]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
mod_xml_curl mod_xml_cdr: fix ssl verify peer option and add cookie options (MDXMLINT...
authorMichael Jerris <mike@jerris.com>
Mon, 13 Jul 2009 03:08:23 +0000 (03:08 +0000)
committerMichael Jerris <mike@jerris.com>
Mon, 13 Jul 2009 03:08:23 +0000 (03:08 +0000)
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@14208 d0543943-73ff-0310-b7d9-9358b9ac24b2

src/mod/xml_int/mod_xml_cdr/mod_xml_cdr.c
src/mod/xml_int/mod_xml_curl/mod_xml_curl.c

index 0f60523d1db3d5b30baba0e7415bbd55beb9b422..4bebdbb6fcd67955434c6aa1b66111fe2f890f4b 100644 (file)
@@ -45,7 +45,13 @@ static struct {
        uint32_t delay;
        uint32_t retries;
        uint32_t shutdown;
-       uint32_t ignore_cacert_check;
+       uint32_t enable_cacert_check;
+       char *ssl_cert_file;
+       char *ssl_key_file;
+       char *ssl_key_password;
+       char *ssl_version;
+       char *ssl_cacert_file;
+       uint32_t enable_ssl_verifyhost;
        int encode;
        int log_b;
        int prefix_a;
@@ -178,9 +184,29 @@ static switch_status_t my_on_reporting(switch_core_session_t *session)
                        slist = curl_slist_append(slist, "Expect:");
                        curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, slist);
                }
-
-               if (globals.ignore_cacert_check) {
-                       curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
+               
+               if (globals.ssl_cert_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLCERT, globals.ssl_cert_file);
+               }
+               
+               if (globals.ssl_key_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLKEY, globals.ssl_key_file);
+               }
+               
+               if (globals.ssl_key_password) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLKEYPASSWD, globals.ssl_key_password);
+               }
+               
+               if (globals.ssl_version) {
+                       if (!strcasecmp(globals.ssl_version, "SSLv3")) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+                       } else if (!strcasecmp(globals.ssl_version, "TLSv1")) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+                       }
+               }
+               
+               if (globals.ssl_cacert_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_CAINFO, globals.ssl_cacert_file);
                }
 
                /* these were used for testing, optionally they may be enabled if someone desires
@@ -199,6 +225,14 @@ static switch_status_t my_on_reporting(switch_core_session_t *session)
                                curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
                                curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
                        }
+                       
+                       if (globals.enable_cacert_check) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, TRUE);
+                       }
+                       
+                       if (globals.enable_ssl_verifyhost) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 2);
+                       }
 
                        curl_easy_perform(curl_handle);
                        curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &httpRes);
@@ -353,10 +387,22 @@ SWITCH_MODULE_LOAD_FUNCTION(mod_xml_cdr_load)
                                                globals.err_log_dir = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.log_dir, SWITCH_PATH_SEPARATOR, val);
                                        }
                                }
-                       } else if (!strcasecmp(var, "ignore-cacert-check") && switch_true(val)) {
-                               globals.ignore_cacert_check = 1;
+                       } else if (!strcasecmp(var, "enable-cacert-check") && switch_true(val)) {
+                               globals.enable_cacert_check = 1;
+                       } else if (!strcasecmp(var, "ssl-cert-path")) {
+                               globals.ssl_cert_file = val;
+                       } else if (!strcasecmp(var, "ssl-key-path")) {
+                               globals.ssl_key_file = val;
+                       } else if (!strcasecmp(var, "ssl-key-password")) {
+                               globals.ssl_key_password = val;
+                       } else if (!strcasecmp(var, "ssl-version")) {
+                               globals.ssl_version = val;
+                       } else if (!strcasecmp(var, "ssl-cacert-file")) {
+                               globals.ssl_cacert_file = val;
+                       } else if (!strcasecmp(var, "enable-ssl-verifyhost") && switch_true(val)) {
+                               globals.enable_ssl_verifyhost = 1;
                        }
-
+               
                        if (switch_strlen_zero(globals.err_log_dir)) {
                                if (!switch_strlen_zero(globals.log_dir)) {
                                        globals.err_log_dir = switch_core_strdup(globals.pool, globals.log_dir);
index e853d379cadca4eed8c8040891efaee6e7677dc9..a8b1c911108c541abb8f385c564b93dc37720650 100644 (file)
@@ -45,7 +45,14 @@ struct xml_binding {
        char *cred;
        int disable100continue;
        int use_get_style;
-       uint32_t ignore_cacert_check;
+       uint32_t enable_cacert_check;
+       char *ssl_cert_file;
+       char *ssl_key_file;
+       char *ssl_key_password;
+       char *ssl_version;
+       char *ssl_cacert_file;
+       uint32_t enable_ssl_verifyhost;
+       char *cookie_file;
        switch_hash_t *vars_map;
        int use_dynamic_url;
 };
@@ -226,8 +233,41 @@ static switch_xml_t xml_url_fetch(const char *section, const char *tag_name, con
                        curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, slist);
                }
 
