[glib-networking/wip/nacho/openssl: 6/11] Add back CA certificate configuration
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/nacho/openssl: 6/11] Add back CA certificate configuration
- Date: Wed, 12 Sep 2018 11:56:10 +0000 (UTC)
commit 80b580c431a98cd6a481c5cc53f55fe58aa36613
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date: Mon Sep 10 15:52:17 2018 +0200
Add back CA certificate configuration
We should follow the path of gnutls and remove this in the future.
detect_certificates.py | 16 ++++++++++++++++
meson.build | 21 +++++++++++++++++++++
meson_options.txt | 1 +
3 files changed, 38 insertions(+)
---
diff --git a/detect_certificates.py b/detect_certificates.py
new file mode 100755
index 0000000..1482554
--- /dev/null
+++ b/detect_certificates.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+
+certificates = [
+ '/etc/pki/tls/certs/ca-bundle.crt',
+ '/etc/ssl/certs/ca-certificates.crt',
+ '/etc/ssl/ca-bundle.pem',
+]
+
+for cert in certificates:
+ if os.path.isfile(cert):
+ print(cert)
+ exit(0)
+
+exit(1)
diff --git a/meson.build b/meson.build
index d8236c2..deca397 100644
--- a/meson.build
+++ b/meson.build
@@ -127,6 +127,27 @@ enable_openssl_support = get_option('openssl_support')
endif
endif
+ if host_machine.system() != 'windows'
+ ca_certificates = get_option('ca_certificates')
+ if ca_certificates == 'no'
+ message('CA certificates disabled')
+ else
+ if ca_certificates == ''
+ detect_certificates = run_command(join_paths(meson.source_root(), 'detect_certificates.py'))
+
+ if detect_certificates.returncode() == 1
+ error('Could not find certificates. Use -Dca_certificates=path to set, or -Dca_certificates=no to
disable it')
+ endif
+
+ ca_certificates = detect_certificates.stdout().strip()
+ endif
+
+ message('CA certificates: ' + ca_certificates)
+
+ config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates)
+ endif
+ endif
+
backends += ['openssl']
endif
diff --git a/meson_options.txt b/meson_options.txt
index 6003a23..5eebf27 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,5 +1,6 @@
option('gnutls_support', type: 'boolean', value: true, description: 'support for GNUTLS networking
configration')
option('openssl_support', type: 'boolean', value: true, description: 'support for OpenSSL networking
configration')
+option('ca_certificates', type: 'string', value: '', description: 'path to system Certificate Authority list
for OpenSSL')
option('libproxy_support', type: 'boolean', value: true, description: 'support for libproxy proxy
configration')
option('gnome_proxy_support', type: 'boolean', value: true, description: 'support for GNOME desktop proxy
configuration')
option('pkcs11_support', type: 'boolean', value: false, description: 'support for PKCS#11 using p11-kit')
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]