Merge pull request #7 from hatamiarash7/fix/curl-ca

hatamiarash7 · web-flow · commit c5b7ed449dca · 2025-05-19T11:20:42.000+03:30
Fix cURL CA
diff --git a/.github/workflows/MainDistributionPipeline.yml b/.github/workflows/MainDistributionPipeline.yml
@@ -25,8 +25,8 @@ jobs:
 
   duckdb-stable-build:
     name: Build extension binaries
-    uses: duckdb/extension-ci-tools/.github/workflows/_extension_distribution.yml@v1.2.1
+    uses: duckdb/extension-ci-tools/.github/workflows/_extension_distribution.yml@v1.2.2
     with:
-      duckdb_version: v1.2.1
-      ci_tools_version: v1.2.1
+      duckdb_version: v1.2.2
+      ci_tools_version: v1.2.2
       extension_name: netquack
diff --git a/README.md b/README.md
@@ -334,6 +334,9 @@ This extension provides various functions for manipulating and analyzing IP addr
 
 #### IP Calculator
 
+> [!WARNING]
+> It's an experimental function.
+
 The `ipcalc` function takes an IP address and netmask and calculates the resulting broadcast, network, wildcard mask, and host range.
 
 ![ipcalc-sc](./.github/ipcalc-sc.png)
@@ -369,9 +372,6 @@ D SELECT i.IP,
 └────────────────┴───────┘
 ```
 
-> [!WARNING]
-> It's an experimental function.
-
 ### Get Extension Version
 
 You can use the `netquack_version` function to get the extension version.
@@ -382,7 +382,7 @@ D select * from netquack_version();
 │ version │
 │ varchar │
 ├─────────┤
-│ v1.2.0  │
+│ v1.4.0  │
 └─────────┘
 ```
 
diff --git a/duckdb b/duckdb
@@ -1 +1 @@
-Subproject commit 8e52ec43959ab363643d63cb78ee214577111da4
+Subproject commit 7c039464e452ddc3330e2691d3fa6d305521d09b
diff --git a/extension-ci-tools b/extension-ci-tools
@@ -1 +1 @@
-Subproject commit 58970c538d35919db875096460c05806056f4de0
+Subproject commit 5ae521a4c9709bb3cb35dc6d79e044f67bc58bf0
diff --git a/src/functions/get_tranco.cpp b/src/functions/get_tranco.cpp
@@ -14,7 +14,7 @@ namespace duckdb
         // Function to get the download code for the Tranco list
         std::string GetTrancoDownloadCode (char *date)
         {
-            CURL *curl;
+            CURL *curl = CreateCurlHandler ();
             CURLcode res;
             std::string readBuffer;
 
@@ -23,21 +23,15 @@ namespace duckdb
 
             LogMessage ("INFO", "Get Tranco download code for date: " + std::string (date));
 
-            curl = curl_easy_init ();
-            if (curl)
+            curl_easy_setopt (curl, CURLOPT_URL, url.c_str ());
+            curl_easy_setopt (curl, CURLOPT_WRITEDATA, &readBuffer);
+            res = curl_easy_perform (curl);
+            curl_easy_cleanup (curl);
+
+            if (res != CURLE_OK)
             {
-                curl_easy_setopt (curl, CURLOPT_URL, url.c_str ());
-                curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1L); // Follow redirects
-                curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, WriteCallback);
-                curl_easy_setopt (curl, CURLOPT_WRITEDATA, &readBuffer);
-                res = curl_easy_perform (curl);
-                curl_easy_cleanup (curl);
-
-                if (res != CURLE_OK)
-                {
-                    LogMessage ("ERROR", "Failed to fetch Tranco download code: " + std::string (curl_easy_strerror (res)));
-                    throw std::runtime_error ("Failed to fetch Tranco download code.");
-                }
+                LogMessage ("ERROR", "Failed to fetch Tranco download code: " + std::string (curl_easy_strerror (res)));
+                throw std::runtime_error ("Failed to fetch Tranco download code.");
             }
 
             // Extract the download code from the URL
diff --git a/src/functions/get_version.cpp b/src/functions/get_version.cpp
@@ -43,7 +43,7 @@ namespace duckdb
 
             output.SetCardinality (1);
             // Set version
-            output.data[0].SetValue (0, "v1.1.0");
+            output.data[0].SetValue (0, "v1.4.0");
             // Set done
             auto &local_state = (VersionLocalState &)*data_p.local_state;
             local_state.done  = true;
diff --git a/src/utils/utils.cpp b/src/utils/utils.cpp
@@ -8,10 +8,77 @@
 #include <regex>
 #include <sstream>
 