-               if (binding->ignore_cacert_check) {
-                       curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
+               if (binding->enable_cacert_check) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, TRUE);
+               }
+       
+               if (binding->ssl_cert_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLCERT, binding->ssl_cert_file);
+               }
+               
+               if (binding->ssl_key_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLKEY, binding->ssl_key_file);
+               }
+               
+               if (binding->ssl_key_password) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSLKEYPASSWD, binding->ssl_key_password);
+               }
+               
+               if (binding->ssl_version) {
+                       if (!strcasecmp(binding->ssl_version, "SSLv3")) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+                       } else if (!strcasecmp(binding->ssl_version, "TLSv1")) {
+                               curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+                       }
+               }
+               
+               if (binding->ssl_cacert_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_CAINFO, binding->ssl_cacert_file);
+               }
+               
+               if (binding->enable_ssl_verifyhost) {
+                       curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 2);
+               }
+       
+               if (binding->cookie_file) {
+                       curl_easy_setopt(curl_handle, CURLOPT_COOKIEJAR, binding->cookie_file);
+                       curl_easy_setopt(curl_handle, CURLOPT_COOKIEFILE, binding->cookie_file);
                }
 
                curl_easy_perform(curl_handle);
@@ -299,7 +339,14 @@ static switch_status_t do_config(void)
                char *method = NULL;
                int disable100continue = 0;
                int use_dynamic_url = 0;
-               uint32_t ignore_cacert_check = 0;
+               uint32_t enable_cacert_check = 0;
+               char *ssl_cert_file = NULL;
+               char *ssl_key_file = NULL;
+               char *ssl_key_password = NULL;
+               char *ssl_version = NULL;
+               char *ssl_cacert_file = NULL;
+               uint32_t enable_ssl_verifyhost = 0;
+               char *cookie_file = NULL;
                hash_node_t* hash_node;
                need_vars_map = 0;
                vars_map = NULL;
@@ -318,8 +365,22 @@ static switch_status_t do_config(void)
                                disable100continue = 1;
                        } else if (!strcasecmp(var, "method")) {
                                method = val;
-                       } else if (!strcasecmp(var, "ignore-cacert-check") && switch_true(val)) {
-                               ignore_cacert_check = 1;
+                       } else if (!strcasecmp(var, "enable-cacert-check") && switch_true(val)) {
+                               enable_cacert_check = 1;
+                       } else if (!strcasecmp(var, "ssl-cert-path")) {
+                               ssl_cert_file = val;
+                       } else if (!strcasecmp(var, "ssl-key-path")) {
+                               ssl_key_file = val;
+                       } else if (!strcasecmp(var, "ssl-key-password")) {
+                               ssl_key_password = val;
+                       } else if (!strcasecmp(var, "ssl-version")) {
+                               ssl_version = val;
+                       } else if (!strcasecmp(var, "ssl-cacert-file")) {
+                               ssl_cacert_file = val;
+                       } else if (!strcasecmp(var, "enable-ssl-verifyhost") && switch_true(val)) {
+                               enable_ssl_verifyhost = 1;
+                       } else if (!strcasecmp(var, "cookie-file")) {
+                               cookie_file = val;
                        } else if (!strcasecmp(var, "use-dynamic-url") && switch_true(val)) {
                                use_dynamic_url = 1;
                        } else if (!strcasecmp(var, "enable-post-var")) {
@@ -372,7 +433,33 @@ static switch_status_t do_config(void)
                binding->disable100continue = disable100continue;
                binding->use_get_style = method != NULL && strcasecmp(method,"post") != 0;
                binding->use_dynamic_url = use_dynamic_url;
-               binding->ignore_cacert_check = ignore_cacert_check;
+               binding->enable_cacert_check = enable_cacert_check;
+               
+               if (ssl_cert_file) {
+                       binding->ssl_cert_file = strdup(ssl_cert_file);
+               }
+               
+               if (ssl_key_file) {
+                       binding->ssl_key_file = strdup(ssl_key_file);
+               }
+               
+               if (ssl_key_password) {
+                       binding->ssl_key_password = strdup(ssl_key_password);
+               }
+               
+               if (ssl_version) {
+                       binding->ssl_version = strdup(ssl_version);
+               }
+               
+               if (ssl_cacert_file) {
+                       binding->ssl_cacert_file = strdup(ssl_cacert_file);
+               }
+               
+               binding->enable_ssl_verifyhost = enable_ssl_verifyhost;
+               
+               if (cookie_file) {
+                       binding->cookie_file = strdup(cookie_file);
+               }
 
                binding->vars_map = vars_map;