diff options
| author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-03-31 20:25:41 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-04-02 12:49:25 +0200 |
| commit | 25a5b9b136c80c93593097e4463184035218fd56 (patch) | |
| tree | f10a7553ee883ead83623a6979691f6f12d6bf2a /include | |
| parent | 0f19f2bbf4c5a0ebafd9a43588783b9e70dcd936 (diff) | |
Related: tdf#157480 use SSL_CERT_FILE on macOS too
for SSL use by pyuno emailmerge
another alternative mechanism that could work is to generate one
with something like: "security find-certificate -a -p > cert.pem"
ref: https: //hynek.me/articles/apple-openssl-verification-surprises/
Change-Id: I8bff2ca5bbbb4f2c2333a67e0281dd4fa0b06405
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165599
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/systools/curlinit.hxx | 9 | ||||
| -rw-r--r-- | include/systools/opensslinit.hxx | 4 |
2 files changed, 8 insertions, 5 deletions
diff --git a/include/systools/curlinit.hxx b/include/systools/curlinit.hxx index d03c620a3c75..4b226c7a4218 100644 --- a/include/systools/curlinit.hxx +++ b/include/systools/curlinit.hxx @@ -13,12 +13,13 @@ #include <officecfg/Office/Security.hxx> -#if defined(LINUX) && !defined(SYSTEM_CURL) +// curl is built with --with-secure-transport on macOS and iOS so doesn't need these +// certs. Windows doesn't need them either, but lets assume everything else does +#if !defined(SYSTEM_OPENSSL) && !defined(_WIN32) && !defined(MACOSX) && !defined(IOS) #include <com/sun/star/uno/RuntimeException.hpp> #define LO_CURL_NEEDS_CA_BUNDLE #include "opensslinit.hxx" -#undef LO_CURL_NEEDS_CA_BUNDLE #endif #include <rtl/string.hxx> @@ -31,7 +32,7 @@ static void InitCurl_easy(CURL* const pCURL) CURLcode rc; (void)rc; -#if defined(LINUX) && !defined(SYSTEM_CURL) +#if defined(LO_CURL_NEEDS_CA_BUNDLE) char const* const path = GetCABundleFile(); rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path); if (rc != CURLE_OK) // only if OOM? @@ -79,4 +80,6 @@ static void InitCurl_easy(CURL* const pCURL) assert(rc == CURLE_OK); } +#undef LO_CURL_NEEDS_CA_BUNDLE + /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/include/systools/opensslinit.hxx b/include/systools/opensslinit.hxx index 04f38faa0821..48b38cf67512 100644 --- a/include/systools/opensslinit.hxx +++ b/include/systools/opensslinit.hxx @@ -13,8 +13,7 @@ // Also include/systools/curlinit.hxx needs GetCABundleFile() if // !defined(SYSTEM_CURL) it defines LO_CURL_NEEDS_CA_BUNDLE. -#if defined(LINUX) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) -#include <com/sun/star/uno/RuntimeException.hpp> +#if !defined(_WIN32) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) #include <unistd.h> @@ -27,6 +26,7 @@ static char const* GetCABundleFile() "/etc/pki/tls/certs/ca-bundle.trust.crt", "/etc/ssl/certs/ca-certificates.crt", "/var/lib/ca-certificates/ca-bundle.pem", + "/etc/ssl/cert.pem", // macOS has one at this location }; for (char const* const candidate : candidates) { |