[glib-networking/wip/nacho/openssl: 13/21] Add back CA certificate configuration

[Ignacio Casal Quinteiro <icq src gnome org>]

commit aaad7f29016037cd11a9fc6201d00cefb922b368
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Mon Sep 10 15:52:17 2018 +0200

    Add back CA certificate configuration
    
    We should follow the path of gnutls and remove this in the future.

 detect_certificates.py | 16 ++++++++++++++++
 meson.build            | 21 +++++++++++++++++++++
 meson_options.txt      |  1 +
 3 files changed, 38 insertions(+)
---
diff --git a/detect_certificates.py b/detect_certificates.py
new file mode 100755
index 0000000..1482554
--- /dev/null
+++ b/detect_certificates.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+
+certificates = [
+  '/etc/pki/tls/certs/ca-bundle.crt',
+  '/etc/ssl/certs/ca-certificates.crt',
+  '/etc/ssl/ca-bundle.pem',
+]
+
+for cert in certificates:
+  if os.path.isfile(cert):
+    print(cert)
+    exit(0)
+
+exit(1)
diff --git a/meson.build b/meson.build
index d679c11..0a78434 100644
--- a/meson.build
+++ b/meson.build
@@ -127,6 +127,27 @@ elif cc.get_id() == 'msvc'
     openssl_dep = [libeay_dep, ssleay_dep]
   endif
 
+  if host_machine.system() != 'windows'
+    ca_certificates = get_option('ca_certificates')
+    if ca_certificates == 'no'
+      message('CA certificates disabled')
+    else
+      if ca_certificates == ''
+        detect_certificates = run_command(join_paths(meson.source_root(), 'detect_certificates.py'))
+
+        if detect_certificates.returncode() == 1
+          error('Could not find certificates. Use -Dca_certificates=path to set, or -Dca_certificates=no to 
disable it')
+        endif
+
+        ca_certificates = detect_certificates.stdout().strip()
+      endif
+
+      message('CA certificates: ' + ca_certificates)
+
+      config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates)
+    endif
+  endif
+
   backends += ['openssl']
 endif
 
diff --git a/meson_options.txt b/meson_options.txt
index 04706be..34b4a7d 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -5,3 +5,4 @@ option('gnome_proxy', type: 'feature', value: 'auto', description: 'support for
 option('pkcs11', type: 'feature', value: 'disabled', description: 'support for PKCS#11 using p11-kit')
 option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests')
 option('static_modules', type: 'boolean', value: false, description: 'build static modules')
+option('ca_certificates', type: 'string', value: '', description: 'path to system Certificate Authority list 
for OpenSSL')