mirror of https://github.com/aria2/aria2
2008-12-04 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Enabled --check-certificate by default. Added compile time(configure) option --with-ca-bundle to specify CA bundle. Warn if --check-certificate=true and --ca-certificate is not specified or loading CA certificate is failed. * configure.ac * src/MultiUrlRequestInfo.cc * src/OptionHandlerFactory.cc * src/message.hpull/1/head
Tatsuhiro Tsujikawa
parent
9ee32f8a21
commit
63ddc1f147
11
ChangeLog
11
ChangeLog
|
|
@ -1,3 +1,14 @@
|
|||
2008-12-04 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Enabled --check-certificate by default. Added compile
|
||||
time(configure) option --with-ca-bundle to specify CA bundle.
|
||||
Warn if --check-certificate=true and --ca-certificate is not
|
||||
specified or loading CA certificate is failed.
|
||||
* configure.ac
|
||||
* src/MultiUrlRequestInfo.cc
|
||||
* src/OptionHandlerFactory.cc
|
||||
* src/message.h
|
||||
|
||||
2008-12-03 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Mentioned https tag in help option.
|
||||
|
|
|
|||
|
|
@ -241,6 +241,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
|
|||
|
|
@ -742,6 +742,7 @@ LIBZ_LIBS
|
|||
LIBZ_CPPFLAGS
|
||||
ENABLE_SSL_TRUE
|
||||
ENABLE_SSL_FALSE
|
||||
ca_bundle
|
||||
HAVE_LIBGNUTLS_TRUE
|
||||
HAVE_LIBGNUTLS_FALSE
|
||||
HAVE_LIBSSL_TRUE
|
||||
|
|
@ -1449,6 +1450,7 @@ Optional Packages:
|
|||
--with-libexpat use libexpat if it is installed.
|
||||
--with-libcares use libcares if it is installed.
|
||||
--with-libz use libz if it is installed.
|
||||
--with-ca-bundle=FILE Use FILE as default CA bundle.
|
||||
--with-xml-prefix=PFX Prefix where libxml is installed (optional)
|
||||
--with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)
|
||||
--with-libexpat-prefix=PREFIX Prefix where libexpat installed (optional)
|
||||
|
|
@ -2781,6 +2783,15 @@ fi
|
|||
|
||||
|
||||
|
||||
|
||||
# Check whether --with-ca-bundle was given.
|
||||
if test "${with_ca_bundle+set}" = set; then
|
||||
withval=$with_ca_bundle; ca_bundle=$withval
|
||||
else
|
||||
ca_bundle=""
|
||||
fi
|
||||
|
||||
|
||||
# Checks for programs.
|
||||
ac_ext=cpp
|
||||
ac_cpp='$CXXCPP $CPPFLAGS'
|
||||
|
|
@ -7349,6 +7360,7 @@ else
|
|||
ENABLE_SSL_FALSE=
|
||||
fi
|
||||
|
||||
|
||||
