Changed: Make sslCtxFunction private and don't include curl.h in header

--HG--
branch : develop

code/nel/include/nel/gui/curl_certificates.h

@@ -19,7 +19,8 @@
 
 #include "nel/misc/types_nl.h"
 
-#include <curl/curl.h>
+// forward declaration to avoid curl.h inclusion everywhere
+typedef void CURL;
 
 namespace NLGUI
 {
@@ -32,8 +33,8 @@ namespace NLGUI
 		// allow to use custom PEM certificates
 		static void addCertificateFile(const std::string &cert);
 
-		// cURL SSL certificate loading
+		// set all CURL options to use custom SSL context function
-		static CURLcode sslCtxFunction(CURL *curl, void *sslctx, void *parm);
+		static void useCertificates(CURL *curl);
 	};
 
 } // namespace

code/nel/src/gui/curl_certificates.cpp

@@ -23,6 +23,8 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
+#include <curl/curl.h>
+
 using namespace std;
 using namespace NLMISC;
 
@@ -201,23 +203,8 @@ namespace NLGUI
 	/// this will be initialized on startup and cleared on exit
 	static SX509Certificates x509CertListManager;
 
-	// ***************************************************************************
+	// cURL SSL certificate loading
-	// static
+	static CURLcode sslCtxFunction(CURL *curl, void *sslctx, void *parm)
-	void CCurlCertificates::init(CURL *curl)
-	{
-		x509CertListManager.init(curl);
-	}
-
-	// ***************************************************************************
-	// static
-	void CCurlCertificates::addCertificateFile(const std::string &cert)
-	{
-		x509CertListManager.addCertificatesFromFile(cert);
-	}
-
-	// ***************************************************************************
-	// static
-	CURLcode CCurlCertificates::sslCtxFunction(CURL *curl, void *sslctx, void *parm)
 	{
 		CURLcode res = CURLE_OK;
 
@@ -282,5 +269,39 @@ namespace NLGUI
 		return res;
 	}
 
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::init(CURL *curl)
+	{
+		x509CertListManager.init(curl);
+	}
+
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::addCertificateFile(const std::string &cert)
+	{
+		x509CertListManager.addCertificatesFromFile(cert);
+	}
+
+	// ***************************************************************************
+	// static
+	void CCurlCertificates::useCertificates(CURL *curl)
+	{
+		// CURL must be valid, using OpenSSL backend and certificates must be loaded, else return
+		if (!curl || !isUsingOpenSSLBackend || x509CertListManager.CertList.empty()) return;
+
+		curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
+
+		// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
+		if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &sslCtxFunction) != CURLE_OK)
+		{
+			nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
+		}
+
+		// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
+		curl_easy_setopt(curl, CURLOPT_CAINFO, NULL);
+		curl_easy_setopt(curl, CURLOPT_CAPATH, NULL);
+	}
+
 }// namespace
 

code/nel/src/gui/group_html.cpp

@@ -404,15 +404,8 @@ namespace NLGUI
 			// specify custom CA certs
 			CCurlCertificates::addCertificateFile(options.curlCABundle);
 
-			// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
+			// if supported, use custom SSL context function to load certificates
-			if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction) != CURLE_OK)
+			CCurlCertificates::useCertificates(curl);
-			{
-				nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
-			}
-
-			// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
-			curl_easy_setopt(curl, CURLOPT_CAINFO, NULL);
-			curl_easy_setopt(curl, CURLOPT_CAPATH, NULL);
 		}
 
 		download.data = new CCurlWWWData(curl, download.url);
@@ -5350,14 +5343,14 @@ namespace NLGUI
 		// https://
 		if (toLower(url.substr(0, 8)) == "https://")
 		{
-#if defined(NL_OS_WINDOWS)
+			// check if compiled with OpenSSL backend
-			curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, &CCurlCertificates::sslCtxFunction);
+			CCurlCertificates::init(curl);
-#else
+
-			if (!options.curlCABundle.empty())
+			// specify custom CA certs
-			{
+			CCurlCertificates::addCertificateFile(options.curlCABundle);
-				curl_easy_setopt(curl, CURLOPT_CAINFO, options.curlCABundle.c_str());
+
-			}
+			// if supported, use custom SSL context function to load certificates
-#endif
+			CCurlCertificates::useCertificates(curl);
 		}
 
 		// do not follow redirects, we have own handler

code/ryzom/client/src/http_client_curl.cpp

@@ -70,7 +70,6 @@ bool CCurlHttpClient::verifyServer(bool verify)
 {
 	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYHOST, verify ? 2 : 0);
 	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYPEER, verify ? 1 : 0);
-	curl_easy_setopt(_Curl, CURLOPT_SSLCERTTYPE, "PEM");
 
 	// check if compiled with OpenSSL backend
 	NLGUI::CCurlCertificates::init(_Curl);
@@ -78,15 +77,9 @@ bool CCurlHttpClient::verifyServer(bool verify)
 	// specify custom CA certs
 	NLGUI::CCurlCertificates::addCertificateFile(CAFilename);
 
-	// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
+	// if supported, use custom SSL context function to load certificates
-	if (curl_easy_setopt(_Curl, CURLOPT_SSL_CTX_FUNCTION, &NLGUI::CCurlCertificates::sslCtxFunction) != CURLE_OK)
+	NLGUI::CCurlCertificates::useCertificates(_Curl);
-	{
-		nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
-	}
 
-	// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
-	curl_easy_setopt(_Curl, CURLOPT_CAINFO, NULL);
-	curl_easy_setopt(_Curl, CURLOPT_CAPATH, NULL);
 	return true;
 }