diff options
Diffstat (limited to 'src/curl/curl.c')
| -rw-r--r-- | src/curl/curl.c | 99 |
1 files changed, 71 insertions, 28 deletions
diff --git a/src/curl/curl.c b/src/curl/curl.c index 1410294e4..483c9b671 100644 --- a/src/curl/curl.c +++ b/src/curl/curl.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2019-2020 Taler Systems SA + Copyright (C) 2019-2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -24,20 +24,65 @@ #include "platform.h" #include "taler_curl_lib.h" + #if TALER_CURL_COMPRESS_BODIES #include <zlib.h> #endif -/** - * Add the @a body as POST data to the easy handle in @a ctx. - * - * @param[in,out] ctx a request context (updated) - * @param eh easy handle to use - * @param body JSON body to add to @e ctx - * @return #GNUNET_OK on success #GNUNET_SYSERR on failure - */ -int +void +TALER_curl_set_secure_redirect_policy (CURL *eh, + const char *url) +{ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_FOLLOWLOCATION, + 1L)); + GNUNET_assert ( (0 == strncasecmp (url, + "https://", + strlen ("https://"))) || + (0 == strncasecmp (url, + "http://", + strlen ("http://"))) ); +#ifdef CURLOPT_REDIR_PROTOCOLS_STR + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "https")); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "http,https")); +#else +#ifdef CURLOPT_REDIR_PROTOCOLS + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTPS)); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTP | CURLPROTO_HTTPS)); +#endif +#endif + /* limit MAXREDIRS to 5 as a simple security measure against + a potential infinite loop caused by a malicious target */ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_MAXREDIRS, + 5L)); +} + + +enum GNUNET_GenericReturnValue TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, CURL *eh, const json_t *body) @@ -53,7 +98,8 @@ TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, return GNUNET_SYSERR; } slen = strlen (str); -#if TALER_CURL_COMPRESS_BODIES + if (TALER_CURL_COMPRESS_BODIES && + (! ctx->disable_compression) ) { Bytef *cbuf; uLongf cbuf_size; @@ -75,19 +121,21 @@ TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, free (str); slen = (size_t) cbuf_size; ctx->json_enc = (char *) cbuf; + GNUNET_assert ( + NULL != + (ctx->headers = curl_slist_append ( + ctx->headers, + "Content-Encoding: deflate"))); } - GNUNET_assert - (NULL != (ctx->headers = curl_slist_append - (ctx->headers, - "Content-Encoding: deflate"))); -#else - ctx->json_enc = str; -#endif - - GNUNET_assert - (NULL != (ctx->headers = curl_slist_append - (ctx->headers, - "Content-Type: application/json"))); + else + { + ctx->json_enc = str; + } + GNUNET_assert ( + NULL != + (ctx->headers = curl_slist_append ( + ctx->headers, + "Content-Type: application/json"))); GNUNET_assert (CURLE_OK == curl_easy_setopt (eh, @@ -101,11 +149,6 @@ TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, } -/** - * Free the data in @a ctx. - * - * @param[in] ctx a request context (updated) - */ void TALER_curl_easy_post_finished (struct TALER_CURL_PostContext *ctx) { |