From d9e6d34fcc9112244b8602140ab8639443626ae7 Mon Sep 17 00:00:00 2001
From: kervala <none@none>
Date: Tue, 7 Aug 2018 18:40:48 +0200
Subject: [PATCH] Changed: Make sslCtxFunction private and don't include curl.h
 in header

--HG--
branch : develop
---
 code/nel/include/nel/gui/curl_certificates.h |  7 +--
 code/nel/src/gui/curl_certificates.cpp       | 55 ++++++++++++++------
 code/nel/src/gui/group_html.cpp              | 27 ++++------
 code/ryzom/client/src/http_client_curl.cpp   | 11 +---
 4 files changed, 54 insertions(+), 46 deletions(-)

diff --git a/code/nel/include/nel/gui/curl_certificates.h b/code/nel/include/nel/gui/curl_certificates.h
index dd4e923a0..ee6938842 100644
--- a/code/nel/include/nel/gui/curl_certificates.h
+++ b/code/nel/include/nel/gui/curl_certificates.h
@@ -19,7 +19,8 @@
 
 #include "nel/misc/types_nl.h"
 
-#include <curl/curl.h>
+// forward declaration to avoid curl.h inclusion everywhere
+typedef void CURL;
 
 namespace NLGUI
 {
@@ -32,8 +33,8 @@ namespace NLGUI
 		// allow to use custom PEM certificates
 		static void addCertificateFile(const std::string &cert);
 
-		// cURL SSL certificate loading
-		static CURLcode sslCtxFunction(CURL *curl, void *sslctx, void *parm);
+		// set all CURL options to use custom SSL context function
+		static void useCertificates(CURL *curl);
 	};
 
 } // namespace
diff --git a/code/nel/src/gui/curl_certificates.cpp b/code/nel/src/gui/curl_certificates.cpp
index e44161882..552ed2a9f 100644
--- a/code/nel/src/gui/curl_certificates.cpp
+++ b/code/nel/src/gui/curl_certificates.cpp
@@ -23,6 +23,8 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
+#include <curl/curl.h>
+
 using namespace std;
 using namespace NLMISC;
 
@@ -201,23 +203,8 @@ namespace NLGUI
 	/// this will be initialized on startup and cleared on exit
 	static SX509Certificates x509CertListManager;
 
-	// ***************************************************************************
-	// static
-	void CCurlCertificates::init(CURL *curl)
-	{
-		x509CertListManager.init(curl);
-	}
-
-	// ***************************************************************************
-	// static
-	void CCurlCertificates::addCertificateFile(const std::string &cert)
-	{
-		x509CertListManager.addCertificatesFromFile(cert);
-	}
-
-	// ***************************************************************************
-	// static
-	CURLcode CCurlCertificates::sslCtxFunction(CURL *curl, void *sslctx, void *parm)
+	// cURL SSL certificate loading
+	static CURLcode sslCtxFunction(CURL *curl, void *sslctx, void *parm)
 	{
 		CURLcode res = CURLE_OK;
 
@@ -282,5 +269,39 @@ namespace NLGUI
 		return res;
 	}
 
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::init(CURL *curl)
+	{
+		x509CertListManager.init(curl);
+	}
+
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::addCertificateFile(const std::string &cert)
+	{
+		x509CertListManager.addCertificatesFromFile(cert);
+	}
+
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::useCertificates(CURL *curl)
+	{
+		// CURL must be valid, using OpenSSL backend and certificates must be loaded, else return
+		if (!curl || !isUsingOpenSSLBackend || x509CertListManager.CertList.empty()) return;
+
+		curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
+
+		// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
+		if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &sslCtxFunction) != CURLE_OK)
+		{
+			nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
+		}
+
+		// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
+		curl_easy_setopt(curl, CURLOPT_CAINFO, NULL);
+		curl_easy_setopt(curl, CURLOPT_CAPATH, NULL);
+	}
+
 }// namespace
 
diff --git a/code/nel/src/gui/group_html.cpp b/code/nel/src/gui/group_html.cpp
index fe08b6931..6f0e612c9 100644
--- a/code/nel/src/gui/group_html.cpp
+++ b/code/nel/src/gui/group_html.cpp
@@ -404,15 +404,8 @@ namespace NLGUI
 			// specify custom CA certs
 			CCurlCertificates::addCertificateFile(options.curlCABundle);
 
-			// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
-			if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction) != CURLE_OK)
-			{
-				nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
-			}
-
-			// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
-			curl_easy_setopt(curl, CURLOPT_CAINFO, NULL);
-			curl_easy_setopt(curl, CURLOPT_CAPATH, NULL);
+			// if supported, use custom SSL context function to load certificates
+			CCurlCertificates::useCertificates(curl);
 		}
 
 		download.data = new CCurlWWWData(curl, download.url);
@@ -5350,14 +5343,14 @@ namespace NLGUI
 		// https://
 		if (toLower(url.substr(0, 8)) == "https://")
 		{
-#if defined(NL_OS_WINDOWS)
-			curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction);
-#else
-			if (!options.curlCABundle.empty())
-			{
-				curl_easy_setopt(curl, CURLOPT_CAINFO, options.curlCABundle.c_str());
-			}
-#endif
+			// check if compiled with OpenSSL backend
+			CCurlCertificates::init(curl);
+
+			// specify custom CA certs
+			CCurlCertificates::addCertificateFile(options.curlCABundle);
+
+			// if supported, use custom SSL context function to load certificates
+			CCurlCertificates::useCertificates(curl);
 		}
 
 		// do not follow redirects, we have own handler
diff --git a/code/ryzom/client/src/http_client_curl.cpp b/code/ryzom/client/src/http_client_curl.cpp
index 418fc61bd..2887543c3 100644
--- a/code/ryzom/client/src/http_client_curl.cpp
+++ b/code/ryzom/client/src/http_client_curl.cpp
@@ -70,7 +70,6 @@ bool CCurlHttpClient::verifyServer(bool verify)
 {
 	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYHOST, verify ? 2 : 0);
 	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYPEER, verify ? 1 : 0);
-	curl_easy_setopt(_Curl, CURLOPT_SSLCERTTYPE, "PEM");
 
 	// check if compiled with OpenSSL backend
 	NLGUI::CCurlCertificates::init(_Curl);
@@ -78,15 +77,9 @@ bool CCurlHttpClient::verifyServer(bool verify)
 	// specify custom CA certs
 	NLGUI::CCurlCertificates::addCertificateFile(CAFilename);
 
-	// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
-	if (curl_easy_setopt(_Curl, CURLOPT_SSL_CTX_FUNCTION, &NLGUI::CCurlCertificates::sslCtxFunction) != CURLE_OK)
-	{
-		nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
-	}
+	// if supported, use custom SSL context function to load certificates
+	NLGUI::CCurlCertificates::useCertificates(_Curl);
 
-	// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
-	curl_easy_setopt(_Curl, CURLOPT_CAINFO, NULL);
-	curl_easy_setopt(_Curl, CURLOPT_CAPATH, NULL);
 	return true;
 }