[23242] trunk/base

source_changes at macosforge.org source_changes at macosforge.org
Tue Mar 27 16:13:09 PDT 2007 

Revision: 23242
          http://trac.macosforge.org/projects/macports/changeset/23242
Author:   pguyot at kallisys.net
Date:     2007-03-27 16:13:09 -0700 (Tue, 27 Mar 2007)

Log Message:
-----------
New option to ignore SSL certificate when fetching files over HTTPS.

Modified Paths:
--------------
    trunk/base/doc/portfile.7
    trunk/base/src/pextlib1.0/curl.c
    trunk/base/src/port1.0/portfetch.tcl

Modified: trunk/base/doc/portfile.7
===================================================================
--- trunk/base/doc/portfile.7	2007-03-27 23:00:32 UTC (rev 23241)
+++ trunk/base/doc/portfile.7	2007-03-27 23:13:09 UTC (rev 23242)
@@ -651,6 +651,15 @@
 .Sy Default:
 .Em yes
 .br
+.It Ic fetch.ignore_sslcrt
+Whether to ignore the host SSL certificate (for HTTPS).
+.br
+.Sy Type:
+.Em optional
+.br
+.Sy Default:
+.Em no
+.br
 .El
 .Ss FETCHING FROM CVS
 As an alternative to fetching distribution files, pulling the sources

Modified: trunk/base/src/pextlib1.0/curl.c
===================================================================
--- trunk/base/src/pextlib1.0/curl.c	2007-03-27 23:00:32 UTC (rev 23241)
+++ trunk/base/src/pextlib1.0/curl.c	2007-03-27 23:13:09 UTC (rev 23242)
@@ -124,7 +124,7 @@
 /**
  * curl fetch subcommand entry point.
  *
- * syntax: curl fetch [-v] [--disable-epsv] [-u userpass] [--effective-url lasturlvar] url filename
+ * syntax: curl fetch [-v] [--disable-epsv] [--ignore-ssl-cert] [-u userpass] [--effective-url lasturlvar] url filename
  *
  * @param interp		current interpreter
  * @param objc			number of parameters
@@ -141,6 +141,7 @@
 		long theResponseCode = 0;
 		int noprogress = 1;
 		int useepsv = 1;
+		int ignoresslcert = 0;
 		const char* theUserPassString = NULL;
 		const char* effectiveURLVarName = NULL;
 		char* effectiveURL = NULL;
@@ -164,6 +165,8 @@
 				noprogress = 0;
 			} else if (strcmp(theOption, "--disable-epsv") == 0) {
 				useepsv = 0;
+			} else if (strcmp(theOption, "--ignore-ssl-cert") == 0) {
+				ignoresslcert = 1;
 			} else if (strcmp(theOption, "-u") == 0) {
 				/* check we also have the parameter */
 				if (optioncrsr < lastoption) {
@@ -278,6 +281,20 @@
 			theResult = SetResultFromCurlErrorCode(interp, theCurlCode);
 			break;
 		}
+		
+		/* we may want to ignore ssl errors */
+		if (ignoresslcert) {
+			theCurlCode = curl_easy_setopt(theHandle, CURLOPT_SSL_VERIFYPEER, (long) 0);
+			if (theCurlCode != CURLE_OK) {
+				theResult = SetResultFromCurlErrorCode(interp, theCurlCode);
+				break;
+			}
+			theCurlCode = curl_easy_setopt(theHandle, CURLOPT_SSL_VERIFYHOST, (long) 0);
+			if (theCurlCode != CURLE_OK) {
+				theResult = SetResultFromCurlErrorCode(interp, theCurlCode);
+				break;
+			}
+		}
 
 		/* set the l/p, if any */
 		if (theUserPassString) {

Modified: trunk/base/src/port1.0/portfetch.tcl
===================================================================
--- trunk/base/src/port1.0/portfetch.tcl	2007-03-27 23:00:32 UTC (rev 23241)
+++ trunk/base/src/port1.0/portfetch.tcl	2007-03-27 23:13:09 UTC (rev 23242)
@@ -42,7 +42,7 @@
 
 # define options: distname master_sites
 options master_sites patch_sites extract.suffix distfiles patchfiles use_zip use_bzip2 dist_subdir \
-	fetch.type fetch.user fetch.password fetch.use_epsv \
+	fetch.type fetch.user fetch.password fetch.use_epsv fetch.ignore_sslcert \
 	master_sites.mirror_subdir patch_sites.mirror_subdir portname \
 	cvs.module cvs.root cvs.password cvs.date cvs.tag \
 	svn.url svn.tag
@@ -84,6 +84,8 @@
 default fetch.password ""
 # Use EPSV for FTP transfers
 default fetch.use_epsv "yes"
+# Ignore SSL certificate
+default fetch.ignore_sslcert "no"
 
 default fallback_mirror_site "opendarwin"
 default mirror_sites.listfile {"mirror_sites.tcl"}
@@ -381,7 +383,7 @@
 # the listed url varable and associated distfile
 proc fetchfiles {args} {
 	global distpath all_dist_files UI_PREFIX fetch_urls
-	global fetch.user fetch.password fetch.use_epsv
+	global fetch.user fetch.password fetch.use_epsv fetch.ignore_sslcert
 	global distfile site
 	global portverbose
 
@@ -399,6 +401,9 @@
 	if {${fetch.use_epsv} != "yes"} {
 		lappend fetch_options "--disable-epsv"
 	}
+	if {${fetch.ignore_sslcert} != "no"} {
+		lappend fetch_options "--ignore-ssl-cert"
+	}
 	if {$portverbose == "yes"} {
 		lappend fetch_options "-v"
 	}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-changes/attachments/20070327/d9398eb9/attachment.html

More information about the macports-changes mailing list