[glib-networking/wip/nacho/openssl: 6/11] Add back CA certificate configuration

From: Ignacio Casal Quinteiro <icq src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/wip/nacho/openssl: 6/11] Add back CA certificate configuration
Date: Wed, 12 Sep 2018 11:56:10 +0000 (UTC)

commit 80b580c431a98cd6a481c5cc53f55fe58aa36613
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Mon Sep 10 15:52:17 2018 +0200

    Add back CA certificate configuration
    
    We should follow the path of gnutls and remove this in the future.

 detect_certificates.py | 16 ++++++++++++++++
 meson.build            | 21 +++++++++++++++++++++
 meson_options.txt      |  1 +
 3 files changed, 38 insertions(+)
---
diff --git a/detect_certificates.py b/detect_certificates.py
new file mode 100755
index 0000000..1482554
--- /dev/null
+++ b/detect_certificates.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+
+certificates = [
+  '/etc/pki/tls/certs/ca-bundle.crt',
+  '/etc/ssl/certs/ca-certificates.crt',
+  '/etc/ssl/ca-bundle.pem',
+]
+
+for cert in certificates:
+  if os.path.isfile(cert):
+    print(cert)
+    exit(0)
+
+exit(1)
diff --git a/meson.build b/meson.build
index d8236c2..deca397 100644
--- a/meson.build
+++ b/meson.build
@@ -127,6 +127,27 @@ enable_openssl_support = get_option('openssl_support')
     endif
   endif
 
+  if host_machine.system() != 'windows'
+    ca_certificates = get_option('ca_certificates')
+    if ca_certificates == 'no'
+      message('CA certificates disabled')
+    else
+      if ca_certificates == ''
+        detect_certificates = run_command(join_paths(meson.source_root(), 'detect_certificates.py'))
+
+        if detect_certificates.returncode() == 1
+          error('Could not find certificates. Use -Dca_certificates=path to set, or -Dca_certificates=no to 
disable it')
+        endif
+
+        ca_certificates = detect_certificates.stdout().strip()
+      endif
+
+      message('CA certificates: ' + ca_certificates)
+
+      config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates)
+    endif
+  endif
+
   backends += ['openssl']
 endif
 
diff --git a/meson_options.txt b/meson_options.txt
index 6003a23..5eebf27 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,5 +1,6 @@
 option('gnutls_support', type: 'boolean', value: true, description: 'support for GNUTLS networking 
configration')
 option('openssl_support', type: 'boolean', value: true, description: 'support for OpenSSL networking 
configration')
+option('ca_certificates', type: 'string', value: '', description: 'path to system Certificate Authority list 
for OpenSSL')
 option('libproxy_support', type: 'boolean', value: true, description: 'support for libproxy proxy 
configration')
 option('gnome_proxy_support', type: 'boolean', value: true, description: 'support for GNOME desktop proxy 
configuration')
 option('pkcs11_support', type: 'boolean', value: false, description: 'support for PKCS#11 using p11-kit')

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]