CA bundle auto-detection

2025-04-20 06:38:04 -05:00 · 2021-11-04 10:21:57 +01:00 · 2021-11-04 10:21:57 +01:00 · 407579ca58
commit 407579ca58
parent 96df1a709f
2 changed files with 16 additions and 22 deletions
--- a/configure.ac
+++ b/configure.ac
@ -124,8 +124,6 @@ fi
 AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
 AC_SUBST([OPTIONAL_LIBCURL_LIBS])
 AC_DEFINE_UNQUOTED([CA_BUNDLE_PATH], ["$(curl-config --ca 2>/dev/null)"], [CA bundle install path])
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT
--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -5177,28 +5177,24 @@ static void free_options(GLOBAL_OPTIONS *options)
 static char *get_cafile(void)
 {
-	const char *sslpart1, *sslpart2;
+#ifndef WIN32
-	char *cafile, *openssl_dir, *str_begin, *str_end;
+    const char *files[] = {
 	    "/etc/ssl/certs/ca-certificates.crt",
 	    "/etc/pki/tls/certs/ca-bundle.crt",
 	    "/usr/share/ssl/certs/ca-bundle.crt",
 	    "/usr/local/share/certs/ca-root-nss.crt",
 	    "/etc/ssl/cert.pem",
 	    NULL
 	};
    int i;
-#ifdef CA_BUNDLE_PATH
+	for (i=0; files[i]; i++) {
-	if (strcmp(CA_BUNDLE_PATH, ""))
+	    if (!access(files[i], R_OK)) {
-		return OPENSSL_strdup(CA_BUNDLE_PATH);
+	        return OPENSSL_strdup(files[i]);
 #endif
 	sslpart1 = OpenSSL_version(OPENSSL_DIR);
 	sslpart2 = "/certs/ca-bundle.crt";
 	str_begin = strchr(sslpart1, '"');
 	str_end = strrchr(sslpart1, '"');
 	if (str_begin && str_end && str_begin < str_end) {
 		openssl_dir = OPENSSL_strndup(str_begin + 1, str_end - str_begin - 1);
 	} else {
 		openssl_dir = OPENSSL_strdup("/etc");
 	    }
-	cafile = OPENSSL_malloc(strlen(sslpart1) + strlen(sslpart2) + 1);
+	}
-	strcpy(cafile, openssl_dir);
+#endif
-	strcat(cafile, sslpart2);
+	return NULL;
 	OPENSSL_free(openssl_dir);
 	return cafile;
 }
 static PKCS7 *get_sigfile(char *sigfile, file_type_t type)