core.git: Branch 'libreoffice-25-8' - ucb/source

Mon, 19 Jan 2026 08:33:58 -0800 

 ucb/source/ucp/webdav-curl/CurlSession.cxx |    1 +
 1 file changed, 1 insertion(+)

New commits:
commit b16ba5620674b6e3461e9fc9a11cdcf55faa5aae
Author:     Miklos Vajna <[email protected]>
AuthorDate: Fri Jan 9 14:27:53 2026 +0100
Commit:     Xisco Fauli <[email protected]>
CommitDate: Mon Jan 19 17:33:28 2026 +0100

    ucb curl: don't verify peer in the isExemptVerifyHost() case
    
    Try to insert a https:// image URL into Writer when the URL's host is
    meant to be not verified, 'curl -k' works with the URL but insertion in
    Writer still fails.
    
    Turns out this is an expired self-signed certificate (in a local test
    env). Mechanism for not verifying SSL certs in the curl session was
    added in commit 2a5c998d4cdfd54ba65b93318292dab542beaabd (allow an
    exemption to be made for a specific host, 2024-08-23), but that results
    in an image insertion failure.
    
    Fix the problem by adapting the ucb/ code to do what
    
<https://github.com/curl/curl/blob/470e26ff6eb55e8d18d6fa44104834e9d1f71274/src/config2setopts.c#L375>
    does for 'curl -k', also clear the CURLOPT_SSL_VERIFYPEER option.
    
    With this, inserting https:// images from my local test server works
    again in Writer.
    
    Change-Id: I0c52f6c0c0dfd6ebf0b4081a8088b623935a96f7
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/197093
    Reviewed-by: Miklos Vajna <[email protected]>
    Tested-by: Jenkins
    (cherry picked from commit 2dcc1c95b5a7bebe508178dacdebfb506e7f6f98)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/197131
    Reviewed-by: Xisco Fauli <[email protected]>
    (cherry picked from commit 50d9606fcff2c73a1a33c151a35fcf5b3d678436)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/197167

diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx 
b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index 21fb2640e1b7..608b813f0975 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -826,6 +826,7 @@ 
CurlSession::CurlSession(uno::Reference<uno::XComponentContext> xContext,
     }
     if (HostFilter::isExemptVerifyHost(m_URI.GetHost()))
     {
+        rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYPEER, 0L);
         rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYHOST, 0L);
         assert(rc == CURLE_OK);
     }

Reply via email to