1 files changed, 49 insertions, 0 deletions

diff --git a/src/couchdb/couch_rep_httpc.erl b/src/couchdb/couch_rep_httpc.erl
index b32e4c77..e535c0d5 100644
--- a/src/couchdb/couch_rep_httpc.erl
+++ b/src/couchdb/couch_rep_httpc.erl
@@ -16,6 +16,7 @@
 
 -export([db_exists/1, db_exists/2, full_url/1, request/1, redirected_request/2,
     redirect_url/2, spawn_worker_process/1, spawn_link_worker_process/1]).
+-export([ssl_options/1]).
 
 request(#http_db{} = Req) ->
     do_request(Req).
@@ -91,6 +92,7 @@ db_exists(Req, CanonicalUrl, CreateDB) ->
     end,
     case catch ibrowse:send_req(Url, HeadersFun(head), head, [], Options) of
     {ok, "200", _, _} ->
+        config_http(CanonicalUrl),
         Req#http_db{url = CanonicalUrl};
     {ok, "301", RespHeaders, _} ->
         RedirectUrl = redirect_url(RespHeaders, Req#http_db.url),
@@ -98,11 +100,26 @@ db_exists(Req, CanonicalUrl, CreateDB) ->
     {ok, "302", RespHeaders, _} ->
         RedirectUrl = redirect_url(RespHeaders, Req#http_db.url),
         db_exists(Req#http_db{url = RedirectUrl}, CanonicalUrl);
+    {ok, "401", _, _} ->
+        throw({unauthorized, ?l2b(Url)});
     Error ->
         ?LOG_DEBUG("DB at ~s could not be found because ~p", [Url, Error]),
         throw({db_not_found, ?l2b(Url)})
     end.
 
+config_http(Url) ->
+    #url{host = Host, port = Port} = ibrowse_lib:parse_url(Url),
+    ok = ibrowse:set_max_sessions(Host, Port, list_to_integer(
+        couch_config:get("replicator", "max_http_sessions", "20"))),
+    ok = ibrowse:set_max_pipeline_size(Host, Port, list_to_integer(
+        couch_config:get("replicator", "max_http_pipeline_size", "50"))),
+    ok = couch_config:register(
+        fun("replicator", "max_http_sessions", MaxSessions) ->
+            ibrowse:set_max_sessions(Host, Port, list_to_integer(MaxSessions));
+        ("replicator", "max_http_pipeline_size", PipeSize) ->
+            ibrowse:set_max_pipeline_size(Host, Port, list_to_integer(PipeSize))
+        end).
+
 redirect_url(RespHeaders, OrigUrl) ->
     MochiHeaders = mochiweb_headers:make(RespHeaders),
     RedUrl = mochiweb_headers:get_value("Location", MochiHeaders),
@@ -244,3 +261,35 @@ oauth_header(Url, QS, Action, Props) ->
     Params = oauth:signed_params(Method, Url, QSL, Consumer, Token, TokenSecret)
         -- QSL,
     {"Authorization", "OAuth " ++ oauth_uri:params_to_header_string(Params)}.
+
+ssl_options(#http_db{url = Url}) ->
+    case ibrowse_lib:parse_url(Url) of
+    #url{protocol = https} ->
+        Depth = list_to_integer(
+            couch_config:get("replicator", "ssl_certificate_max_depth", "3")
+        ),
+        SslOpts = [{depth, Depth} |
+        case couch_config:get("replicator", "verify_ssl_certificates") of
+        "true" ->
+            ssl_verify_options(true);
+        _ ->
+            ssl_verify_options(false)
+        end],
+        [{is_ssl, true}, {ssl_options, SslOpts}];
+    #url{protocol = http} ->
+        []
+    end.
+
+ssl_verify_options(Value) ->
+    ssl_verify_options(Value, erlang:system_info(otp_release)).
+
+ssl_verify_options(true, OTPVersion) when OTPVersion >= "R14" ->
+    CAFile = couch_config:get("replicator", "ssl_trusted_certificates_file"),
+    [{verify, verify_peer}, {cacertfile, CAFile}];
+ssl_verify_options(false, OTPVersion) when OTPVersion >= "R14" ->
+    [{verify, verify_none}];
+ssl_verify_options(true, _OTPVersion) ->
+    CAFile = couch_config:get("replicator", "ssl_trusted_certificates_file"),
+    [{verify, 2}, {cacertfile, CAFile}];
+ssl_verify_options(false, _OTPVersion) ->
+    [{verify, 0}].