kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add warning when using HTTPS with mod_curl 

mod_curl currently does not verify the authenticity of the peer's
certificate, and does not verify whether the common name on the
certificate matches the server.  This makes mod_curl initiated TLS
connections completely insecure.  We should fix this, but until we do,
we'll warn people that it's not doing what they may think it is.

ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
This commit is contained in:
Travis Cross 2014-08-21 22:17:35 +00:00
parent 6d1469d2fb
commit b2f59dd200
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mod/applications/mod_curl/mod_curl.c
View File

@ -194,6 +194,7 @@ static http_data_t *do_lookup_url(switch_memory_pool_t *pool, const char *url, c
}
if (!strncasecmp(url, "https", 5)) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", url);
switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
}
@ -357,6 +358,7 @@ static void http_sendfile_initialize_curl(http_sendfile_data_t *http_data)
if (!strncasecmp(http_data->url, "https", 5))
{
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", http_data->url);
curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
}