Skip to content

Commit 9f005c3

Browse files
author
Felipe Zimmerle
committed
mlgoc: Adds option to enable or disable the SSL checks
Added the configuration option `InsecureNoCheckCert' to the mlogc configuration file. This option allow to establish connections ignoring SSL checks.
1 parent 73d7955 commit 9f005c3

File tree

2 files changed

+36
-6
lines changed

2 files changed

+36
-6
lines changed

mlogc/mlogc-default.conf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,3 +96,10 @@ ServerErrorTimeout 60
9696
# KeepAlive 150
9797
# KeepAliveTimeout 300
9898

99+
100+
# When set to '0', mlogc will validate the certificate and the whole
101+
# chain, the root certificate most be trusted. If this check fail the
102+
# connection will be dropped. To ignore the SSL checks, set InsecureNoCheckCert
103+
# to '1'
104+
InsecureNoCheckCert 1
105+

mlogc/mlogc.c

Lines changed: 29 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,7 @@ static apr_pool_t *thread_pool = NULL;
157157
static apr_pool_t *recv_pool = NULL;
158158
static apr_array_header_t *queue = NULL;
159159
static const char *queue_path = NULL;
160+
static int ssl_validation = 0;
160161
/* static apr_time_t queue_time = 0; */
161162
static void *requestline_regex = NULL;
162163
static int running = 0;
@@ -831,6 +832,20 @@ static void init_configuration(void)
831832
"CheckpointInterval=%d", checkpoint_interval);
832833
}
833834

835+
s = apr_table_get(conf, "InsecureNoCheckCert");
836+
if (s != NULL) {
837+
int num = atoi(s);
838+
if (num)
839+
{
840+
ssl_validation = 0;
841+
}
842+
else
843+
{
844+
ssl_validation = 1;
845+
}
846+
error_log(LOG_DEBUG2, NULL, "InsecureNoCheckCert=%d", num);
847+
}
848+
834849
s = apr_table_get(conf, "QueuePath");
835850
if (s != NULL) {
836851
queue_path = file_path(s);
@@ -1216,16 +1231,24 @@ static void logc_init(void)
12161231
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL);
12171232
curl_easy_setopt(curl, CURLOPT_URL, console_uri);
12181233
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1219-
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
1220-
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
1234+
1235+
if (ssl_validation)
1236+
{
1237+
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
1238+
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
1239+
}
1240+
else
1241+
{
1242+
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
1243+
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
1244+
}
1245+
1246+
12211247
/* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl
12221248
* < v7.34.0
12231249
*/
1224-
#ifdef WITH_CURL_SSLVERSION_TLSv1_2
1225-
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
1226-
#else
12271250
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
1228-
#endif
1251+
12291252
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
12301253
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
12311254
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);

0 commit comments

Comments
 (0)