else
|
||||
if false; then
|
||||
ENABLE_SSL_TRUE=
|
||||
|
|
@ -23057,6 +23069,7 @@ LIBZ_LIBS!$LIBZ_LIBS$ac_delim
|
|||
LIBZ_CPPFLAGS!$LIBZ_CPPFLAGS$ac_delim
|
||||
ENABLE_SSL_TRUE!$ENABLE_SSL_TRUE$ac_delim
|
||||
ENABLE_SSL_FALSE!$ENABLE_SSL_FALSE$ac_delim
|
||||
ca_bundle!$ca_bundle$ac_delim
|
||||
HAVE_LIBGNUTLS_TRUE!$HAVE_LIBGNUTLS_TRUE$ac_delim
|
||||
HAVE_LIBGNUTLS_FALSE!$HAVE_LIBGNUTLS_FALSE$ac_delim
|
||||
HAVE_LIBSSL_TRUE!$HAVE_LIBSSL_TRUE$ac_delim
|
||||
|
|
@ -23126,7 +23139,6 @@ LTLIBINTL!$LTLIBINTL$ac_delim
|
|||
POSUB!$POSUB$ac_delim
|
||||
LIBOBJS!$LIBOBJS$ac_delim
|
||||
HAVE_ASCTIME_R_TRUE!$HAVE_ASCTIME_R_TRUE$ac_delim
|
||||
HAVE_ASCTIME_R_FALSE!$HAVE_ASCTIME_R_FALSE$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
||||
|
|
@ -23168,6 +23180,7 @@ _ACEOF
|
|||
ac_delim='%!_!# '
|
||||
for ac_last_try in false false false false false :; do
|
||||
cat >conf$$subs.sed <<_ACEOF
|
||||
HAVE_ASCTIME_R_FALSE!$HAVE_ASCTIME_R_FALSE$ac_delim
|
||||
HAVE_BASENAME_TRUE!$HAVE_BASENAME_TRUE$ac_delim
|
||||
HAVE_BASENAME_FALSE!$HAVE_BASENAME_FALSE$ac_delim
|
||||
HAVE_GAI_STRERROR_TRUE!$HAVE_GAI_STRERROR_TRUE$ac_delim
|
||||
|
|
@ -23187,7 +23200,7 @@ HAVE_TIMEGM_FALSE!$HAVE_TIMEGM_FALSE$ac_delim
|
|||
LTLIBOBJS!$LTLIBOBJS$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 18; then
|
||||
break
|
||||
elif $ac_last_try; then
|
||||
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
|
||||
|
|
@ -23911,6 +23924,7 @@ echo "LIBS: $LIBS"
|
|||
echo "SQLite3: $have_sqlite3"
|
||||
echo "GnuTLS: $have_libgnutls"
|
||||
echo "OpenSSL: $have_openssl"
|
||||
echo "CA Bundle: $ca_bundle"
|
||||
echo "LibXML2: $have_libxml2"
|
||||
echo "LibExpat: $have_libexpat"
|
||||
echo "LibCares: $have_libcares"
|
||||
|
|
|
|||
|
|
@ -36,6 +36,10 @@ ARIA2_ARG_ENABLE([bittorrent])
|
|||
ARIA2_ARG_ENABLE([metalink])
|
||||
ARIA2_ARG_ENABLE([epoll])
|
||||
|
||||
AC_ARG_WITH([ca-bundle],
|
||||
AC_HELP_STRING([--with-ca-bundle=FILE], [Use FILE as default CA bundle.]),
|
||||
[ca_bundle=$withval], [ca_bundle=""])
|
||||
|
||||
# Checks for programs.
|
||||
AC_PROG_CXX
|
||||
AC_PROG_CC
|
||||
|
|
@ -100,6 +104,7 @@ fi
|
|||
if test "x$have_libgnutls" = "xyes" || test "x$have_openssl" = "xyes"; then
|
||||
AC_DEFINE([ENABLE_SSL], [1], [Define to 1 if ssl support is enabled.])
