mirror of https://github.com/aria2/aria2
2008-12-04 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Enabled --check-certificate by default. Added compile time(configure) option --with-ca-bundle to specify CA bundle. Warn if --check-certificate=true and --ca-certificate is not specified or loading CA certificate is failed. * configure.ac * src/MultiUrlRequestInfo.cc * src/OptionHandlerFactory.cc * src/message.hpull/1/head
Tatsuhiro Tsujikawa
parent
9ee32f8a21
commit
63ddc1f147
11
ChangeLog
11
ChangeLog
|
|
@ -1,3 +1,14 @@
|
||||||
|
2008-12-04 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||||
|
|
||||||
|
Enabled --check-certificate by default. Added compile
|
||||||
|
time(configure) option --with-ca-bundle to specify CA bundle.
|
||||||
|
Warn if --check-certificate=true and --ca-certificate is not
|
||||||
|
specified or loading CA certificate is failed.
|
||||||
|
* configure.ac
|
||||||
|
* src/MultiUrlRequestInfo.cc
|
||||||
|
* src/OptionHandlerFactory.cc
|
||||||
|
* src/message.h
|
||||||
|
|
||||||
2008-12-03 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
2008-12-03 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||||
|
|
||||||
Mentioned https tag in help option.
|
Mentioned https tag in help option.
|
||||||
|
|
|
||||||
|
|
@ -241,6 +241,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
|
||||||
|
|
@ -742,6 +742,7 @@ LIBZ_LIBS
|
||||||
LIBZ_CPPFLAGS
|
LIBZ_CPPFLAGS
|
||||||
ENABLE_SSL_TRUE
|
ENABLE_SSL_TRUE
|
||||||
ENABLE_SSL_FALSE
|
ENABLE_SSL_FALSE
|
||||||
|
ca_bundle
|
||||||
HAVE_LIBGNUTLS_TRUE
|
HAVE_LIBGNUTLS_TRUE
|
||||||
HAVE_LIBGNUTLS_FALSE
|
HAVE_LIBGNUTLS_FALSE
|
||||||
HAVE_LIBSSL_TRUE
|
HAVE_LIBSSL_TRUE
|
||||||
|
|
@ -1449,6 +1450,7 @@ Optional Packages:
|
||||||
--with-libexpat use libexpat if it is installed.
|
--with-libexpat use libexpat if it is installed.
|
||||||
--with-libcares use libcares if it is installed.
|
--with-libcares use libcares if it is installed.
|
||||||
--with-libz use libz if it is installed.
|
--with-libz use libz if it is installed.
|
||||||
|
--with-ca-bundle=FILE Use FILE as default CA bundle.
|
||||||
--with-xml-prefix=PFX Prefix where libxml is installed (optional)
|
--with-xml-prefix=PFX Prefix where libxml is installed (optional)
|
||||||
--with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)
|
--with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)
|
||||||
--with-libexpat-prefix=PREFIX Prefix where libexpat installed (optional)
|
--with-libexpat-prefix=PREFIX Prefix where libexpat installed (optional)
|
||||||
|
|
@ -2781,6 +2783,15 @@ fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Check whether --with-ca-bundle was given.
|
||||||
|
if test "${with_ca_bundle+set}" = set; then
|
||||||
|
withval=$with_ca_bundle; ca_bundle=$withval
|
||||||
|
else
|
||||||
|
ca_bundle=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Checks for programs.
