mirror of
https://github.com/abraunegg/onedrive
synced 2026-03-14 14:35:46 +01:00
abraunegg
parent
b020455534
commit
538ebe4be6
2 changed files with 2 additions and 73 deletions
|
|
@ -540,46 +540,6 @@ class CurlEngine {
|
|||
// Return free memory to the OS
|
||||
GC.minimize();
|
||||
}
|
||||
|
||||
// Disable SSL certificate peer verification for libcurl operations.
|
||||
//
|
||||
// This function disables the verification of the SSL peer's certificate
|
||||
// by setting CURLOPT_SSL_VERIFYPEER to 0. This means that libcurl will
|
||||
// accept any certificate presented by the server, regardless of whether
|
||||
// it is signed by a trusted certificate authority.
|
||||
//
|
||||
// -------------------------------------------------------------------------------------
|
||||
// WARNING: Disabling SSL peer verification introduces significant security risks:
|
||||
// -------------------------------------------------------------------------------------
|
||||
// - Man-in-the-Middle (MITM) attacks become trivially possible.
|
||||
// - Malicious servers can impersonate trusted endpoints.
|
||||
// - Confidential data (authentication tokens, file contents) can be intercepted.
|
||||
// - Violates industry security standards and regulatory compliance requirements.
|
||||
// - Should never be used in production environments or on untrusted networks.
|
||||
//
|
||||
// This option should only be enabled for internal testing, debugging self-signed
|
||||
// certificates, or explicitly controlled environments with known risks.
|
||||
//
|
||||
// See also:
|
||||
// https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
|
||||
void setDisableSSLVerifyPeer() {
|
||||
// Emit a runtime warning if debug logging is enabled
|
||||
if (debugLogging) {
|
||||
addLogEntry("WARNING: SSL peer verification has been DISABLED!", ["debug"]);
|
||||
addLogEntry(" This allows invalid or self-signed certificates to be accepted.", ["debug"]);
|
||||
addLogEntry(" Use ONLY for testing. This severely weakens HTTPS security.", ["debug"]);
|
||||
}
|
||||
|
||||
// Disable SSL certificate verification (DANGEROUS)
|
||||
http.handle.set(CurlOption.ssl_verifypeer, 0);
|
||||
}
|
||||
|
||||
// Enable SSL Certificate Verification
|
||||
void setEnableSSLVerifyPeer() {
|
||||
// Enable SSL certificate verification
|
||||
addLogEntry("Enabling SSL peer verification");
|
||||
http.handle.set(CurlOption.ssl_verifypeer, 1);
|
||||
}
|
||||
}
|
||||
|
||||
// Methods to control obtaining and releasing a CurlEngine instance from the curlEnginePool
|
||||
|
|
|
|||
|
|
@ -1555,7 +1555,6 @@ class OneDriveApi {
|
|||
SysTime retryTime;
|
||||
bool retrySuccess = false;
|
||||
bool transientError = false;
|
||||
bool sslVerifyPeerDisabled = false;
|
||||
|
||||
while (!retrySuccess) {
|
||||
// Reset thisBackOffInterval
|
||||
|
|
@ -1687,9 +1686,8 @@ class OneDriveApi {
|
|||
// https://stackoverflow.com/questions/45829588/brew-install-fails-curl77-error-setting-certificate-verify
|
||||
// https://forum.dlang.org/post/vwvkbubufexgeuaxhqfl@forum.dlang.org
|
||||
|
||||
string sslCertReadErrorMessage = "System SSL CA certificates are missing or unreadable by libcurl – please ensure the correct CA bundle is installed and is accessible.";
|
||||
addLogEntry("ERROR: " ~ sslCertReadErrorMessage);
|
||||
throw new OneDriveError(sslCertReadErrorMessage);
|
||||
addLogEntry("Problem with reading the local SSL CA cert via libcurl - please repair your system SSL CA Certificates");
|
||||
throw new OneDriveError("OneDrive operation encountered an issue with libcurl reading the local SSL CA Certificates");
|
||||
} else {
|
||||
// Was this a curl initialization error?
|
||||
if (canFind(errorMessage, "Failed initialization on handle")) {
|
||||
|
|
@ -1811,30 +1809,6 @@ class OneDriveApi {
|
|||
// display the error message
|
||||
displayFileSystemErrorMessage(exception.msg, callingFunction);
|
||||
throw new OneDriveException(0, "There was a file system error during OneDrive request: " ~ exception.msg, response);
|
||||
|
||||
// A OneDriveError was thrown
|
||||
} catch (OneDriveError exception) {
|
||||
// Disk space error or SSL error caused a OneDriveError to be thrown
|
||||
|
||||
/**
|
||||
|
||||
DO NOT UNCOMMENT THIS CODE UNLESS TESTING FOR THIS ISSUE: System SSL CA certificates are missing or unreadable by libcurl
|
||||
|
||||
// Disk space error or SSL error
|
||||
if (getAvailableDiskSpace(".") == 0) {
|
||||
// Must exit
|
||||
forceExit();
|
||||
} else {
|
||||
// Catch the SSL error
|
||||
addLogEntry("WARNING: Disabling SSL peer verification due to libcurl failing to access the system CA certificate bundle (CAfile missing, unreadable, or misconfigured).");
|
||||
sslVerifyPeerDisabled = true;
|
||||
curlEngine.setDisableSSLVerifyPeer();
|
||||
}
|
||||
|
||||
**/
|
||||
|
||||
// Must exit
|
||||
forceExit();
|
||||
}
|
||||
|
||||
// Increment re-try counter
|
||||
|
|
@ -1887,11 +1861,6 @@ class OneDriveApi {
|
|||
}
|
||||
}
|
||||
|
||||
// Reset SSL Peer Validation if it was disabled
|
||||
if (sslVerifyPeerDisabled) {
|
||||
curlEngine.setEnableSSLVerifyPeer();
|
||||
}
|
||||
|
||||
// Return the result
|
||||
return result;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue