[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [Gnash-commit] gnash ChangeLog libbase/curl_adapter.cpp libbas...
|
From: |
Benjamin Wolsey |
|
Subject: |
AW: [Gnash-commit] gnash ChangeLog libbase/curl_adapter.cpp libbas... |
|
Date: |
Sun, 30 Sep 2007 19:03:01 +0000 (GMT) |
As a first step to improving native SSL support in gnash, this allows
connections to untrusted sites when specifically enabled in gnashrc.
SWFs via https:// are pretty hard to find and I haven't found any with trusted
certificates. This can be tested with savannah attachments such as:
https://savannah.gnu.org/file/png_alpha_test.swf?file_id=13168
At the moment, SSL errors are no
curl_easy_getinfo(_handle, CURLINFO_SSL_VERIFYRESULT, &code);
----- Ursprüngliche Mail ----
Von: Benjamin Wolsey <address@hidden>
An: address@hidden
Gesendet: Sonntag, den 30. September 2007, 20:51:28 Uhr
Betreff: [Gnash-commit] gnash ChangeLog libbase/curl_adapter.cpp libbas...
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Benjamin Wolsey <bwy> 07/09/30 18:51:28
Modified files:
. : ChangeLog
libbase : curl_adapter.cpp rc.cpp rc.h
Log message:
* libbase/curl_adapter.cpp: allow, with security warning, override
of curl's SSL certificate verification when requested in gnashrc.
Equivalent to curl --insecure.
* libbase/rc.{cpp,h}: 'set insecureSSL on' disables SSL certificate
verification, thus allowing connections from the standalone player
to https:// sites when the certificate is invalid or untrusted.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.4482&r2=1.4483
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/curl_adapter.cpp?cvsroot=gnash&r1=1.39&r2=1.40
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/rc.cpp?cvsroot=gnash&r1=1.38&r2=1.39
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/rc.h?cvsroot=gnash&r1=1.27&r2=1.28
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.4482
retrieving revision 1.4483
diff -u -b -r1.4482 -r1.4483
--- ChangeLog 30 Sep 2007 05:24:35 -0000 1.4482
+++ ChangeLog 30 Sep 2007 18:51:27 -0000 1.4483
@@ -1,3 +1,12 @@
+2007-09-30 Benjamin Wolsey <address@hidden>
+
+ * libbase/curl_adapter.cpp: allow, with security warning, override
+ of curl's SSL certificate verification when requested in gnashrc.
+ Equivalent to curl --insecure.
+ * libbase/rc.{cpp,h}: 'set insecureSSL on' disables SSL certificate
+ verification, thus allowing connections from the standalone player
+ to https:// sites when the certificate is invalid or untrusted.
+
2007-09-30 Sandro Santilli <address@hidden>
* server/environment.{h, cpp}: get_variable_raw() set 'this' to the
orignial target
Index: libbase/curl_adapter.cpp
===================================================================
RCS file: /sources/gnash/gnash/libbase/curl_adapter.cpp,v
retrieving revision 1.39
retrieving revision 1..40
diff -u -b -r1.39 -r1.40
--- libbase/curl_adapter.cpp 25 Sep 2007 14:17:20 -0000 1.39
+++ libbase/curl_adapter.cpp 30 Sep 2007 18:51:27 -0000 1.40
@@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
//
-/* $Id: curl_adapter.cpp,v 1.39 2007/09/25 14:17:20 strk Exp $ */
+/* $Id: curl_adapter.cpp,v 1.40 2007/09/30 18:51:27 bwy Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -402,7 +402,6 @@
_running = false;
}
-
}
/*private*/
@@ -438,6 +437,25 @@
CURLcode ccode;
+ // Override cURL's default verification of SSL certificates
+ // This is insecure, so log security warning.
+ // Equivalent to curl -k or curl --insecure.
