github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improves the CA validation

Browse Source 
On IIS CA validation was not working as libcurl on windows does not look for a
certificate store, unless it is specified. The resource downloads are now
respecting the SecRemoteRulesFailAction.
This commit is contained in:
Felipe Zimmerle
2014-11-17 04:16:29 -08:00
parent b02256cf1e
commit 9fe72b72de
9 changed files with 3969 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apache2/msc_remote_rules.c
View File

@@ -274,6 +274,11 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
if (curl)
{
struct curl_slist *headers_chunk = NULL;
#ifdef WIN32
char *buf = malloc(sizeof(TCHAR) * (2048 + 1));
char *ptr = NULL;
DWORD res_len;
#endif
curl_easy_setopt(curl, CURLOPT_URL, remote_rules_server->uri);
headers_chunk = curl_slist_append(headers_chunk, apr_id);
@@ -286,6 +291,14 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
/* Make it TLS 1.x only. */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
#ifdef WIN32
res_len = SearchPathA(NULL, "curl-ca-bundle.crt", NULL, (2048 + 1), buf, &ptr);
if (res_len > 0) {
curl_easy_setopt(curl, CURLOPT_CAINFO, strdup(buf));
}
free(buf);
#endif
/* those are the default options, but lets make sure */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);