From 2ff13efd377eb84d7f0e2e259f430a5db62ba561 Mon Sep 17 00:00:00 2001 From: Bastian Dehn Date: Tue, 31 Dec 2024 16:18:32 +0100 Subject: [PATCH] add option ssl verification --- src/kds_s2000w_client.c | 39 +++++++++++++++++++-------------------- src/kds_s2000w_config.c | 4 +++- src/kds_s2000w_config.h | 1 + src/kds_s2000w_net.conf | 4 +++- 4 files changed, 26 insertions(+), 22 deletions(-) diff --git a/src/kds_s2000w_client.c b/src/kds_s2000w_client.c index 1517a7d..bb61fd8 100644 --- a/src/kds_s2000w_client.c +++ b/src/kds_s2000w_client.c @@ -68,6 +68,15 @@ void _kds_s2000w_client_print_error_result(CURLcode result) fprintf(stderr, "ERROR: curl_easy_perform: %s\n", curl_easy_strerror(result)); } +void _kds_s2000w_client_set_ssl_verification_off(CURL* curl) +{ + if (p_config.ssl_verify) + return; + + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); +} + response* kds_s2000w_client_response_init() { debug_printf(ALL, "kds_s2000w_client_response_init"); @@ -144,8 +153,7 @@ int kds_s2000w_client_open_session(response* response) sprintf(body, "{\"OCPUserName\": \"%s\"}", p_config.username); curl_easy_setopt(curl, CURLOPT_POST, 1L); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, body); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -196,8 +204,7 @@ void kds_s2000w_client_close_session(int64_t sessionid) curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE"); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); @@ -244,8 +251,7 @@ int kds_s2000w_client_status_session(int64_t sessionid, response* response) curl_easy_setopt(curl, CURLOPT_WRITEDATA, stream); curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -302,8 +308,7 @@ int kds_s2000w_client_start_scan(int64_t sessionid, response* response) curl_easy_setopt(curl, CURLOPT_POST, 1L); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -360,8 +365,7 @@ int kds_s2000w_client_stop_scan(int64_t sessionid, response* response) curl_easy_setopt(curl, CURLOPT_POST, 1L); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -420,8 +424,7 @@ int kds_s2000w_client_get_image(int64_t sessionid, int img_number, response* res curl_easy_setopt(curl, CURLOPT_WRITEDATA, stream); curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -482,8 +485,7 @@ int kds_s2000w_client_delete_image(int64_t sessionid, int img_number, response* curl_easy_setopt(curl, CURLOPT_WRITEDATA, stream); curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE"); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -535,8 +537,7 @@ int kds_s2000w_client_get_capabilities(response* response) curl_easy_setopt(curl, CURLOPT_WRITEDATA, stream); curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -590,8 +591,7 @@ int kds_s2000w_client_get_option(int64_t sessionid, response* response) curl_easy_setopt(curl, CURLOPT_WRITEDATA, stream); curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); @@ -644,8 +644,7 @@ int kds_s2000w_client_set_option(int64_t sessionid, response* response) curl_easy_setopt(curl, CURLOPT_POSTFIELDS, response->data); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, response->size); curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT"); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + _kds_s2000w_client_set_ssl_verification_off(curl); CURLcode result = curl_easy_perform(curl); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response->code); diff --git a/src/kds_s2000w_config.c b/src/kds_s2000w_config.c index ecf72f8..8850a90 100644 --- a/src/kds_s2000w_config.c +++ b/src/kds_s2000w_config.c @@ -51,6 +51,7 @@ void load_config(program_config* config, const char* config_stream) CFG_STR("username", "", CFGF_NONE), CFG_STR("scanner_url", "", CFGF_NONE), CFG_INT("heartbeat_seconds", 0, CFGF_NONE), + CFG_INT("ssl_verify", 0, CFGF_NONE), CFG_END() }; @@ -69,10 +70,11 @@ void load_config(program_config* config, const char* config_stream) memcpy(config->username, value_str, str_length); config->heartbeat = cfg_getint(cfg, "heartbeat_seconds"); - if (config->heartbeat < 1) config->heartbeat = 1; + config->ssl_verify = cfg_getint(cfg, "ssl_verify"); + cfg_free(cfg); cfg = NULL; } \ No newline at end of file diff --git a/src/kds_s2000w_config.h b/src/kds_s2000w_config.h index eb8a5ac..f3d0c42 100644 --- a/src/kds_s2000w_config.h +++ b/src/kds_s2000w_config.h @@ -5,6 +5,7 @@ typedef struct { char* scanner_url; char* username; unsigned int heartbeat; + int ssl_verify; } program_config; extern program_config p_config; diff --git a/src/kds_s2000w_net.conf b/src/kds_s2000w_net.conf index ecfd01c..29ba13e 100644 --- a/src/kds_s2000w_net.conf +++ b/src/kds_s2000w_net.conf @@ -1,4 +1,6 @@ scanner_url = "https://scanner.example.com" username = "muster" # Scanner heart beat is by default 1 seconds before check next scan status, -# heartbeat_seconds = 1 \ No newline at end of file +# heartbeat_seconds = 1 +# SSL Verification default 0 (OFF) +# ssl_verify = 1 \ No newline at end of file -- 2.39.5