Merge pull request src-d#249 from schenot/master

openssl 1.1.x and 1.0.x md compatibility, add --not-secure option

Author: bodji

README.md

@@ -107,6 +107,7 @@ Options:
   --compress MODE           [tar] Compression codec : gzip|bzip2|xz|lzip|lzma|lzop|compress|no
   --archive-options OPTIONS [tar|zip] Additional command line options
   -s                        Encrypt upload usnig default encrypt params ( see ~/.plikrc )
+  --not-secure              Do not encrypt upload regardless of ~/.plikrc configurations
   --secure MODE             Archive upload using specified archive backend : openssl|pgp
   --cipher CIPHER           [openssl] Openssl cipher to use ( see openssl help )
   --passphrase PASSPHRASE   [openssl] Passphrase or '-' to be prompted for a passphrase

client/config/config.go

@@ -108,6 +108,7 @@ func NewUploadConfig() (config *UploadConfig) {
 	config.SecureOptions = make(map[string]interface{})
 	config.SecureOptions["Openssl"] = "/usr/bin/openssl"
 	config.SecureOptions["Cipher"] = "aes-256-cbc"
+	config.SecureOptions["Options"] = "-md sha256"
 	config.DownloadBinary = "curl"
 	config.Comments = ""
 	config.Yubikey = false
@@ -423,7 +424,9 @@ func UnmarshalArgs(arguments map[string]interface{}) (err error) {
 	}
 
 	// Enable secure mode ?
-	if arguments["-s"].(bool) || arguments["--secure"] != nil || Config.Secure {
+	if arguments["--not-secure"].(bool) {
+		Config.Secure = false
+	} else if arguments["-s"].(bool) || arguments["--secure"] != nil || Config.Secure {
 		Config.Secure = true
 		secureMethod := Config.SecureMethod
 		if arguments["--secure"] != nil && arguments["--secure"].(string) != "" {

client/crypto/openssl/openssl.go

@@ -128,7 +128,7 @@ func (ob *Backend) Encrypt(reader io.Reader, writer io.Writer) (err error) {
 
 // Comments implementation for OpenSSL Crypto Backend
 func (ob *Backend) Comments() string {
-	return fmt.Sprintf("openssl %s -d -pass pass:%s", ob.Config.Cipher, ob.Config.Passphrase)
+	return fmt.Sprintf("openssl %s -d -pass pass:%s %s", ob.Config.Cipher, ob.Config.Passphrase, ob.Config.Options)
 }
 
 // GetConfiguration implementation for OpenSSL Crypto Backend

client/plik.go

@@ -104,6 +104,7 @@ Options:
   --compress MODE           [tar] Compression codec : gzip|bzip2|xz|lzip|lzma|lzop|compress|no
   --archive-options OPTIONS [tar|zip] Additional command line options
   -s                        Encrypt upload using default encrypt params ( see ~/.plikrc )
+  --not-secure              Do not encrypt upload regardless of ~/.plikrc configurations
   --secure MODE             Archive upload using specified archive backend : openssl|pgp
   --cipher CIPHER           [openssl] Openssl cipher to use ( see openssl help )
   --passphrase PASSPHRASE   [openssl] Passphrase or '-' to be prompted for a passphrase

client/test.sh

@@ -135,7 +135,11 @@ function before
     # Reset .plikrc file
     export PLIKRC="$TMPDIR/.plikrc"
     echo "URL = \"$URL\"" > $PLIKRC
+    if [ "$SECURE" != "" ]; then
+        echo "Secure = true" >> $PLIKRC
+    fi
 
+    unset SECURE
     unset UPLOAD_CMD
     unset UPLOAD_ID
     unset UPLOAD_OPTS
@@ -245,7 +249,7 @@ download && check
 
 before
 cp $SPECIMEN $TMPDIR/upload/FILE1
-upload --n CUSTOM
+upload -n CUSTOM
 mv $TMPDIR/upload/FILE1 $TMPDIR/upload/CUSTOM
 download && check
 
@@ -399,6 +403,18 @@ grep "$URL/file/.*/.*/FILE1" $CLIENT_LOG >/dev/null 2>/dev/null
 
 echo "OK"
 
+#---------------------------------------------
+
+echo -n " - not secure : "
+
+SECURE="true"
+before
+cp $SPECIMEN $TMPDIR/upload/FILE1
+upload --not-secure && download && check
+# should not pipe curl return to a secure option command
+grep '^curl ' $CLIENT_LOG | grep -v '|' >/dev/null 2>/dev/null
+echo "OK"
+
 ###
 # Tar archive
 ###
@@ -673,4 +689,4 @@ cd $ORIGIN
 #echo " - downgrade : ( this might take a long time ... )"
 #./test_downgrade.sh
 
-exit 0
+exit 0