SSL_INSECURE support and usage added

2002-08-26 23:13:25 +00:00
parent 7172fa058a
commit 27a2e590cd
5 changed files with 62 additions and 10 deletions
--- a/lib/url.c
+++ b/lib/url.c
@@ -1004,10 +1004,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
    break;
  case CURLOPT_CAPATH:
    /*
-     * Set CA path info  for SSL connection. Specify directory name of the CA certificates
-     * which have been prepared using openssl c_rehash utility.
+     * Set CA path info for SSL connection. Specify directory name of the CA
+     * certificates which have been prepared using openssl c_rehash utility.
     */
-    data->set.ssl.CApath = va_arg(param, char *); /*This does not work on windows.*/
+    /* This does not work on windows. */
+    data->set.ssl.CApath = va_arg(param, char *);
    break;
  case CURLOPT_TELNETOPTIONS:
    /*
@@ -1048,6 +1049,10 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
    }
    break;

+  case CURLOPT_SSL_INSECURE:
+    data->set.ssl.allow_insecure = va_arg(param, long)?TRUE:FALSE;
+    break;
+
  default:
    /* unknown tag and its companion, just ignore: */
    return CURLE_FAILED_INIT; /* correct this */
@@ -2035,6 +2040,17 @@ static CURLcode CreateConnection(struct SessionHandle *data,
    return CURLE_UNSUPPORTED_PROTOCOL;
  }

+  if(conn->protocol & PROT_SSL) {
+    /* If SSL is requested, require security level info */
+
+    if(!data->set.ssl.allow_insecure &&
+       !(data->set.ssl.CAfile || data->set.ssl.CApath)) {
+      failf(data, "Insecure SSL connect attempted without explicit permission granted");
+      return CURLE_SSL_INSECURE;
+    }
+  }
+
+
  /*************************************************************
   * Figure out the remote port number
   *