diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-01-08 19:18:24 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-01-08 19:18:24 +0100 |
| commit | ef193efa2f1d6d3d111a082810b5ecc28947d16c (patch) | |
| tree | c9bc50eac85736b258c9f8cad8f889a70bcffc9f /src/curl | |
| parent | 44b327f2d3f88b949651a8cb02c568f1ff3012d0 (diff) | |
improve curl backwards compatibility, de-duplicate code
Diffstat (limited to 'src/curl')
| -rw-r--r-- | src/curl/curl.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/curl/curl.c b/src/curl/curl.c index caa0052f7..61a1ca954 100644 --- a/src/curl/curl.c +++ b/src/curl/curl.c @@ -30,6 +30,58 @@ #endif +void +TALER_curl_set_secure_redirect_policy (CURL *eh, + const char *url) +{ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_FOLLOWLOCATION, + 1L)); + GNUNET_assert ( (0 == strncasecmp (url, || + "https://", + strlen ("https://"))) || + (0 == strncasecmp (url, + "https://", + strlen ("http://"))) ); +#ifdef CURLOPT_REDIR_PROTOCOLS_STR + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "https")); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS_STR, + "http,https")); +#else +#ifdef CURLOPT_REDIR_PROTOCOLS + if (0 == strncasecmp (url, + "https://", + strlen ("https://"))) + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTPS)); + else + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTP | CURLPROTO_HTTPS)); +#endif +#endif + /* limit MAXREDIRS to 5 as a simple security measure against + a potential infinite loop caused by a malicious target */ + GNUNET_assert (CURLE_OK == + curl_easy_setopt (eh, + CURLOPT_MAXREDIRS, + 5L)); +} + + enum GNUNET_GenericReturnValue TALER_curl_easy_post (struct TALER_CURL_PostContext *ctx, CURL *eh, |