|
# Checks for programs.
|
||||||
ac_ext=cpp
|
ac_ext=cpp
|
||||||
ac_cpp='$CXXCPP $CPPFLAGS'
|
ac_cpp='$CXXCPP $CPPFLAGS'
|
||||||
|
|
@ -7349,6 +7360,7 @@ else
|
||||||
ENABLE_SSL_FALSE=
|
ENABLE_SSL_FALSE=
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
else
|
else
|
||||||
if false; then
|
if false; then
|
||||||
ENABLE_SSL_TRUE=
|
ENABLE_SSL_TRUE=
|
||||||
|
|
@ -23057,6 +23069,7 @@ LIBZ_LIBS!$LIBZ_LIBS$ac_delim
|
||||||
LIBZ_CPPFLAGS!$LIBZ_CPPFLAGS$ac_delim
|
LIBZ_CPPFLAGS!$LIBZ_CPPFLAGS$ac_delim
|
||||||
ENABLE_SSL_TRUE!$ENABLE_SSL_TRUE$ac_delim
|
ENABLE_SSL_TRUE!$ENABLE_SSL_TRUE$ac_delim
|
||||||
ENABLE_SSL_FALSE!$ENABLE_SSL_FALSE$ac_delim
|
ENABLE_SSL_FALSE!$ENABLE_SSL_FALSE$ac_delim
|
||||||
|
ca_bundle!$ca_bundle$ac_delim
|
||||||
HAVE_LIBGNUTLS_TRUE!$HAVE_LIBGNUTLS_TRUE$ac_delim
|
HAVE_LIBGNUTLS_TRUE!$HAVE_LIBGNUTLS_TRUE$ac_delim
|
||||||
HAVE_LIBGNUTLS_FALSE!$HAVE_LIBGNUTLS_FALSE$ac_delim
|
HAVE_LIBGNUTLS_FALSE!$HAVE_LIBGNUTLS_FALSE$ac_delim
|
||||||
HAVE_LIBSSL_TRUE!$HAVE_LIBSSL_TRUE$ac_delim
|
HAVE_LIBSSL_TRUE!$HAVE_LIBSSL_TRUE$ac_delim
|
||||||
|
|
@ -23126,7 +23139,6 @@ LTLIBINTL!$LTLIBINTL$ac_delim
|
||||||
POSUB!$POSUB$ac_delim
|
POSUB!$POSUB$ac_delim
|
||||||
LIBOBJS!$LIBOBJS$ac_delim
|
LIBOBJS!$LIBOBJS$ac_delim
|
||||||
HAVE_ASCTIME_R_TRUE!$HAVE_ASCTIME_R_TRUE$ac_delim
|
HAVE_ASCTIME_R_TRUE!$HAVE_ASCTIME_R_TRUE$ac_delim
|
||||||
HAVE_ASCTIME_R_FALSE!$HAVE_ASCTIME_R_FALSE$ac_delim
|
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
|
||||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
||||||
|
|
@ -23168,6 +23180,7 @@ _ACEOF
|
||||||
ac_delim='%!_!# '
|
ac_delim='%!_!# '
|
||||||
for ac_last_try in false false false false false :; do
|
for ac_last_try in false false false false false :; do
|
||||||
cat >conf$$subs.sed <<_ACEOF
|
cat >conf$$subs.sed <<_ACEOF
|
||||||
|
HAVE_ASCTIME_R_FALSE!$HAVE_ASCTIME_R_FALSE$ac_delim
|
||||||
HAVE_BASENAME_TRUE!$HAVE_BASENAME_TRUE$ac_delim
|
HAVE_BASENAME_TRUE!$HAVE_BASENAME_TRUE$ac_delim
|
||||||
HAVE_BASENAME_FALSE!$HAVE_BASENAME_FALSE$ac_delim
|
HAVE_BASENAME_FALSE!$HAVE_BASENAME_FALSE$ac_delim
|
||||||
HAVE_GAI_STRERROR_TRUE!$HAVE_GAI_STRERROR_TRUE$ac_delim
|
HAVE_GAI_STRERROR_TRUE!$HAVE_GAI_STRERROR_TRUE$ac_delim
|
||||||
|
|
@ -23187,7 +23200,7 @@ HAVE_TIMEGM_FALSE!$HAVE_TIMEGM_FALSE$ac_delim
|
||||||
LTLIBOBJS!$LTLIBOBJS$ac_delim
|
LTLIBOBJS!$LTLIBOBJS$ac_delim
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
|
||||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
|
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 18; then
|
||||||
break
|
break
|
||||||
elif $ac_last_try; then
|
elif $ac_last_try; then
|
||||||
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
|
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
|
||||||
|
|
@ -23911,6 +23924,7 @@ echo "LIBS: $LIBS"
|
||||||
echo "SQLite3: $have_sqlite3"
|
echo "SQLite3: $have_sqlite3"
|
||||||
echo "GnuTLS: $have_libgnutls"
|
echo "GnuTLS: $have_libgnutls"
|
||||||
echo "OpenSSL: $have_openssl"
|
echo "OpenSSL: $have_openssl"
|
||||||
|
echo "CA Bundle: $ca_bundle"
|
||||||
echo "LibXML2: $have_libxml2"
|
echo "LibXML2: $have_libxml2"
|
||||||
echo "LibExpat: $have_libexpat"
|
echo "LibExpat: $have_libexpat"
|
||||||
echo "LibCares: $have_libcares"
|
echo "LibCares: $have_libcares"
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,10 @@ ARIA2_ARG_ENABLE([bittorrent])
|
||||||
ARIA2_ARG_ENABLE([metalink])
|
ARIA2_ARG_ENABLE([metalink])
|
||||||
ARIA2_ARG_ENABLE([epoll])
|
ARIA2_ARG_ENABLE([epoll])
|
||||||
|
|
||||||
|
AC_ARG_WITH([ca-bundle],
|
||||||
|
AC_HELP_STRING([--with-ca-bundle=FILE], [Use FILE as default CA bundle.]),
|
||||||
|
[ca_bundle=$withval], [ca_bundle=""])
