[rtorrent] - Adopt insecure SSL patch (as commandline option) (#669251)

konradm konradm at fedoraproject.org
Thu Jan 13 04:07:00 UTC 2011 

commit 74ff2b6641d11ce3d67430242fb7f52b146b2e75
Author: Conrad Meyer <cemeyer at cs.washington.edu>
Date:   Wed Jan 12 20:06:46 2011 -0800

    - Adopt insecure SSL patch (as commandline option) (#669251)

 rtorrent-0.8.7-optional-https-noverify.patch |   41 ++++++++++++++++++++++++++
 rtorrent.spec                                |    9 +++++-
 2 files changed, 49 insertions(+), 1 deletions(-)
---
diff --git a/rtorrent-0.8.7-optional-https-noverify.patch b/rtorrent-0.8.7-optional-https-noverify.patch
new file mode 100644
index 0000000..2f771d9
--- /dev/null
+++ b/rtorrent-0.8.7-optional-https-noverify.patch
@@ -0,0 +1,41 @@
+--- rtorrent-0.8.7/src/command_network.cc	2010-10-08 08:33:01.000000000 +1300
++++ rtorrent-0.8.7/src/command_network.cc	2011-01-13 16:21:58.831309734 +1300
+@@ -480,6 +480,7 @@ initialize_command_network() {
+   CMD2_ANY_STRING_V("network.http.proxy_address.set", std::tr1::bind(&core::CurlStack::set_http_proxy, httpStack, std::tr1::placeholders::_2));
+   CMD2_ANY         ("network.http.max_open",          std::tr1::bind(&core::CurlStack::max_active, httpStack));
+   CMD2_ANY_VALUE_V ("network.http.max_open.set",      std::tr1::bind(&core::CurlStack::set_max_active, httpStack, std::tr1::placeholders::_2));
++  CMD2_VAR_BOOL    ("network.https.insecure", false);
+ 
+   CMD2_ANY         ("network.send_buffer.size",        std::tr1::bind(&torrent::ConnectionManager::send_buffer_size, cm));
+   CMD2_ANY_VALUE_V ("network.send_buffer.size.set",    std::tr1::bind(&torrent::ConnectionManager::set_send_buffer_size, cm, std::tr1::placeholders::_2));
+@@ -42,6 +42,7 @@ 
+ #include <torrent/exceptions.h>
+ 
+ #include "rak/functional.h"
++#include "rpc/parse_commands.h"
+ #include "curl_get.h"
+ #include "curl_socket.h"
+ #include "curl_stack.h"
+@@ -164,6 +165,11 @@ CurlStack::add_get(CurlGet* get) {
+   if (!m_httpCaCert.empty())
+     curl_easy_setopt(get->handle(), CURLOPT_CAINFO, m_httpCaCert.c_str());
+ 
++  if (rpc::call_command_value("network.https.insecure")) {
++    curl_easy_setopt(get->handle(), CURLOPT_SSL_VERIFYPEER, 0);
++    curl_easy_setopt(get->handle(), CURLOPT_SSL_VERIFYHOST, 0);
++  }
++
+   base_type::push_back(get);
+ 
+   if (m_active >= m_maxActive)
+@@ -563,6 +563,10 @@ main(int argc, char** argv) {
+       CMD2_REDIRECT_GENERIC("http_proxy", "network.http.proxy_address.set");
+       CMD2_REDIRECT        ("get_http_proxy", "network.http.proxy_address");
+       CMD2_REDIRECT_GENERIC("set_http_proxy", "network.http.proxy_address.set");
++      
++      CMD2_REDIRECT        ("https_insecure", "network.https.insecure.set");
++      CMD2_REDIRECT        ("get_https_insecure", "network.https.insecure");
++      CMD2_REDIRECT_GENERIC("set_https_insecure", "network.https.insecure.set");
+ 
+       CMD2_REDIRECT        ("peer_exchange", "protocol.pex.set");
+       CMD2_REDIRECT        ("get_peer_exchange", "protocol.pex");
diff --git a/rtorrent.spec b/rtorrent.spec
index 9e063a5..f6b142a 100644
--- a/rtorrent.spec
+++ b/rtorrent.spec
@@ -3,7 +3,7 @@ Name:          rtorrent
 License:       GPLv2+ with exceptions
 Group:         Applications/Internet
 Version:       0.8.7
-Release:       3%{?dist}
+Release:       4%{?dist}
 Summary:       BitTorrent client based on libtorrent 
 URL:           http://rtorrent.rakshasa.no/
 Source0:       http://libtorrent.rakshasa.no/downloads/rtorrent-%{version}.tar.gz
@@ -11,6 +11,8 @@ Source0:       http://libtorrent.rakshasa.no/downloads/rtorrent-%{version}.tar.g
 # see comments at patch below
 Patch0:        rtorrent-0.8.6-fallocate.patch
 Patch1:        rtorrent.libxmlrpcFTBFS.patch
+# Add OPTIONAL noverify SSL support (rhbz #669251)
+Patch2:        rtorrent-0.8.7-optional-https-noverify.patch
 BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: curl-devel
@@ -34,6 +36,8 @@ of directories for torrent files to seed and/or download.
 %patch0 -p1 -b .fallocate
 # http://libtorrent.rakshasa.no/ticket/2327
 %patch1 -p1 -b .ftbfs
+# http://libtorrent.rakshasa.no/ticket/1402
+%patch2 -p1 -b .https_noverify
 
 %build
 %configure --with-xmlrpc-c
@@ -56,6 +60,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/rtorrent*
 
 %changelog
+* Wed Jan 12 2011 Conrad Meyer <konrad at tylerc.org> - 0.8.7-4
+- Adopt insecure SSL patch (as commandline option) (#669251)
+
 * Thu Oct 28 2010 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 0.8.7-3
 - manually install the man page to correct location

More information about the scm-commits mailing list