Block http requests if transport authentication is required.

author Scott Cantor <cantor.2@osu.edu>

Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)
author Scott Cantor <cantor.2@osu.edu>
Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)
diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp

index 4b278e3..0aca880 100644 (file)
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -412,6 +412,10 @@ void CURLSOAPTransport::send(istream& in)
      Category& log=Category::getInstance(XMLTOOLING_LOGCAT".SOAPTransport.CURL");
      Category& log_curl=Category::getInstance(XMLTOOLING_LOGCAT".libcurl");
  
+    // For this implementation, it's sufficient to check for https as a sign of transport security.
+    if (m_mandatory && !isConfidential())
+        throw IOException("Blocking unprotected HTTP request, transport authentication by server required.");
+
      string msg;
  
      // By this time, the handle has been prepared with the URL to use and the
author	Scott Cantor <cantor.2@osu.edu>
	Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Mon, 14 Jul 2008 19:15:12 +0000 (19:15 +0000)