Fix a few issues with the C generator (part 5) #20313
Conversation
| } else { | ||
| curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L); | ||
| curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L); | ||
| curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L); |
There was a problem hiding this comment.
I'm curious if apiClient->sslConfig == NULL, where is the SSL configuraion for verification ?
There was a problem hiding this comment.
That's up to curl. According to their docs about the certificate authority here:
This option is by default set to the system path where libcurl's CA certificate bundle is assumed to be stored, as established at build time.
There was a problem hiding this comment.
You can see the value if you run curl-config --ca. In my system it's /etc/ssl/certs/ca-certificates.crt.
There was a problem hiding this comment.
I see. and agree with this change now.
User can set apiClient->sslConfig->insecureSkipTlsVerify if needed.
|
Excellent, thank you both. I just sent a new pull request here: #20332. |
* [C] Default to requiring valid SSL * Update samples --------- Co-authored-by: Sam Bingner <sam@corellium.com>
3 participants
One more patch from the original pull request at #14379. I'm sending this one on its own because it was controversial the last time (@ityuhui). At my company we need the C api to verify ssl certificates by default. We already apply this patch ourselves, but I think a safer default like this should be better for everyone. Of course I'll appreciate any feedback on the matter.
@wing328 @ityuhui @zhemant @michelealbano