+#ifdef _WIN32
+#include <windows.h>
+#else // POSIX
+#include <sys/stat.h>
+#endif
+
 namespace duckdb
 {
     namespace netquack
     {
+        bool file_exists (const char *file_path)
+        {
+#ifdef _WIN32
+            DWORD attributes = GetFileAttributesA (file_path);
+            return (attributes != INVALID_FILE_ATTRIBUTES);
+#else // POSIX
+            struct stat buffer;
+            return (stat (file_path, &buffer) == 0);
+#endif
+        }
+
+        CURL *CreateCurlHandler ()
+        {
+            CURL *curl = curl_easy_init ();
+            if (!curl)
+            {
+                throw std::runtime_error ("Failed to initialize CURL");
+            }
+
+            const char *ca_info = std::getenv ("CURL_CA_INFO");
+#if !defined(_WIN32) && !defined(__APPLE__)
+            if (!ca_info)
+            {
+                // Check for common CA certificate bundle locations on Linux
+                for (const auto *path : {
+                         "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
+                         "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
+                         "/etc/ssl/ca-bundle.pem",                            // OpenSUSE
+                         "/etc/pki/tls/cacert.pem",                           // OpenELEC
+                         "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+                         "/etc/ssl/cert.pem"                                  // Alpine Linux
+                     })
+                {
+                    if (file_exists (path))
+                    {
+                        ca_info = path;
+                        break;
+                    }
+                }
+            }
+#endif
+            curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1L); // Follow redirects
+            curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, WriteCallback);
+            if (ca_info)
+            {
+                // Set the custom CA certificate bundle file
+                // https://github.com/hatamiarash7/duckdb-netquack/issues/6
+                LogMessage ("DEBUG", "Using custom CA certificate bundle: " + std::string (ca_info));
+                curl_easy_setopt (curl, CURLOPT_CAINFO, ca_info);
+            }
+            const char *ca_path = std::getenv ("CURL_CA_PATH");
+            if (ca_path)
+            {
+                // Set the custom CA certificate directory
+                LogMessage ("DEBUG", "Using custom CA certificate directory: " + std::string (ca_path));
+                curl_easy_setopt (curl, CURLOPT_CAPATH, ca_path);
+            }
+
+            return curl;
+        }
+
         void LogMessage (const std::string &level, const std::string &message)
         {
             std::ofstream log_file ("netquack.log", std::ios_base::app);
@@ -31,24 +98,19 @@ namespace duckdb
 
         std::string DownloadPublicSuffixList ()
         {
-            CURL *curl;
+            CURL *curl = CreateCurlHandler ();
             CURLcode res;
             std::string readBuffer;
 
-            curl = curl_easy_init ();
-            if (curl)
-            {
-                curl_easy_setopt (curl, CURLOPT_URL, "https://publicsuffix.org/list/public_suffix_list.dat");
-                curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, WriteCallback);
-                curl_easy_setopt (curl, CURLOPT_WRITEDATA, &readBuffer);
-                res = curl_easy_perform (curl);
-                curl_easy_cleanup (curl);
+            curl_easy_setopt (curl, CURLOPT_URL, "https://publicsuffix.org/list/public_suffix_list.dat");
+            curl_easy_setopt (curl, CURLOPT_WRITEDATA, &readBuffer);
+            res = curl_easy_perform (curl);
+            curl_easy_cleanup (curl);
 
-                if (res != CURLE_OK)
-                {
-                    LogMessage ("ERROR", "Failed to download public suffix list: " + std::string (curl_easy_strerror (res)));
-                    throw std::runtime_error ("Failed to download public suffix list. Check logs for details.");
-                }
+            if (res != CURLE_OK)
+            {
+                LogMessage ("ERROR", "Failed to download public suffix list: " + std::string (curl_easy_strerror (res)));
+                throw std::runtime_error ("Failed to download public suffix list. Check logs for details.");
             }
 
             return readBuffer;
diff --git a/src/utils/utils.hpp b/src/utils/utils.hpp
@@ -1,11 +1,16 @@
 #pragma once
 
+#include <curl/curl.h>
+
 #include "duckdb.hpp"
 
 namespace duckdb
 {
     namespace netquack
     {
+        // Function to get a CURL handler
+        CURL *CreateCurlHandler ();
+
         // Function to log messages with a specified log level
         void LogMessage (const std::string &level, const std::string &message);
 

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,16 @@`
`1`	`1`	`#pragma once`
`2`	`2`
	`3`	`+#include <curl/curl.h>`
	`4`	`+`
`3`	`5`	`#include "duckdb.hpp"`
`4`	`6`
`5`	`7`	`namespace duckdb`
`6`	`8`	`{`
`7`	`9`	`namespace netquack`
`8`	`10`	`{`
	`11`	`+ // Function to get a CURL handler`
	`12`	`+ CURL *CreateCurlHandler ();`
	`13`	`+`
`9`	`14`	`// Function to log messages with a specified log level`
`10`	`15`	`void LogMessage (const std::string &level, const std::string &message);`
`11`	`16`