qeo_mgmt_client_retcode_t qeo_mgmt_curl_util_https_get_with_cb(qeo_mgmt_client_ctx_t *mg_ctx, const char* url, char *header, qeo_mgmt_client_ssl_ctx_cb ssl_cb, void *ssl_cookie, curl_write_callback data_cb, void *write_cookie) { curl_ssl_ctx_helper curlsslhelper = { ssl_cb, ssl_cookie }; qeo_mgmt_client_retcode_t ret = QMGMTCLIENT_EFAIL; const char *cafile = NULL; const char *capath = NULL; //Setting CURLOPT_CAINF and PATH is mandatory; otherwise SSL_CTX_FUNCTION will not be called. curl_opt_helper opts[] = { { CURLOPT_SSL_VERIFYHOST, (void*)2 }, /* ensure certificate matches host */ { CURLOPT_SSL_VERIFYPEER, (void*)0 }, /* ensure certificate is valid */ { CURLOPT_CAINFO, NULL }, { CURLOPT_CAPATH, NULL }, { CURLOPT_SSL_CTX_FUNCTION, (void*)qeo_mgmt_curl_sslctx_cb }, { CURLOPT_SSL_CTX_DATA, (void*)&curlsslhelper } }; bool reset = false; do { if ((mg_ctx == NULL ) || (mg_ctx->curl_ctx == NULL) || (url == NULL) || (ssl_cb == NULL) || (data_cb == NULL)){ ret = QMGMTCLIENT_EINVAL; break; } if (QEO_UTIL_OK != qeo_platform_get_cacert_path(&cafile, &capath)) { ret = QMGMTCLIENT_EFAIL; break; } /* insert values into options array */ opts[2].cookie = (void*)cafile; opts[3].cookie = (void*)capath; reset = true; if (CURLE_OK != qeo_mgmt_curl_util_set_opts(opts, sizeof(opts) / sizeof(curl_opt_helper), mg_ctx)) { ret = QMGMTCLIENT_EINVAL; break; } ret = qeo_mgmt_curl_util_http_get_with_cb(mg_ctx, url, header, data_cb, write_cookie); reset = false;/* Already done. */ } while (0); if (reset == true){ /* Make sure we reset all configuration for next calls */ curl_easy_reset(mg_ctx->curl_ctx); } if (ret != QMGMTCLIENT_OK) { qeo_log_w("Failure in https_get_%s",url); } return ret; }
/*####################################################################### # PUBLIC FUNCTION IMPLEMENTATION # ########################################################################*/ void security_util_configure_ssl_ctx(SSL_CTX *ssl_ctx) { const char *cafile = NULL; const char *capath = NULL; qeo_platform_custom_certificate_validator custom_cert_validator_cb; SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); custom_cert_validator_cb = qeo_platform_get_custom_certificate_validator(); if (NULL != custom_cert_validator_cb) { SSL_CTX_set_cert_verify_callback(ssl_ctx, &verify_certificate_chain, NULL); } else { qeo_platform_get_cacert_path(&cafile, &capath); if ((NULL != cafile) || (NULL != capath)) { SSL_CTX_load_verify_locations(ssl_ctx, cafile, capath); } } SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, verify_server_cb); }