From 49db37c6cdbf57f46ce667d213a0db02486f527f Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 14 Jul 2008 19:15:12 +0000 Subject: [PATCH] Block http requests if transport authentication is required. --- xmltooling/soap/impl/CURLSOAPTransport.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp index 4b278e3..0aca880 100644 --- a/xmltooling/soap/impl/CURLSOAPTransport.cpp +++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp @@ -412,6 +412,10 @@ void CURLSOAPTransport::send(istream& in) Category& log=Category::getInstance(XMLTOOLING_LOGCAT".SOAPTransport.CURL"); Category& log_curl=Category::getInstance(XMLTOOLING_LOGCAT".libcurl"); + // For this implementation, it's sufficient to check for https as a sign of transport security. + if (m_mandatory && !isConfidential()) + throw IOException("Blocking unprotected HTTP request, transport authentication by server required."); + string msg; // By this time, the handle has been prepared with the URL to use and the -- 2.1.4