mirror/ImHex
1
0
Fork 0
mirror of https://github.com/WerWolv/ImHex.git synced 2026-04-30 17:00:41 -05:00
Code Issues Packages Projects Releases Wiki Activity

net: Fix SSL verification with curl

Browse Source 
This fixes update detection
This commit is contained in:
WerWolv
2021-08-22 20:22:46 +02:00
parent 95d84f78e3
commit 66f94a452d
3 changed files with 211 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/libimhex/source/helpers/net.cpp
+24 -12
View File
@@ -4,15 +4,18 @@
#include <filesystem>
#include <mbedtls/ssl.h>
#include <mbedtls/x509.h>
#include <mbedtls/x509_crt.h>
#include <mbedtls/error.h>
#include <hex/resources.hpp>
namespace hex {
Net::Net() {
curl_global_init(CURL_GLOBAL_DEFAULT);
curl_global_sslset(CURLSSLBACKEND_MBEDTLS, nullptr, nullptr);
curl_global_init(CURL_GLOBAL_ALL);
this->m_ctx = curl_easy_init();
}
@@ -26,6 +29,18 @@ namespace hex {
return size * nmemb;
}
static CURLcode sslCtxFunction(CURL *ctx, void *sslctx, void *userdata) {
auto* cfg = static_cast<mbedtls_ssl_config*>(sslctx);
static mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
mbedtls_ssl_conf_ca_chain(cfg, &crt, nullptr);
return CURLE_OK;
}
static void setCommonSettings(CURL *ctx, std::string &response, std::string_view path, const std::map<std::string, std::string> &extraHeaders, const std::string &body) {
struct curl_slist *headers = nullptr;
headers = curl_slist_append(headers, "Cache-Control: no-cache");
@@ -42,28 +57,25 @@ namespace hex {
if (!body.empty())
curl_easy_setopt(ctx, CURLOPT_POSTFIELDS, body.c_str());
curl_easy_setopt(ctx, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(ctx, CURLOPT_USERAGENT, "ImHex/1.0");
curl_easy_setopt(ctx, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
curl_easy_setopt(ctx, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2);
curl_easy_setopt(ctx, CURLOPT_URL, path.data());
curl_easy_setopt(ctx, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(ctx, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(ctx, CURLOPT_USERAGENT, "ImHex/1.0");
curl_easy_setopt(ctx, CURLOPT_DEFAULT_PROTOCOL, "https");
curl_easy_setopt(ctx, CURLOPT_WRITEFUNCTION, writeToString);
curl_easy_setopt(ctx, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(ctx, CURLOPT_SSL_VERIFYHOST, 1L);
curl_easy_setopt(ctx, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(ctx, CURLOPT_CAINFO, nullptr);
curl_easy_setopt(ctx, CURLOPT_CAPATH, nullptr);
curl_easy_setopt(ctx, CURLOPT_SSL_CTX_DATA, [](CURL *ctx, void *sslctx, void *userdata) -> CURLcode {
auto* mbedtlsCert = static_cast<mbedtls_x509_crt*>(sslctx);
mbedtls_x509_crt_init(mbedtlsCert);
mbedtls_x509_crt_parse(mbedtlsCert, cacert, cacert_size);
return CURLE_OK;
});
curl_easy_setopt(ctx, CURLOPT_SSLCERTTYPE, "PEM");
curl_easy_setopt(ctx, CURLOPT_SSL_CTX_FUNCTION, sslCtxFunction);
curl_easy_setopt(ctx, CURLOPT_WRITEDATA, &response);
curl_easy_setopt(ctx, CURLOPT_TIMEOUT_MS, 2000L);
curl_easy_setopt(ctx, CURLOPT_CONNECTTIMEOUT_MS, 2000L);
curl_easy_setopt(ctx, CURLOPT_NOPROGRESS, 1L);
curl_easy_setopt(ctx, CURLOPT_NOSIGNAL, 1L);
}
Response<std::string> Net::getString(std::string_view url) {
plugins/libimhex/source/resources.cpp
+76 -33
View File
@@ -1,43 +1,86 @@
#if defined(OS_WINDOWS)
#define RESOURCE(name, path) __asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#define RESOURCE(name, path) \
__asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#define RESOURCE_NULL_TERMINATED(name, path) \
__asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
".byte 0\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#elif defined(OS_MACOS)
#define RESOURCE(name, path) __asm__ ( \
".text;\n" \
".global " #name ";\n" \
".global " #name "_size;\n" \
#name ":\n" \
".incbin \"" path "\";\n" \
#name "_size:\n" \
".int " #name "_size - " #name ";\n" \
".align 8;\n" \
)
#define RESOURCE_NULL_TERMINATED(name, path) \
__asm__ ( \
".global " #name ";\n" \
".global " #name "_size;\n" \
#name ":\n" \
".incbin \"" path "\";\n" \
#name "_size:\n" \
".int " #name "_size - " #name ";\n" \
".align 8;\n" \
)
#define RESOURCE_NULL_TERMINATED(name, path) \
__asm__ ( \
".global " #name ";\n" \
".global " #name "_size;\n" \
#name ":\n" \
".incbin \"" path "\";\n" \
".byte 0\n" \
#name "_size:\n" \
".int " #name "_size - " #name ";\n" \
".align 8;\n" \
)
#elif defined(OS_LINUX)
#define RESOURCE(name, path) __asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
".type " #name ", @object\n" \
".size " #name "_size, 1\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#define RESOURCE(name, path) \
__asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
".byte 0\n" \
".type " #name ", @object\n" \
".size " #name "_size, 1\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#define RESOURCE_NULL_TERMINATED(name, path) \
__asm__ ( \
".section .rodata\n" \
".global " #name "\n" \
".global " #name "_size\n" \
#name ":\n" \
".incbin \"" path "\"\n" \
".byte 0\n" \
".type " #name ", @object\n" \
".size " #name "_size, 1\n" \
#name "_size:\n" \
".int " #name "_size - " #name "\n" \
".align 8\n" \
)
#endif
@@ -48,4 +91,4 @@ RESOURCE(banner_dark, "../../../res/resources/banner_dark.png");
RESOURCE(splash, "../../../res/resources/splash.png");
RESOURCE(imhex_logo, "../../../res/resources/logo.png");
RESOURCE(cacert, "../../../res/resources/cacert.pem");
RESOURCE_NULL_TERMINATED(cacert, "../../../res/resources/cacert.pem");