[glib-networking/wip/nacho/openssl: 1/12] Add back CA certificate configuration
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/nacho/openssl: 1/12] Add back CA certificate configuration
- Date: Wed, 19 Sep 2018 08:59:49 +0000 (UTC)
commit e449af2f87c4e19aa3bf3d01f8c6f614d49ebea4
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date: Mon Sep 10 15:52:17 2018 +0200
Add back CA certificate configuration
We should follow the path of gnutls and remove this in the future.
detect_certificates.py | 16 ++++++++++++++++
meson.build | 21 +++++++++++++++++++++
meson_options.txt | 1 +
3 files changed, 38 insertions(+)
---
diff --git a/detect_certificates.py b/detect_certificates.py
new file mode 100755
index 0000000..1482554
--- /dev/null
+++ b/detect_certificates.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+
+certificates = [
+ '/etc/pki/tls/certs/ca-bundle.crt',
+ '/etc/ssl/certs/ca-certificates.crt',
+ '/etc/ssl/ca-bundle.pem',
+]
+
+for cert in certificates:
+ if os.path.isfile(cert):
+ print(cert)
+ exit(0)
+
+exit(1)
diff --git a/meson.build b/meson.build
index d679c11..a551a64 100644
--- a/meson.build
+++ b/meson.build
@@ -130,6 +130,27 @@ elif cc.get_id() == 'msvc'
backends += ['openssl']
endif
+if backends.contains('openssl') and host_machine.system() != 'windows'
+ ca_certificates = get_option('ca_certificates')
+ if ca_certificates == 'no'
+ message('CA certificates disabled')
+ else
+ if ca_certificates == ''
+ detect_certificates = run_command(join_paths(meson.source_root(), 'detect_certificates.py'))
+
+ if detect_certificates.returncode() == 1
+ error('Could not find certificates. Use -Dca_certificates=path to set, or -Dca_certificates=no to
disable it')
+ endif
+
+ ca_certificates = detect_certificates.stdout().strip()
+ endif
+
+ message('CA certificates: ' + ca_certificates)
+
+ config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates)
+ endif
+endif
+
if backends.length() == 0
error('No TLS backends enabled. Please enable at least one TLS backend')
endif
diff --git a/meson_options.txt b/meson_options.txt
index 04706be..34b4a7d 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -5,3 +5,4 @@ option('gnome_proxy', type: 'feature', value: 'auto', description: 'support for
option('pkcs11', type: 'feature', value: 'disabled', description: 'support for PKCS#11 using p11-kit')
option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests')
option('static_modules', type: 'boolean', value: false, description: 'build static modules')
+option('ca_certificates', type: 'string', value: '', description: 'path to system Certificate Authority list
for OpenSSL')
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]