NETWORKING: Try loading the CA bundle from DATA_PATH

2025-02-02 17:03:13 +00:00 · 2019-11-02 11:36:42 +01:00 · 2019-11-02 11:36:42 +01:00 · 6fa7322a6a
commit 6fa7322a6a
parent 47b67342d6
3 changed files with 37 additions and 0 deletions
--- a/backends/networking/curl/connectionmanager.cpp
+++ b/backends/networking/curl/connectionmanager.cpp
@ -26,6 +26,7 @@
 #include "backends/networking/curl/connectionmanager.h"
 #include "backends/networking/curl/networkreadstream.h"
 #include "common/debug.h"
+#include "common/fs.h"
 #include "common/system.h"
 #include "common/timer.h"

@ -98,6 +99,29 @@ uint32 ConnectionManager::getCloudRequestsPeriodInMicroseconds() {
 	return TIMER_INTERVAL * CLOUD_PERIOD;
 }

+const char *ConnectionManager::getCaCertPath() {
+#if defined(DATA_PATH)
+	static enum {
+		kNotInitialized,
+		kFileNotFound,
+		kFileExists
+	} state = kNotInitialized;
+
+	if (state == kNotInitialized) {
+		Common::FSNode node(DATA_PATH"/cacert.pem");
+		state = node.exists() ? kFileExists : kFileNotFound;
+	}
+
+	if (state == kFileExists) {
+		return DATA_PATH"/cacert.pem";
+	} else {
+		return nullptr;
+	}
+#else
+	return nullptr;
+#endif
+}
+
 //private goes here:

 void connectionsThread(void *ignored) {
--- a/backends/networking/curl/connectionmanager.h
+++ b/backends/networking/curl/connectionmanager.h
@ -118,6 +118,9 @@ public:
 	Common::String urlEncode(Common::String s) const;

 	static uint32 getCloudRequestsPeriodInMicroseconds();
+
+	/** Return the path to the CA certificates bundle. */
+	static const char *getCaCertPath();
 };

 /** Shortcut for accessing the connection manager. */
--- a/backends/networking/curl/networkreadstream.cpp
+++ b/backends/networking/curl/networkreadstream.cpp
@ -91,6 +91,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, const byt
 	curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
 #endif

+	const char *caCertPath = ConnMan.getCaCertPath();
+	if (caCertPath) {
+		curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x072000
 	// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
 	// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used
@ -149,6 +154,11 @@ void NetworkReadStream::init(const char *url, curl_slist *headersList, Common::H
 	curl_easy_setopt(_easy, CURLOPT_SSL_VERIFYPEER, 0);
 #endif

+	const char *caCertPath = ConnMan.getCaCertPath();
+	if (caCertPath) {
+		curl_easy_setopt(_easy, CURLOPT_CAINFO, caCertPath);
+	}
+
 #if LIBCURL_VERSION_NUM >= 0x072000
 	// CURLOPT_XFERINFOFUNCTION introduced in libcurl 7.32.0
 	// CURLOPT_PROGRESSFUNCTION is used as a backup plan in case older version is used