include/systools/curlinit.hxx | 9 ++++++---
include/systools/opensslinit.hxx | 4 ++--
vcl/source/app/svmain.cxx | 2 +-
3 files changed, 9 insertions(+), 6 deletions(-)
New commits:
commit 29f24d4bffed3d6d992274adffab375390fbc1a1
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Mar 31 20:25:41 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Tue Apr 2 12:49:43 2024 +0200
Related: tdf#157480 use SSL_CERT_FILE on macOS too
for SSL use by pyuno emailmerge
another alternative mechanism that could work is to generate one
with something like: "security find-certificate -a -p > cert.pem"
ref: https: //hynek.me/articles/apple-openssl-verification-surprises/
Change-Id: I8bff2ca5bbbb4f2c2333a67e0281dd4fa0b06405
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165625
Reviewed-by: Patrick Luby <guibomac...@gmail.com>
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/include/systools/curlinit.hxx b/include/systools/curlinit.hxx
index d03c620a3c75..4b226c7a4218 100644
--- a/include/systools/curlinit.hxx
+++ b/include/systools/curlinit.hxx
@@ -13,12 +13,13 @@
#include <officecfg/Office/Security.hxx>
-#if defined(LINUX) && !defined(SYSTEM_CURL)
+// curl is built with --with-secure-transport on macOS and iOS so doesn't need
these
+// certs. Windows doesn't need them either, but lets assume everything else
does
+#if !defined(SYSTEM_OPENSSL) && !defined(_WIN32) && !defined(MACOSX) &&
!defined(IOS)
#include <com/sun/star/uno/RuntimeException.hpp>
#define LO_CURL_NEEDS_CA_BUNDLE
#include "opensslinit.hxx"
-#undef LO_CURL_NEEDS_CA_BUNDLE
#endif
#include <rtl/string.hxx>
@@ -31,7 +32,7 @@ static void InitCurl_easy(CURL* const pCURL)
CURLcode rc;
(void)rc;
-#if defined(LINUX) && !defined(SYSTEM_CURL)
+#if defined(LO_CURL_NEEDS_CA_BUNDLE)
char const* const path = GetCABundleFile();
rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path);
if (rc != CURLE_OK) // only if OOM?
@@ -79,4 +80,6 @@ static void InitCurl_easy(CURL* const pCURL)
assert(rc == CURLE_OK);
}
+#undef LO_CURL_NEEDS_CA_BUNDLE
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
diff --git a/include/systools/opensslinit.hxx b/include/systools/opensslinit.hxx
index 04f38faa0821..48b38cf67512 100644
--- a/include/systools/opensslinit.hxx
+++ b/include/systools/opensslinit.hxx
@@ -13,8 +13,7 @@
// Also include/systools/curlinit.hxx needs GetCABundleFile() if
// !defined(SYSTEM_CURL) it defines LO_CURL_NEEDS_CA_BUNDLE.
-#if defined(LINUX) && (!defined(SYSTEM_OPENSSL) ||
defined(LO_CURL_NEEDS_CA_BUNDLE))
-#include <com/sun/star/uno/RuntimeException.hpp>
+#if !defined(_WIN32) && (!defined(SYSTEM_OPENSSL) ||
defined(LO_CURL_NEEDS_CA_BUNDLE))
#include <unistd.h>
@@ -27,6 +26,7 @@ static char const* GetCABundleFile()
"/etc/pki/tls/certs/ca-bundle.trust.crt",
"/etc/ssl/certs/ca-certificates.crt",
"/var/lib/ca-certificates/ca-bundle.pem",
+ "/etc/ssl/cert.pem", // macOS has one at this location
};
for (char const* const candidate : candidates)
{
diff --git a/vcl/source/app/svmain.cxx b/vcl/source/app/svmain.cxx
index 3aa2cecf4ec8..9eb99f09e320 100644
--- a/vcl/source/app/svmain.cxx
+++ b/vcl/source/app/svmain.cxx
@@ -194,7 +194,7 @@ int ImplSVMain()
const bool bWasInitVCL = IsVCLInit();
-#if defined(LINUX) && !defined(SYSTEM_OPENSSL)
+#if !defined(_WIN32) && !defined(SYSTEM_OPENSSL)
if (!bWasInitVCL)
{
OUString constexpr name(u"SSL_CERT_FILE"_ustr);
