Revert "Disable cert check if no SSL certs are found (#9005)"

This reverts commit 073d6f5e80.
This commit is contained in:
Mads Kiilerich 2022-10-22 01:24:13 +02:00 committed by Robin Gareus
parent 06b503d716
commit f8ce185205
Signed by: rgareus
GPG Key ID: A090BCE02CF57F04

View File

@ -55,18 +55,13 @@ const char* HttpGet::ca_info = NULL;
void
HttpGet::ca_setopt (CURL* c)
{
if (ca_info && strlen (ca_info) > 0) {
if (ca_info) {
curl_easy_setopt (c, CURLOPT_CAINFO, ca_info);
}
if (ca_path) {
curl_easy_setopt (c, CURLOPT_CAPATH, ca_path);
}
if (ca_info && strlen (ca_info) == 0) {
/* not hat for you */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
} else if (ca_info || ca_path) {
if (ca_info || ca_path) {
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 1);
}
}
@ -99,9 +94,8 @@ HttpGet::setup_certificate_paths ()
else if (Glib::file_test ("/etc/pki/tls/cert.pem", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_REGULAR)) {
// GNU/TLS can keep extra stuff here
ca_info = "/etc/pki/tls/cert.pem";
} else {
ca_info = ""; // disable cert check
}
// else NULL: use default (currently) "/etc/ssl/certs/ca-certificates.crt" if it exists
if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
// we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882
@ -111,7 +105,7 @@ HttpGet::setup_certificate_paths ()
// Debian and derivs + OpenSuSe
ca_path = "/etc/ssl/certs";
} else {
ca_path = "/nonexistent_path";
ca_path = "/nonexistent_path"; // don't try -- just in case:
}
/* If we don't set anything defaults are used. at the time of writing we compile bundled curl on debian