8320051a3223d39076c23531af15640b8012f4a9 galt Fri Feb 4 17:39:50 2022 -0800 making https.c more consistent across all the settings. diff --git src/lib/https.c src/lib/https.c index 53c6cbc..a6ec0bc 100644 --- src/lib/https.c +++ src/lib/https.c @@ -5,34 +5,34 @@ #include "openssl/ssl.h" #include "openssl/err.h" #include <sys/socket.h> #include <unistd.h> #include <pthread.h> #include <signal.h> #include "common.h" #include "internet.h" #include "errAbort.h" #include "hash.h" #include "net.h" -char *https_cert_check = NULL; -char *https_cert_check_depth = NULL; -char *https_cert_check_verbose = NULL; -char *https_cert_check_domain_exceptions = NULL; +char *https_cert_check = "log"; // DEFAULT certificate check is log. +char *https_cert_check_depth = "9"; // DEFAULT depth check level is 9. +char *https_cert_check_verbose = "off"; // DEFAULT verbose is off. +char *https_cert_check_domain_exceptions = ""; // DEFAULT space separated list is empty string. char *https_proxy = NULL; char *log_proxy = NULL; char *SCRIPT_NAME = NULL; // For use with callback. Set a variable into the connection itself, // and then use that during the callback. struct myData { char *hostName; }; int myDataIndex = -1; @@ -71,57 +71,55 @@ BIO *sbio; // ssl bio }; static void xerrno(char *msg) { fprintf(stderr, "%s : %s\n", strerror(errno), msg); fflush(stderr); } static void xerr(char *msg) { fprintf(stderr, "%s\n", msg); fflush(stderr); } void initDomainWhiteListHash(); // forward declaration -char *mySetenv(char *setting, char *defaultValue) -/* avoid real setenv which causes problems in multi-threaded programs */ +void myGetenv(char **pMySetting, char *envSetting) +/* avoid setenv which causes problems in multi-threaded programs + * cloning the env var helps isolate it from other threads activity. */ { -char *thisSetting = getenv(setting); -if (thisSetting) - return cloneString(thisSetting); -else - return cloneString(defaultValue); +char *value = getenv(envSetting); +if (value) + *pMySetting = cloneString(value); } void openSslInit() /* do only once */ { static boolean done = FALSE; static pthread_mutex_t osiMutex = PTHREAD_MUTEX_INITIALIZER; pthread_mutex_lock( &osiMutex ); if (!done) { // setenv avoided since not thread-safe - https_cert_check = mySetenv("https_cert_check", "log"); // DEFAULT certificate check is log. - https_cert_check_depth = mySetenv("https_cert_check_depth", "9"); // DEFAULT depth check level is 9. - https_cert_check_verbose = mySetenv("https_cert_check_verbose", "off"); // DEFAULT verbose is off. - https_cert_check_domain_exceptions = mySetenv("https_cert_check_domain_exceptions", ""); // DEFAULT space separated list is empty string. - // getenv here for thread-safety - https_proxy = cloneString(getenv("https_proxy")); - log_proxy = cloneString(getenv("log_proxy")); - SCRIPT_NAME = cloneString(getenv("SCRIPT_NAME")); + myGetenv(&https_cert_check, "https_cert_check"); + myGetenv(&https_cert_check_depth, "https_cert_check_depth"); + myGetenv(&https_cert_check_verbose, "https_cert_check_verbose"); + myGetenv(&https_cert_check_domain_exceptions, "https_cert_check_domain_exceptions"); + myGetenv(&https_proxy, "https_proxy"); + myGetenv(&log_proxy, "log_proxy"); + myGetenv(&SCRIPT_NAME, "SCRIPT_NAME"); SSL_library_init(); ERR_load_crypto_strings(); ERR_load_SSL_strings(); OpenSSL_add_all_algorithms(); openssl_pthread_setup(); myDataIndex = SSL_get_ex_new_index(0, "myDataIndex", NULL, NULL, NULL); initDomainWhiteListHash(); done = TRUE; } pthread_mutex_unlock( &osiMutex ); } void *netConnectHttpsThread(void *threadParam)