summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars-Dominik Braun <lars@6xq.net>2015-06-15 20:01:43 +0200
committerLars-Dominik Braun <lars@6xq.net>2015-06-15 20:01:43 +0200
commit61dbc218e747f1b550a2615ffe3065024db29239 (patch)
treecd46a89a6e5346e7e100e132bff057d4b69b1f5c
parent4458cbab76fd98989fa2d4260dd20bbbd66297a4 (diff)
downloadpianobar-61dbc218e747f1b550a2615ffe3065024db29239.tar.gz
pianobar-61dbc218e747f1b550a2615ffe3065024db29239.tar.bz2
pianobar-61dbc218e747f1b550a2615ffe3065024db29239.zip
Replace setting tls_fingerprint with ca_bundle
-rw-r--r--contrib/config-example2
-rw-r--r--contrib/pianobar.15
-rw-r--r--src/settings.c16
-rw-r--r--src/settings.h3
-rw-r--r--src/ui.c3
5 files changed, 13 insertions, 16 deletions
diff --git a/contrib/config-example b/contrib/config-example
index b1648fd..899ee39 100644
--- a/contrib/config-example
+++ b/contrib/config-example
@@ -48,6 +48,7 @@
#love_icon = [+]
#ban_icon = [-]
#volume = 0
+#ca_bundle = /etc/ssl/certs/ca-certificates.crt
# Format strings
#format_nowplaying_song = %t by %a on %l%r%@%s
@@ -62,5 +63,4 @@
#device = D01
#encrypt_password = 2%3WCL*JU$MP]4
#decrypt_password = U#IO$RZPAB%VX2
-#tls_fingerprint = B0A1EB460B1B6F33A1B6CB500C6523CB2E6EC946
diff --git a/contrib/pianobar.1 b/contrib/pianobar.1
index 8a311a5..e337ea2 100644
--- a/contrib/pianobar.1
+++ b/contrib/pianobar.1
@@ -196,6 +196,11 @@ or the key you defined in
Icon for banned songs.
.TP
+.B ca_bundle
+Path to CA certifiate bundle, containing the root and intermediate certificates
+required to validate Pandora’s SSL certificate.
+
+.TP
.B control_proxy = http://user:password@host:port/
Non-american users need a proxy to use pandora.com. Only the xmlrpc interface
will use this proxy. The music is streamed directly.
diff --git a/src/settings.c b/src/settings.c
index 6ee9df2..37928a9 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -177,9 +177,6 @@ void BarSettingsRead (BarSettings_t *settings) {
settings->outkey = strdup ("6#26FRL$ZWD");
settings->fifo = BarGetXdgConfigDir (PACKAGE "/ctl");
assert (settings->fifo != NULL);
- memcpy (settings->tlsFingerprint, "\x2D\x0A\xFD\xAF\xA1\x6F\x4B\x5C\x0A"
- "\x43\xF3\xCB\x1D\x47\x52\xF9\x53\x55\x07\xC0",
- sizeof (settings->tlsFingerprint));
settings->msgFormat[MSG_NONE].prefix = NULL;
settings->msgFormat[MSG_NONE].postfix = NULL;
@@ -253,6 +250,9 @@ void BarSettingsRead (BarSettings_t *settings) {
} else if (streq ("decrypt_password", key)) {
free (settings->inkey);
settings->inkey = strdup (val);
+ } else if (streq ("ca_bundle", key)) {
+ free (settings->caBundle);
+ settings->caBundle = strdup (val);
} else if (memcmp ("act_", key, 4) == 0) {
size_t i;
/* keyboard shortcuts */
@@ -323,16 +323,6 @@ void BarSettingsRead (BarSettings_t *settings) {
settings->fifo = BarSettingsExpandTilde (val, userhome);
} else if (streq ("autoselect", key)) {
settings->autoselect = atoi (val);
- } else if (streq ("tls_fingerprint", key)) {
- /* expects 40 byte hex-encoded sha1 */
- if (strlen (val) == 40) {
- for (size_t i = 0; i < 20; i++) {
- char hex[3];
- memcpy (hex, &val[i*2], 2);
- hex[2] = '\0';
- settings->tlsFingerprint[i] = strtol (hex, NULL, 16);
- }
- }
} else if (strncmp (formatMsgPrefix, key,
strlen (formatMsgPrefix)) == 0) {
static const char *mapping[] = {"none", "info", "nowplaying",
diff --git a/src/settings.h b/src/settings.h
index ae22111..0ce5611 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -101,8 +101,7 @@ typedef struct {
char *npStationFormat;
char *listSongFormat;
char *fifo;
- char *rpcHost, *rpcTlsPort, *partnerUser, *partnerPassword, *device, *inkey, *outkey;
- char tlsFingerprint[20];
+ char *rpcHost, *rpcTlsPort, *partnerUser, *partnerPassword, *device, *inkey, *outkey, *caBundle;
char keys[BAR_KS_COUNT];
BarMsgFormatStr_t msgFormat[MSG_COUNT];
} BarSettings_t;
diff --git a/src/ui.c b/src/ui.c
index 5dd5d79..91eb005 100644
--- a/src/ui.c
+++ b/src/ui.c
@@ -186,6 +186,9 @@ static CURLcode BarPianoHttpRequest (CURL * const http,
setAndCheck (CURLOPT_WRITEDATA, &buffer);
setAndCheck (CURLOPT_POST, 1);
setAndCheck (CURLOPT_TIMEOUT, 30);
+ if (settings->caBundle != NULL) {
+ setAndCheck (CURLOPT_CAINFO, settings->caBundle);
+ }
/* set up proxy (control proxy for non-us citizen or global proxy for poor
* firewalled fellows) */