NETWORKING: Try loading the CA bundle from DATA_PATH

author: Bastien Bouclet 2019-11-02 11:36:42 +0100
committer: Filippos Karapetis 2019-11-03 19:48:34 +0200
commit: 6fa7322a6a21e8f5ce5bd976da098761eca1f831 (patch)
tree: 31b65e4c5325d1adc3a8cfd35a19a852ac42e828 /backends/networking
parent: 47b67342d6205b2491a49d0da2183b921c73ee46 (diff)
download: scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.tar.gz
scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.tar.bz2
scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.zip
3 files changed, 37 insertions, 0 deletions
diff --git a/backends/networking/curl/connectionmanager.cpp b/backends/networking/curl/connectionmanager.cpp
index 557fcf06eb..21381d9a3d 100644
--- a/backends/networking/curl/connectionmanager.cpp
+++ b/backends/networking/curl/connectionmanager.cpp
@@ -26,6 +26,7 @@
 #include "backends/networking/curl/connectionmanager.h"
 #include "backends/networking/curl/networkreadstream.h"
 #include "common/debug.h"
+#include "common/fs.h"
 #include "common/system.h"
 #include "common/timer.h"
 
@@ -98,6 +99,29 @@ uint32 ConnectionManager::getCloudRequestsPeriodInMicroseconds() {
 	return TIMER_INTERVAL * CLOUD_PERIOD;
 }
 
+const char *ConnectionManager::getCaCertPath() {
+#if defined(DATA_PATH)
+	static enum {
+		kNotInitialized,
+		kFileNotFound,
+		kFileExists
+	} state = kNotInitialized;
+
+	if (state == kNotInitialized) {
+		Common::FSNode node(DATA_PATH"/cacert.pem");
+		state = node.exists() ? kFileExists : kFileNotFound;
+	}
+
+	if (state == kFileExists) {
+		return DATA_PATH"/cacert.pem";
+	} else {
+		return nullptr;
+	}
+#else
+	return nullptr;
+#endif
+}
+
 //private goes here:
 
 void connectionsThread(void *ignored) {
diff --git a/backends/networking/curl/connectionmanager.h b/backends/networking/curl/connectionmanager.h
index 6c261b8c63..a01d115c2c 100644
--- a/backends/networking/curl/connectionmanager.h
+++ b/backends/networking/curl/connectionmanager.h
@@ -118,6 +118,9 @@ public:
 	Common::String urlEncode(Common::String s) const;
 
 	static uint32 getCloudRequestsPeriodInMicroseconds();
+
+	/** Return the path to the CA certificates bundle. */
+	static const char *getCaCertPath();
 };
 
 /** Shortcut for accessing the connection manager. */
diff --git a/backends/networking/curl/networkreadstream.cpp b/backends/networking/curl/networkreadstream.cpp
index b41a3c37b7..b8f06b728f 100644
--- a/backends/networking/curl/networkreadstream.cpp
+++ b/backends/networking/curl/networkreadstream.cpp
@@ -91,6 +91,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, const byt
 	curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
 #endif
 
+	const char *caCertPath = ConnMan.getCaCertPath();
+	if (caCertPath) {
+		curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x072000
 	// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
 	// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used
@@ -149,6 +154,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, Common::H
 	curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
 #endif
 
+	const char *caCertPath = ConnMan.getCaCertPath();
+	if (caCertPath) {
+		curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x072000
 	// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
 	// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used
author	Bastien Bouclet	2019-11-02 11:36:42 +0100
committer	Filippos Karapetis	2019-11-03 19:48:34 +0200
commit	6fa7322a6a21e8f5ce5bd976da098761eca1f831 (patch)
tree	31b65e4c5325d1adc3a8cfd35a19a852ac42e828 /backends/networking
parent	47b67342d6205b2491a49d0da2183b921c73ee46 (diff)
download	scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.tar.gz scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.tar.bz2 scummvm-rg350-6fa7322a6a21e8f5ce5bd976da098761eca1f831.zip