diff --git a/pam/auth_client.c b/pam/auth_client.c
index 56d8f6df65884e38db0216d22cdc4136fb4e0903..ff1617f00a6b569e66ec3da8da9a811be0ec9b65 100644
--- a/pam/auth_client.c
+++ b/pam/auth_client.c
@@ -29,9 +29,16 @@ static int auth_client_set_proto(auth_client_t ac, const char *proto) {
return AC_OK;
}
+static int curl_initialized = 0;
+
auth_client_t auth_client_new(const char *service, const char *server) {
auth_client_t ac = (auth_client_t)malloc(sizeof(struct auth_client));
+ if (!curl_initialized) {
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+ curl_initialized = 1;
+ }
+
ac->service = service;
ac->server = server;
ac->c = curl_easy_init();
@@ -57,18 +64,23 @@ int auth_client_set_certificate(auth_client_t ac,
const char *ca_file,
const char *crt_file,
const char *key_file) {
+ int err;
if (!file_exists(ca_file) || !file_exists(crt_file) || !file_exists(key_file)) {
return AC_ERR_FILE_NOT_FOUND;
}
- CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERTTYPE, "PEM"));
- CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERT, crt_file));
+ err = auth_client_set_proto(ac, "https");
+ if (err != AC_OK) {
+ return err;
+ }
+ CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_CAINFO, ca_file));
CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLKEYTYPE, "PEM"));
CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLKEY, key_file));
- CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_CAINFO, ca_file));
- CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYPEER, 2));
- CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYHOST, 0));
+ CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERTTYPE, "PEM"));
+ CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERT, crt_file));
+ CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYPEER, 1L));
+ CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYHOST, 0L));
CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1));
- return auth_client_set_proto(ac, "https");
+ return AC_OK;
}
void auth_client_free(auth_client_t ac) {