search

rpm-software-management / librepo

A library providing C and Python (libcURL like) API for downloading packages and linux repository metadata in rpm-md format
http://rpm-software-management.github.io/librepo/
GNU Lesser General Public License v2.1
74 stars 91 forks source link

Add support for working with certificates used with proxy #227

Closed jrohel closed 3 years ago

jrohel commented 3 years ago

The code adds new options. C and Python unit tests are extended. Librepo version is increased to 1.13.0. Libcurl >=7.52.0 is required (needed for new options).

This also fix a bug. Libcurl >=7.28.0 was required before, but libcurl >=7.41.0 was needed for CURLOPT_SSL_VERIFYSTATUS (it uses LRO_SSLVERIFYSTATUS/LRI_SSLVERIFYSTATUS added some time ago).

Added options: LRO_PROXY_SSLVERIFYPEER, /!< (long 1 or 0) This option determines whether librepo verifies the authenticity of the proxy certificate. This trust is based on a chain of digital signatures, rooted in certification authority (CA) certificates. /

LRO_PROXY_SSLVERIFYHOST, /!< (long 1 or 0) This option determines whether librepo verifies the name of the proxy certificate against the host. /

LRO_PROXY_SSLCLIENTCERT, /!< (char ) Path to the PEM format SSL client certificate librepo should use when talking to the proxy. */

LRO_PROXY_SSLCLIENTKEY, /!< (char ) Path to the PEM format SSL client key librepo should use when talking to the proxy, if not included in the client certificate file. */

LRO_PROXY_SSLCACERT, /!< (char ) Path to a file containing the list of PEM format trusted CA certificates. Used for proxy. */

LRI_PROXY_SSLVERIFYPEER, /!< (long ) / LRI_PROXY_SSLVERIFYHOST, /!< (long ) / LRI_PROXY_SSLCLIENTCERT, /*!< (char ) / LRI_PROXY_SSLCLIENTKEY, /!< (char ) / LRI_PROXY_SSLCACERT, /!< (char *) /

Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1920991

Conan-Kudo commented 3 years ago

bors try

bors[bot] commented 3 years ago

try

Build succeeded: