| -rw-r--r-- | configure.ac | 14 | ||||
| -rw-r--r-- | lib/consumer.cc | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index fd50721..8397914 100644 --- a/configure.ac +++ b/configure.ac @@ -32,40 +32,54 @@ if test "${WANT_KONFORKA}" = "yes" ; then AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library]) AC_SUBST([KONFORKA_KONFORKA],[konforka]) ],[true]) fi WANT_DOXYGEN="yes" AC_ARG_ENABLE([doxygen], AC_HELP_STRING([--disable-doxygen],[do not generate documentation]), [ test "${enableval}" = "no" && WANT_DOXYGEN="no" ] ) if test "${WANT_DOXYGEN}" = "yes" ; then AC_WITH_DOXYGEN AC_WITH_DOT else AM_CONDITIONAL([HAVE_DOXYGEN],[false]) AM_CONDITIONAL([HAVE_DOT],[false]) fi LIBCURL_CHECK_CONFIG(,,,[ AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/]) ]) AC_WITH_PCRE([ AC_WITH_PCREPP(,[ AC_MSG_ERROR([no pcre++ library found. get one at http://www.daemon.de/PCRE]) ]) ],[ AC_MSG_ERROR([no pcre library found. get one at http://www.pcre.org/]) ] ) +curl_ssl_verify_host="true" +AC_ARG_ENABLE([ssl-verify-host], + AC_HELP_STRING([--disable-ssl-verify-host],[disable cURL cert/host relationships verification]), + [ test "${enableval}" = "no" && curl_ssl_verify_host="false" ] +) +${curl_ssl_verify_host} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYHOST],,[defined if cURL is not to verify cert/host]) + +curl_ssl_verify_peer="true" +AC_ARG_ENABLE([ssl-verify-peer], + AC_HELP_STRING([--disable-ssl-verify-peer],[disable cURL cert validity verification]), + [ test "${enableval}" = "no" && curl_ssl_verify_peer="false" ] +) +${curl_ssl_verify_peer} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYPEER],,[defined if cURL is not to verify cert validity]) + AC_CONFIG_FILES([ Makefile libopkele.pc Doxyfile include/Makefile lib/Makefile ]) AC_OUTPUT diff --git a/lib/consumer.cc b/lib/consumer.cc index 331b1e9..dc49405 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc @@ -9,64 +9,70 @@ #include <curl/curl.h> #include <pcre++.h> #include <iostream> #include "config.h" namespace opkele { using namespace std; class curl_t { public: CURL *_c; curl_t() : _c(0) { } curl_t(CURL *c) : _c(c) { } ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } operator const CURL*(void) const { return _c; } operator CURL*(void) { return _c; } }; static CURLcode curl_misc_sets(CURL* c) { CURLcode r; (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) +#ifdef DISABLE_CURL_SSL_VERIFYHOST + || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) +#endif +#ifdef DISABLE_CURL_SSL_VERYPEER + || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) +#endif ; return r; } static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { string *str = (string*)stream; size_t bytes = size*nmemb; size_t get = min(16384-str->length(),bytes); str->append((const char*)ptr,get); return get; } assoc_t consumer_t::associate(const string& server) { util::dh_t dh = DH_new(); if(!dh) throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); dh->p = util::dec_to_bignum(data::_default_p); dh->g = util::dec_to_bignum(data::_default_g); if(!DH_generate_key(dh)) throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); string request = "openid.mode=associate" "&openid.assoc_type=HMAC-SHA1" "&openid.session_type=DH-SHA1" "&openid.dh_consumer_public="; request += util::url_encode(util::bignum_to_base64(dh->pub_key)); curl_t curl = curl_easy_init(); if(!curl) throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); string response; CURLcode r; (r=curl_misc_sets(curl)) |