Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add handling of cainfo property for cURL streams #81

Closed
wants to merge 3 commits into from

Conversation

soyers
Copy link
Contributor

@soyers soyers commented Nov 30, 2023

STOP - Read this First!

Reporting a security vulnerability?
Check out the project's security policy.

Fill out and Adjust this Template

Description

Add a flag to the StreamProperties that allows setting the CURLOPT_CAINFO option for cURL based streams to a custom location.
The reason for this is that libczi is being consumed by pylibCZIrw and built for multiple different platforms that have their certificates storead at different locations. As a result, it's necessary to determine the location of the certificate bundle at runtime instead of build time.

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

This functionality is going to be used in an upcoming release of pylibCZIrw and will be tested there (either automatically or manually)

Checklist:

  • I followed the Contributing Guidelines.
  • I did a self-review.
  • I commented my code, particularly in hard-to-understand areas.
  • [] I updated the documentation.
  • I updated the version of libCZI following Versioning of libCZI depending on the type of change
    • Bug fix -> PATCH
    • New feature -> MINOR
    • Breaking change -> MAJOR
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.

Copy link

codecov bot commented Nov 30, 2023

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (8cd30f6) 65.11% compared to head (9d9797b) 65.11%.

Files Patch % Lines
Src/libCZI/StreamsLib/curlhttpinputstream.cpp 50.00% 2 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main      #81      +/-   ##
==========================================
- Coverage   65.11%   65.11%   -0.01%     
==========================================
  Files          81       81              
  Lines       10470    10474       +4     
==========================================
+ Hits         6818     6820       +2     
- Misses       3652     3654       +2     
Flag Coverage Δ
windows-latest 65.11% <50.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ptahmose
Copy link
Contributor

ptahmose commented Dec 1, 2023

Ja, something like that, LGTM. I wonder

But - this can wait for a later PR I guess.

Could you add a short note here -> https://github.com/ZEISS/libczi/blob/main/Src/libCZI/Doc/version-history.markdown , then it would be "fine for now for me".

Copy link
Contributor

@ptahmose ptahmose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please consider renaming the enum to 'kCurlHttp_CaInfo' and adding a note to the version-history.

@@ -228,6 +228,9 @@ namespace libCZI
kCurlHttp_FollowLocation = 108, ///< For CurlHttpInputStream, type bool: a boolean indicating whether redirects are to be followed, c.f. https://curl.se/libcurl/c/CURLOPT_FOLLOWLOCATION.html for more information.

kCurlHttp_MaxRedirs = 109, ///< For CurlHttpInputStream, type int32: gives the maximum number of redirects to follow, c.f. https://curl.se/libcurl/c/CURLOPT_MAXREDIRS.html for more information.

kCurlCaInfo = 110, ///< For CurlHttpInputStream, type string: gives the directory to check for ca certificate bundle , c.f. https://curl.se/libcurl/c/CURLOPT_CAINFO.html for more information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd guess this should be named "kCurlHttp_CaInfo" to follow the convention used by the other enum-values.

@DaveyJonesBitPail
Copy link
Contributor

DaveyJonesBitPail commented Dec 1, 2023

  • whether we should also add CURLOPT_CAINFO_BLOB while we are at it

I think this would fit well into the scope of the PR, sometimes I may have a whole bundle based on the IT of my organization rather than a specific file.

or - maybe add "all libcurl-options"?

A pass-through here may make sense, but I think we will only ever use a subset.

if this should better be made a "one-time initialization"

Yes, absolutely!

Perhaps not within the scope of this PR but I think that it would be reasonable to add the option of setting CURLOPT_SSL_VERIFYPEER even if it's the "brute-force" fix

@ptahmose
Copy link
Contributor

ptahmose commented Dec 1, 2023

Please check #82 - where I tried to extend on this PR. This is supposed to supersede this PR.

@ptahmose
Copy link
Contributor

ptahmose commented Dec 4, 2023

This PR is superseded by #82 - the functionality from this PR is included with #82.

@ptahmose ptahmose closed this Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants