Package: newsbeuter / 2.9-8

18-ssl-verify.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
Description: Add a config option to control SSL verification
 SSL verification was off by default, this patch enables it and adds the
 'ssl-verify' config option in case someone needs to be able to connect to
 servers with a self-signed certificate.
Origin: upstream, https://github.com/akrennmair/newsbeuter/commit//52d86c5b49933f57a1783f653be353de9e7c051c
Bug: https://github.com/akrennmair/newsbeuter/pull/354

--- a/doc/configcommands.dsv
+++ b/doc/configcommands.dsv
@@ -63,6 +63,7 @@
 pager|[<path>/internal]|internal|If set to "internal", then the internal pager will be used. Otherwise, the article to be displayed will be rendered to be a temporary file and then displayed with the configured pager. If the pager path is set to an empty string, the content of the "PAGER" environment variable will be used. If the pager path contains a placeholder "%f", it will be replaced with the temporary filename.|less %f
 podcast-auto-enqueue|[yes/no]|no|If yes, then all podcast URLs that are found in articles are added to the podcast download queue. See the respective section in the documentation for more information on podcast support in newsbeuter.|podcast-auto-enqueue yes
 prepopulate-query-feeds|[yes/no]|no|If yes, then all query feeds are prepopulated with articles on startup.|prepopulate-query-feeds yes
+ssl-verify|[yes/no]|yes|If no, skip SSL certificate validation.|ssl-verify no
 proxy|<server:port>|n/a|Set the proxy to use for downloading RSS feeds.|proxy localhost:3128
 proxy-auth|<auth>|n/a|Set the proxy authentication string.|proxy-auth user:password
 proxy-auth-method|<method>|any|Set proxy authentication method. Allowed values: any, basic, digest, digest_ie (only available with libcurl 7.19.3 and newer), gssnegotiate, ntlm, anysafe.|proxy-auth-method ntlm
--- a/rss/parser.cpp
+++ b/rss/parser.cpp
@@ -25,8 +25,8 @@
 
 namespace rsspp {
 
-parser::parser(unsigned int timeout, const char * user_agent, const char * proxy, const char * proxy_auth, curl_proxytype proxy_type)
-	: to(timeout), ua(user_agent), prx(proxy), prxauth(proxy_auth), prxtype(proxy_type), doc(0), lm(0) {
+parser::parser(unsigned int timeout, const char * user_agent, const char * proxy, const char * proxy_auth, curl_proxytype proxy_type, const bool ssl_verify)
+	: to(timeout), ua(user_agent), prx(proxy), prxauth(proxy_auth), prxtype(proxy_type), verify_ssl(ssl_verify), doc(0), lm(0) {
 }
 
 parser::~parser() {
@@ -88,7 +88,7 @@
 		api->configure_handle(easyhandle);
 	}
 	curl_easy_setopt(easyhandle, CURLOPT_URL, url.c_str());
-	curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 0);
+	curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, verify_ssl);
 	curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, my_write_data);
 	curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, &buf);
 	curl_easy_setopt(easyhandle, CURLOPT_NOSIGNAL, 1);
--- a/rss/rsspp.h
+++ b/rss/rsspp.h
@@ -73,7 +73,7 @@
 
 class parser {
 	public:
-		parser(unsigned int timeout = 30, const char * user_agent = 0, const char * proxy = 0, const char * proxy_auth = 0, curl_proxytype proxy_type = CURLPROXY_HTTP);
+		parser(unsigned int timeout = 30, const char * user_agent = 0, const char * proxy = 0, const char * proxy_auth = 0, curl_proxytype proxy_type = CURLPROXY_HTTP, const bool ssl_verify = true);
 		~parser();
 		feed parse_url(const std::string& url, time_t lastmodified = 0, const std::string& etag = "", newsbeuter::remote_api * api = 0, const std::string& cookie_cache = "", CURL *ehandle = 0);
 		feed parse_buffer(const char * buffer, size_t size, const char * url = NULL);
@@ -95,6 +95,7 @@
 		const char * prx;
 		const char * prxauth;
 		curl_proxytype prxtype;
+		const bool verify_ssl;
 		xmlDocPtr doc;
 		time_t lm;
 		std::string et;
--- a/src/configcontainer.cpp
+++ b/src/configcontainer.cpp
@@ -89,6 +89,7 @@
 	config_data["pager"] = configdata("internal", configdata::PATH);
 	config_data["history-limit"] = configdata("100", configdata::INT);
 	config_data["prepopulate-query-feeds"] = configdata("false", configdata::BOOL);
+	config_data["ssl-verify"] = configdata("true", configdata::BOOL);
 	config_data["goto-first-unread"] = configdata("true", configdata::BOOL);
 	config_data["proxy-type"] = configdata("http", "http", "socks4", "socks4a", "socks5", NULL); // enum
 	config_data["oldreader-login"] = configdata("", configdata::STR);
--- a/src/rss_parser.cpp
+++ b/src/rss_parser.cpp
@@ -157,7 +157,7 @@
 		try {
 			std::string useragent = utils::get_useragent(cfgcont);
 			LOG(LOG_DEBUG, "rss_parser::download_http: user-agent = %s", useragent.c_str());
-			rsspp::parser p(cfgcont->get_configvalue_as_int("download-timeout"), useragent.c_str(), proxy.c_str(), proxy_auth.c_str(), utils::get_proxy_type(proxy_type));
+			rsspp::parser p(cfgcont->get_configvalue_as_int("download-timeout"), useragent.c_str(), proxy.c_str(), proxy_auth.c_str(), utils::get_proxy_type(proxy_type), cfgcont->get_configvalue_as_bool("ssl-verify"));
 			time_t lm = 0;
 			std::string etag;
 			if (!ign || !ign->matches_lastmodified(uri)) {
--- a/src/utils.cpp
+++ b/src/utils.cpp
@@ -817,7 +817,7 @@
 		cookie_cache = cfg->get_configvalue("cookie-cache");
 	}
 
-	curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0);
+	curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, cfg->get_configvalue_as_bool("ssl-verify"));
 	curl_easy_setopt(handle, CURLOPT_NOSIGNAL, 1);
 	curl_easy_setopt(handle, CURLOPT_ENCODING, "gzip, deflate");
 	curl_easy_setopt(handle, CURLOPT_TIMEOUT, dl_timeout);