diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-11-08 14:50:26 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2023-11-10 17:47:05 +0100 |
| commit | 4961f1d7173101a64b77a1e8d38f53ed0625bc68 (patch) | |
| tree | 692050e2544dcad6d4fde56b254ea40635b77528 /vcl | |
| parent | 3eb83e86e3c00359d29db35d6d38a142de113c01 (diff) | |
vcl,openssl: set SSL_CERT_FILE for bundled OpenSSL
OpenSSL may read a CA certificate file from $SSL_CERT_FILE, if the
client library calls SSL_CTX_set_default_verify_paths(); python's ssl
module does it but apparently libcurl does not.
So split the code from commit 3fc632c0261c75fb4079a5305e814698e791f75c
and set the environment variable in ImplSVMain(), hopefully before
any threads are spawned; seems to work for PyMailSMTPService.
This needs to have SYSTEM_OPENSSL available in a config header.
Change-Id: I63b747cb61bb236cf4f605bb9858e5b0083388fe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159149
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1472e2d68b9cff43b99069d3ba9439fff0a5684c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159283
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/app/svmain.cxx | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/vcl/source/app/svmain.cxx b/vcl/source/app/svmain.cxx index 2838cfc3a63c..aaf6a602cb14 100644 --- a/vcl/source/app/svmain.cxx +++ b/vcl/source/app/svmain.cxx @@ -81,6 +81,7 @@ #include <config_features.h> #include <config_feature_opencl.h> +#include <opensslinit.hxx> #include <osl/process.h> #include <com/sun/star/lang/XComponent.hpp> @@ -191,6 +192,26 @@ int ImplSVMain() int nReturn = EXIT_FAILURE; const bool bWasInitVCL = IsVCLInit(); + +#if defined(LINUX) && !defined(SYSTEM_OPENSSL) + if (!bWasInitVCL) + { + try // to point bundled OpenSSL to some system certificate file + { // ... this only works if the client actually calls + // SSL_CTX_set_default_verify_paths() or similar; e.g. python ssl. + char const*const path = GetCABundleFile(); + OUString const name("SSL_CERT_FILE"); + OUString const filepath(::rtl::OStringToOUString( + ::std::string_view(path), osl_getThreadTextEncoding())); + osl_setEnvironment(name.pData, filepath.pData); + } + catch (uno::RuntimeException const& e) + { + SAL_WARN("vcl", e.Message); + } + } +#endif + const bool bInit = bWasInitVCL || InitVCL(); int nRet = 0; if (!bWasInitVCL && bInit && pSVData->mpDefInst->SVMainHook(&nRet)) |