[glib-networking/wip/nacho/openssl: 5/14] Add back CA certificate configuration



commit b09a1b2f3f3185ac898dd9d8de4b7a217bf8a8ae
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Mon Sep 10 15:52:17 2018 +0200

    Add back CA certificate configuration
    
    We should follow the path of gnutls and remove this in the future.

 detect_certificates.py | 16 ++++++++++++++++
 meson.build            | 21 +++++++++++++++++++++
 meson_options.txt      |  1 +
 3 files changed, 38 insertions(+)
---
diff --git a/detect_certificates.py b/detect_certificates.py
new file mode 100755
index 0000000..1482554
--- /dev/null
+++ b/detect_certificates.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import os
+
+certificates = [
+  '/etc/pki/tls/certs/ca-bundle.crt',
+  '/etc/ssl/certs/ca-certificates.crt',
+  '/etc/ssl/ca-bundle.pem',
+]
+
+for cert in certificates:
+  if os.path.isfile(cert):
+    print(cert)
+    exit(0)
+
+exit(1)
diff --git a/meson.build b/meson.build
index d679c11..a551a64 100644
--- a/meson.build
+++ b/meson.build
@@ -130,6 +130,27 @@ elif cc.get_id() == 'msvc'
   backends += ['openssl']
 endif
 
+if backends.contains('openssl') and host_machine.system() != 'windows'
+  ca_certificates = get_option('ca_certificates')
+  if ca_certificates == 'no'
+    message('CA certificates disabled')
+  else
+    if ca_certificates == ''
+      detect_certificates = run_command(join_paths(meson.source_root(), 'detect_certificates.py'))
+
+      if detect_certificates.returncode() == 1
+        error('Could not find certificates. Use -Dca_certificates=path to set, or -Dca_certificates=no to 
disable it')
+      endif
+
+      ca_certificates = detect_certificates.stdout().strip()
+    endif
+
+    message('CA certificates: ' + ca_certificates)
+
+    config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates)
+  endif
+endif
+
 if backends.length() == 0
   error('No TLS backends enabled. Please enable at least one TLS backend')
 endif
diff --git a/meson_options.txt b/meson_options.txt
index 04706be..34b4a7d 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -5,3 +5,4 @@ option('gnome_proxy', type: 'feature', value: 'auto', description: 'support for
 option('pkcs11', type: 'feature', value: 'disabled', description: 'support for PKCS#11 using p11-kit')
 option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests')
 option('static_modules', type: 'boolean', value: false, description: 'build static modules')
+option('ca_certificates', type: 'string', value: '', description: 'path to system Certificate Authority list 
for OpenSSL')


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]