From 8e6bde511a8032a7ffb253e6c1323fc641c05b4c Mon Sep 17 00:00:00 2001
From: Omar Kallel <omar.kallel@pivasoftware.com>
Date: Wed, 20 Apr 2022 13:34:40 +0100
Subject: [PATCH] Make Upload with SSL

---
 config.c                   | 12 ------------
 docs/api/uci.cwmp.md       |  7 -------
 inc/common.h               |  1 -
 inc/cwmp_uci.h             |  1 -
 rpc_soap.c                 |  2 +-
 schemas/uci/cwmp.json      |  7 -------
 test/files/etc/config/cwmp |  1 -
 upload.c                   |  2 ++
 8 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/config.c b/config.c
index 85c1dfc..3f10429 100755
--- a/config.c
+++ b/config.c
@@ -220,18 +220,6 @@ int get_global_config(struct config *conf)
 		return error;
 	}
 
-	if ((error = uci_get_value(UCI_HTTPS_SSL_CAPATH, &value)) == CWMP_OK) {
-		if (value != NULL) {
-			FREE(conf->https_ssl_capath);
-			conf->https_ssl_capath = strdup(value);
-			FREE(value);
-		}
-
-		CWMP_LOG(DEBUG, "CWMP CONFIG - https ssl cpath: %s", conf->https_ssl_capath ? conf->https_ssl_capath : "");
-	} else {
-		return error;
-	}
-
 	if ((error = uci_get_value(HTTP_DISABLE_100CONTINUE, &value)) == CWMP_OK) {
 		if (value != NULL) {
 			if ((strcasecmp(value, "true") == 0) || (strcmp(value, "1") == 0))
diff --git a/docs/api/uci.cwmp.md b/docs/api/uci.cwmp.md
index b75dd27..736af6e 100644
--- a/docs/api/uci.cwmp.md
+++ b/docs/api/uci.cwmp.md
@@ -100,13 +100,6 @@
                     <td class="td_row_odd"><div class="td_row_odd"></div></td>
                     <td class="td_row_odd"><div class="td_row_odd">The retry interval multiplier for session retry session as described in the standard.</div></td>
                   </tr>
-                  <tr>
-                    <td class="td_row_even"><div class="td_row_even">https_ssl_capath</div></td>
-                    <td class="td_row_even"><div class="td_row_even">string</div></td>
-                    <td class="td_row_even"><div class="td_row_even">no</div></td>
-                    <td class="td_row_even"><div class="td_row_even"></div></td>
-                    <td class="td_row_even"><div class="td_row_even">The path of ssl certificates. ssl certificates used for Upload and Download methods.</div></td>
-                  </tr>
                   <tr>
                     <td class="td_row_odd"><div class="td_row_odd">ipv6_enable</div></td>
                     <td class="td_row_odd"><div class="td_row_odd">boolean</div></td>
diff --git a/inc/common.h b/inc/common.h
index 560c640..d2f72da 100644
--- a/inc/common.h
+++ b/inc/common.h
@@ -66,7 +66,6 @@ typedef struct config {
 	char *acs_userid;
 	char *acs_passwd;
 	char *acs_ssl_capath;
-	char *https_ssl_capath;
 	char *cpe_userid;
 	char *cpe_passwd;
 	char *forced_inform_json_file;
diff --git a/inc/cwmp_uci.h b/inc/cwmp_uci.h
index 358b2fd..c3bc0a3 100644
--- a/inc/cwmp_uci.h
+++ b/inc/cwmp_uci.h
@@ -25,7 +25,6 @@
 #define UCI_ACS_USERID_PATH "cwmp.acs.userid"
 #define UCI_ACS_PASSWD_PATH "cwmp.acs.passwd"
 #define UCI_ACS_SSL_CAPATH "cwmp.acs.ssl_capath"
-#define UCI_HTTPS_SSL_CAPATH "cwmp.acs.https_ssl_capath"
 #define UCI_ACS_INSECURE_ENABLE "cwmp.acs.insecure_enable"
 #define UCI_ACS_IPV6_ENABLE "cwmp.acs.ipv6_enable"
 #define UCI_ACS_COMPRESSION "cwmp.acs.compression"
diff --git a/rpc_soap.c b/rpc_soap.c
index 17ba8da..467a25b 100755
--- a/rpc_soap.c
+++ b/rpc_soap.c
@@ -2500,7 +2500,7 @@ int cwmp_handle_rpc_cpe_upload(struct session *session, struct rpc *rpc)
 		error = FAULT_CPE_REQUEST_DENIED;
 	} else if (strstr(upload->url, "@") != NULL) {
 		error = FAULT_CPE_INVALID_ARGUMENTS;
-	} else if (strncmp(upload->url, DOWNLOAD_PROTOCOL_HTTP, strlen(DOWNLOAD_PROTOCOL_HTTP)) != 0 && strncmp(upload->url, DOWNLOAD_PROTOCOL_FTP, strlen(DOWNLOAD_PROTOCOL_FTP)) != 0) {
+	} else if (strncmp(upload->url, DOWNLOAD_PROTOCOL_HTTPS, strlen(DOWNLOAD_PROTOCOL_HTTPS)) != 0  && strncmp(upload->url, DOWNLOAD_PROTOCOL_HTTP, strlen(DOWNLOAD_PROTOCOL_HTTP)) != 0 && strncmp(upload->url, DOWNLOAD_PROTOCOL_FTP, strlen(DOWNLOAD_PROTOCOL_FTP)) != 0) {
 		error = FAULT_CPE_FILE_TRANSFER_UNSUPPORTED_PROTOCOL;
 	}
 
diff --git a/schemas/uci/cwmp.json b/schemas/uci/cwmp.json
index 87e27b2..a59729b 100644
--- a/schemas/uci/cwmp.json
+++ b/schemas/uci/cwmp.json
@@ -75,13 +75,6 @@
           "default": "",
           "description": "The retry interval multiplier for session retry session as described in the standard."
         },
-        {
-          "name": "https_ssl_capath",
-          "type": "string",
-          "required": "no",
-          "default": "",
-          "description": "The path of ssl certificates. ssl certificates used for Upload and Download methods."
-        },
         {
           "name": "ipv6_enable",
           "type": "boolean",
diff --git a/test/files/etc/config/cwmp b/test/files/etc/config/cwmp
index e284351..7ac87f4 100644
--- a/test/files/etc/config/cwmp
+++ b/test/files/etc/config/cwmp
@@ -11,7 +11,6 @@ config acs 'acs'
 	option retry_min_wait_interval '5'
 	#­ possible configs interval :[1000:65535]
 	option retry_interval_multiplier '2000'
-	option https_ssl_capath ''
 	option ipv6_enable '0'
 	option ip_version '4'
 
diff --git a/upload.c b/upload.c
index 131e8d7..84d2f47 100644
--- a/upload.c
+++ b/upload.c
@@ -86,6 +86,8 @@ int upload_file(const char *file_path, const char *url, const char *username, co
 
 		snprintf(userpass, sizeof(userpass), "%s:%s", username, password);
 		curl_easy_setopt(curl, CURLOPT_USERPWD, userpass);
+		if (strncmp(url, "https://", 8) == 0)
+			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
 		curl_easy_setopt(curl, CURLOPT_TIMEOUT, CURL_TIMEOUT);
 		curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 50L);
 		curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);