mirror of https://github.com/aria2/aria2
2008-11-08 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
Added client certificate authentication for SSL/TLS. Currently a private key must be decrypted for use with aria2. If a user accidentally gives encrypted file to aria2 then following thing happens: If encrypted private key is given to aria2, it behaves differently depending on the ssl library it uses. If aria2 built with openssl then openssl prompts the user for password. If aria2 build with gnutls then aria2 exists with error at start up. * src/DownloadEngineFactory.cc * src/MultiUrlRequestInfo.cc * src/OptionHandlerFactory.cc * src/option_processing.cc * src/prefs.cc * src/prefs.h * src/usage_text.hpull/1/head
Tatsuhiro Tsujikawa
parent
52316b0972
commit
79d463fae2
18
ChangeLog
18
ChangeLog
|
|
@ -1,3 +1,21 @@
|
|||
2008-11-08 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Added client certificate authentication for SSL/TLS.
|
||||
Currently a private key must be decrypted for use with aria2.
|
||||
If a user accidentally gives encrypted file to aria2 then following
|
||||
thing happens:
|
||||
If encrypted private key is given to aria2, it behaves differently
|
||||
depending on the ssl library it uses. If aria2 built with openssl then
|
||||
openssl prompts the user for password. If aria2 build with gnutls then
|
||||
aria2 exists with error at start up.
|
||||
* src/DownloadEngineFactory.cc
|
||||
* src/MultiUrlRequestInfo.cc
|
||||
* src/OptionHandlerFactory.cc
|
||||
* src/option_processing.cc
|
||||
* src/prefs.cc
|
||||
* src/prefs.h
|
||||
* src/usage_text.h
|
||||
|
||||
2008-11-08 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>
|
||||
|
||||
Introduced TLSContext that holds TLS related data that can be shared
|
||||
|
|
|
|||
|
|
@ -54,10 +54,6 @@
|
|||
#include "TimedHaltCommand.h"
|
||||
#include "DownloadResult.h"
|
||||
#include "ServerStatMan.h"
|
||||
#ifdef ENABLE_SSL
|
||||
# include "SocketCore.h"
|
||||
# include "TLSContext.h"
|
||||
#endif // ENABLE_SSL
|
||||
|
||||
namespace aria2 {
|
||||
|
||||
|
|
@ -86,11 +82,6 @@ DownloadEngineFactory::newDownloadEngine(Option* op,
|
|||
DownloadEngineHandle e(new DownloadEngine());
|
||||
e->option = op;
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
SharedHandle<TLSContext> tlsContext(new TLSContext());
|
||||
SocketCore::setTLSContext(tlsContext);
|
||||
#endif
|
||||
|
||||
RequestGroupManHandle
|
||||
requestGroupMan(new RequestGroupMan(workingSet, MAX_CONCURRENT_DOWNLOADS,
|
||||
op));
|
||||
|
|
|
|||
|
|
@ -54,6 +54,10 @@
|
|||
#include "File.h"
|
||||
#include "Netrc.h"
|
||||
#include "AuthConfigFactory.h"
|
||||
#ifdef ENABLE_SSL
|
||||
# include "SocketCore.h"
|
||||
# include "TLSContext.h"
|
||||
#endif // ENABLE_SSL
|
||||
|
||||
namespace aria2 {
|
||||
|
||||
|
|
@ -132,6 +136,16 @@ int MultiUrlRequestInfo::execute()
|
|||
}
|
||||
e->setAuthConfigFactory(authConfigFactory);
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
SharedHandle<TLSContext> tlsContext(new TLSContext());
|
||||
if(_option->defined(PREF_CERTIFICATE) &&
|
||||
_option->defined(PREF_PRIVATE_KEY)) {
|
||||
tlsContext->addClientKeyFile(_option->get(PREF_CERTIFICATE),
|
||||
_option->get(PREF_PRIVATE_KEY));
|
||||
}
|
||||
SocketCore::setTLSContext(tlsContext);
|
||||
#endif
|
||||
|
||||
std::string serverStatIf = _option->get(PREF_SERVER_STAT_IF);
|
||||
if(!serverStatIf.empty()) {
|
||||
e->_requestGroupMan->loadServerStat(serverStatIf);
|
||||
|
|
|
|||
|
|
@ -429,6 +429,13 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
|||
handlers.push_back(op);
|
||||
}
|
||||
// HTTP Specific Options
|
||||
{
|
||||
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
||||
(PREF_CERTIFICATE,
|
||||
TEXT_CERTIFICATE));
|
||||
op->addTag(TAG_HTTP);
|
||||
handlers.push_back(op);
|
||||
}
|
