github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

mlgoc: Adds option to enable or disable the SSL checks

Browse Source 
Added the configuration option `InsecureNoCheckCert' to the mlogc
configuration file. This option allow to establish connections ignoring
SSL checks.
This commit is contained in:
Felipe Zimmerle 2014-11-14 12:39:34 -08:00
parent 73d7955ac1
commit 9f005c3ded
2 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
mlogc/mlogc-default.conf
View File

@ -96,3 +96,10 @@ ServerErrorTimeout 60
# KeepAlive 150 # KeepAlive 150
# KeepAliveTimeout 300 # KeepAliveTimeout 300
# When set to '0', mlogc will validate the certificate and the whole
# chain, the root certificate most be trusted. If this check fail the
# connection will be dropped. To ignore the SSL checks, set InsecureNoCheckCert
# to '1'
InsecureNoCheckCert 1

35
mlogc/mlogc.c
View File

@ -157,6 +157,7 @@ static apr_pool_t *thread_pool = NULL;
static apr_pool_t *recv_pool = NULL; static apr_pool_t *recv_pool = NULL;
static apr_array_header_t *queue = NULL; static apr_array_header_t *queue = NULL;
static const char *queue_path = NULL; static const char *queue_path = NULL;
static int ssl_validation = 0;
/* static apr_time_t queue_time = 0; */ /* static apr_time_t queue_time = 0; */
static void *requestline_regex = NULL; static void *requestline_regex = NULL;
static int running = 0; static int running = 0;
@ -831,6 +832,20 @@ static void init_configuration(void)
"CheckpointInterval=%d", checkpoint_interval); "CheckpointInterval=%d", checkpoint_interval);
} }
s = apr_table_get(conf, "InsecureNoCheckCert");
if (s != NULL) {
int num = atoi(s);
if (num)
{
ssl_validation = 0;
}
else
{
ssl_validation = 1;
}
error_log(LOG_DEBUG2, NULL, "InsecureNoCheckCert=%d", num);
}
s = apr_table_get(conf, "QueuePath"); s = apr_table_get(conf, "QueuePath");
if (s != NULL) { if (s != NULL) {
queue_path = file_path(s); queue_path = file_path(s);
@ -1216,16 +1231,24 @@ static void logc_init(void)
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL);
curl_easy_setopt(curl, CURLOPT_URL, console_uri); curl_easy_setopt(curl, CURLOPT_URL, console_uri);
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); if (ssl_validation)
{
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
}
else
{
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
}
/* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl /* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl
* < v7.34.0 * < v7.34.0
*/ */
#ifdef WITH_CURL_SSLVERSION_TLSv1_2
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
#else
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
#endif
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE); curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE); curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);