Add --cacert and --proxy-cacert
Fixes https://github.com/fangfufu/httpdirfs/issues/108
This commit is contained in:
Nathaniel Wesley Filardo
parent
ff5f566dd9
commit
12abb7d8ad
|
|
@ -53,6 +53,8 @@ typedef struct {
|
|||
char *proxy_username;
|
||||
/** \brief HTTP proxy password */
|
||||
char *proxy_password;
|
||||
/** \brief HTTP proxy certificate file */
|
||||
char *proxy_cafile;
|
||||
/** \brief HTTP maximum connection count */
|
||||
long max_conns;
|
||||
/** \brief HTTP user agent*/
|
||||
|
|
@ -63,6 +65,8 @@ typedef struct {
|
|||
int no_range_check;
|
||||
/** \brief Disable TLS certificate verification */
|
||||
int insecure_tls;
|
||||
/** \brief Server certificate file */
|
||||
char *cafile;
|
||||
/*--------------- Cache related ---------------*/
|
||||
/** \brief Whether cache mode is enabled */
|
||||
int cache_enabled;
|
||||
|
|
|
|||
33
src/link.c
33
src/link.c
|
|
@ -95,6 +95,25 @@ static CURL *Link_to_curl(Link *link)
|
|||
if (ret) {
|
||||
lprintf(error, "%s", curl_easy_strerror(ret));
|
||||
}
|
||||
if (CONFIG.cafile) {
|
||||
/*
|
||||
* Having been given a certificate file, disable any search directory
|
||||
* built into libcurl, so that we exclusively use the explicitly given
|
||||
* certificate(s).
|
||||
*
|
||||
* If we ever add a CAPATH option, we should do the mirror for CAINFO,
|
||||
* too: disable both and then enable whichever one(s) were given.
|
||||
*/
|
||||
ret = curl_easy_setopt(curl, CURLOPT_CAPATH, NULL);
|
||||
if (ret) {
|
||||
lprintf(error, "%s", curl_easy_strerror(ret));
|
||||
}
|
||||
|
||||
ret = curl_easy_setopt(curl, CURLOPT_CAINFO, CONFIG.cafile);
|
||||
if (ret) {
|
||||
lprintf(error, "%s", curl_easy_strerror(ret));
|
||||
}
|
||||
}
|
||||
if (CONFIG.insecure_tls) {
|
||||
ret = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
if (ret) {
|
||||
|
|
@ -146,6 +165,20 @@ static CURL *Link_to_curl(Link *link)
|
|||
}
|
||||
}
|
||||
|
||||
if (CONFIG.proxy_cafile) {
|
||||
/* See CONFIG.cafile above */
|
||||
ret = curl_easy_setopt(curl, CURLOPT_PROXY_CAPATH, NULL);
|
||||
if (ret) {
|
||||
lprintf(error, "%s", curl_easy_strerror(ret));
|
||||
}
|
||||
|
||||
ret = curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO,
|
||||
CONFIG.proxy_cafile);
|
||||
if (ret) {
|
||||
lprintf(error, "%s", curl_easy_strerror(ret));
|
||||
}
|
||||
}
|
||||
|
||||
return curl;
|
||||
}
|
||||
|
||||
|
|
|
|||
10
src/main.c
10
src/main.c
|
|
@ -199,6 +199,8 @@ parse_arg_list(int argc, char **argv, char ***fuse_argv, int *fuse_argc)
|
|||
{ "insecure-tls", no_argument, NULL, 'L' }, /* 20 */
|
||||
{ "config", required_argument, NULL, 'L' }, /* 21 */
|
||||
{ "single-file-mode", required_argument, NULL, 'L' }, /* 22 */
|
||||
{ "cacert", required_argument, NULL, 'L' }, /* 23 */
|
||||
{ "proxy-cacert", required_argument, NULL, 'L' }, /* 24 */
|
||||
{ 0, 0, 0, 0 }
|
||||
};
|
||||
while ((c =
|
||||
|
|
@ -296,6 +298,12 @@ parse_arg_list(int argc, char **argv, char ***fuse_argv, int *fuse_argc)
|
|||
case 22:
|
||||
CONFIG.mode = SINGLE;
|
||||
break;
|
||||
case 23:
|
||||
CONFIG.cafile = strdup(optarg);
|
||||
break;
|
||||
case 24:
|
||||
CONFIG.proxy_cafile = strdup(optarg);
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "see httpdirfs -h for usage\n");
|
||||
return 1;
|
||||
|
|
@ -347,9 +355,11 @@ HTTPDirFS options:\n\
|
|||
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html\n\
|
||||
--proxy-username Username for the proxy\n\
|
||||
--proxy-password Password for the proxy\n\
|
||||
--proxy-cacert Certificate authority for the proxy\n\
|
||||
--cache Enable cache (default: off)\n\
|
||||
--cache-location Set a custom cache location\n\
|
||||
(default: \"${XDG_CACHE_HOME}/httpdirfs\")\n\
|
||||
--cacert Certificate authority for the server\n\
|
||||
--dl-seg-size Set cache download segment size, in MB (default: 8)\n\
|
||||
Note: this setting is ignored if previously\n\
|
||||
cached data is found for the requested file.\n\
|
||||
|
|
|
|||
Loading…
Reference in New Issue