Skip to content
Permalink
Browse files

NETWORKING: Try loading the CA bundle from DATA_PATH

(cherry picked from commit 6fa7322)
  • Loading branch information...
bgK committed Nov 2, 2019
1 parent f4e1d1b commit 393ce8d0c6f861fa4047a5385c58ef1256e4cc42
@@ -26,6 +26,7 @@
#include "backends/networking/curl/connectionmanager.h"
#include "backends/networking/curl/networkreadstream.h"
#include "common/debug.h"
#include "common/fs.h"
#include "common/system.h"
#include "common/timer.h"

@@ -98,6 +99,29 @@ uint32 ConnectionManager::getCloudRequestsPeriodInMicroseconds() {
return TIMER_INTERVAL * CLOUD_PERIOD;
}

const char *ConnectionManager::getCaCertPath() {
#if defined(DATA_PATH)
static enum {
kNotInitialized,
kFileNotFound,
kFileExists
} state = kNotInitialized;

if (state == kNotInitialized) {
Common::FSNode node(DATA_PATH"/cacert.pem");
state = node.exists() ? kFileExists : kFileNotFound;
}

if (state == kFileExists) {
return DATA_PATH"/cacert.pem";
} else {
return nullptr;
}
#else
return nullptr;
#endif
}

//private goes here:

void connectionsThread(void *ignored) {
@@ -118,6 +118,9 @@ class ConnectionManager : public Common::Singleton<ConnectionManager> {
Common::String urlEncode(Common::String s) const;

static uint32 getCloudRequestsPeriodInMicroseconds();

/** Return the path to the CA certificates bundle. */
static const char *getCaCertPath();
};

/** Shortcut for accessing the connection manager. */
@@ -88,6 +88,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, const byt
curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
#endif

const char *caCertPath = ConnMan.getCaCertPath();
if (caCertPath) {
curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
}

#if LIBCURL_VERSION_NUM >= 0x072000
// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used
@@ -144,6 +149,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, Common::H
curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
#endif

const char *caCertPath = ConnMan.getCaCertPath();
if (caCertPath) {
curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
}

#if LIBCURL_VERSION_NUM >= 0x072000
// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used

0 comments on commit 393ce8d

Please sign in to comment.
You can’t perform that action at this time.