SeanOMik
/
znc-push
mirror of https://github.com/SeanOMik/znc-push.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #57 from Kami/specify_curl_ssl_options_update_readme 

Force older versions of cURL to verify server SSL certificate, update readme, add module version to the User-Agent header
This commit is contained in:
John Reese 2013-11-17 10:39:06 -08:00
parent 7b9129caca f579d64076
commit 2a5242b139
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -31,16 +31,26 @@ ZNC Push was created by [John Reese](http://johnmreese.com) and designed to fill
personal need. It may not fit your use cases, but any and all feedback would be greatly personal need. It may not fit your use cases, but any and all feedback would be greatly
appreciated. appreciated.
Dependencies
Compiling ------------
---------
If you have installed ZNC from a Linux distribution's repository, you will most likely If you have installed ZNC from a Linux distribution's repository, you will most likely
need to install the development package before building this module. On Ubuntu, this can need to install the development package before building this module. On Ubuntu, this can
be installed with: be installed with:
$ sudo aptitude install znc-dev $ sudo aptitude install znc-dev
Optionally, if you want to use libcurl for http requests, you also need to install cURL
development header files.
On Ubuntu, development headers can be installed by installing `libcurl3-dev` or
`libcurl4-openssl-dev` package:
$ sudo aptitude install libcurl4-openssl-dev
Compiling
---------
If you have `make` installed, you can compile the module with: If you have `make` installed, you can compile the module with:
$ make $ make
@ -59,13 +69,16 @@ If you would like to compile ZNC Push using libcurl for http requests, you must
If libcurl is not in the default system library paths, you will need to populate `$CXXFLAGS` If libcurl is not in the default system library paths, you will need to populate `$CXXFLAGS`
with the appropriate GCC flags so that it can find and link ZNC Push with libcurl. with the appropriate GCC flags so that it can find and link ZNC Push with libcurl.
Note: You are strongly encouraged to use libcurl transport. The reason for that is, that
the default CSocket transport doesn't verify server's SSL certificate which leaves you
vulnerable to MITM attacks.
Installation Installation
------------ ------------
Copy the compiled module into your ZNC profile: Copy the compiled module into your ZNC profile:
$ cp push.so ~/.znc/modules/ $ make install
Now, load the module in ZNC: Now, load the module in ZNC:

9
push.cpp
View File

@ -52,7 +52,7 @@ class CPushSocket : public CSocket
parent = (CPushMod*) p; parent = (CPushMod*) p;
first = true; first = true;
crlf = "\r\n"; crlf = "\r\n";
user_agent = "ZNC Push"; user_agent = "ZNC Push/" + CString(PUSHVERSION);
} }
// Implemented after CPushMod // Implemented after CPushMod
@ -1500,6 +1500,8 @@ CURLcode make_curl_request(const CString& service_host, const CString& service_u
curl = curl_easy_init(); curl = curl_easy_init();
CString user_agent = "ZNC Push/" + CString(PUSHVERSION);
CString url = CString(use_ssl ? "https" : "http") + "://" + service_host + service_url; CString url = CString(use_ssl ? "https" : "http") + "://" + service_host + service_url;
CString query = build_query_string(params); CString query = build_query_string(params);
@ -1508,9 +1510,12 @@ CURLcode make_curl_request(const CString& service_host, const CString& service_u
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
} }
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl, CURLOPT_URL, url.data()); curl_easy_setopt(curl, CURLOPT_URL, url.data());
curl_easy_setopt(curl, CURLOPT_PORT, port); curl_easy_setopt(curl, CURLOPT_PORT, port);
curl_easy_setopt(curl, CURLOPT_USERAGENT, "ZNC Push"); curl_easy_setopt(curl, CURLOPT_USERAGENT, user_agent.c_str());
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 3); // three seconds ought to be good enough for anyone, eh? curl_easy_setopt(curl, CURLOPT_TIMEOUT, 3); // three seconds ought to be good enough for anyone, eh?
if (service_auth != "") if (service_auth != "")