From a72dc2bb447e754295f8efc6f44fc6572f0f8511 Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Mon, 19 Dec 2011 18:57:20 +0100
Subject: Add verify argument to ssl_connect() so HTTPS-based stuff is also
 secure. (Think of Twitter, but also MSN/Yahoo! authentication.)

---
 lib/http_client.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'lib/http_client.c')

diff --git a/lib/http_client.c b/lib/http_client.c
index 02e5ebbe..514daf80 100644
--- a/lib/http_client.c
+++ b/lib/http_client.c
@@ -46,7 +46,7 @@ struct http_request *http_dorequest( char *host, int port, int ssl, char *reques
 	
 	if( ssl )
 	{
-		req->ssl = ssl_connect( host, port, http_ssl_connected, req );
+		req->ssl = ssl_connect( host, port, TRUE, http_ssl_connected, req );
 		if( req->ssl == NULL )
 			error = 1;
 	}
@@ -162,7 +162,8 @@ static gboolean http_connected( gpointer data, int source, b_input_condition con
 	return FALSE;
 	
 error:
-	req->status_string = g_strdup( "Error while writing HTTP request" );
+	if( req->status_string == NULL )
+		req->status_string = g_strdup( "Error while writing HTTP request" );
 	
 	req->func( req );
 	http_free( req );
@@ -175,7 +176,17 @@ static gboolean http_ssl_connected( gpointer data, int returncode, void *source,
 	struct http_request *req = data;
 	
 	if( source == NULL )
+	{
+		if( returncode != 0 )
+		{
+			char *err = ssl_verify_strerror( returncode );
+			req->status_string = g_strdup_printf(
+				"Certificate verification problem 0x%x: %s",
+				returncode, err ? err : "Unknown" );
+			g_free( err );
+		}
 		return http_connected( data, -1, cond );
+	}
 	
 	req->fd = ssl_getfd( source );
 	
@@ -439,7 +450,7 @@ got_reply:
 	
 		if( new_proto == PROTO_HTTPS )
 		{
-			req->ssl = ssl_connect( new_host, new_port, http_ssl_connected, req );
+			req->ssl = ssl_connect( new_host, new_port, TRUE, http_ssl_connected, req );
 			if( req->ssl == NULL )
 				error = 1;
 		}
-- 
cgit v1.2.3