Merge pull request #2764 from DennisHeimbigner/dapko.dmh

Fix Proxy problem for DAP2
Unidata · Oct 27, 2023 · b8d76fe · b8d76fe
2 parents 37a46f2 + 7099fee
commit b8d76fe
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 45 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -6,6 +6,8 @@ Release Notes       {#RELEASE_NOTES}
 This file contains a high-level description of this package's evolution. Releases are in reverse chronological order (most recent first). Note that, as of netcdf 4.2, the `netcdf-c++` and `netcdf-fortran` libraries have been separated into their own libraries.
 
 ## 4.9.3 - TBD
+
+* Fix DAP2 proxy problems. See [Github #2764](https://github.com/Unidata/netcdf-c/pull/2764).
 * Cleanup a number of misc issues. See [Github #2763](https://github.com/Unidata/netcdf-c/pull/2763).
 * Mitigate the problem of test interference. See [Github #2755](https://github.com/Unidata/netcdf-c/pull/2755).
 * Extend NCZarr to support unlimited dimensions. See [Github #2755](https://github.com/Unidata/netcdf-c/pull/2755).

diff --git a/libdap4/d4curlfunctions.c b/libdap4/d4curlfunctions.c
@@ -3,6 +3,11 @@
  *   See netcdf/COPYRIGHT file for copying and redistribution conditions.
  *********************************************************************/
 
+/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c
+should be merged since they are essentially the same file.
+In the meantime, changes to one should be propagated to the other.
+*/
+
 #include "d4includes.h"
 #include "d4curlfunctions.h"
 
@@ -123,33 +128,43 @@ set_curlflag(NCD4INFO* state, int flag)
 	    }
 	}
 	break;
-    case CURLOPT_USE_SSL:
-    case CURLOPT_SSLCERT: case CURLOPT_SSLKEY:
-    case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST:
-    {
-        struct ssl* ssl = &state->auth->ssl;
+    case CURLOPT_SSL_VERIFYPEER:
 	/* VERIFYPEER == 0 => VERIFYHOST == 0 */
 	/* We need to have 2 states: default and a set value */
-	/* So -1 => default, >= 0 => use value; */
-	if(ssl->verifypeer >= 0)
-            SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer));
+	/* So -1 => default >= 0 => use value */
+	if(state->auth->ssl.verifypeer >= 0) {
+            SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer));
+	    if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0;
+        }
+	break;
+    case CURLOPT_SSL_VERIFYHOST:
 #ifdef HAVE_LIBCURL_766
-	if(ssl->verifyhost >= 0)
-            SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost));
+	if(state->auth->ssl.verifyhost >= 0) {
+            SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost));
+	}
 #endif
-        if(ssl->certificate)
-            SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate);
-        if(ssl->key)
-            SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key);
-        if(ssl->keypasswd)
+	break;
+    case CURLOPT_SSLCERT:
+        if(state->auth->ssl.certificate)
+            SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate);
+	break;
+    case CURLOPT_SSLKEY:
+        if(state->auth->ssl.key)
+            SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key);
+        if(state->auth->ssl.keypasswd)
             /* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */
-            SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd);
-        if(ssl->cainfo)
-            SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo);
-        if(ssl->capath)
-            SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath);
-    }
-    break;
+            SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd);
+	break;
+    case CURLOPT_CAINFO:
+        if(state->auth->ssl.cainfo)
+            SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo);
+	break;
+    case CURLOPT_CAPATH:
+	if(state->auth->ssl.capath)
+            SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath);
+        break;
+    case CURLOPT_USE_SSL:
+	break;
 
 #ifdef HAVE_CURLOPT_BUFFERSIZE
     case CURLOPT_BUFFERSIZE:
@@ -200,6 +215,12 @@ NCD4_set_flags_perlink(NCD4INFO* state)
     if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_COOKIEJAR);
     if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USERPWD);
     if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_PROXY);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYPEER);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSL_VERIFYHOST);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLCERT);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_SSLKEY);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAINFO);
+    if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_CAPATH);
     if(ret == NC_NOERR) ret = set_curlflag(state,CURLOPT_USE_SSL);
     if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_FOLLOWLOCATION);
     if(ret == NC_NOERR) ret = set_curlflag(state, CURLOPT_MAXREDIRS);

diff --git a/ncdap_test/tst_remote.sh b/ncdap_test/tst_remote.sh
@@ -1,6 +1,10 @@
 #!/bin/sh
 
