From 5e4543513bd5ecb348990da0c5f6c5196d2fd097 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Gait=C3=A1n?= Date: Tue, 19 Jul 2016 13:40:19 +0200 Subject: [PATCH] Added OSG_CURL_SSL_VERIFYPEER option to the curl plugin to allow connecting to secure servers without the certificate --- src/osgPlugins/curl/ReaderWriterCURL.cpp | 22 +++++++++++++++++++--- src/osgPlugins/curl/ReaderWriterCURL.h | 5 ++++- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/osgPlugins/curl/ReaderWriterCURL.cpp b/src/osgPlugins/curl/ReaderWriterCURL.cpp index e0562f6d8..913662a08 100644 --- a/src/osgPlugins/curl/ReaderWriterCURL.cpp +++ b/src/osgPlugins/curl/ReaderWriterCURL.cpp @@ -142,6 +142,7 @@ EasyCurl::EasyCurl() _previousHttpAuthentication = 0; _connectTimeout = 0; // no timeout by default. _timeout = 0; + _sslVerifyPeer = 1L; _curl = curl_easy_init(); @@ -252,6 +253,9 @@ void EasyCurl::setOptions(const std::string& proxyAddress, const std::string& fi curl_easy_setopt(_curl, CURLOPT_PROXY, proxyAddress.c_str()); //Sets proxy address and port on libcurl } + // setting ssl verify peer (default is enabled) + curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER, _sslVerifyPeer); + const osgDB::AuthenticationDetails* details = authenticationMap ? authenticationMap->getAuthenticationDetails(fileName) : 0; @@ -385,6 +389,7 @@ ReaderWriterCURL::ReaderWriterCURL() supportsOption("OSG_CURL_PROXYPORT","Specify the http proxy port."); supportsOption("OSG_CURL_CONNECTTIMEOUT","Specify the connection timeout duration in seconds [default = 0 = not set]."); supportsOption("OSG_CURL_TIMEOUT","Specify the timeout duration of the whole transfer in seconds [default = 0 = not set]."); + supportsOption("OSG_CURL_SSL_VERIFYPEER","Specify ssl verification peer [default = 1 = set]."); } ReaderWriterCURL::~ReaderWriterCURL() @@ -428,11 +433,13 @@ osgDB::ReaderWriter::WriteResult ReaderWriterCURL::writeFile(const osg::Object& std::string proxyAddress; long connectTimeout = 0; long timeout = 0; - getConnectionOptions(options, proxyAddress, connectTimeout, timeout); + long sslVerifyPeer = 1; + getConnectionOptions(options, proxyAddress, connectTimeout, timeout, sslVerifyPeer); EasyCurl::StreamObject sp(&responseBuffer, &requestBuffer, std::string()); EasyCurl& easyCurl = getEasyCurl(); easyCurl.setConnectionTimeout(connectTimeout); easyCurl.setTimeout(timeout); + easyCurl.setSSLVerifyPeer(sslVerifyPeer); // Output requestBuffer via curl, and return responseBuffer in message of result. return easyCurl.write(proxyAddress, fullFileName, sp, options); @@ -452,7 +459,11 @@ osgDB::ReaderWriter::ReadResult ReaderWriterCURL::readFile(ObjectType objectType return ReadResult::FILE_NOT_HANDLED; } -void ReaderWriterCURL::getConnectionOptions(const osgDB::ReaderWriter::Options *options, std::string& proxyAddress, long& connectTimeout, long& timeout) const +void ReaderWriterCURL::getConnectionOptions(const osgDB::ReaderWriter::Options *options, + std::string& proxyAddress, + long& connectTimeout, + long& timeout, + long& sslVerifyPeer) const { if (options) { @@ -469,8 +480,11 @@ void ReaderWriterCURL::getConnectionOptions(const osgDB::ReaderWriter::Options * connectTimeout = atol(opt.substr( index+1 ).c_str()); // this will return 0 in case of improper format. else if( opt.substr( 0, index ) == "OSG_CURL_TIMEOUT" ) timeout = atol(opt.substr( index+1 ).c_str()); // this will return 0 in case of improper format. + else if( opt.substr(0, index) == "OSG_CURL_SSL_VERIFYPEER" ) + sslVerifyPeer = atol(opt.substr( index+1 ).c_str()); // this will return 0 in case of improper format. } + //Setting Proxy by OSG Options if(!optProxy.empty()) { @@ -529,7 +543,8 @@ osgDB::ReaderWriter::ReadResult ReaderWriterCURL::readFile(ObjectType objectType std::string proxyAddress; long connectTimeout = 0; long timeout = 0; - getConnectionOptions(options, proxyAddress, connectTimeout, timeout); + long sslVerifyPeer = 1; + getConnectionOptions(options, proxyAddress, connectTimeout, timeout, sslVerifyPeer); bool uncompress = false; @@ -568,6 +583,7 @@ osgDB::ReaderWriter::ReadResult ReaderWriterCURL::readFile(ObjectType objectType // setup the timeouts: easyCurl.setConnectionTimeout(connectTimeout); easyCurl.setTimeout(timeout); + easyCurl.setSSLVerifyPeer(sslVerifyPeer); ReadResult curlResult = easyCurl.read(proxyAddress, fileName, sp, options); diff --git a/src/osgPlugins/curl/ReaderWriterCURL.h b/src/osgPlugins/curl/ReaderWriterCURL.h index bac63bcd9..783954646 100644 --- a/src/osgPlugins/curl/ReaderWriterCURL.h +++ b/src/osgPlugins/curl/ReaderWriterCURL.h @@ -61,6 +61,8 @@ class EasyCurl : public osg::Referenced // the timeout variable is used to limit the whole transfer duration instead of the connection phase only. inline void setTimeout(long val) { _timeout = val; } + inline void setSSLVerifyPeer(long verifyPeer) { _sslVerifyPeer = verifyPeer; } + // Perform HTTP GET to download data from web server. osgDB::ReaderWriter::ReadResult read(const std::string& proxyAddress, const std::string& fileName, StreamObject& sp, const osgDB::ReaderWriter::Options *options); @@ -91,6 +93,7 @@ class EasyCurl : public osg::Referenced long _previousHttpAuthentication; long _connectTimeout; long _timeout; + long _sslVerifyPeer; }; @@ -171,7 +174,7 @@ class ReaderWriterCURL : public osgDB::ReaderWriter bool read(std::istream& fin, std::string& destination) const; protected: - void getConnectionOptions(const osgDB::ReaderWriter::Options *options, std::string& proxyAddress, long& connectTimeout, long& timeout) const; + void getConnectionOptions(const osgDB::ReaderWriter::Options *options, std::string& proxyAddress, long& connectTimeout, long& timeout, long& sslVerifyPeer) const; typedef std::map< OpenThreads::Thread*, osg::ref_ptr > ThreadCurlMap;