diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2022-12-20 23:16:12 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2022-12-20 23:16:12 +0200 |
| commit | a77e28ab60f7fec2290405ffb1c32d1b673dd8b2 (patch) | |
| tree | 054f900f135785c4740bffef54d1969548343bf7 | |
| parent | b50dc5fbe4ff6426870b27e730bf7cd883cf9349 (diff) | |
| download | apk-tools-a77e28ab60f7fec2290405ffb1c32d1b673dd8b2.tar.gz apk-tools-a77e28ab60f7fec2290405ffb1c32d1b673dd8b2.tar.bz2 apk-tools-a77e28ab60f7fec2290405ffb1c32d1b673dd8b2.tar.xz apk-tools-a77e28ab60f7fec2290405ffb1c32d1b673dd8b2.zip | |
apk, fetch: implement --no-check-certificate
fixes #10650
| -rw-r--r-- | doc/apk.8.scd | 3 | ||||
| -rw-r--r-- | libfetch/common.c | 13 | ||||
| -rw-r--r-- | libfetch/fetch.h | 2 | ||||
| -rw-r--r-- | src/apk.c | 4 |
4 files changed, 20 insertions, 2 deletions
diff --git a/doc/apk.8.scd b/doc/apk.8.scd index e749e67..86eae96 100644 --- a/doc/apk.8.scd +++ b/doc/apk.8.scd @@ -146,6 +146,9 @@ The following options are available for all commands. *--no-cache* Do not use any local cache path. +*--no-check-certificate* + Do not validate the HTTPS server certificates. + *--no-interactive* Disable interactive mode. diff --git a/libfetch/common.c b/libfetch/common.c index 248b575..c217635 100644 --- a/libfetch/common.c +++ b/libfetch/common.c @@ -55,6 +55,8 @@ /*** Local data **************************************************************/ +static int ssl_verify_mode = SSL_VERIFY_PEER; + /* * Error messages for resolver errors */ @@ -79,6 +81,12 @@ fetch_finderr(struct fetcherr *p, int e) return (p); } +void +fetch_no_check_certificate(void) +{ + ssl_verify_mode = SSL_VERIFY_NONE; +} + /* * Set error code */ @@ -466,7 +474,7 @@ static int fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) else SSL_CTX_set_default_verify_paths(ctx); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + SSL_CTX_set_verify(ctx, ssl_verify_mode, 0); return 1; } @@ -569,7 +577,8 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) NULL) != 1) { fprintf(stderr, "SSL certificate subject doesn't match host %s\n", URL->host); - return -1; + if (ssl_verify_mode != SSL_VERIFY_NONE) + return -1; } } diff --git a/libfetch/fetch.h b/libfetch/fetch.h index 66b77f4..0c07c05 100644 --- a/libfetch/fetch.h +++ b/libfetch/fetch.h @@ -101,6 +101,8 @@ struct url_list { extern "C" { #endif +void fetch_no_check_certificate(void); + void fetchIO_close(fetchIO *); ssize_t fetchIO_read(fetchIO *, void *, size_t); ssize_t fetchIO_write(fetchIO *, const void *, size_t); @@ -71,6 +71,7 @@ static void version(struct apk_out *out, const char *prefix) OPT(OPT_GLOBAL_interactive, APK_OPT_SH("i") "interactive") \ OPT(OPT_GLOBAL_keys_dir, APK_OPT_ARG "keys-dir") \ OPT(OPT_GLOBAL_no_cache, "no-cache") \ + OPT(OPT_GLOBAL_no_check_certificate, "no-check-certificate") \ OPT(OPT_GLOBAL_no_interactive, "no-interactive") \ OPT(OPT_GLOBAL_no_logfile, "no-logfile") \ OPT(OPT_GLOBAL_no_network, "no-network") \ @@ -190,6 +191,9 @@ static int option_parse_global(void *ctx, struct apk_ctx *ac, int opt, const cha case OPT_GLOBAL_no_cache: ac->flags |= APK_NO_CACHE; break; + case OPT_GLOBAL_no_check_certificate: + fetch_no_check_certificate(); + break; case OPT_GLOBAL_cache_dir: ac->cache_dir = optarg; break; |