diff --git a/Userland/Libraries/LibTLS/Certificate.h b/Userland/Libraries/LibTLS/Certificate.h index ef15456a9d..7996dcd2cd 100644 --- a/Userland/Libraries/LibTLS/Certificate.h +++ b/Userland/Libraries/LibTLS/Certificate.h @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -131,6 +132,8 @@ public: Vector const& certificates() const { return m_ca_certificates; } + void reload_certificates(Core::ConfigFile&); + static DefaultRootCACertificates& the() { return s_the; } private: diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp index 76983103cc..757cca8270 100644 --- a/Userland/Libraries/LibTLS/TLSv12.cpp +++ b/Userland/Libraries/LibTLS/TLSv12.cpp @@ -476,10 +476,15 @@ DefaultRootCACertificates::DefaultRootCACertificates() return; } auto config = config_result.release_value(); + reload_certificates(config); +} - for (auto& entity : config->groups()) { - for (auto& subject : config->keys(entity)) { - auto certificate_base64 = config->read_entry(entity, subject); +void DefaultRootCACertificates::reload_certificates(Core::ConfigFile& config) +{ + m_ca_certificates.clear(); + for (auto& entity : config.groups()) { + for (auto& subject : config.keys(entity)) { + auto certificate_base64 = config.read_entry(entity, subject); auto certificate_data_result = decode_base64(certificate_base64); if (certificate_data_result.is_error()) { dbgln("Skipping CA Certificate {} {}: out of memory", entity, subject); diff --git a/Userland/Utilities/headless-browser.cpp b/Userland/Utilities/headless-browser.cpp index 4f90d19ffe..b29ac61f2b 100644 --- a/Userland/Utilities/headless-browser.cpp +++ b/Userland/Utilities/headless-browser.cpp @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -660,6 +661,7 @@ ErrorOr serenity_main(Main::Arguments arguments) StringView url; StringView resources_folder; StringView error_page_url; + StringView ca_certs_path; Core::EventLoop event_loop; Core::ArgsParser args_parser; @@ -667,6 +669,7 @@ ErrorOr serenity_main(Main::Arguments arguments) args_parser.add_option(take_screenshot_after, "Take a screenshot after [n] seconds (default: 1)", "screenshot", 's', "n"); args_parser.add_option(resources_folder, "Path of the base resources folder (defaults to /res)", "resources", 'r', "resources-root-path"); args_parser.add_option(error_page_url, "URL for the error page (defaults to file:///res/html/error.html)", "error-page", 'e', "error-page-url"); + args_parser.add_option(ca_certs_path, "The bundled ca certificates file", "certs", 'c', "ca-certs-path"); args_parser.add_positional_argument(url, "URL to open", "url", Core::ArgsParser::Required::Yes); args_parser.parse(arguments); @@ -680,6 +683,15 @@ ErrorOr serenity_main(Main::Arguments arguments) Web::FrameLoader::set_default_favicon_path(LexicalPath::join(resources_folder, "icons/16x16/app-browser.png"sv).string()); Gfx::FontDatabase::set_default_fonts_lookup_path(LexicalPath::join(resources_folder, "fonts"sv).string()); } + if (!ca_certs_path.is_empty()) { + auto config_result = Core::ConfigFile::open(ca_certs_path); + if (config_result.is_error()) { + dbgln("Failed to load CA Certificates: {}", config_result.error()); + } else { + auto config = config_result.release_value(); + DefaultRootCACertificates::the().reload_certificates(config); + } + } Gfx::FontDatabase::set_default_font_query("Katica 10 400 0"); Gfx::FontDatabase::set_window_title_font_query("Katica 10 700 0");