From 0b455ddedcc903538989d800e48b08974fe5aa72 Mon Sep 17 00:00:00 2001 From: Sude Date: Tue, 30 Aug 2016 19:34:47 +0300 Subject: [PATCH] Add option to set CA certificate path Adds options to set path to CA certificate bundle in PEM format. CURL_CA_BUNDLE environment variable is used if it is set and CA certificate path is not set with --cacert option. --- include/config.h | 1 + main.cpp | 10 ++++++++++ src/downloader.cpp | 5 +++++ src/website.cpp | 7 +++++++ 4 files changed, 23 insertions(+) diff --git a/include/config.h b/include/config.h index 4353f07..0cab166 100644 --- a/include/config.h +++ b/include/config.h @@ -76,6 +76,7 @@ class Config std::string sLanguagePriority; std::string sPlatformPriority; std::string sIgnoreDLCCountRegex; + std::string sCACertPath; std::vector vLanguagePriority; std::vector vPlatformPriority; diff --git a/main.cpp b/main.cpp index 2aa835c..0e5e4bc 100644 --- a/main.cpp +++ b/main.cpp @@ -143,6 +143,7 @@ int main(int argc, char *argv[]) ("wishlist", bpo::value(&config.bShowWishlist)->zero_tokens()->default_value(false), "Show wishlist") ("login-api", bpo::value(&config.bLoginAPI)->zero_tokens()->default_value(false), "Login (API only)") ("login-website", bpo::value(&config.bLoginHTTP)->zero_tokens()->default_value(false), "Login (website only)") + ("cacert", bpo::value(&config.sCACertPath)->default_value(""), "Path to CA certificate bundle in PEM format") ; // Commandline options (config file) options_cli_cfg.add_options() @@ -428,6 +429,15 @@ int main(int argc, char *argv[]) config.sDirectory = "./"; // Directory wasn't specified, use current directory } + // CA certificate bundle + if (config.sCACertPath.empty()) + { + // Use CURL_CA_BUNDLE environment variable for CA certificate path if it is set + char *ca_bundle = getenv("CURL_CA_BUNDLE"); + if (ca_bundle) + config.sCACertPath = (std::string)ca_bundle; + } + if (!unrecognized_options_cfg.empty() && (!config.bSaveConfig || !config.bResetConfig)) { std::cerr << "Unrecognized options in " << config.sConfigFilePath << std::endl; diff --git a/src/downloader.cpp b/src/downloader.cpp index e642251..c91d029 100644 --- a/src/downloader.cpp +++ b/src/downloader.cpp @@ -88,6 +88,9 @@ int Downloader::init() curl_easy_setopt(curlhandle, CURLOPT_LOW_SPEED_TIME, 30); curl_easy_setopt(curlhandle, CURLOPT_LOW_SPEED_LIMIT, 200); + if (!config.sCACertPath.empty()) + curl_easy_setopt(curlhandle, CURLOPT_CAINFO, config.sCACertPath.c_str()); + // Create new GOG website handle gogWebsite = new Website(config); bool bWebsiteIsLoggedIn = gogWebsite->IsLoggedIn(); @@ -97,6 +100,8 @@ int Downloader::init() gogAPI->curlSetOpt(CURLOPT_VERBOSE, config.bVerbose); gogAPI->curlSetOpt(CURLOPT_SSL_VERIFYPEER, config.bVerifyPeer); gogAPI->curlSetOpt(CURLOPT_CONNECTTIMEOUT, config.iTimeout); + if (!config.sCACertPath.empty()) + gogAPI->curlSetOpt(CURLOPT_CAINFO, config.sCACertPath.c_str()); progressbar = new ProgressBar(config.bUnicode, config.bColor); diff --git a/src/website.cpp b/src/website.cpp index 527e173..706e5c4 100644 --- a/src/website.cpp +++ b/src/website.cpp @@ -31,6 +31,8 @@ Website::Website(Config &conf) curl_easy_setopt(curlhandle, CURLOPT_LOW_SPEED_TIME, 30); curl_easy_setopt(curlhandle, CURLOPT_LOW_SPEED_LIMIT, 200); + if (!config.sCACertPath.empty()) + curl_easy_setopt(curlhandle, CURLOPT_CAINFO, config.sCACertPath.c_str()); } Website::~Website() @@ -80,6 +82,11 @@ std::string Website::getResponse(const std::string& url) else std::cout << "failed to get error code: " << curl_easy_strerror(result) << " (" << url << ")" << std::endl; } + else if (result == CURLE_SSL_CACERT) + { + std::cout << "Try using CA certificate bundle from cURL: https://curl.haxx.se/ca/cacert.pem" << std::endl; + std::cout << "Use --cacert to set the path for CA certificate bundle" << std::endl; + } } return response;