From 1f5749ce55aba60d5ab4f9b74537139d3994eb09 Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Tue, 17 May 2022 12:27:08 +0200 Subject: [PATCH] Add support for SSL_CERT_FILE environment variable This environment variable is supported by the CLI curl tool, too. It allows using a custom CA bundle with the tool. Reasons to use this environment variable include the use of self-signed or otherwise untrusted certificates on the server or setting a CA bundle path when using the tool on a distro whose path differs from the one used on the build system. --- src/zsclient.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/zsclient.cpp b/src/zsclient.cpp index 1d85f0a..ce53da3 100644 --- a/src/zsclient.cpp +++ b/src/zsclient.cpp @@ -271,6 +271,23 @@ namespace zsync2 { // request so-called Instance Digest (RFC 3230, RFC 5843) session.SetHeader(cpr::Header{{"want-digest", "sha-512;q=1, sha-256;q=0.9, sha;q=0.2, md5;q=0.1"}}); + // cURL hardcodes the current distro's CA bundle path + // in order to use libzsync2 on other distributions (e.g., when used in an AppImage), the right path + // must be passed to cURL + // we could do this within the library, but it is probably easier to have the caller provide the right + // path, since we can just pass one additional path + // note that in upstream releases of AppImageUpdate and zsync2, we use cURL versions which search for + // a CA bundle in multiple locations + { + char* caBundlePath = getenv("SSL_CERT_FILE"); + + if (caBundlePath != nullptr) { + auto sslOptions = cpr::SslOptions{}; + sslOptions.SetOption({cpr::ssl::CaInfo{caBundlePath}}); + session.SetOption(sslOptions); + } + } + // if interested in headers only, download 1 kiB chunks until end of zsync header is found if (headersOnly && zSyncFileStoredLocallyAlready) { static const auto chunkSize = 1024;