summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Woodward2015-11-30 19:43:13 -0500
committerJason Woodward2015-11-30 19:51:53 -0500
commitc6084d5564129976ff6916ee3cb604ce208a5101 (patch)
treec0e7cca92b607dae8819ccae65c4279f5e05ccc7
parenta3a2e3e0db131a92dc3717b250a37dc2a6dc46af (diff)
downloadslapt-get-c6084d5564129976ff6916ee3cb604ce208a5101.tar.gz
add SLAPT_NO_SSL_VERIFYPERR environment variable check
-rw-r--r--ChangeLog3
-rw-r--r--FAQ9
-rw-r--r--FAQ.html9
-rw-r--r--src/curl.c8
-rw-r--r--src/curl.h2
5 files changed, 30 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index f3b6ef9..43f0b9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
+0.10.2s Nov 30, 2015
+ * add SLAPT_NO_SSL_VERIFYPERR environment check
+
0.10.2r Jul 05, 2014
* fix conflict/reverse dep resolution when installing an alternative
diff --git a/FAQ b/FAQ
index 4f5e0b6..dcf8c2b 100644
--- a/FAQ
+++ b/FAQ
@@ -58,6 +58,7 @@ Frequently Asked Questions:
55. How do I support GPG signature verification in my package repository?
56. What does "GPGME: Bad file descriptor, GPG key could not be imported." mean?
57. How do I assign priorities to my package sources?
+58. How do I get around "Peer certificate cannot be authenticated with given CA certificates."?
@@ -1266,4 +1267,12 @@ Frequently Asked Questions:
If you do not care for the priority assignment, you can remove the priority
attributes from your sources (if present, or never add them if not).
+58. How do I get around "Peer certificate cannot be authenticated with given CA certificates."?
+
+ Self signed certificates that cannot be verified cause libcurl to fail the connection.
+
+ To disable this, set the SLAPT_NO_SSL_VERIFYPERR environment variable.
+
+ See also http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
+
diff --git a/FAQ.html b/FAQ.html
index b2671d3..959f928 100644
--- a/FAQ.html
+++ b/FAQ.html
@@ -72,6 +72,7 @@
<a href="#slgFAQ55">55. How do I support GPG signature verification in my package repository?</a>
<a href="#slgFAQ56">56. What does "GPGME: Bad file descriptor, GPG key could not be imported." mean?</a>
<a href="#slgFAQ57">57. How do I assign priorities to my package sources?</a>
+<a href="#slgFAQ58">58. How do I get around "Peer certificate cannot be authenticated with given CA certificates."?</a>
@@ -1280,6 +1281,14 @@
If you do not care for the priority assignment, you can remove the priority
attributes from your sources (if present, or never add them if not).
+<a name="slgFAQ58"><b>58. How do I get around "Peer certificate cannot be authenticated with given CA certificates."?</b></a>
+
+ Self signed certificates that cannot be verified cause libcurl to fail the connection.
+
+ To disable this, set the SLAPT_NO_SSL_VERIFYPERR environment variable.
+
+ See also http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
+
</pre>
diff --git a/src/curl.c b/src/curl.c
index 9c64620..27fadbc 100644
--- a/src/curl.c
+++ b/src/curl.c
@@ -55,6 +55,10 @@ int slapt_download_data(FILE *fh,const char *url,size_t bytes,long *filetime,
curl_easy_setopt(ch, CURLOPT_FILETIME, 1);
curl_easy_setopt(ch, CURLOPT_FOLLOWLOCATION, 1);
+ /* ugh, if someone wants to do this */
+ if (getenv(SLAPT_NO_SSL_VERIFYPEER))
+ curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 0);
+
headers = curl_slist_append(headers, "Pragma: "); /* override no-cache */
if (global_config->dl_stats != SLAPT_TRUE) {
@@ -73,8 +77,10 @@ int slapt_download_data(FILE *fh,const char *url,size_t bytes,long *filetime,
curl_easy_setopt(ch, CURLOPT_RESUME_FROM, bytes);
}
- if ((response = curl_easy_perform(ch)) != CURLE_OK)
+ if ((response = curl_easy_perform(ch)) != CURLE_OK) {
+ fprintf(stderr, "%s... ", curl_easy_strerror(response));
return_code = response;
+ }
if ( filetime != NULL )
curl_easy_getinfo(ch, CURLINFO_FILETIME, filetime);
diff --git a/src/curl.h b/src/curl.h
index b63ddf5..ac05ef4 100644
--- a/src/curl.h
+++ b/src/curl.h
@@ -16,6 +16,8 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+#define SLAPT_NO_SSL_VERIFYPEER "SLAPT_NO_SSL_VERIFYPERR"
+
/*
download data to file, resuming from bytes and preserving filetime.
returns curl code