diff options
Diffstat (limited to 'src/curl/curl.c')
-rw-r--r-- | src/curl/curl.c | 82 |
1 files changed, 69 insertions, 13 deletions
diff --git a/src/curl/curl.c b/src/curl/curl.c index 5009fa3cf..483c9b671 100644 --- a/src/curl/curl.c +++ b/src/curl/curl.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2019-2021 Taler Systems SA + Copyright (C) 2019-2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -30,6 +30,58 @@ #endif +void +TALER_curl_set_secure_redirect_policy (CURL *eh, + const char *url) +{ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_FOLLOWLOCATION, + 1L)); + GNUNET_assert ( (0 == strncasecmp (url, + "https://", + strlen ("https://"))) || + (0 == strncasecmp (url, + "http://", + strlen ("http://"))) ); +#ifdef CURLOPT_REDIR_PROTOCOLS_STR + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "https")); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "http,https")); +#else +#ifdef CURLOPT_REDIR_PROTOCOLS + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTPS)); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTP | CURLPROTO_HTTPS)); +#endif +#endif + /* limit MAXREDIRS to 5 as a simple security measure against + a potential infinite loop caused by a malicious target */ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_MAXREDIRS, + 5L)); +} + + enum GNUNET_GenericReturnValue TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, CURL *eh, @@ -46,7 +98,8 @@ TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, return GNUNET_SYSERR; } slen = strlen (str); -#if TALER_CURL_COMPRESS_BODIES + if (TALER_CURL_COMPRESS_BODIES && + (! ctx->disable_compression) ) { Bytef *cbuf; uLongf cbuf_size; @@ -68,18 +121,21 @@ TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, free (str); slen = (size_t) cbuf_size; ctx->json_enc = (char *) cbuf; + GNUNET_assert ( + NULL != + (ctx->headers = curl_slist_append ( + ctx->headers, + "Content-Encoding: deflate"))); } - GNUNET_assert (NULL != (ctx->headers = curl_slist_append ( - ctx->headers, - "Content-Encoding: deflate"))); -#else - ctx->json_enc = str; -#endif - - GNUNET_assert - (NULL != (ctx->headers = curl_slist_append ( - ctx->headers, - "Content-Type: application/json"))); + else + { + ctx->json_enc = str; + } + GNUNET_assert ( + NULL != + (ctx->headers = curl_slist_append ( + ctx->headers, + "Content-Type: application/json"))); GNUNET_assert (CURLE_OK == curl_easy_setopt (eh, |