From 4b4a6240a6976cea3af33f00c66284385b3dfa5e Mon Sep 17 00:00:00 2001 From: cantor Date: Tue, 17 Jul 2007 19:55:00 +0000 Subject: [PATCH] Option to disable host checking. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@355 de75baf8-a10c-0410-a50a-987c0e22f00f --- xmltooling/soap/SOAPTransport.h | 10 ++++++++++ xmltooling/soap/impl/CURLSOAPTransport.cpp | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/xmltooling/soap/SOAPTransport.h b/xmltooling/soap/SOAPTransport.h index b36c606..cb8d9b6 100644 --- a/xmltooling/soap/SOAPTransport.h +++ b/xmltooling/soap/SOAPTransport.h @@ -90,6 +90,16 @@ namespace xmltooling { */ virtual bool setAuth(transport_auth_t authType, const char* username=NULL, const char* password=NULL)=0; + /** + * Determines whether TLS/SSL connections include a check of the server's certificate + * against the expected hostname or address. Defaults to true, and has no effect for + * insecure protocols. + * + * @param verify true iff the hostname should be verified against the server's certificate + * @return true iff the transport supports hostname verification + */ + virtual bool setVerifyHost(bool verify)=0; + #ifndef XMLTOOLING_NO_XMLSEC /** * Supplies transport credentials. diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp index 6f599f4..7261a80 100644 --- a/xmltooling/soap/impl/CURLSOAPTransport.cpp +++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp @@ -78,6 +78,7 @@ namespace xmltooling { curl_easy_setopt(m_handle,CURLOPT_TIMEOUT,30); curl_easy_setopt(m_handle,CURLOPT_HTTPAUTH,0); curl_easy_setopt(m_handle,CURLOPT_USERPWD,NULL); + curl_easy_setopt(m_handle,CURLOPT_SSL_VERIFYHOST,2); curl_easy_setopt(m_handle,CURLOPT_HEADERDATA,this); m_headers=curl_slist_append(m_headers,"Content-Type: text/xml"); } @@ -103,6 +104,10 @@ namespace xmltooling { bool setAuth(transport_auth_t authType, const char* username=NULL, const char* password=NULL); + bool setVerifyHost(bool verify) { + return (curl_easy_setopt(m_handle,CURLOPT_SSL_VERIFYHOST,verify ? 2 : 0)==CURLE_OK); + } + #ifndef XMLTOOLING_NO_XMLSEC bool setCredential(const Credential* cred=NULL) { const OpenSSLCredential* down = dynamic_cast(cred); @@ -277,7 +282,6 @@ CURL* CURLPool::get(const char* to, const char* endpoint) curl_easy_setopt(handle,CURLOPT_SSLVERSION,3); // Verification of the peer is via TrustEngine only. curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0); - curl_easy_setopt(handle,CURLOPT_SSL_VERIFYHOST,2); curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook); curl_easy_setopt(handle,CURLOPT_WRITEFUNCTION,&curl_write_hook); curl_easy_setopt(handle,CURLOPT_DEBUGFUNCTION,&curl_debug_hook); -- 2.1.4