Support for setting cainfo (ie a particular ca to trust)

Some cleanup
ameihm0912 · Nov 1, 2014 · 742fbbb · 742fbbb
1 parent 19e432a
commit 742fbbb
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 8 deletions.
diff --git a/audisp-json.c b/audisp-json.c
@@ -166,6 +166,7 @@ void prepare_curl_handle(void)
 	curl_easy_setopt(easy_h, CURLOPT_TIMEOUT_MS, MAX_CURL_GLOBAL_TIMEOUT);
 	curl_easy_setopt(easy_h, CURLOPT_SSL_VERIFYHOST, config.ssl_verify);
 	curl_easy_setopt(easy_h, CURLOPT_SSL_VERIFYPEER, config.ssl_verify);
+	curl_easy_setopt(easy_h, CURLOPT_CAINFO, config.curl_cainfo);
 }
 
 /* select and fetch urls */

diff --git a/audisp-json.conf b/audisp-json.conf
@@ -1,3 +1,4 @@
 mozdef_url = https://127.0.0.1:8080/events
 ssl_verify = yes
 curl_verbose = no
+curl_cainfo = /etc/ssl/certs/mozilla-root.crt
diff --git a/json-config.c b/json-config.c
@@ -49,26 +49,29 @@ struct kw_pair
 };
 
 struct nv_list
-{ 
+{
 	const char *name;
 	int option;
 };
 
 static char *get_line(FILE *f, char *buf);
 static int nv_split(char *buf, struct nv_pair *nv);
 static const struct kw_pair *kw_lookup(const char *val);
-static int server_parser(struct nv_pair *nv, int line, 
+static int server_parser(struct nv_pair *nv, int line,
+		json_conf_t *config);
+static int curl_ca_parser(struct nv_pair *nv, int line,
 		json_conf_t *config);
-static int ssl_parser(struct nv_pair *nv, int line, 
+static int ssl_parser(struct nv_pair *nv, int line,
 		json_conf_t *config);
-static int curl_parser(struct nv_pair *nv, int line, 
+static int curl_parser(struct nv_pair *nv, int line,
 		json_conf_t *config);
 
 static const struct kw_pair keywords[] =
 {
 	{"mozdef_url",	server_parser,	0},
-	{"ssl_verify",	ssl_parser,		0},
-	{"curl_verbose",curl_parser,	0},
+	{"curl_cainfo", curl_ca_parser,	0},
+	{"ssl_verify",	ssl_parser,	0},
+	{"curl_verbose", curl_parser,	0},
 };
 
 /*
@@ -291,10 +294,20 @@ static int ssl_parser(struct nv_pair *nv, int line,
 	return 0;
 }
 
+static int curl_ca_parser(struct nv_pair *nv, int line,
+		json_conf_t *config)
+{
+	if (nv->value)
+		config->curl_cainfo = strdup(nv->value);
+	else
+		config->curl_cainfo = NULL;
+	return 0;
+}
+
 static int curl_parser(struct nv_pair *nv, int line,
 		json_conf_t *config)
 {
-	config->curl_verbose = 1;
+	config->curl_verbose = 2;
 	if (nv->value) {
 		if (strncasecmp(nv->value, "no", 2) == 0) {
 			config->curl_verbose = 0;

diff --git a/json-config.h b/json-config.h
@@ -1,4 +1,4 @@
-/* remote-config.h
+/* json-config.h
  * Copyright 2008 Red Hat Inc., Durham, North Carolina.
  * Copyright 2014 Mozilla Corporation
  * All Rights Reserved.
@@ -29,6 +29,7 @@
 typedef struct json_conf
 {
 	const char *mozdef_url;
+	const char *curl_cainfo;
 	int ssl_verify;
 	int curl_verbose;
 } json_conf_t;