#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
+#include <openssl/ssl.h>
#endif
#if defined(HAVE_GPGME)
#include "opkg_defines.h"
#include "libbb/libbb.h"
+#ifdef HAVE_PATHFINDER
+#include "opkg_pathfinder.h"
+#endif
+
#if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL)
static void openssl_init(void);
#endif
}
#ifdef HAVE_CURL
- CURL *curl;
CURLcode res;
FILE * file = fopen (tmp_file_location, "w");
{
int err = 0;
pkg_t *pkg;
+
pkg = pkg_new();
- if (pkg == NULL)
- return ENOMEM;
if (str_starts_with(url, "http://")
|| str_starts_with(url, "ftp://")) {
pkg->state_want = SW_INSTALL;
pkg->state_flag |= SF_PREFER;
pkg = hash_insert_pkg(&conf->pkg_hash, pkg, 1,conf);
- if ( pkg == NULL ){
- fprintf(stderr, "%s : This should never happen. Report this Bug in bugzilla please \n ",__FUNCTION__);
- return 0;
- }
+
if (namep) {
- *namep = xstrdup(pkg->name);
+ *namep = pkg->name;
}
return 0;
}
"Can't read signature file (Corrupted ?)\n");
goto verify_file_end;
}
+#if defined(HAVE_PATHFINDER)
+ if(conf->check_x509_path){
+ if(!pkcs7_pathfinder_verify_signers(p7)){
+ opkg_message(conf, OPKG_ERROR, "pkcs7_pathfinder_verify_signers: "
+ "Path verification failed\n");
+ goto verify_file_end;
+ }
+ }
+#endif
// Open the Package file to authenticate
if (!(indata = BIO_new_file(text_file, "rb"))){
* CURLOPT_SSL_VERIFYPEER default is nonzero (curl => 7.10)
*/
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+ }else{
+#ifdef HAVE_PATHFINDER
+ if(conf->check_x509_path){
+ if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_ssl_ctx_function) != CURLE_OK){
+ opkg_message(conf, OPKG_DEBUG, "Failed to set ssl path verification callback\n");
+ }else{
+ curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL);
+ }
+ }
+#endif
}
/* certification authority file and/or path */