CA bundle auto-detection

2025-04-04 17:00:11 -05:00 · 2021-11-04 10:21:57 +01:00 · 2021-11-04 10:21:57 +01:00 · 407579ca58
commit 407579ca58
parent 96df1a709f
2 changed files with 16 additions and 22 deletions
--- a/configure.ac
+++ b/configure.ac
@ -124,8 +124,6 @@ fi
 AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
 AC_SUBST([OPTIONAL_LIBCURL_LIBS])

-AC_DEFINE_UNQUOTED([CA_BUNDLE_PATH], ["$(curl-config --ca 2>/dev/null)"], [CA bundle install path])
-
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT

--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -5177,28 +5177,24 @@ static void free_options(GLOBAL_OPTIONS *options)

 static char *get_cafile(void)
 {
-	const char *sslpart1, *sslpart2;
-	char *cafile, *openssl_dir, *str_begin, *str_end;
+#ifndef WIN32
+    const char *files[] = {
+	    "/etc/ssl/certs/ca-certificates.crt",
+	    "/etc/pki/tls/certs/ca-bundle.crt",
+	    "/usr/share/ssl/certs/ca-bundle.crt",
+	    "/usr/local/share/certs/ca-root-nss.crt",
+	    "/etc/ssl/cert.pem",
+	    NULL
+	};
+    int i;

-#ifdef CA_BUNDLE_PATH
-	if (strcmp(CA_BUNDLE_PATH, ""))
-		return OPENSSL_strdup(CA_BUNDLE_PATH);
-#endif
-	sslpart1 = OpenSSL_version(OPENSSL_DIR);
-	sslpart2 = "/certs/ca-bundle.crt";
-	str_begin = strchr(sslpart1, '"');
-	str_end = strrchr(sslpart1, '"');
-	if (str_begin && str_end && str_begin < str_end) {
-		openssl_dir = OPENSSL_strndup(str_begin + 1, str_end - str_begin - 1);
-	} else {
-		openssl_dir = OPENSSL_strdup("/etc");
+	for (i=0; files[i]; i++) {
+	    if (!access(files[i], R_OK)) {
+	        return OPENSSL_strdup(files[i]);
+	    }
 	}
-	cafile = OPENSSL_malloc(strlen(sslpart1) + strlen(sslpart2) + 1);
-	strcpy(cafile, openssl_dir);
-	strcat(cafile, sslpart2);
-
-	OPENSSL_free(openssl_dir);
-	return cafile;
+#endif
+	return NULL;
 }

 static PKCS7 *get_sigfile(char *sigfile, file_type_t type)