AU: Restrict the CA certificates to a smaller trusted set.

libcurl_http_fetcher.cc

Index: libcurl_http_fetcher.cc
diff --git a/libcurl_http_fetcher.cc b/libcurl_http_fetcher.cc
index 9989ba266bde273075359f2fd529fe4b11493be6..1dcea9ea1b55d073b170ff6a5125b9262da77775 100644
--- a/libcurl_http_fetcher.cc
+++ b/libcurl_http_fetcher.cc
@@ -16,6 +16,7 @@ namespace chromeos_update_engine {
 
 namespace {
 const int kMaxRetriesCount = 20;
+const char kCACertificatesPath[] = "/usr/share/update_engine/ca-certificates";

[Chris Masone, 2010/09/28 18:16:41]

I forget...is /usr/share on the stateful partition or not?

[petkov, 2010/09/28 19:17:18]

/usr/share is not a special mount -- it's off of / (i.e., it's read-only, not
part of stateful). Also, according to
http://www.pathname.com/fhs/2.2/fhs-4.11.html, /usr/share is for read-only data
files, so I think it all makes sense.

 }
 
 LibcurlHttpFetcher::~LibcurlHttpFetcher() {
@@ -63,11 +64,16 @@ void LibcurlHttpFetcher::ResumeTransfer(const std::string& url) {
 
   // By default, libcurl doesn't follow redirections. Allow up to
   // |kMaxRedirects| redirections.
-  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_FOLLOWLOCATION, 1),
-           CURLE_OK);
+  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_FOLLOWLOCATION, 1), CURLE_OK);
   CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_MAXREDIRS, kMaxRedirects),
            CURLE_OK);
 
+  // Makes sure that peer certificate verification is enabled and restricts the
+  // set of trusted certificates.
+  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_SSL_VERIFYPEER, 1), CURLE_OK);
+  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH, kCACertificatesPath),
+           CURLE_OK);
+
   CHECK_EQ(curl_multi_add_handle(curl_multi_handle_, curl_handle_), CURLM_OK);
   transfer_in_progress_ = true;
 }