diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-02-03 14:59:45 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-02-03 14:59:45 +0000 |
| commit | 78e0800beb28669360e37d78de06abf31df9dcac (patch) | |
| tree | b603504c5a0bca50225f98353f6c11a158789732 /src/libutil | |
| parent | c0e76d49b5133638cee11846a1fc79d8929c865a (diff) | |
| download | rspamd-78e0800beb28669360e37d78de06abf31df9dcac.tar.gz rspamd-78e0800beb28669360e37d78de06abf31df9dcac.zip | |
[Minor] Allow to disable ssl verification if needed
Diffstat (limited to 'src/libutil')
| -rw-r--r-- | src/libutil/http.c | 3 | ||||
| -rw-r--r-- | src/libutil/http.h | 13 | ||||
| -rw-r--r-- | src/libutil/ssl_util.c | 7 | ||||
| -rw-r--r-- | src/libutil/ssl_util.h | 2 |
4 files changed, 16 insertions, 9 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c index 1a8a4b953..47c1836d3 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -2183,7 +2183,8 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn rspamd_ssl_connection_free (priv->ssl); } - priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx, base); + priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx, base, + !(msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY)); g_assert (priv->ssl != NULL); if (!rspamd_ssl_connect_fd (priv->ssl, fd, host, &priv->ev, diff --git a/src/libutil/http.h b/src/libutil/http.h index 9f3861865..a28a6b389 100644 --- a/src/libutil/http.h +++ b/src/libutil/http.h @@ -67,15 +67,18 @@ struct rspamd_storage_shmem { * Body has been set for a message */ #define RSPAMD_HTTP_FLAG_HAS_BODY (1 << 5) - +/** + * Do not verify server's certificate + */ +#define RSPAMD_HTTP_FLAG_SSL_NOVERIFY (1 << 6) /** * Options for HTTP connection */ enum rspamd_http_options { - RSPAMD_HTTP_BODY_PARTIAL = 0x1, /**< Call body handler on all body data portions */ - RSPAMD_HTTP_CLIENT_SIMPLE = 0x2, /**< Read HTTP client reply automatically */ - RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x4, /**< Encrypt data for client */ - RSPAMD_HTTP_CLIENT_SHARED = 0x8, /**< Store reply in shared memory */ + RSPAMD_HTTP_BODY_PARTIAL = 0x1, /**< Call body handler on all body data portions *///!< RSPAMD_HTTP_BODY_PARTIAL + RSPAMD_HTTP_CLIENT_SIMPLE = 0x2, /**< Read HTTP client reply automatically */ //!< RSPAMD_HTTP_CLIENT_SIMPLE + RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x4, /**< Encrypt data for client */ //!< RSPAMD_HTTP_CLIENT_ENCRYPTED + RSPAMD_HTTP_CLIENT_SHARED = 0x8, /**< Store reply in shared memory */ //!< RSPAMD_HTTP_CLIENT_SHARED }; typedef int (*rspamd_http_body_handler_t) (struct rspamd_http_connection *conn, diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c index 3dc34e66a..a2106ff2b 100644 --- a/src/libutil/ssl_util.c +++ b/src/libutil/ssl_util.c @@ -34,6 +34,7 @@ struct rspamd_ssl_connection { ssl_next_read, ssl_next_write } state; + gboolean verify_peer; SSL *ssl; gchar *hostname; struct event *ev; @@ -373,7 +374,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud) if (ret == 1) { event_del (c->ev); /* Verify certificate */ - if (rspamd_ssl_peer_verify (c)) { + if ((!c->verify_peer) || rspamd_ssl_peer_verify (c)) { c->state = ssl_conn_connected; c->handler (fd, EV_WRITE, c->handler_data); } @@ -435,7 +436,8 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud) } struct rspamd_ssl_connection * -rspamd_ssl_connection_new (gpointer ssl_ctx, struct event_base *ev_base) +rspamd_ssl_connection_new (gpointer ssl_ctx, struct event_base *ev_base, + gboolean verify_peer) { struct rspamd_ssl_connection *c; @@ -443,6 +445,7 @@ rspamd_ssl_connection_new (gpointer ssl_ctx, struct event_base *ev_base) c = g_slice_alloc0 (sizeof (*c)); c->ssl = SSL_new (ssl_ctx); c->ev_base = ev_base; + c->verify_peer = verify_peer; return c; } diff --git a/src/libutil/ssl_util.h b/src/libutil/ssl_util.h index 64e6a413e..73a940e00 100644 --- a/src/libutil/ssl_util.h +++ b/src/libutil/ssl_util.h @@ -30,7 +30,7 @@ typedef void (*rspamd_ssl_error_handler_t)(gpointer d, GError *err); * @return opaque connection data */ struct rspamd_ssl_connection * rspamd_ssl_connection_new (gpointer ssl_ctx, - struct event_base *ev_base); + struct event_base *ev_base, gboolean verify_peer); /** * Connects SSL session using the specified (connected) FD |