curl: Enable following redirects

The maximum number of redirects can be limited. The functionality can also
be disabled.

Fixes #2366.

3 files changed, 13 insertions, 0 deletions

diff --git a/conf/Makefile.am b/conf/Makefile.am
index de21103e3..87319db22 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -36,6 +36,7 @@ plugins = \
 	plugins/bypass-lan.opt \
 	plugins/certexpire.opt \
 	plugins/coupling.opt \
+	plugins/curl.opt \
 	plugins/dhcp.opt \
 	plugins/dnscert.opt \
 	plugins/duplicheck.opt \
diff --git a/conf/plugins/curl.opt b/conf/plugins/curl.opt
new file mode 100644
index 000000000..90efa12f4
--- /dev/null
+++ b/conf/plugins/curl.opt
@@ -0,0 +1,3 @@
+charon.plugins.curl.redir = -1
+	Maximum number of redirects followed by the plugin, set to 0 to disable
+	following redirects, set to -1 for no limit.
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 541d2a2f3..b52b35ba0 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -58,6 +58,11 @@ struct private_curl_fetcher_t {
 	 * Timeout for a transfer
 	 */
 	long timeout;
+
+	/**
+	 * Maximum number of redirects to follow
+	 */
+	long redir;
 };
 
 /**
@@ -116,6 +121,8 @@ METHOD(fetcher_t, fetch, status_t,
 		curl_easy_setopt(this->curl, CURLOPT_TIMEOUT, this->timeout);
 	}
 	curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, CONNECT_TIMEOUT);
+	curl_easy_setopt(this->curl, CURLOPT_FOLLOWLOCATION, TRUE);
+	curl_easy_setopt(this->curl, CURLOPT_MAXREDIRS, this->redir);
 	curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)curl_cb);
 	curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, &data);
 	if (this->headers)
@@ -260,6 +267,8 @@ curl_fetcher_t *curl_fetcher_create()
 		},
 		.curl = curl_easy_init(),
 		.cb = fetcher_default_callback,
+		.redir = lib->settings->get_int(lib->settings, "%s.plugins.curl.redir",
+										-1, lib->ns),
 	);
 
 	if (!this->curl)