diff --git a/libdap4/d4curlfunctions.c b/libdap4/d4curlfunctions.c index eb1fe9fc6d..ee06e4cacd 100644 --- a/libdap4/d4curlfunctions.c +++ b/libdap4/d4curlfunctions.c @@ -3,6 +3,11 @@ * See netcdf/COPYRIGHT file for copying and redistribution conditions. *********************************************************************/ +/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c +should be merged since they are essentially the same file. +In the meantime, changes to one should be propagated to the other. +*/ + #include "d4includes.h" #include "d4curlfunctions.h" @@ -123,33 +128,43 @@ set_curlflag(NCD4INFO* state, int flag) } } break; - case CURLOPT_USE_SSL: - case CURLOPT_SSLCERT: case CURLOPT_SSLKEY: - case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST: - { - struct ssl* ssl = &state->auth->ssl; + case CURLOPT_SSL_VERIFYPEER: /* VERIFYPEER == 0 => VERIFYHOST == 0 */ /* We need to have 2 states: default and a set value */ - /* So -1 => default, >= 0 => use value; */ - if(ssl->verifypeer >= 0) - SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer)); + /* So -1 => default >= 0 => use value */ + if(state->auth->ssl.verifypeer >= 0) { + SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer)); + if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0; + } + break; + case CURLOPT_SSL_VERIFYHOST: #ifdef HAVE_LIBCURL_766 - if(ssl->verifyhost >= 0) - SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost)); + if(state->auth->ssl.verifyhost >= 0) { + SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost)); + } #endif - if(ssl->certificate) - SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate); - if(ssl->key) - SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key); - if(ssl->keypasswd) + break; + case CURLOPT_SSLCERT: + if(state->auth->ssl.certificate) + SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate); + break; + case CURLOPT_SSLKEY: + if(state->auth->ssl.key) + SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key); + if(state->auth->ssl.keypasswd) /* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */ - SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd); - if(ssl->cainfo) - SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo); - if(ssl->capath) - SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath); - } - break; + SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd); + break; + case CURLOPT_CAINFO: + if(state->auth->ssl.cainfo) + SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo); + break; + case CURLOPT_CAPATH: + if(state->auth->ssl.capath) + SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath); + break; + case CURLOPT_USE_SSL: + break; #ifdef HAVE_CURLOPT_BUFFERSIZE case CURLOPT_BUFFERSIZE: @@ -200,6 +215,12 @@ NCD4_set_flags_perlink(NCD4INFO* state) if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_COOKIEJAR); if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USERPWD); if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_PROXY); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYPEER); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYHOST); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLCERT); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLKEY); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAINFO); + if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAPATH); if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USE_SSL); if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_FOLLOWLOCATION); if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_MAXREDIRS); diff --git a/ncdap_test/tst_remote.sh b/ncdap_test/tst_remote.sh index d7cc2a636f..2a4dedf72c 100755 --- a/ncdap_test/tst_remote.sh +++ b/ncdap_test/tst_remote.sh @@ -1,6 +1,10 @@ #!/bin/sh +if test "x$srcdir" = x ; then srcdir=`pwd`; fi +. ../test_common.sh + if test "x$SETX" != x ; then set -x ; fi + set -e quiet=0 diff --git a/oc2/occurlfunctions.c b/oc2/occurlfunctions.c index 06b3fd352e..275d42eb4d 100644 --- a/oc2/occurlfunctions.c +++ b/oc2/occurlfunctions.c @@ -1,6 +1,11 @@ /* Copyright 2018, UCAR/Unidata and OPeNDAP, Inc. See the COPYRIGHT file for more information. */ +/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c +should be merged since they are essentially the same file. +In the meantime, changes to one should be propagated to the other. +*/ + #include "config.h" #include #ifdef HAVE_STDINT_H @@ -127,36 +132,43 @@ ocset_curlflag(OCstate* state, int flag) } break; - case CURLOPT_USE_SSL: - case CURLOPT_SSLCERT: case CURLOPT_SSLKEY: - case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST: - case CURLOPT_CAINFO: case CURLOPT_CAPATH: - { - struct ssl* ssl = &state->auth->ssl; + case CURLOPT_SSL_VERIFYPEER: /* VERIFYPEER == 0 => VERIFYHOST == 0 */ /* We need to have 2 states: default and a set value */ /* So -1 => default >= 0 => use value */ - if(ssl->verifypeer >= 0) { - SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer)); - } + if(state->auth->ssl.verifypeer >= 0) { + SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer)); + if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0; + } + break; + case CURLOPT_SSL_VERIFYHOST: #ifdef HAVE_LIBCURL_766 - if(ssl->verifyhost >= 0) { - SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost)); + if(state->auth->ssl.verifyhost >= 0) { + SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost)); } #endif - if(ssl->certificate) - SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate); - if(ssl->key) - SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key); - if(ssl->keypasswd) + break; + case CURLOPT_SSLCERT: + if(state->auth->ssl.certificate) + SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate); + break; + case CURLOPT_SSLKEY: + if(state->auth->ssl.key) + SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key); + if(state->auth->ssl.keypasswd) /* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */ - SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd); - if(ssl->cainfo) - SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo); - if(ssl->capath) - SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath); - } - break; + SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd); + break; + case CURLOPT_CAINFO: + if(state->auth->ssl.cainfo) + SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo); + break; + case CURLOPT_CAPATH: + if(state->auth->ssl.capath) + SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath); + break; + case CURLOPT_USE_SSL: + break; #ifdef HAVE_CURLOPT_BUFFERSIZE case CURLOPT_BUFFERSIZE: @@ -210,6 +222,12 @@ ocset_flags_perlink(OCstate* state) if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_COOKIEJAR); if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USERPWD); if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_PROXY); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYPEER); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYHOST); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLCERT); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLKEY); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAINFO); + if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAPATH); if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USE_SSL); if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_FOLLOWLOCATION); if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_MAXREDIRS);