|
||||||
|
|
||||||
# Checks for programs.
|
# Checks for programs.
|
||||||
AC_PROG_CXX
|
AC_PROG_CXX
|
||||||
AC_PROG_CC
|
AC_PROG_CC
|
||||||
|
|
@ -100,6 +104,7 @@ fi
|
||||||
if test "x$have_libgnutls" = "xyes" || test "x$have_openssl" = "xyes"; then
|
if test "x$have_libgnutls" = "xyes" || test "x$have_openssl" = "xyes"; then
|
||||||
AC_DEFINE([ENABLE_SSL], [1], [Define to 1 if ssl support is enabled.])
|
AC_DEFINE([ENABLE_SSL], [1], [Define to 1 if ssl support is enabled.])
|
||||||
AM_CONDITIONAL([ENABLE_SSL], true)
|
AM_CONDITIONAL([ENABLE_SSL], true)
|
||||||
|
AC_SUBST([ca_bundle])
|
||||||
else
|
else
|
||||||
AM_CONDITIONAL([ENABLE_SSL], false)
|
AM_CONDITIONAL([ENABLE_SSL], false)
|
||||||
fi
|
fi
|
||||||
|
|
@ -341,6 +346,7 @@ echo "LIBS: $LIBS"
|
||||||
echo "SQLite3: $have_sqlite3"
|
echo "SQLite3: $have_sqlite3"
|
||||||
echo "GnuTLS: $have_libgnutls"
|
echo "GnuTLS: $have_libgnutls"
|
||||||
echo "OpenSSL: $have_openssl"
|
echo "OpenSSL: $have_openssl"
|
||||||
|
echo "CA Bundle: $ca_bundle"
|
||||||
echo "LibXML2: $have_libxml2"
|
echo "LibXML2: $have_libxml2"
|
||||||
echo "LibExpat: $have_libexpat"
|
echo "LibExpat: $have_libexpat"
|
||||||
echo "LibCares: $have_libcares"
|
echo "LibCares: $have_libcares"
|
||||||
|
|
|
||||||
|
|
@ -215,6 +215,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
|
||||||
|
|
@ -201,6 +201,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
|
||||||
|
|
@ -201,6 +201,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
|
||||||
|
|
@ -494,4 +494,4 @@ AM_CPPFLAGS = -Wall\
|
||||||
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
||||||
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
||||||
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
||||||
-DLOCALEDIR=\"$(localedir)\" @DEFS@ #-pg
|
-DLOCALEDIR=\"$(localedir)\" -DCA_BUNDLE=\"$(ca_bundle)\" @DEFS@ #-pg
|
||||||
|
|
|
||||||
|
|
@ -984,6 +984,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
@ -1163,7 +1164,7 @@ AM_CPPFLAGS = -Wall\
|
||||||
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
@LIBGNUTLS_CFLAGS@ @LIBGCRYPT_CFLAGS@ @OPENSSL_CFLAGS@ @XML_CPPFLAGS@\
|
||||||
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
@LIBCARES_CPPFLAGS@ @LIBEXPAT_CPPFLAGS@\
|
||||||
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
@LIBZ_CPPFLAGS@ @SQLITE3_CPPFLAGS@\
|
||||||
-DLOCALEDIR=\"$(localedir)\" @DEFS@ #-pg
|
-DLOCALEDIR=\"$(localedir)\" -DCA_BUNDLE=\"$(ca_bundle)\" @DEFS@ #-pg
|
||||||
|
|
||||||
all: all-am
|
all: all-am
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -144,8 +144,16 @@ int MultiUrlRequestInfo::execute()
|
||||||
_option->get(PREF_PRIVATE_KEY));
|
_option->get(PREF_PRIVATE_KEY));
|
||||||
}
|
}
|
||||||
if(_option->defined(PREF_CA_CERTIFICATE)) {
|
if(_option->defined(PREF_CA_CERTIFICATE)) {
|
||||||
|
try {
|
||||||
tlsContext->addTrustedCACertFile(_option->get(PREF_CA_CERTIFICATE));
|
