diff options
author | Felix Fietkau <nbd@openwrt.org> | 2016-01-16 01:17:33 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2016-01-16 01:17:33 +0100 |
commit | 6853a3eeae3eede58e7989e3b4a94a58699a0d73 (patch) | |
tree | a45cc4cbbc251a18281bb69149dd19009ead5297 | |
parent | b80dc6035287b17165f220033b270e5608e744e5 (diff) | |
download | uclient-6853a3eeae3eede58e7989e3b4a94a58699a0d73.tar.gz |
uclient-fetch: load CA certificates
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
-rw-r--r-- | uclient-fetch.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/uclient-fetch.c b/uclient-fetch.c index 0617a02..37cc214 100644 --- a/uclient-fetch.c +++ b/uclient-fetch.c @@ -22,6 +22,7 @@ #include <dlfcn.h> #include <getopt.h> #include <fcntl.h> +#include <glob.h> #include <libubox/blobmsg.h> @@ -38,6 +39,7 @@ static struct ustream_ssl_ctx *ssl_ctx; static const struct ustream_ssl_ops *ssl_ops; static int quiet = false; static bool verify = true; +static bool default_certs = false; static const char *output_file; static int output_fd = -1; static int error_ret; @@ -244,6 +246,15 @@ static int usage(const char *progname) return 1; } +static void init_ca_cert(void) +{ + glob_t gl; + int i; + + glob("/etc/ssl/certs/*.crt", 0, NULL, &gl); + for (i = 0; i < gl.gl_pathc; i++) + ssl_ops->context_add_ca_crt_file(ssl_ctx, gl.gl_pathv[i]); +} static void init_ustream_ssl(void) { @@ -287,6 +298,7 @@ int main(int argc, char **argv) struct uclient *cl; int ch; int longopt_idx = 0; + bool has_cert = false; int rc; init_ustream_ssl(); @@ -299,6 +311,7 @@ int main(int argc, char **argv) verify = false; break; case L_CA_CERTIFICATE: + has_cert = true; if (ssl_ctx) ssl_ops->context_add_ca_crt_file(ssl_ctx, optarg); break; @@ -332,6 +345,9 @@ int main(int argc, char **argv) argv += optind; argc -= optind; + if (verify && !has_cert) + default_certs = true; + if (argc != 1) return usage(progname); @@ -356,8 +372,10 @@ int main(int argc, char **argv) return 1; } - if (ssl_ctx) + if (ssl_ctx) { + init_ca_cert(); uclient_http_set_ssl_ctx(cl, ssl_ops, ssl_ctx, verify); + } rc = init_request(cl); if (!rc) { |