+ if (gnash::RcInitFile::getDefaultInstance().SSLInsecure())
+ {
+ gnash::log_security(_("Allowing connections to SSL sites with
invalid"
+ " or absent certificates"));
+
+ ccode = curl_easy_setopt(_handle, CURLOPT_SSL_VERIFYPEER, 0);
+ if ( ccode != CURLE_OK ) {
+ throw gnash::GnashException(curl_easy_strerror(ccode));
+ }
+
+ ccode = curl_easy_setopt(_handle, CURLOPT_SSL_VERIFYHOST, 0);
+ if ( ccode != CURLE_OK ) {
+ throw gnash::GnashException(curl_easy_strerror(ccode));
+ }
+ }
+
ccode = curl_easy_setopt(_handle, CURLOPT_USERAGENT, "Gnash-" VERSION);
if ( ccode != CURLE_OK ) {
throw gnash::GnashException(curl_easy_strerror(ccode));
@@ -646,6 +664,7 @@
_running = false;
return false;
}
+
}
if ( fseek(_cache, 0, SEEK_END) == -1 ) {
Index: libbase/rc.cpp
===================================================================
RCS file: /sources/gnash/gnash/libbase/rc.cpp,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -b -r1.38 -r1.39
--- libbase/rc.cpp 28 Sep 2007 16:12:27 -0000 1.38
+++ libbase/rc.cpp 30 Sep 2007 18:51:27 -0000 1.39
@@ -80,6 +80,7 @@
_plugin_sound(true),
_extensionsEnabled(false),
_startStopped(false),
+ _SSLInsecure(false),
_streamsTimeout(DEFAULT_STREAMS_TIMEOUT)
{
@@ -326,7 +327,7 @@
}
// Read in each line and parse it
- while (!in.eof()) {
+ do {
// Make sure action is empty, otherwise the last loop (with no new
// data) keeps action, variable and value from the previous loop. This
@@ -389,6 +390,8 @@
value);
extractSetting(&_localdomain_only, "localdomain",
variable,
value);
+ extractSetting(&_SSLInsecure, "InsecureSSL", variable,
+ value);
extractSetting(&_debugger, "debugger", variable, value);
extractSetting(&_actiondump, "actionDump", variable,
value);
extractSetting(&_parserdump, "parserDump", variable,
value);
@@ -409,7 +412,7 @@
extractNumber(&_verbosity, "verbosity", variable, value);
}
}
- }
+ } while (!in.eof());
} else {
if (in) {
@@ -515,6 +518,8 @@
<< ((_localhost_only)?"enabled":"disabled") << endl;
cerr << "\tWrite Debug Log To Disk: "
<< ((_writelog)?"enabled":"disabled") << endl;
+ cerr << "\tAllow insecure SSL connections: "
+ << ((_SSLInsecure)?"yes":"no") << endl;
cerr << "\tEnable sound: "
<< ((_sound)?"enabled":"disabled") << endl;
cerr << "\tEnable Plugin sound: "
Index: libbase/rc.h
===================================================================
RCS file: /sources/gnash/gnash/libbase/rc.h,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -b -r1.27 -r1.28
--- libbase/rc.h 28 Sep 2007 15:44:03 -0000 1.27
+++ libbase/rc.h 30 Sep 2007 18:51:27 -0000 1.28
@@ -73,6 +73,8 @@
///
bool startStopped() const { return _startStopped; }
+ bool SSLInsecure() const { return _SSLInsecure; }
+
int verbosityLevel() const { return _verbosity; }
void verbosityLevel(int value) { _verbosity = value; }
@@ -155,6 +157,9 @@
bool _startStopped; // whether to start the gui in "stop" mode
+ bool _SSLInsecure; // When TRUE, does not verify SSL certificates
+ // so is INSECURE.
+
/// The number of seconds of inactivity triggering download timeout
double _streamsTimeout;
_______________________________________________
Gnash-commit mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnash-commit
Machen Sie Yahoo! zu Ihrer Startseite. Los geht's:
http://de.yahoo.com/set
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- AW: [Gnash-commit] gnash ChangeLog libbase/curl_adapter.cpp libbas...,
Benjamin Wolsey <=