RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-06-01 08:28:11 +00:00
Code Issues Activity Actions

LibTLS: Allow applications to provide a custom default CA Cert path

Browse source 
On Lagom, we also need to allow the initial load of /etc/cacert.pem to
fail.
This commit is contained in:
Andrew Kaster 2023-08-01 14:43:21 -06:00 committed by Andreas Kling
parent 5062ba347b
commit 28d3d3c9fc
2 changed files with 25 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Userland/Libraries/LibTLS/TLSv12.cpp
View file

@ -489,9 +489,16 @@ Vector<Certificate> TLSv12::parse_pem_certificate(ReadonlyBytes certificate_pem_
return { move(certificate) };
}
static String s_default_ca_certificate_path;
void DefaultRootCACertificates::set_default_certificate_path(String path)
{
s_default_ca_certificate_path = move(path);
}
DefaultRootCACertificates::DefaultRootCACertificates()
{
auto load_result = load_certificates();
auto load_result = load_certificates(s_default_ca_certificate_path);
if (load_result.is_error()) {
dbgln("Failed to load CA Certificates: {}", load_result.error());
return;
@ -506,10 +513,16 @@ DefaultRootCACertificates& DefaultRootCACertificates::the()
return s_the;
}
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates()
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates(StringView custom_cert_path)
{
auto cacert_file = TRY(Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read));
auto data = TRY(cacert_file->read_until_eof());
auto cacert_file_or_error = Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read);
ByteBuffer data;
if (!cacert_file_or_error.is_error())
data = TRY(cacert_file_or_error.value()->read_until_eof());
#ifdef AK_OS_SERENITY
else
return cacert_file_or_error.release_error();
#endif
auto user_cert_path = TRY(String::formatted("{}/.config/certs.pem", Core::StandardPaths::home_directory()));
if (FileSystem::exists(user_cert_path)) {
@ -517,6 +530,11 @@ ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates()
TRY(data.try_append(TRY(user_cert_file->read_until_eof())));
}
if (!custom_cert_path.is_empty() && FileSystem::exists(custom_cert_path)) {
auto custom_cert_file = TRY(Core::File::open(custom_cert_path, Core::File::OpenMode::Read));
TRY(data.try_append(TRY(custom_cert_file->read_until_eof())));
}
return TRY(parse_pem_root_certificate_authorities(data));
}