From 2ce9a0bd040e988f5f01774358501f683afe9efb Mon Sep 17 00:00:00 2001
From: "gloryj.kim" <gloryj.kim@samsung.com>
Date: Fri, 18 Dec 2015 10:51:46 +0900
Subject: [PATCH] Add libcurl certificate pinning

Change-Id: I0479f44b7675b08307f1c4285ec251381c060832
---
 agent/CMakeLists.txt                  | 2 ++
 agent/download-agent-plugin-libcurl.c | 5 +++++
 packaging/download-provider.spec      | 1 +
 3 files changed, 8 insertions(+)
 mode change 100644 => 100755 agent/download-agent-plugin-libcurl.c
 mode change 100644 => 100755 packaging/download-provider.spec

diff --git a/agent/CMakeLists.txt b/agent/CMakeLists.txt
index c92fc48..20a342b 100755
--- a/agent/CMakeLists.txt
+++ b/agent/CMakeLists.txt
@@ -42,6 +42,7 @@ pkg_check_modules(subpkgs REQUIRED
 	dlog
 	system-resource
 	storage
+	tpkp-curl
 )
 ELSE (SUPPORT_SYS_RESOURCE)
 pkg_check_modules(subpkgs REQUIRED
@@ -50,6 +51,7 @@ pkg_check_modules(subpkgs REQUIRED
 	capi-network-connection
 	dlog
 	storage
+	tpkp-curl
 )
 ENDIF (SUPPORT_SYS_RESOURCE)
 
diff --git a/agent/download-agent-plugin-libcurl.c b/agent/download-agent-plugin-libcurl.c
old mode 100644
new mode 100755
index b5500a6..b73089c
--- a/agent/download-agent-plugin-libcurl.c
+++ b/agent/download-agent-plugin-libcurl.c
@@ -20,6 +20,8 @@
 
 #include "glib.h"
 
+#include <tpkp_curl.h>
+
 #include "download-agent-dl-info.h"
 #include "download-agent-http-msg-handler.h"
 #include "download-agent-plugin-libcurl.h"
@@ -532,6 +534,7 @@ da_ret_t PI_http_start(da_info_t *da_info)
 //	curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace);
 	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, err_buffer);
 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
+	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
 #ifdef _RAF_SUPPORT
 	curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, __http_progress_cb);
 	curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, da_info);
@@ -548,6 +551,7 @@ da_ret_t PI_http_start(da_info_t *da_info)
 #endif
 	}
 	http_msg->curl = curl;
+	curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
 	res = curl_easy_perform(curl);
 	DA_LOGD("perform done! res[%d]",res);
 	if (res != CURLE_OK) {
@@ -596,6 +600,7 @@ da_ret_t PI_http_start(da_info_t *da_info)
 	if (DA_NULL != headers)
 		curl_slist_free_all(headers);
 	curl_easy_cleanup(curl);
+	tpkp_curl_cleanup();
 	http_msg->curl = DA_NULL;
 	DA_MUTEX_INIT(&(http_msg->mutex), DA_NULL);
 ERR:
diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec
old mode 100644
new mode 100755
index b429f02..b27d8b2
--- a/packaging/download-provider.spec
+++ b/packaging/download-provider.spec
@@ -41,6 +41,7 @@ BuildRequires: pkgconfig(cynara-client)
 BuildRequires: pkgconfig(cynara-client-async)
 BuildRequires: pkgconfig(cynara-creds-socket)
 BuildRequires: pkgconfig(cynara-creds-dbus)
+BuildRequires: pkgconfig(tpkp-curl)
 
 %description
 Description: Download the contents in background
-- 
2.7.4