[Libguestfs] [PATCH] curl: add proxy-cafile and proxy-capath
curl exposes the --proxy-cafile and --proxy-capath options via libcurl
CURLOPT_PROXY_CAINFO and CURLOPT_PROXY_CAPATH respectively.
this patch adds the matching proxy-cainfo and proxy-capath options to
the nbdkit curl plugin.
Signed-off-by: Adi Aloni <aaloni(a)redhat.com>
---
plugins/curl/config.c | 14 ++++++++++++++
plugins/curl/nbdkit-curl-plugin.pod | 4 ++++
tests/test-curl-options.sh | 2 ++
3 files changed, 20 insertions(+)
diff --git a/plugins/curl/config.c b/plugins/curl/config.c
index 3e98178a..e951078b 100644
--- a/plugins/curl/config.c
+++ b/plugins/curl/config.c
@@ -73,6 +73,8 @@ static const char *protocols = NULL;
static const char *proxy = NULL;
static char *proxy_password = NULL;
static const char *proxy_user = NULL;
+static const char *proxy_cainfo = NULL;
+static const char *proxy_capath = NULL;
static struct curl_slist *resolves = NULL;
static bool sslverify = true;
static const char *ssl_cipher_list = NULL;
@@ -369,6 +371,12 @@ curl_config (const char *key, const char *value)
else if (strcmp (key, "proxy-user") == 0)
proxy_user = value;
+ else if (strcmp (key, "proxy-cainfo") == 0)
+ proxy_cainfo = value;
+
+ else if (strcmp (key, "proxy-capath") == 0)
+ proxy_capath = value;
+
else if (strcmp (key, "resolve") == 0) {
resolves = curl_slist_append (headers, value);
if (resolves == NULL) {
@@ -536,6 +544,8 @@ const char *curl_config_help =
"proxy=<PROXY> Set proxy URL.\n"
"proxy-password=<PASSWORD> The proxy password.\n"
"proxy-user=<USER> The proxy user.\n"
+ "proxy-cainfo=<CAINFO> Path to Proxy Certificate Authority file.\n"
+ "proxy-capath=<CAPATH> Path to directory with Proxy CA
certificates.\n"
"resolve=<HOST>:<PORT>:<ADDR> Custom host to IP address
resolution.\n"
"sslverify=false Do not verify SSL certificate of remote host.\n"
"ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n"
@@ -661,6 +671,10 @@ allocate_handle (void)
curl_easy_setopt (ch->c, CURLOPT_PROXYPASSWORD, proxy_password);
if (proxy_user)
curl_easy_setopt (ch->c, CURLOPT_PROXYUSERNAME, proxy_user);
+ if (proxy_cainfo)
+ curl_easy_setopt (ch->c, CURLOPT_PROXY_CAINFO, proxy_cainfo);
+ if (proxy_capath)
+ curl_easy_setopt (ch->c, CURLOPT_PROXY_CAPATH, proxy_capath);
if (!sslverify) {
curl_easy_setopt (ch->c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (ch->c, CURLOPT_SSL_VERIFYHOST, 0L);
diff --git a/plugins/curl/nbdkit-curl-plugin.pod b/plugins/curl/nbdkit-curl-plugin.pod
index 96940152..56990385 100644
--- a/plugins/curl/nbdkit-curl-plugin.pod
+++ b/plugins/curl/nbdkit-curl-plugin.pod
@@ -288,6 +288,10 @@ Set the proxy. See L<CURLOPT_PROXY(3)>.
=item B<proxy-user=>USERNAME
+=item B<proxy-cainfo=>FILENAME
+
+=item B<proxy-capath=>PATH
+
(nbdkit E<ge> 1.12)
Set the proxy username and password.
diff --git a/tests/test-curl-options.sh b/tests/test-curl-options.sh
index 3264bc3c..c70acb34 100755
--- a/tests/test-curl-options.sh
+++ b/tests/test-curl-options.sh
@@ -87,6 +87,8 @@ for opt in \
protocols=file,http,https \
proxy-password=secret \
proxy-user=eve \
+ proxy-cainfo=/dev/null \
+ proxy-capath=/dev/null \
resolve=example.com:443:127.0.0.1 \
sslverify=false \
ssl-version=default \
--
2.49.0