+if test "x$srcdir" = x ; then srcdir=`pwd`; fi
+. ../test_common.sh
+
 if test "x$SETX" != x ; then set -x ; fi
+
 set -e
 
 quiet=0

diff --git a/oc2/occurlfunctions.c b/oc2/occurlfunctions.c
@@ -1,6 +1,11 @@
 /* Copyright 2018, UCAR/Unidata and OPeNDAP, Inc.
    See the COPYRIGHT file for more information. */
 
+/* WARNING: oc2/occurlfunctions.c and libdap4/d4curlfunctions.c
+should be merged since they are essentially the same file.
+In the meantime, changes to one should be propagated to the other.
+*/
+
 #include "config.h"
 #include <stdlib.h>
 #ifdef HAVE_STDINT_H
@@ -127,36 +132,43 @@ ocset_curlflag(OCstate* state, int flag)
 	}
 	break;
 
-    case CURLOPT_USE_SSL:
-    case CURLOPT_SSLCERT: case CURLOPT_SSLKEY:
-    case CURLOPT_SSL_VERIFYPEER: case CURLOPT_SSL_VERIFYHOST:
-    case CURLOPT_CAINFO: case CURLOPT_CAPATH:
-    {
-        struct ssl* ssl = &state->auth->ssl;
+    case CURLOPT_SSL_VERIFYPEER:
 	/* VERIFYPEER == 0 => VERIFYHOST == 0 */
 	/* We need to have 2 states: default and a set value */
 	/* So -1 => default >= 0 => use value */
-	if(ssl->verifypeer >= 0) {
-            SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer));
-	}
+	if(state->auth->ssl.verifypeer >= 0) {
+            SETCURLOPT(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(state->auth->ssl.verifypeer));
+	    if(state->auth->ssl.verifypeer == 0) state->auth->ssl.verifyhost = 0;
+        }
+	break;
+    case CURLOPT_SSL_VERIFYHOST:
 #ifdef HAVE_LIBCURL_766
-	if(ssl->verifyhost >= 0) {
-            SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost));
+	if(state->auth->ssl.verifyhost >= 0) {
+            SETCURLOPT(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(state->auth->ssl.verifyhost));
 	}
 #endif
-        if(ssl->certificate)
-            SETCURLOPT(state, CURLOPT_SSLCERT, ssl->certificate);
-        if(ssl->key)
-            SETCURLOPT(state, CURLOPT_SSLKEY, ssl->key);
-        if(ssl->keypasswd)
+	break;
+    case CURLOPT_SSLCERT:
+        if(state->auth->ssl.certificate)
+            SETCURLOPT(state, CURLOPT_SSLCERT, state->auth->ssl.certificate);
+	break;
+    case CURLOPT_SSLKEY:
+        if(state->auth->ssl.key)
+            SETCURLOPT(state, CURLOPT_SSLKEY, state->auth->ssl.key);
+        if(state->auth->ssl.keypasswd)
             /* libcurl prior to 7.16.4 used 'CURLOPT_SSLKEYPASSWD' */
-            SETCURLOPT(state, CURLOPT_KEYPASSWD, ssl->keypasswd);
-        if(ssl->cainfo)
-            SETCURLOPT(state, CURLOPT_CAINFO, ssl->cainfo);
-        if(ssl->capath)
-            SETCURLOPT(state, CURLOPT_CAPATH, ssl->capath);
-    }
-    break;
+            SETCURLOPT(state, CURLOPT_SSLKEYPASSWD, state->auth->ssl.keypasswd);
+	break;
+    case CURLOPT_CAINFO:
+        if(state->auth->ssl.cainfo)
+            SETCURLOPT(state, CURLOPT_CAINFO, state->auth->ssl.cainfo);
+	break;
+    case CURLOPT_CAPATH:
+	if(state->auth->ssl.capath)
+            SETCURLOPT(state, CURLOPT_CAPATH, state->auth->ssl.capath);
+        break;
+    case CURLOPT_USE_SSL:
+	break;
 
 #ifdef HAVE_CURLOPT_BUFFERSIZE
     case CURLOPT_BUFFERSIZE:
@@ -210,6 +222,12 @@ ocset_flags_perlink(OCstate* state)
     if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_COOKIEJAR);
     if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USERPWD);
     if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_PROXY);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYPEER);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSL_VERIFYHOST);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLCERT);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_SSLKEY);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAINFO);
+    if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_CAPATH);
     if(stat == OC_NOERR) stat = ocset_curlflag(state,CURLOPT_USE_SSL);
     if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_FOLLOWLOCATION);
     if(stat == OC_NOERR) stat = ocset_curlflag(state, CURLOPT_MAXREDIRS);