From 6fa7322a6a21e8f5ce5bd976da098761eca1f831 Mon Sep 17 00:00:00 2001 From: Bastien Bouclet Date: Sat, 2 Nov 2019 11:36:42 +0100 Subject: NETWORKING: Try loading the CA bundle from DATA_PATH --- backends/networking/curl/connectionmanager.cpp | 24 ++++++++++++++++++++++++ backends/networking/curl/connectionmanager.h | 3 +++ backends/networking/curl/networkreadstream.cpp | 10 ++++++++++ 3 files changed, 37 insertions(+) (limited to 'backends/networking') diff --git a/backends/networking/curl/connectionmanager.cpp b/backends/networking/curl/connectionmanager.cpp index 557fcf06eb..21381d9a3d 100644 --- a/backends/networking/curl/connectionmanager.cpp +++ b/backends/networking/curl/connectionmanager.cpp @@ -26,6 +26,7 @@ #include "backends/networking/curl/connectionmanager.h" #include "backends/networking/curl/networkreadstream.h" #include "common/debug.h" +#include "common/fs.h" #include "common/system.h" #include "common/timer.h" @@ -98,6 +99,29 @@ uint32 ConnectionManager::getCloudRequestsPeriodInMicroseconds() { return TIMER_INTERVAL * CLOUD_PERIOD; } +const char *ConnectionManager::getCaCertPath() { +#if defined(DATA_PATH) + static enum { + kNotInitialized, + kFileNotFound, + kFileExists + } state = kNotInitialized; + + if (state == kNotInitialized) { + Common::FSNode node(DATA_PATH"/cacert.pem"); + state = node.exists() ? kFileExists : kFileNotFound; + } + + if (state == kFileExists) { + return DATA_PATH"/cacert.pem"; + } else { + return nullptr; + } +#else + return nullptr; +#endif +} + //private goes here: void connectionsThread(void *ignored) { diff --git a/backends/networking/curl/connectionmanager.h b/backends/networking/curl/connectionmanager.h index 6c261b8c63..a01d115c2c 100644 --- a/backends/networking/curl/connectionmanager.h +++ b/backends/networking/curl/connectionmanager.h @@ -118,6 +118,9 @@ public: Common::String urlEncode(Common::String s) const; static uint32 getCloudRequestsPeriodInMicroseconds(); + + /** Return the path to the CA certificates bundle. */ + static const char *getCaCertPath(); }; /** Shortcut for accessing the connection manager. */ diff --git a/backends/networking/curl/networkreadstream.cpp b/backends/networking/curl/networkreadstream.cpp index b41a3c37b7..b8f06b728f 100644 --- a/backends/networking/curl/networkreadstream.cpp +++ b/backends/networking/curl/networkreadstream.cpp @@ -91,6 +91,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, const byt curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0); #endif + const char *caCertPath = ConnMan.getCaCertPath(); + if (caCertPath) { + curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath); + } + #if LIBCURL_VERSION_NUM >= 0x072000 // CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0 // CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used @@ -149,6 +154,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, Common::H curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0); #endif + const char *caCertPath = ConnMan.getCaCertPath(); + if (caCertPath) { + curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath); + } + #if LIBCURL_VERSION_NUM >= 0x072000 // CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0 // CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used -- cgit v1.2.3