include/curlinit.hxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  */
   9
  10 #pragma once
  11
  12 #include <curl/curl.h>
  13
  14 #if defined(LINUX) && !defined(SYSTEM_CURL)
  15 #include <com/sun/star/uno/RuntimeException.hpp>
  16
  17 #include <unistd.h>
  18
  19 static char const* GetCABundleFile()
  20 {
  21     // try system ones first; inspired by:
  22     // https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
  23     auto const candidates = {
  24         "/etc/pki/tls/certs/ca-bundle.crt",
  25         "/etc/pki/tls/certs/ca-bundle.trust.crt",
  26         "/etc/ssl/certs/ca-certificates.crt",
  27         "/var/lib/ca-certificates/ca-bundle.pem",
  28     };
  29     for (char const* const candidate : candidates)
  30     {
  31         if (access(candidate, R_OK) == 0)
  32         {
  33             return candidate;
  34         }
  35     }
  36
  37     throw css::uno::RuntimeException("no OpenSSL CA certificate bundle found");
  38 }
  39
  40 static void InitCurl_easy(CURL* const pCURL)
  41 {
  42     char const* const path = GetCABundleFile();
  43     auto rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path);
  44     if (rc != CURLE_OK) // only if OOM?
  45     {
  46         throw css::uno::RuntimeException("CURLOPT_CAINFO failed");
  47     }
  48 }
  49
  50 #else
  51
  52 static void InitCurl_easy(CURL* const)
  53 {
  54     // these don't use OpenSSL so CAs work out of the box
  55 }
  56
  57 #endif
  58
  59 /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */