colin/curlftpfs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added no_verify_peer option to disable the verification of SSL certificates.

Browse Source
This commit is contained in:
braga
2006-04-26 17:29:28 +00:00
parent 880039aea7
commit e8482c35f5
3 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/curlftpfs.1
View File

@@ -170,6 +170,10 @@ support. This is not very common.
(SSL) Curlftpfs will not verify the hostname when connecting to a SSL enabled (SSL) Curlftpfs will not verify the hostname when connecting to a SSL enabled
server. server.
.TP .TP
.B no_verify_peer
(SSL) Curlftpfs will not verify the certificate when connecting to a SSL
enabled server.
.TP
.B pass=<password> .B pass=<password>
(SSL) Pass phrase for the private key. (SSL) Pass phrase for the private key.
.TP .TP

8
ftpfs.c
View File

@@ -228,6 +228,7 @@ static struct fuse_opt ftpfs_opts[] = {
FTPFS_OPT("ssl_control", use_ssl, CURLFTPSSL_CONTROL), FTPFS_OPT("ssl_control", use_ssl, CURLFTPSSL_CONTROL),
FTPFS_OPT("ssl_try", use_ssl, CURLFTPSSL_TRY), FTPFS_OPT("ssl_try", use_ssl, CURLFTPSSL_TRY),
FTPFS_OPT("no_verify_hostname", no_verify_hostname, 1), FTPFS_OPT("no_verify_hostname", no_verify_hostname, 1),
FTPFS_OPT("no_verify_peer", no_verify_peer, 1),
FTPFS_OPT("cert=%s", cert, 0), FTPFS_OPT("cert=%s", cert, 0),
FTPFS_OPT("cert_type=%s", cert_type, 0), FTPFS_OPT("cert_type=%s", cert_type, 0),
FTPFS_OPT("key=%s", key, 0), FTPFS_OPT("key=%s", key, 0),
@@ -815,6 +816,7 @@ static void usage(const char* progname) {
" ssl_control enable SSL/TLS only for control connection\n" " ssl_control enable SSL/TLS only for control connection\n"
" ssl_try try SSL/TLS first but connect anyway\n" " ssl_try try SSL/TLS first but connect anyway\n"
" no_verify_hostname does not verify the hostname (SSL)\n" " no_verify_hostname does not verify the hostname (SSL)\n"
" no_verify_peer does not verify the peer (SSL)\n"
" cert=STR client certificate file (SSL)\n" " cert=STR client certificate file (SSL)\n"
" cert_type=STR certificate file type (DER/PEM/ENG) (SSL)\n" " cert_type=STR certificate file type (DER/PEM/ENG) (SSL)\n"
" key=STR private key file name (SSL)\n" " key=STR private key file name (SSL)\n"
@@ -912,6 +914,11 @@ static void set_common_curl_stuff() {
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_SSLENGINE_DEFAULT, 1); curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_SSLENGINE_DEFAULT, 1);
} }
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_SSL_VERIFYPEER, TRUE);
if (ftpfs.no_verify_peer) {
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_SSL_VERIFYPEER, FALSE);
}
if (ftpfs.cacert || ftpfs.capath) { if (ftpfs.cacert || ftpfs.capath) {
if (ftpfs.cacert) { if (ftpfs.cacert) {
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_CAINFO, ftpfs.cacert); curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_CAINFO, ftpfs.cacert);
@@ -919,7 +926,6 @@ static void set_common_curl_stuff() {
if (ftpfs.capath) { if (ftpfs.capath) {
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_CAPATH, ftpfs.capath); curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_CAPATH, ftpfs.capath);
} }
curl_easy_setopt_or_die(ftpfs.connection, CURLOPT_SSL_VERIFYPEER, TRUE);
} }
if (ftpfs.ciphers) { if (ftpfs.ciphers) {

1
ftpfs.h
View File

@@ -24,6 +24,7 @@ struct ftpfs {
int connect_timeout; int connect_timeout;
int use_ssl; int use_ssl;
int no_verify_hostname; int no_verify_hostname;
int no_verify_peer;
char* cert; char* cert;
char* cert_type; char* cert_type;
char* key; char* key;