From cdf70e501db562eb80a99b4c1dc3c51b8bb3143a Mon Sep 17 00:00:00 2001 From: Federico Fissore Date: Wed, 21 May 2014 09:47:49 +0200 Subject: [PATCH 1/2] Adds parameter "-k" to every way of calling curl, hence allowing calling https URLs without checking for the validity of SSL certificates. While this makes it a little insecure, nothing else can be done while keeping the HTTPClient API simple: openwrt does not have a SSL certificates bundle Advanced users concerned about security should call "curl" on their own using Process, supplying parameters such as "--cacert" Fixes #1860 --- libraries/Bridge/src/HttpClient.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libraries/Bridge/src/HttpClient.cpp b/libraries/Bridge/src/HttpClient.cpp index 68d23718e..dcbcec942 100644 --- a/libraries/Bridge/src/HttpClient.cpp +++ b/libraries/Bridge/src/HttpClient.cpp @@ -20,24 +20,28 @@ unsigned int HttpClient::get(String &url) { begin("curl"); + addParameter("-k"); addParameter(url); return run(); } unsigned int HttpClient::get(const char *url) { begin("curl"); + addParameter("-k"); addParameter(url); return run(); } void HttpClient::getAsynchronously(String &url) { begin("curl"); + addParameter("-k"); addParameter(url); runAsynchronously(); } void HttpClient::getAsynchronously(const char *url) { begin("curl"); + addParameter("-k"); addParameter(url); runAsynchronously(); } From 61826901ae9ab9d29c9c34e122e724b7f7394344 Mon Sep 17 00:00:00 2001 From: Federico Fissore Date: Wed, 21 May 2014 11:15:09 +0200 Subject: [PATCH 2/2] Added [no]checkSSL method that sets an "insecure" boolean flag. If insecure, "-k" parameter is added to curl and SSL certificates are not checked --- libraries/Bridge/src/HttpClient.cpp | 28 ++++++++++++++++++++++++---- libraries/Bridge/src/HttpClient.h | 6 ++++++ 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/libraries/Bridge/src/HttpClient.cpp b/libraries/Bridge/src/HttpClient.cpp index dcbcec942..c69a76160 100644 --- a/libraries/Bridge/src/HttpClient.cpp +++ b/libraries/Bridge/src/HttpClient.cpp @@ -18,30 +18,43 @@ #include "HttpClient.h" +HttpClient::HttpClient() : + insecure(false) { + // Empty +} + unsigned int HttpClient::get(String &url) { begin("curl"); - addParameter("-k"); + if (insecure) { + addParameter("-k"); + } addParameter(url); return run(); } unsigned int HttpClient::get(const char *url) { begin("curl"); - addParameter("-k"); + if (insecure) { + addParameter("-k"); + } addParameter(url); return run(); } void HttpClient::getAsynchronously(String &url) { begin("curl"); - addParameter("-k"); + if (insecure) { + addParameter("-k"); + } addParameter(url); runAsynchronously(); } void HttpClient::getAsynchronously(const char *url) { begin("curl"); - addParameter("-k"); + if (insecure) { + addParameter("-k"); + } addParameter(url); runAsynchronously(); } @@ -54,4 +67,11 @@ unsigned int HttpClient::getResult() { return exitValue(); } +void HttpClient::noCheckSSL() { + insecure = true; +} + +void HttpClient::checkSSL() { + insecure = false; +} diff --git a/libraries/Bridge/src/HttpClient.h b/libraries/Bridge/src/HttpClient.h index 00b6f9e55..97d311d98 100644 --- a/libraries/Bridge/src/HttpClient.h +++ b/libraries/Bridge/src/HttpClient.h @@ -23,6 +23,7 @@ class HttpClient : public Process { public: + HttpClient(); unsigned int get(String &url); unsigned int get(const char * url); @@ -30,6 +31,11 @@ class HttpClient : public Process { void getAsynchronously(const char * url); boolean ready(); unsigned int getResult(); + void noCheckSSL(); + void checkSSL(); + + private: + boolean insecure; };