|
||||
AM_CONDITIONAL([ENABLE_SSL], true)
|
||||
AC_SUBST([ca_bundle])
|
||||
else
|
||||
AM_CONDITIONAL([ENABLE_SSL], false)
|
||||
fi
|
||||
|
|
@ -341,6 +346,7 @@ echo "LIBS: $LIBS"
|
|||
echo "SQLite3: $have_sqlite3"
|
||||
echo "GnuTLS: $have_libgnutls"
|
||||
echo "OpenSSL: $have_openssl"
|
||||
echo "CA Bundle: $ca_bundle"
|
||||
echo "LibXML2: $have_libxml2"
|
||||
echo "LibExpat: $have_libexpat"
|
||||
echo "LibCares: $have_libcares"
|
||||
|
|
|
|||
|
|
@ -215,6 +215,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
|
|||
|
|
@ -201,6 +201,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
|
|||
|
|
@ -201,6 +201,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
|
|||
|
|
@ -494,4 +494,4 @@ AM_CPPFLAGS = -Wall\
|
|||
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
||||
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
||||
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
||||
-DLOCALEDIR=\"$(localedir)\" @DEFS@ #-pg
|
||||
-DLOCALEDIR=\"$(localedir)\" -DCA_BUNDLE=\"$(ca_bundle)\" @DEFS@ #-pg
|
||||
|
|
|
|||
|
|
@ -984,6 +984,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
@ -1163,7 +1164,7 @@ AM_CPPFLAGS = -Wall\
|
|||
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
||||
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
||||
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
||||
-DLOCALEDIR=\"$(localedir)\" @DEFS@ #-pg
|
||||
-DLOCALEDIR=\"$(localedir)\" -DCA_BUNDLE=\"$(ca_bundle)\" @DEFS@ #-pg
|
||||
|
||||
all: all-am
|
||||
|
||||
|
|
|
|||
|
|
@ -144,8 +144,16 @@ int MultiUrlRequestInfo::execute()
|
|||
_option->get(PREF_PRIVATE_KEY));
|
||||
}
|
||||
if(_option->defined(PREF_CA_CERTIFICATE)) {
|
||||
tlsContext->addTrustedCACertFile(_option->get(PREF_CA_CERTIFICATE));
|
||||
try {
|
||||
tlsContext->addTrustedCACertFile(_option->get(PREF_CA_CERTIFICATE));
|
||||
} catch(RecoverableException& e) {
|
||||
_logger->error(EX_EXCEPTION_CAUGHT, e);
|
||||
_logger->warn(MSG_WARN_NO_CA_CERT);
|
||||
}
|
||||
} else if(_option->getAsBool(PREF_CHECK_CERTIFICATE)) {
|
||||
_logger->warn(MSG_WARN_NO_CA_CERT);
|
||||
}
|
||||
|
||||
if(_option->getAsBool(PREF_CHECK_CERTIFICATE)) {
|
||||
tlsContext->enablePeerVerification();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -432,7 +432,8 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
|||
{
|
||||
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
||||
(PREF_CA_CERTIFICATE,
|
||||
TEXT_CA_CERTIFICATE));
|
||||
TEXT_CA_CERTIFICATE,
|
||||
CA_BUNDLE));
|
||||
op->addTag(TAG_HTTP);
|
||||
op->addTag(TAG_HTTPS);
|
||||
handlers.push_back(op);
|
||||
|
|
@ -449,7 +450,7 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
|||
SharedHandle<OptionHandler> op(new BooleanOptionHandler
|
||||
(PREF_CHECK_CERTIFICATE,
|
||||
TEXT_CHECK_CERTIFICATE,
|
||||
V_FALSE));
|
||||
V_TRUE));
|
||||
op->addTag(TAG_HTTP);
|
||||
op->addTag(TAG_HTTPS);
|
||||
handlers.push_back(op);
|
||||
|
|
|
|||
|
|
@ -164,6 +164,9 @@
|
|||
#define MSG_NO_CERT_FOUND _("No certificate found.")
|
||||
#define MSG_HOSTNAME_NOT_MATCH _("Hostname not match.")
|
||||
#define MSG_NO_FILES_TO_DOWNLOAD _("No files to download.")
|
||||
#define MSG_WARN_NO_CA_CERT \
|
||||
_("You may encounter the certificate verification error with HTTPS server."\
|
||||
" See --ca-certificate and --check-certificate option.")
|
||||
|
||||
#define EX_TIME_OUT _("Timeout.")
|
||||
#define EX_INVALID_CHUNK_SIZE _("Invalid chunk size.")
|
||||
|
|
|
|||
|
|
@ -531,6 +531,7 @@ build_cpu = @build_cpu@
|
|||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
ca_bundle = @ca_bundle@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
|
|
|
|||
Loading…
Reference in New Issue