Home Explore Help
Sign In
cpp
/
panda3d
mirror of https://github.com/panda3d/panda3d
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add set_verify_ssl

David Rose 23 years ago
parent
27107f5244
commit
4b13992ed8
3 changed files with 23 additions and 1 deletions
Split View Show Diff Stats
  1. 16 0
      panda/src/downloader/httpClient.I
  2. 5 1
      panda/src/downloader/httpClient.cxx
  3. 2 0
      panda/src/downloader/httpClient.h

+ 16 - 0
panda/src/downloader/httpClient.I
View File 

@@ -79,3 +79,19 @@ get_proxy() const {
 
   return _proxy;
 
 }
 
 
+////////////////////////////////////////////////////////////////////
 
+//     Function: HTTPClient::set_verify_ssl
 
+//       Access: Published
 
+//  Description: Specifies whether the client will insist on verifying
 
+//               the identity of the servers it connects to via SSL
 
+//               (that is, https).  If this is true (the default),
 
+//               connections will only be allowed to trusted servers.
 
+////////////////////////////////////////////////////////////////////
 
+INLINE void HTTPClient::
 
+set_verify_ssl(bool verify_ssl) {
 
+  if (verify_ssl) {
 
+    SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_PEER, NULL);
 
+  } else {
 
+    SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_NONE, NULL);
 
+  }
 
+}

+ 5 - 1
panda/src/downloader/httpClient.cxx
View File 

@@ -21,6 +21,7 @@
 
 #include "filename.h"
 
 #include "config_express.h"
 
 #include "virtualFileSystem.h"
 
+#include "executionEnvironment.h"
 
 
 #ifdef HAVE_SSL
 
 
@@ -107,6 +108,9 @@ make_ctx() {
 
   }
 
   _ssl_ctx = SSL_CTX_new(SSLv23_client_method());
 
 
+  // By default, insist on verifying servers.
 
+  SSL_CTX_set_verify(_ssl_ctx, SSL_VERIFY_PEER, NULL);
 
+
 
   // Load in any default certificates listed in the Configrc file.
 
   Config::ConfigTable::Symbol cert_files;
 
   config_express.GetAll("ssl-certificates", cert_files);
 
@@ -119,7 +123,7 @@ make_ctx() {
 
   for (si = cert_files.begin(); si != cert_files.end(); ++si) {
 
     string cert_file = (*si).Val();
 
     if (already_read.insert(cert_file).second) {
 
-      Filename filename = Filename::from_os_specific(cert_file);
 
+      Filename filename = Filename::from_os_specific(ExecutionEnvironment::expand_string(cert_file));
 
       if (load_certificates(filename)) {
 
         downloader_cat.info()
 
           << "Appending SSL certificates from " << cert_file << "\n";

+ 2 - 0
panda/src/downloader/httpClient.h
View File 

@@ -53,6 +53,8 @@ PUBLISHED:
 
 
   bool load_certificates(const Filename &filename);
 
 
+  INLINE void set_verify_ssl(bool verify_ssl);
 
+
 
   PT(HTTPDocument) get_document(const URLSpec &url, const string &body = string());
 
 
 private: