write_http: expose more TLS options

author Ingmar Runge <ingmar@irsoft.de>

Sun, 20 Jul 2014 12:15:22 +0000 (14:15 +0200)

committer Ingmar Runge <ingmar@irsoft.de>

Sun, 20 Jul 2014 12:23:40 +0000 (14:23 +0200)
author Ingmar Runge <ingmar@irsoft.de>
Sun, 20 Jul 2014 12:15:22 +0000 (14:15 +0200)
committer Ingmar Runge <ingmar@irsoft.de>
Sun, 20 Jul 2014 12:23:40 +0000 (14:23 +0200)
diff --git a/src/write_http.c b/src/write_http.c

index ed8d834..6dc7b36 100644 (file)
--- a/src/write_http.c
+++ b/src/write_http.c
@@ -49,6 +49,11 @@ struct wh_callback_s
          _Bool verify_peer;
          _Bool verify_host;
          char *cacert;
+        char *capath;
+        char *clientkey;
+        char *clientcert;
+        char *clientkeypass;
+        long sslversion;
          _Bool store_rates;
  
  #define WH_FORMAT_COMMAND 0
@@ -150,8 +155,20 @@ static int wh_callback_init (wh_callback_t *cb) /* {{{ */
          curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYPEER, (long) cb->verify_peer);
          curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYHOST,
                          cb->verify_host ? 2L : 0L);
+        curl_easy_setopt (cb->curl, CURLOPT_SSLVERSION, cb->sslversion);
          if (cb->cacert != NULL)
                  curl_easy_setopt (cb->curl, CURLOPT_CAINFO, cb->cacert);
+        if (cb->capath != NULL)
+                curl_easy_setopt (cb->curl, CURLOPT_CAPATH, cb->capath);
+
+        if (cb->clientkey != NULL && cb->clientcert != NULL)
+        {
+            curl_easy_setopt (cb->curl, CURLOPT_SSLKEY, cb->clientkey);
+            curl_easy_setopt (cb->curl, CURLOPT_SSLCERT, cb->clientcert);
+
+            if (cb->clientkeypass != NULL)
+                curl_easy_setopt (cb->curl, CURLOPT_SSLKEYPASSWD, cb->clientkeypass);
+        }
  
          wh_reset_buffer (cb);
  
@@ -269,6 +286,10 @@ static void wh_callback_free (void *data) /* {{{ */
          sfree (cb->pass);
          sfree (cb->credentials);
          sfree (cb->cacert);
+        sfree (cb->capath);
+        sfree (cb->clientkey);
+        sfree (cb->clientcert);
+        sfree (cb->clientkeypass);
  
          sfree (cb);
  } /* }}} void wh_callback_free */
@@ -474,15 +495,10 @@ static int wh_config_url (oconfig_item_t *ci) /* {{{ */
                  return (-1);
          }
          memset (cb, 0, sizeof (*cb));
-        cb->location = NULL;
-        cb->user = NULL;
-        cb->pass = NULL;
-        cb->credentials = NULL;
          cb->verify_peer = 1;
          cb->verify_host = 1;
-        cb->cacert = NULL;
          cb->format = WH_FORMAT_COMMAND;
-        cb->curl = NULL;
+        cb->sslversion = CURL_SSLVERSION_DEFAULT;
  
          pthread_mutex_init (&cb->send_lock, /* attr = */ NULL);
  
@@ -504,6 +520,42 @@ static int wh_config_url (oconfig_item_t *ci) /* {{{ */
                          cf_util_get_boolean (child, &cb->verify_host);
                  else if (strcasecmp ("CACert", child->key) == 0)
                          cf_util_get_string (child, &cb->cacert);
+                else if (strcasecmp ("CAPath", child->key) == 0)
+                        cf_util_get_string (child, &cb->capath);
+                else if (strcasecmp ("ClientKey", child->key) == 0)
+                        cf_util_get_string (child, &cb->clientkey);
+                else if (strcasecmp ("ClientCert", child->key) == 0)
+                        cf_util_get_string (child, &cb->clientcert);
+                else if (strcasecmp ("ClientKeyPass", child->key) == 0)
+                        cf_util_get_string (child, &cb->clientkeypass);
+                else if (strcasecmp ("SSLVersion", child->key) == 0)
+                {
+                        char *value = NULL;
+
+                        cf_util_get_string (child, &value);
+
+                        if (value == NULL || strcasecmp ("default", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_DEFAULT;
+                        else if (strcasecmp ("SSLv2", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_SSLv2;
+                        else if (strcasecmp ("SSLv3", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_SSLv3;
+                        else if (strcasecmp ("TLSv1", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_TLSv1;
+#if (LIBCURL_VERSION_MAJOR > 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 34)
+                        else if (strcasecmp ("TLSv1_0", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_TLSv1_0;
+                        else if (strcasecmp ("TLSv1_1", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_TLSv1_1;
+                        else if (strcasecmp ("TLSv1_2", value) == 0)
+                                cb->sslversion = CURL_SSLVERSION_TLSv1_2;
+#endif
+                        else
+                                ERROR ("write_http plugin: Invalid SSLVersion "
+                                                "option: %s.", value);
+
+                        sfree(value);
+                }
                  else if (strcasecmp ("Format", child->key) == 0)
                          config_set_format (cb, child);
                  else if (strcasecmp ("StoreRates", child->key) == 0)
author	Ingmar Runge <ingmar@irsoft.de>
	Sun, 20 Jul 2014 12:15:22 +0000 (14:15 +0200)
committer	Ingmar Runge <ingmar@irsoft.de>
	Sun, 20 Jul 2014 12:23:40 +0000 (14:23 +0200)