From a310ec081e08e1caa2dcc37c078753243654704e Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Tue, 23 Apr 2024 12:04:27 +0530 Subject: [PATCH] Support to define ca-bundle --- src/common.h | 1 + src/http.c | 6 +++++- src/uci_utils.c | 9 +++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/common.h b/src/common.h index 05b2c8b..1ee3310 100644 --- a/src/common.h +++ b/src/common.h @@ -109,6 +109,7 @@ typedef struct config { char acs_userid[BUF_SIZE_256]; char acs_passwd[BUF_SIZE_256]; char acs_ssl_capath[BUF_SIZE_256]; + char acs_ssl_cabundle[BUF_SIZE_256]; char cpe_userid[BUF_SIZE_256]; char cpe_passwd[BUF_SIZE_256]; char custom_notify_json[BUF_SIZE_256]; diff --git a/src/http.c b/src/http.c index adeefba..8f5cccf 100644 --- a/src/http.c +++ b/src/http.c @@ -107,7 +107,11 @@ static void http_set_security_options() curl_easy_setopt(curl, CURLOPT_PASSWORD, cwmp_main->conf.acs_passwd); curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC | CURLAUTH_DIGEST); - curl_easy_setopt(curl, CURLOPT_CAPATH, cwmp_main->conf.acs_ssl_capath); + if (CWMP_STRLEN(cwmp_main->conf.acs_ssl_capath) !=0 ) { + curl_easy_setopt(curl, CURLOPT_CAPATH, cwmp_main->conf.acs_ssl_capath); + } else if (CWMP_STRLEN(cwmp_main->conf.acs_ssl_cabundle) != 0) { + curl_easy_setopt(curl, CURLOPT_CAINFO, cwmp_main->conf.acs_ssl_cabundle); + } if (cwmp_main->conf.insecure_enable) { curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); diff --git a/src/uci_utils.c b/src/uci_utils.c index 8612c14..0dc18c1 100644 --- a/src/uci_utils.c +++ b/src/uci_utils.c @@ -138,8 +138,13 @@ static void config_get_acs_elements(struct uci_section *s) snprintf(cwmp_main->conf.acs_passwd, sizeof(cwmp_main->conf.acs_passwd), "%s", get_value_from_uci_option(acs_tb[UCI_ACS_PASSWR])); CWMP_LOG(DEBUG, "CWMP CONFIG - acs password: %s", cwmp_main->conf.acs_passwd); - snprintf(cwmp_main->conf.acs_ssl_capath, sizeof(cwmp_main->conf.acs_ssl_capath), "%s", get_value_from_uci_option(acs_tb[UCI_ACS_SSL_CAPATH])); - CWMP_LOG(DEBUG, "CWMP CONFIG - acs ssl capath: %s", cwmp_main->conf.acs_ssl_capath); + char *cert = get_value_from_uci_option(acs_tb[UCI_ACS_SSL_CAPATH]); + if (folder_exists(cert) == true) { + snprintf(cwmp_main->conf.acs_ssl_capath, sizeof(cwmp_main->conf.acs_ssl_capath), "%s", cert); + } else if (file_exists(cert) == true) { + snprintf(cwmp_main->conf.acs_ssl_cabundle, sizeof(cwmp_main->conf.acs_ssl_cabundle), "%s", cert); + } + CWMP_LOG(DEBUG, "CWMP CONFIG - acs ssl capath: %s", cert); cwmp_main->conf.retry_min_wait_interval = DEFAULT_RETRY_MINIMUM_WAIT_INTERVAL; char *acs_retry_min_wait_interval = get_value_from_uci_option(acs_tb[UCI_ACS_RETRY_MIN_WAIT_INTERVAL]);