Merge with develop

This commit is contained in:
kervala 2016-04-18 13:40:46 +02:00
parent 77927a2558
commit 9b837748aa

View file

@ -20,6 +20,7 @@
#include <curl/curl.h> #include <curl/curl.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h>
using namespace NLMISC; using namespace NLMISC;
using namespace NLNET; using namespace NLNET;
@ -62,11 +63,11 @@ bool CCurlHttpClient::authenticate(const std::string &user, const std::string &p
const char *CAFilename = "ssl_ca_cert.pem"; // this is the certificate "Thawte Server CA" const char *CAFilename = "ssl_ca_cert.pem"; // this is the certificate "Thawte Server CA"
// *************************************************************************** // ***************************************************************************
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) static CURLcode sslctx_function(CURL * /* curl */, void *sslctx, void * /* parm */)
{ {
// look for certificate in search paths // look for certificate in search paths
string path = CPath::lookup(CAFilename); string path = CPath::lookup(CAFilename);
nldebug("Cert path '%s'", path.c_str()); nlinfo("Cert path '%s'", path.c_str());
if (path.empty()) if (path.empty())
{ {
@ -92,6 +93,8 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
// get a BIO // get a BIO
BIO *bio = BIO_new_mem_buf(&buffer[0], file.getFileSize()); BIO *bio = BIO_new_mem_buf(&buffer[0], file.getFileSize());
char errorBuffer[1024];
if (bio) if (bio)
{ {
// get a pointer to the X509 certificate store (which may be empty!) // get a pointer to the X509 certificate store (which may be empty!)
@ -113,8 +116,19 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
// add our certificate to this store // add our certificate to this store
if (X509_STORE_add_cert(store, itmp->x509) == 0) if (X509_STORE_add_cert(store, itmp->x509) == 0)
{ {
nlwarning("Error adding certificate"); uint errCode = ERR_get_error();
res = CURLE_SSL_CACERT;
// ignore already in hash table errors
if (ERR_GET_LIB(errCode) != ERR_LIB_X509 || ERR_GET_REASON(errCode) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
{
ERR_error_string_n(errCode, errorBuffer, 1024);
nlwarning("Error adding certificate %s: %s", itmp->x509->name, errorBuffer);
res = CURLE_SSL_CACERT;
}
}
else
{
nlinfo("Added certificate %s", itmp->x509->name);
} }
} }
} }