diff --git a/include/restclient-cpp/connection.h b/include/restclient-cpp/connection.h index 5f82c7c6..13018df7 100644 --- a/include/restclient-cpp/connection.h +++ b/include/restclient-cpp/connection.h @@ -28,6 +28,11 @@ namespace RestClient { typedef size_t (*WriteCallback)(void *data, size_t size, size_t nmemb, void *userdata); +/** + * @brief define type used for RestClient SSL context callback + */ +typedef CURLcode (*SSLCtxCallback)(CURL *curl, void *ssl_ctx, void *userptr); + /** * @brief Connection object for advanced usage */ @@ -266,6 +271,7 @@ class Connection { std::string unixSocketPath; char curlErrorBuf[CURL_ERROR_SIZE]; RestClient::WriteCallback writeCallback; + RestClient::SSLCtxCallback sslContextCallback; RestClient::Response* performCurlRequest(const std::string& uri, RestClient::Response* resp); RestClient::Response performCurlRequest(const std::string& uri); diff --git a/source/connection.cc b/source/connection.cc index e0dcbb7a..a24f9604 100644 --- a/source/connection.cc +++ b/source/connection.cc @@ -39,6 +39,13 @@ RestClient::Connection::Connection(const std::string& baseUrl) this->progressFn = NULL; this->progressFnData = NULL; this->writeCallback = RestClient::Helpers::write_callback; + + #if __cplusplus >= 201103L + this->sslContextCallback = nullptr; + #else + this->sslContextCallback = NULL; + #endif + this->verifyPeer = true; } @@ -348,6 +355,20 @@ writeCallback) { this->writeCallback = writeCallback; } +/** + * @brief Sets a callback to enable custom setting of the ssl context, + * at construction time. For details, + * see https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html + * + * @param callback - A user callback allowing for customization of the ssl + context at construction time. + * + */ +void RestClient::Connection::SetSSLContextCallback( + RestClient::SSLCtxCallback callback) { + this->sslContextCallback = callback; +} + /** * @brief helper function to get called from the actual request methods to * prepare the curlHandle for transfer with generic options, perform the @@ -401,6 +422,17 @@ RestClient::Connection::performCurlRequest(const std::string& uri, this->writeCallback); /** set data object to pass to callback function */ curl_easy_setopt(getCurlHandle(), CURLOPT_WRITEDATA, ret); + /** set ssl context callback function */ + #if __cplusplus >= 201103L + if (this->sslContextCallback != nullptr) { + curl_easy_setopt(getCurlHandle(), CURLOPT_SSL_CTX_FUNCTION, + this->sslContextCallback); + } + #else + if (this->sslContextCallback != NULL) { + curl_easy_setopt(getCurlHandle(), CURLOPT_SSL_CTX_FUNCTION, this->sslContextCallback); + } + #endif /** set the header callback function */ curl_easy_setopt(getCurlHandle(), CURLOPT_HEADERFUNCTION, Helpers::header_callback); diff --git a/test/test_connection.cc b/test/test_connection.cc index 6f62ab53..cb7ad0a1 100644 --- a/test/test_connection.cc +++ b/test/test_connection.cc @@ -65,6 +65,20 @@ TEST_F(ConnectionTestRemote, TestFailForInvalidCA) EXPECT_EQ(77, res.code); } +static CURLcode sslctx_fail_function(CURL *curl, void *ctx, void *parm) +{ + return CURLE_SSL_CONNECT_ERROR; +} + +TEST_F(ConnectionTestRemote, TestAllowSettingSSLContext) +{ + // setting a callback which returns error. The call should fail. + conn->SetSSLContextCallback(*sslctx_fail_function); + RestClient::Response res = conn->get("/get"); + + EXPECT_EQ(CURLE_SSL_CONNECT_ERROR, res.code); +} + TEST_F(ConnectionTestRemote, TestAllowInsecure) { // set a non-existing file for the CA file, should allow access anyway