include/systools/curlinit.hxx | 9 ++++++--- include/systools/opensslinit.hxx | 4 ++-- vcl/source/app/svmain.cxx | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-)
New commits: commit 29f24d4bffed3d6d992274adffab375390fbc1a1 Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Sun Mar 31 20:25:41 2024 +0100 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Tue Apr 2 12:49:43 2024 +0200 Related: tdf#157480 use SSL_CERT_FILE on macOS too for SSL use by pyuno emailmerge another alternative mechanism that could work is to generate one with something like: "security find-certificate -a -p > cert.pem" ref: https: //hynek.me/articles/apple-openssl-verification-surprises/ Change-Id: I8bff2ca5bbbb4f2c2333a67e0281dd4fa0b06405 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165625 Reviewed-by: Patrick Luby <guibomac...@gmail.com> Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> diff --git a/include/systools/curlinit.hxx b/include/systools/curlinit.hxx index d03c620a3c75..4b226c7a4218 100644 --- a/include/systools/curlinit.hxx +++ b/include/systools/curlinit.hxx @@ -13,12 +13,13 @@ #include <officecfg/Office/Security.hxx> -#if defined(LINUX) && !defined(SYSTEM_CURL) +// curl is built with --with-secure-transport on macOS and iOS so doesn't need these +// certs. Windows doesn't need them either, but lets assume everything else does +#if !defined(SYSTEM_OPENSSL) && !defined(_WIN32) && !defined(MACOSX) && !defined(IOS) #include <com/sun/star/uno/RuntimeException.hpp> #define LO_CURL_NEEDS_CA_BUNDLE #include "opensslinit.hxx" -#undef LO_CURL_NEEDS_CA_BUNDLE #endif #include <rtl/string.hxx> @@ -31,7 +32,7 @@ static void InitCurl_easy(CURL* const pCURL) CURLcode rc; (void)rc; -#if defined(LINUX) && !defined(SYSTEM_CURL) +#if defined(LO_CURL_NEEDS_CA_BUNDLE) char const* const path = GetCABundleFile(); rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path); if (rc != CURLE_OK) // only if OOM? @@ -79,4 +80,6 @@ static void InitCurl_easy(CURL* const pCURL) assert(rc == CURLE_OK); } +#undef LO_CURL_NEEDS_CA_BUNDLE + /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/include/systools/opensslinit.hxx b/include/systools/opensslinit.hxx index 04f38faa0821..48b38cf67512 100644 --- a/include/systools/opensslinit.hxx +++ b/include/systools/opensslinit.hxx @@ -13,8 +13,7 @@ // Also include/systools/curlinit.hxx needs GetCABundleFile() if // !defined(SYSTEM_CURL) it defines LO_CURL_NEEDS_CA_BUNDLE. -#if defined(LINUX) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) -#include <com/sun/star/uno/RuntimeException.hpp> +#if !defined(_WIN32) && (!defined(SYSTEM_OPENSSL) || defined(LO_CURL_NEEDS_CA_BUNDLE)) #include <unistd.h> @@ -27,6 +26,7 @@ static char const* GetCABundleFile() "/etc/pki/tls/certs/ca-bundle.trust.crt", "/etc/ssl/certs/ca-certificates.crt", "/var/lib/ca-certificates/ca-bundle.pem", + "/etc/ssl/cert.pem", // macOS has one at this location }; for (char const* const candidate : candidates) { diff --git a/vcl/source/app/svmain.cxx b/vcl/source/app/svmain.cxx index 3aa2cecf4ec8..9eb99f09e320 100644 --- a/vcl/source/app/svmain.cxx +++ b/vcl/source/app/svmain.cxx @@ -194,7 +194,7 @@ int ImplSVMain() const bool bWasInitVCL = IsVCLInit(); -#if defined(LINUX) && !defined(SYSTEM_OPENSSL) +#if !defined(_WIN32) && !defined(SYSTEM_OPENSSL) if (!bWasInitVCL) { OUString constexpr name(u"SSL_CERT_FILE"_ustr);