From e7d63c5f11d82f4da88ad27a71afddcd0eb86531 Mon Sep 17 00:00:00 2001
From: Wieland Hoffmann <themineo@gmail.com>
Date: Sat, 28 Jan 2017 13:09:35 +0100
Subject: [PATCH] Add HTTPS support

See https://tickets.metabrainz.org/browse/MBH-363 - mb.org is at some
point going to move to HTTPS (even for the webservice). Without calling
`ne_ssl_trust_default_ca`, connections to caa.org fail because the
certificate issuer is not trusted.

With this patch, `ne_ssl_trust_default_ca` is called whenever the scheme
used to create the `ne_session` object is "https". This is the case if
the port used is 443.

Unconditionally calling `ne_ssl_trust_default_ca` does not work because
its implementation relies on an ssl context being set up on the session,
which is only done by libneon if the scheme is "https". If
`ne_ssl_trust_default_ca` is called on an `ne_session` without an ssl
context, a segfault happens.

The condition is hardcoded to port 443 at the moment because I can't
test anything else. Also, a quick look at `ne_session_create` showed
that it internally sets a port to 443 as well, so I can't be sure that
it would really work with ports other than 443.
---
 src/HTTPFetch.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/HTTPFetch.cc b/src/HTTPFetch.cc
index baec359..29db980 100644
--- a/src/HTTPFetch.cc
+++ b/src/HTTPFetch.cc
@@ -69,6 +69,7 @@ class MusicBrainz5::CHTTPFetchPrivate
 
 		std::string m_UserAgent;
 		std::string m_Host;
+		std::string m_Scheme;
 		int m_Port;
 		std::vector<unsigned char> m_Data;
 		int m_Result;
@@ -91,9 +92,11 @@ MusicBrainz5::CHTTPFetch::CHTTPFetch(const std::string& UserAgent, const std::st
 		if (m_d->m_UserAgent[Pos]=='-')
 			m_d->m_UserAgent[Pos]='/';
 
- 	m_d->m_Host=Host;
+	m_d->m_Host=Host;
 	m_d->m_Port=Port;
 
+	m_d->m_Scheme = (Port == 443) ? "https" : "http";
+
 	// Parse http_proxy environmnent variable
 	const char *http_proxy = getenv("http_proxy");
 	if (http_proxy)
@@ -167,13 +170,18 @@ int MusicBrainz5::CHTTPFetch::Fetch(const std::string& URL, const std::string& R
 
 	m_d->m_Data.clear();
 
-	ne_session *sess=ne_session_create("http", m_d->m_Host.c_str(), m_d->m_Port);
+	ne_session *sess=ne_session_create(m_d->m_Scheme.c_str(), m_d->m_Host.c_str(), m_d->m_Port);
 	if (sess)
 	{
 		ne_set_useragent(sess, m_d->m_UserAgent.c_str());
 
 		ne_set_server_auth(sess, httpAuth, this);
 
+		if (m_d->m_Scheme == "https")
+		{
+			ne_ssl_trust_default_ca(sess);
+		}
+
 		// Use proxy server
 		if (!m_d->m_ProxyHost.empty())
 		{