diff options
author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-03-31 20:25:41 +0100 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2024-04-07 13:58:05 +0200 |
commit | b9e1784e428d90f720a5a93ee464222419145741 (patch) | |
tree | c6176600a8a34271555ca25a8cf9c7f627152354 | |
parent | 5dc060ce978bbc45815244ddfabfd76b67ee5645 (diff) |
Related: tdf#157480 use SSL_CERT_FILE on macOS too
for SSL use by pyuno emailmerge
another alternative mechanism that could work is to generate one
with something like: "security find-certificate -a -p > cert.pem"
ref: https: //hynek.me/articles/apple-openssl-verification-surprises/
Change-Id: I8bff2ca5bbbb4f2c2333a67e0281dd4fa0b06405
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165625
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
-rw-r--r-- | include/systools/curlinit.hxx | 9 | ||||
-rw-r--r-- | include/systools/opensslinit.hxx | 4 | ||||
-rw-r--r-- | vcl/source/app/svmain.cxx | 2 |
3 files changed, 9 insertions, 6 deletions
diff --git a/include/systools/curlinit.hxx b/include/systools/curlinit.hxx index d03c620a3c75..4b226c7a4218 100644 --- a/include/systools/curlinit.hxx +++ b/include/systools/curlinit.hxx @@ -13,12 +13,13 @@ #include <officecfg/Office/Security.hxx> -#if defined(LINUX) && !defined(SYSTEM_CURL) +// curl is built with --with-secure-transport on macOS and iOS so doesn't need these +// certs. Windows doesn't need them either, but lets assume everything else does +#if !defined(SYSTEM_OPENSSL) && !defined(_WIN32) && !defined(MACOSX) && !defined(IOS) #include <com/sun/star/uno/RuntimeException.hpp> #define LO_CURL_NEEDS_CA_BUNDLE #include "opensslinit.hxx" -#undef LO_CURL_NEEDS_CA_BUNDLE #endif #include <rtl/string.hxx> @@ -31,7 +32,7 @@ static void InitCurl_easy(CURL* const pCURL) CURLcode rc; (void)rc; -#if defined(LINUX) && !defined(SYSTEM_CURL) +#if defined(LO_CURL_NEEDS_CA_BUNDLE) char const* const path = GetCABundleFile(); rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path); if (rc != CURLE_OK) // only if OOM? @@ -79,4 +80,6 @@ static void InitCurl_easy(CURL* const pCURL) assert(rc == CURLE_OK); } +#undef LO_CURL_NEEDS_CA_BUNDLE + /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/include/systools/opensslinit.hxx b/include/systools/opensslinit.hxx index 04f38faa0821..48b38cf67512 100644 --- a/include/systools/opensslinit.hxx +++ b/include/systools/opensslinit.hxx @@ -13,8 +13,7 @@ // Also include/systools/curlinit.hxx needs GetCABundleFile() if // !defined(SYSTEM_CURL) it defines LO_CURL_NEEDS_CA_BUNDLE. -#if defined(LINUX) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) -#include <com/sun/star/uno/RuntimeException.hpp> +#if !defined(_WIN32) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) #include <unistd.h> @@ -27,6 +26,7 @@ static char const* GetCABundleFile() "/etc/pki/tls/certs/ca-bundle.trust.crt", "/etc/ssl/certs/ca-certificates.crt", "/var/lib/ca-certificates/ca-bundle.pem", + "/etc/ssl/cert.pem", // macOS has one at this location }; for (char const* const candidate : candidates) { diff --git a/vcl/source/app/svmain.cxx b/vcl/source/app/svmain.cxx index 3aa2cecf4ec8..9eb99f09e320 100644 --- a/vcl/source/app/svmain.cxx +++ b/vcl/source/app/svmain.cxx @@ -194,7 +194,7 @@ int ImplSVMain() const bool bWasInitVCL = IsVCLInit(); -#if defined(LINUX) && !defined(SYSTEM_OPENSSL) +#if !defined(_WIN32) && !defined(SYSTEM_OPENSSL) if (!bWasInitVCL) { OUString constexpr name(u"SSL_CERT_FILE"_ustr); |