diff options
| author | pixdamix <pixdamix@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358> | 2009-11-03 04:27:03 (EST) |
|---|---|---|
| committer | pixdamix <pixdamix@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358> | 2009-11-03 04:27:03 (EST) |
| commit | b3a54f7c2d686dbec049d3788f5096c01360c5c4 (patch) | |
| tree | f7a52361829f8217214e0c232aa09a35be2e5a67 /libopkg/opkg_conf.c | |
| parent | 99caa6bb08baa6762a09547844277f77848b76c8 (diff) | |
Make `curl' an instance variable and ssl support
This patch adds several new options
- option ssl_ca_path /path/to/dir
Tells curl to use the specified certificate directory to verify the
peer. The certificates must be in PEM format, and the directory
must have been processed using the c_rehash utility supplied with
openssl.
- option ssl_ca_file
Tells curl to use the specified certificate file to verify the
peer. The file may contain multiple CA certificates
- option ssl_key_type
Tells curl the Private key file type. Specify which type your
ssl_key provided private key is. PEM (default), DER and ENG
(see option ssl_engine) are recognized types.
- option ssl_cert_type
Tells curl what certificate type the provided certificate is in.
PEM (default), DER and ENG (see option ssl_engine) are recognized
types.
- option ssl_key & option ssl_cert
Tells curl to use the specified certificate file and private key
when getting a file with HTTPS
- option ssl_key_passwd
Passphrase for the private key
- option ssl_engine
Select the OpenSSL crypto engine to use for cipher operations.
- option ssl_dont_verify_peer
This option explicitly allows curl to perform "insecure" SSL
connections and transfers. All SSL connections are attempted to be
made secure by using the CA certificate. This makes all connections
considered "insecure" fail unless ssl_dont_verify_peer is used.
git-svn-id: http://opkg.googlecode.com/svn/trunk@251 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
Diffstat (limited to 'libopkg/opkg_conf.c')
| -rw-r--r-- | libopkg/opkg_conf.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index 2739861..4ea15d6 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -79,6 +79,17 @@ int opkg_init_options_array(const opkg_conf_t *conf, opkg_option_t **options) { "signature_ca_file", OPKG_OPT_TYPE_STRING, &conf->signature_ca_file }, { "signature_ca_path", OPKG_OPT_TYPE_STRING, &conf->signature_ca_path }, #endif +#if defined(HAVE_SSLCURL) && defined(HAVE_CURL) + { "ssl_engine", OPKG_OPT_TYPE_STRING, &conf->ssl_engine }, + { "ssl_cert", OPKG_OPT_TYPE_STRING, &conf->ssl_cert }, + { "ssl_cert_type", OPKG_OPT_TYPE_STRING, &conf->ssl_cert_type }, + { "ssl_key", OPKG_OPT_TYPE_STRING, &conf->ssl_key }, + { "ssl_key_type", OPKG_OPT_TYPE_STRING, &conf->ssl_key_type }, + { "ssl_key_passwd", OPKG_OPT_TYPE_STRING, &conf->ssl_key_passwd }, + { "ssl_ca_file", OPKG_OPT_TYPE_STRING, &conf->ssl_ca_file }, + { "ssl_ca_path", OPKG_OPT_TYPE_STRING, &conf->ssl_ca_path }, + { "ssl_dont_verify_peer", OPKG_OPT_TYPE_BOOL, &conf->ssl_dont_verify_peer }, +#endif { NULL } }; @@ -376,6 +387,17 @@ void opkg_conf_deinit(opkg_conf_t *conf) opkg_conf_free_string(&conf->signature_ca_path); #endif +#if defined(HAVE_SSLCURL) + opkg_conf_free_string(&conf->ssl_engine); + opkg_conf_free_string(&conf->ssl_cert); + opkg_conf_free_string(&conf->ssl_cert_type); + opkg_conf_free_string(&conf->ssl_key); + opkg_conf_free_string(&conf->ssl_key_type); + opkg_conf_free_string(&conf->ssl_key_passwd); + opkg_conf_free_string(&conf->ssl_ca_file); + opkg_conf_free_string(&conf->ssl_ca_path); +#endif + if (conf->verbosity > 1) { int i; hash_table_t *hashes[] = { |