diff options
| author |  Alan F <ajf@eth0.org.uk> | 2013-12-20 21:13:54 +0000 |
|---|---|---|
| committer | Alan F <ajf@eth0.org.uk> | 2013-12-20 21:13:54 +0000 |
| commit | 0b0eb52a5b2c82a4bbcc0d04d523883623124c4f (patch) | |
| tree | 1744137bc84649b0bfd26ad01950e20180793496 /src | |
| parent | 8064c4775c2ea89f9a01d342045e5d7d61717410 (diff) | |
issue 235 - optional validation of SSL certificates
Diffstat (limited to 'src')
| -rw-r--r-- | src/trg-client.c | 14 | ||||
| -rw-r--r-- | src/trg-client.h | 1 | ||||
| -rw-r--r-- | src/trg-preferences-dialog.c | 4 | ||||
| -rw-r--r-- | src/trg-prefs.h | 1 |
4 files changed, 19 insertions, 1 deletions
diff --git a/src/trg-client.c b/src/trg-client.c index f20677a..1ffde9b 100644 --- a/src/trg-client.c +++ b/src/trg-client.c @@ -71,6 +71,7 @@ struct _TrgClientPrivate { gint64 updateSerial; JsonObject *session; gboolean ssl; + gboolean ssl_validate; gdouble version; char *url; char *username; @@ -255,6 +256,9 @@ int trg_client_populate_with_settings(TrgClient * tc) #ifndef CURL_NO_SSL priv->ssl = trg_prefs_get_bool(prefs, TRG_PREFS_KEY_SSL, TRG_PREFS_CONNECTION); + priv->ssl_validate = trg_prefs_get_bool(prefs, TRG_PREFS_KEY_SSL_VALIDATE, + TRG_PREFS_CONNECTION); + #else priv->ssl = FALSE; #endif @@ -377,6 +381,11 @@ gboolean trg_client_get_ssl(TrgClient * tc) { return tc->priv->ssl; } + +gboolean trg_client_get_ssl_validate(TrgClient * tc) +{ + return tc->priv->ssl_validate; +} #endif gchar *trg_client_get_proxy(TrgClient * tc) @@ -485,8 +494,11 @@ static void trg_tls_update(TrgClient * tc, trg_tls * tls, gint serial) curl_easy_setopt(tls->curl, CURLOPT_URL, trg_client_get_url(tc)); #ifndef CURL_NO_SSL - if (trg_client_get_ssl(tc)) + if (trg_client_get_ssl(tc) && !trg_client_get_ssl_validate(tc)) { + + curl_easy_setopt(tls->curl, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt(tls->curl, CURLOPT_SSL_VERIFYPEER, 0); + } #endif proxy = trg_client_get_proxy(tc); diff --git a/src/trg-client.h b/src/trg-client.h index 3b7d916..a0bee33 100644 --- a/src/trg-client.h +++ b/src/trg-client.h @@ -141,6 +141,7 @@ gchar *trg_client_get_session_id(TrgClient * tc); void trg_client_set_session_id(TrgClient * tc, gchar * session_id); #ifndef CURL_NO_SSL gboolean trg_client_get_ssl(TrgClient * tc); +gboolean trg_client_get_ssl_validate(TrgClient * tc); #endif gchar *trg_client_get_proxy(TrgClient * tc); gint64 trg_client_get_serial(TrgClient * tc); diff --git a/src/trg-preferences-dialog.c b/src/trg-preferences-dialog.c index 6e98f25..b9327c6 100644 --- a/src/trg-preferences-dialog.c +++ b/src/trg-preferences-dialog.c @@ -831,6 +831,10 @@ static GtkWidget *trg_prefs_serverPage(TrgPreferencesDialog * dlg) w = trgp_check_new(dlg, _("SSL"), TRG_PREFS_KEY_SSL, TRG_PREFS_PROFILE, NULL); hig_workarea_add_wide_control(t, &row, w); + w = trgp_check_new(dlg, _("Validate SSL Certificate"), TRG_PREFS_KEY_SSL_VALIDATE, TRG_PREFS_PROFILE, + w); + hig_workarea_add_wide_control(t, &row, w); + #endif w = trgp_spin_new(dlg, TRG_PREFS_KEY_TIMEOUT, 1, 3600, 1, diff --git a/src/trg-prefs.h b/src/trg-prefs.h index e7a7f48..9dda148 100644 --- a/src/trg-prefs.h +++ b/src/trg-prefs.h @@ -41,6 +41,7 @@ #define TRG_PREFS_KEY_PASSWORD "password" #define TRG_PREFS_KEY_AUTO_CONNECT "auto-connect" #define TRG_PREFS_KEY_SSL "ssl" +#define TRG_PREFS_KEY_SSL_VALIDATE "ssl-validate" #define TRG_PREFS_KEY_TIMEOUT "timeout" #define TRG_PREFS_KEY_RETRIES "retries" #define TRG_PREFS_KEY_UPDATE_INTERVAL "update-interval" |