From 4f8da6785edb0095fbba11f3c37b161460be7193 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 19 Apr 2014 17:38:59 +0100
Subject: [PATCH] call curl_global_init()

---
 pam/auth_client.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/pam/auth_client.c b/pam/auth_client.c
index 56d8f6d..ff1617f 100644
--- a/pam/auth_client.c
+++ b/pam/auth_client.c
@@ -29,9 +29,16 @@ static int auth_client_set_proto(auth_client_t ac, const char *proto) {
   return AC_OK;
 }
 
+static int curl_initialized = 0;
+
 auth_client_t auth_client_new(const char *service, const char *server) {
   auth_client_t ac = (auth_client_t)malloc(sizeof(struct auth_client));
 
+  if (!curl_initialized) {
+    curl_global_init(CURL_GLOBAL_DEFAULT);
+    curl_initialized = 1;
+  }
+
   ac->service = service;
   ac->server = server;
   ac->c = curl_easy_init();
@@ -57,18 +64,23 @@ int auth_client_set_certificate(auth_client_t ac,
                                 const char *ca_file,
                                 const char *crt_file,
                                 const char *key_file) {
+  int err;
   if (!file_exists(ca_file) || !file_exists(crt_file) || !file_exists(key_file)) {
     return AC_ERR_FILE_NOT_FOUND;
   }
-  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERTTYPE, "PEM"));
-  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERT, crt_file));
+  err = auth_client_set_proto(ac, "https");
+  if (err != AC_OK) {
+    return err;
+  }
+  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_CAINFO, ca_file));
   CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLKEYTYPE, "PEM"));
   CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLKEY, key_file));
-  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_CAINFO, ca_file));
-  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYPEER, 2));
-  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYHOST, 0));
+  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERTTYPE, "PEM"));
+  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLCERT, crt_file));
+  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYPEER, 1L));
+  CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSL_VERIFYHOST, 0L));
   CURL_CHECK(curl_easy_setopt(ac->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1));
-  return auth_client_set_proto(ac, "https");
+  return AC_OK;
 }
 
 void auth_client_free(auth_client_t ac) {
-- 
GitLab