||||
{
|
||||
SharedHandle<OptionHandler> op(new BooleanOptionHandler
|
||||
(PREF_ENABLE_HTTP_KEEP_ALIVE,
|
||||
|
|
@ -498,6 +505,13 @@ OptionHandlers OptionHandlerFactory::createOptionHandlers()
|
|||
true));
|
||||
handlers.push_back(op);
|
||||
}
|
||||
{
|
||||
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
||||
(PREF_PRIVATE_KEY,
|
||||
TEXT_PRIVATE_KEY));
|
||||
op->addTag(TAG_HTTP);
|
||||
handlers.push_back(op);
|
||||
}
|
||||
{
|
||||
SharedHandle<OptionHandler> op(new DefaultOptionHandler
|
||||
(PREF_REFERER,
|
||||
|
|
|
|||
|
|
@ -182,6 +182,8 @@ Option* option_processing(int argc, char* const argv[])
|
|||
{ PREF_FTP_PROXY.c_str(), required_argument, &lopt, 228 },
|
||||
{ PREF_ALL_PROXY.c_str(), required_argument, &lopt, 229 },
|
||||
{ PREF_PROXY_METHOD.c_str(), required_argument, &lopt, 230 },
|
||||
{ PREF_CERTIFICATE.c_str(), required_argument, &lopt, 231 },
|
||||
{ PREF_PRIVATE_KEY.c_str(), required_argument, &lopt, 232 },
|
||||
#if defined ENABLE_BITTORRENT || defined ENABLE_METALINK
|
||||
{ PREF_SHOW_FILES.c_str(), no_argument, NULL, 'S' },
|
||||
{ PREF_SELECT_FILE.c_str(), required_argument, &lopt, 21 },
|
||||
|
|
@ -450,6 +452,12 @@ Option* option_processing(int argc, char* const argv[])
|
|||
case 230:
|
||||
cmdstream << PREF_PROXY_METHOD << "=" << optarg << "\n";
|
||||
break;
|
||||
case 231:
|
||||
cmdstream << PREF_CERTIFICATE << "=" << optarg << "\n";
|
||||
break;
|
||||
case 232:
|
||||
cmdstream << PREF_PRIVATE_KEY << "=" << optarg << "\n";
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -180,6 +180,10 @@ const std::string PREF_ENABLE_HTTP_PIPELINING("enable-http-pipelining");
|
|||
const std::string PREF_MAX_HTTP_PIPELINING("max-http-pipelining");
|
||||
// value: string
|
||||
const std::string PREF_HEADER("header");
|
||||
// value: string that your file system recognizes as a file name.
|
||||
const std::string PREF_CERTIFICATE("certificate");
|
||||
// value: string that your file system recognizes as a file name.
|
||||
const std::string PREF_PRIVATE_KEY("private-key");
|
||||
|
||||
/**
|
||||
* Proxy related preferences
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ extern const std::string PREF_STARTUP_IDLE_TIME;
|
|||
// value: prealloc | none
|
||||
extern const std::string PREF_FILE_ALLOCATION;
|
||||
extern const std::string V_PREALLOC;
|
||||
#// value: 1*digit
|
||||
// value: 1*digit
|
||||
extern const std::string PREF_NO_FILE_ALLOCATION_LIMIT;
|
||||
// value: true | false
|
||||
extern const std::string PREF_ALLOW_OVERWRITE;
|
||||
|
|
@ -184,6 +184,10 @@ extern const std::string PREF_ENABLE_HTTP_PIPELINING;
|
|||
extern const std::string PREF_MAX_HTTP_PIPELINING;
|
||||
// value: string
|
||||
extern const std::string PREF_HEADER;
|
||||
// value: string that your file system recognizes as a file name.
|
||||
extern const std::string PREF_CERTIFICATE;
|
||||
// value: string that your file system recognizes as a file name.
|
||||
extern const std::string PREF_PRIVATE_KEY;
|
||||
|
||||
/**;
|
||||
* Proxy related preferences
|
||||
|
|
|
|||
|
|
@ -389,3 +389,12 @@ _(" --auto-save-interval=SEC Save a control file(*.aria2) every SEC seconds.
|
|||
" If 0 is given, a control file is not saved during\n"\
|
||||
" download. aria2 saves a control file when it stops\n"\
|
||||
" regardless of the value.")
|
||||
#define TEXT_CERTIFICATE \
|
||||
_(" --certificate=FILE Use the client certificate in FILE.\n"\
|
||||
" The certificate must be in PEM format.\n"\
|
||||
" You may use --private-key option to specify the\n"\
|
||||
" private key.")
|
||||
#define TEXT_PRIVATE_KEY \
|
||||
_(" --private-key=FILE Use the private key in FILE.\n"\
|
||||
" The private key must be decrypted and in PEM\n"\
|
||||
" format. See also --certificate option.")
|
||||
|
|
|
|||
Loading…
Reference in New Issue