERT);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLKEY);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAINFO);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAPATH);
if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USE_SSL);
if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_FOLLOWLOCATION);
if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_MAXREDIRS);

4
ncdap_test/tst_remote.sh
View File

@ -1,6 +1,10 @@
#!/bin/sh
if test "x$srcdir" = x ; then srcdir=`pwd`; fi
. ../test_common.sh
if test "x$SETX" != x ; then set -x ; fi
set -e
quiet=0

64
oc2/occurlfunctions.c
View File

@ -1,6 +1,11 @@
/* Copyright 2018, UCAR/Unidata and OPeNDAP, Inc.
See the COPYRIGHT file for more information. */
/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c
should be merged since they are essentially the same file.
In the meantime, changes to one should be propagated to the other.
*/
#include "config.h"
#include <stdlib.h>
#ifdef HAVE_STDINT_H
@ -127,36 +132,43 @@ ocset_curlflag(OCstate* state, int flag)
}
break;
case CURLOPT_USE_SSL:
case CURLOPT_SSLCERT: case CURLOPT_SSLKEY:
case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST:
case CURLOPT_CAINFO: case CURLOPT_CAPATH:
{
struct ssl* ssl = &state->auth->ssl;
case CURLOPT_SSL_VERIFYPEER:
/* VERIFYPEER == 0 => VERIFYHOST == 0 */
/* We need to have 2 states: default and a set value */
/* So -1 => default >= 0 => use value */
if(ssl->verifypeer >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer));
}
if(state->auth->ssl.verifypeer >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer));
if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0;
}
break;
case CURLOPT_SSL_VERIFYHOST:
#ifdef HAVE_LIBCURL_766
if(ssl->verifyhost >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost));
if(state->auth->ssl.verifyhost >= 0) {
SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost));
}
#endif
if(ssl->certificate)
SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate);
if(ssl->key)
SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key);
if(ssl->keypasswd)
break;
case CURLOPT_SSLCERT:
if(state->auth->ssl.certificate)
SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate);
break;
case CURLOPT_SSLKEY:
if(state->auth->ssl.key)
SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key);
if(state->auth->ssl.keypasswd)
/* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */
SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd);
if(ssl->cainfo)
SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo);
if(ssl->capath)
SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath);
}
break;
SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd);
break;
case CURLOPT_CAINFO:
if(state->auth->ssl.cainfo)
SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo);
break;
case CURLOPT_CAPATH:
if(state->auth->ssl.capath)
SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath);
break;
case CURLOPT_USE_SSL:
break;
#ifdef HAVE_CURLOPT_BUFFERSIZE
case CURLOPT_BUFFERSIZE:
@ -210,6 +222,12 @@ ocset_flags_perlink(OCstate* state)
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_COOKIEJAR);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USERPWD);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_PROXY);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYPEER);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYHOST);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLCERT);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLKEY);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAINFO);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAPATH);
if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USE_SSL);
if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_FOLLOWLOCATION);
if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_MAXREDIRS);