tlsContext->addTrustedCACertFile(_option->get(PREF_CA_CERTIFICATE));
|
||||||
|
} catch(RecoverableException& e) {
|
||||||
|
_logger->error(EX_EXCEPTION_CAUGHT, e);
|
||||||
|
_logger->warn(MSG_WARN_NO_CA_CERT);
|
||||||
}
|
}
|
||||||
|
} else if(_option->getAsBool(PREF_CHECK_CERTIFICATE)) {
|
||||||
|
_logger->warn(MSG_WARN_NO_CA_CERT);
|
||||||
|
}
|
||||||
|
|
||||||
if(_option->getAsBool(PREF_CHECK_CERTIFICATE)) {
|
if(_option->getAsBool(PREF_CHECK_CERTIFICATE)) {
|
||||||
tlsContext->enablePeerVerification();
|
tlsContext->enablePeerVerification();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -432,7 +432,8 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
||||||
{
|
{
|
||||||
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
||||||
(PREF_CA_CERTIFICATE,
|
(PREF_CA_CERTIFICATE,
|
||||||
TEXT_CA_CERTIFICATE));
|
TEXT_CA_CERTIFICATE,
|
||||||
|
CA_BUNDLE));
|
||||||
op->addTag(TAG_HTTP);
|
op->addTag(TAG_HTTP);
|
||||||
op->addTag(TAG_HTTPS);
|
op->addTag(TAG_HTTPS);
|
||||||
handlers.push_back(op);
|
handlers.push_back(op);
|
||||||
|
|
@ -449,7 +450,7 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
||||||
SharedHandle<OptionHandler> op(new BooleanOptionHandler
|
SharedHandle<OptionHandler> op(new BooleanOptionHandler
|
||||||
(PREF_CHECK_CERTIFICATE,
|
(PREF_CHECK_CERTIFICATE,
|
||||||
TEXT_CHECK_CERTIFICATE,
|
TEXT_CHECK_CERTIFICATE,
|
||||||
V_FALSE));
|
V_TRUE));
|
||||||
op->addTag(TAG_HTTP);
|
op->addTag(TAG_HTTP);
|
||||||
op->addTag(TAG_HTTPS);
|
op->addTag(TAG_HTTPS);
|
||||||
handlers.push_back(op);
|
handlers.push_back(op);
|
||||||
|
|
|
||||||
|
|
@ -164,6 +164,9 @@
|
||||||
#define MSG_NO_CERT_FOUND _("No certificate found.")
|
#define MSG_NO_CERT_FOUND _("No certificate found.")
|
||||||
#define MSG_HOSTNAME_NOT_MATCH _("Hostname not match.")
|
#define MSG_HOSTNAME_NOT_MATCH _("Hostname not match.")
|
||||||
#define MSG_NO_FILES_TO_DOWNLOAD _("No files to download.")
|
#define MSG_NO_FILES_TO_DOWNLOAD _("No files to download.")
|
||||||
|
#define MSG_WARN_NO_CA_CERT \
|
||||||
|
_("You may encounter the certificate verification error with HTTPS server."\
|
||||||
|
" See --ca-certificate and --check-certificate option.")
|
||||||
|
|
||||||
#define EX_TIME_OUT _("Timeout.")
|
#define EX_TIME_OUT _("Timeout.")
|
||||||
#define EX_INVALID_CHUNK_SIZE _("Invalid chunk size.")
|
#define EX_INVALID_CHUNK_SIZE _("Invalid chunk size.")
|
||||||
|
|
|
||||||
|
|
@ -531,6 +531,7 @@ build_cpu = @build_cpu@
|
||||||
build_os = @build_os@
|
build_os = @build_os@
|
||||||
build_vendor = @build_vendor@
|
build_vendor = @build_vendor@
|
||||||
builddir = @builddir@
|
builddir = @builddir@
|
||||||
|
ca_bundle = @ca_bundle@
|
||||||
datadir = @datadir@
|
datadir = @datadir@
|
||||||
datarootdir = @datarootdir@
|
datarootdir = @datarootdir@
|
||||||
docdir = @docdir@
|
docdir = @docdir@
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue