diff options
| author | Alan D. Snow <alansnow21@gmail.com> | 2020-08-16 05:30:58 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-16 12:30:58 +0200 |
| commit | e1dc2d5516562c2e6e9668325d897c0eccdc6d2a (patch) | |
| tree | 0e5da750934ae01c11af2acb8edbf460c6ee2b50 /src/networkfilemanager.cpp | |
| parent | b8c198897da30e59d41f7b9ccb66bc1b0079e5d8 (diff) | |
| download | PROJ-e1dc2d5516562c2e6e9668325d897c0eccdc6d2a.tar.gz PROJ-e1dc2d5516562c2e6e9668325d897c0eccdc6d2a.zip | |
ENH: Add support for custum CA Bundle path (#2323)
Fixes #2320
Diffstat (limited to 'src/networkfilemanager.cpp')
| -rw-r--r-- | src/networkfilemanager.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/networkfilemanager.cpp b/src/networkfilemanager.cpp index 4d6f425c..7587bb72 100644 --- a/src/networkfilemanager.cpp +++ b/src/networkfilemanager.cpp @@ -1522,7 +1522,7 @@ struct CurlFileHandle { CurlFileHandle(const CurlFileHandle &) = delete; CurlFileHandle &operator=(const CurlFileHandle &) = delete; - explicit CurlFileHandle(const char *url, CURL *handle); + explicit CurlFileHandle(const char *url, CURL *handle, const char *ca_bundle_path); ~CurlFileHandle(); static PROJ_NETWORK_HANDLE * @@ -1594,7 +1594,7 @@ static std::string GetExecutableName() { // --------------------------------------------------------------------------- -CurlFileHandle::CurlFileHandle(const char *url, CURL *handle) +CurlFileHandle::CurlFileHandle(const char *url, CURL *handle, const char *ca_bundle_path) : m_url(url), m_handle(handle) { curl_easy_setopt(handle, CURLOPT_URL, m_url.c_str()); @@ -1615,6 +1615,23 @@ CurlFileHandle::CurlFileHandle(const char *url, CURL *handle) curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L); } + // Custom path to SSL certificates. + if (ca_bundle_path == nullptr) { + ca_bundle_path = getenv("PROJ_CURL_CA_BUNDLE"); + } + if (ca_bundle_path == nullptr) { + // Name of environment variable used by the curl binary + ca_bundle_path = getenv("CURL_CA_BUNDLE"); + } + if (ca_bundle_path == nullptr) { + // Name of environment variable used by the curl binary (tested + // after CURL_CA_BUNDLE + ca_bundle_path = getenv("SSL_CERT_FILE"); + } + if (ca_bundle_path != nullptr) { + curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_path); + } + curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, m_szCurlErrBuf); if (getenv("PROJ_NO_USERAGENT") == nullptr) { @@ -1683,7 +1700,8 @@ PROJ_NETWORK_HANDLE *CurlFileHandle::open(PJ_CONTEXT *ctx, const char *url, return nullptr; auto file = - std::unique_ptr<CurlFileHandle>(new CurlFileHandle(url, hCurlHandle)); + std::unique_ptr<CurlFileHandle>(new CurlFileHandle( + url, hCurlHandle, ctx->ca_bundle_path.empty() ? nullptr : ctx->ca_bundle_path.c_str())); double oldDelay = MIN_RETRY_DELAY_MS; std::string headers; |