source

Caolán McNamara (via logerrit) Mon, 24 Jun 2024 08:14:28 -0700

 desktop/source/lib/init.cxx                |    3 +++
 include/systools/curlinit.hxx              |   12 ++++++++++++
 include/tools/hostfilter.hxx               |    4 ++++
 tools/source/inet/hostfilter.cxx           |   11 +++++++++++
 ucb/source/ucp/webdav-curl/CurlSession.cxx |    5 +++++
 5 files changed, 35 insertions(+)


New commits:
commit d065d61ce7735337cca0450d7b37fab6fde72de3
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jun 4 21:17:59 2024 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Jun 24 17:14:10 2024 +0200

    allow an exemption to be made for a specific host
    
    Change-Id: Ie423df7839e793a9c07561efb56d5649876947ee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169118
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index dec02b7c3103..6d19015f981f 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -2794,6 +2794,9 @@ static LibreOfficeKitDocument* 
lo_documentLoadWithOptions(LibreOfficeKit* pThis,
 
         OutputDevice::StartTrackingFontMappingUse();
 
+        if (const char* pExemptVerifyHost = ::getenv("LOK_EXEMPT_VERIFY_HOST"))
+            HostFilter::setExemptVerifyHost(OUString(pExemptVerifyHost, 
strlen(pExemptVerifyHost), RTL_TEXTENCODING_UTF8));
+
         const int nThisDocumentId = nDocumentIdCounter++;
         SfxViewShell::SetCurrentDocId(ViewShellDocId(nThisDocumentId));
         uno::Reference<lang::XComponent> xComponent = 
xComponentLoader->loadComponentFromURL(
diff --git a/include/tools/hostfilter.hxx b/include/tools/hostfilter.hxx
index afbf885b0cb4..ca2d91355986 100644
--- a/include/tools/hostfilter.hxx
+++ b/include/tools/hostfilter.hxx
@@ -21,6 +21,10 @@ public:
     static void setAllowedHostsRegex(const char* sAllowedRegex);
 
     static bool isForbidden(const OUString& rHost);
+
+    static void setExemptVerifyHost(const OUString& rExemptVerifyHost);
+
+    static bool isExemptVerifyHost(const std::u16string_view rHost);
 };
 
 #endif
diff --git a/tools/source/inet/hostfilter.cxx b/tools/source/inet/hostfilter.cxx
index 2cf403115cfe..2997eacfa32c 100644
--- a/tools/source/inet/hostfilter.cxx
+++ b/tools/source/inet/hostfilter.cxx
@@ -13,6 +13,7 @@
 namespace
 {
 static std::regex g_AllowedHostsRegex("");
+static OUString g_ExceptVerifyHost;
 static bool g_AllowedHostsSet = false;
 }
 
@@ -31,4 +32,14 @@ bool HostFilter::isForbidden(const OUString& rHost)
     return !std::regex_match(rHost.toUtf8().getStr(), g_AllowedHostsRegex);
 }
 
+void HostFilter::setExemptVerifyHost(const OUString& rExemptVerifyHost)
+{
+    g_ExceptVerifyHost = rExemptVerifyHost;
+}
+
+bool HostFilter::isExemptVerifyHost(const std::u16string_view rHost)
+{
+    return rHost == g_ExceptVerifyHost;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s 
cinkeys+=0=break: */
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx 
b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index 58ebc35cb6af..f5829df28a40 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -696,6 +696,11 @@ 
CurlSession::CurlSession(uno::Reference<uno::XComponentContext> xContext,
         rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_FORBID_REUSE, 1L);
         assert(rc == CURLE_OK);
     }
+    if (HostFilter::isExemptVerifyHost(m_URI.GetHost()))
+    {
+        rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYHOST, 0L);
+        assert(rc == CURLE_OK);
+    }
 }
 
 CurlSession::~CurlSession() {}
commit 20ea603bcc2dda0355dea19f86e02854df8286ba
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jun 4 16:35:57 2024 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Jun 24 17:14:02 2024 +0200

    map LO_CERTIFICATE_AUTHORITY_PATH to CURLOPT_CAPATH
    
    curl has both CURLOPT_CAINFO for the single-file collection
    of certificates case and CURLOPT_CAPATH for the multi-file
    exploder view of certificates, this adds support to
    use CURLOPT_CAPATH as well as CURLOPT_CAINFO
    
    Change-Id: I28163bbe81fa389eea70ef1289ed04a50a029c5f
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169117
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/include/systools/curlinit.hxx b/include/systools/curlinit.hxx
index b6ada72105a3..526ffcd384f3 100644
--- a/include/systools/curlinit.hxx
+++ b/include/systools/curlinit.hxx
@@ -34,6 +34,18 @@ static void InitCurl_easy(CURL* const pCURL)
     {
         throw css::uno::RuntimeException("CURLOPT_CAINFO failed");
     }
+
+    // curl: "If you have a CA cert for the server stored someplace else than
+    // in the default bundle, then the CURLOPT_CAPATH option might come handy
+    // for you"
+    if (char const* const capath = getenv("LO_CERTIFICATE_AUTHORITY_PATH"))
+    {
+        rc = curl_easy_setopt(pCURL, CURLOPT_CAPATH, capath);
+        if (rc != CURLE_OK)
+        {
+            throw css::uno::RuntimeException("CURLOPT_CAPATH failed");
+        }
+    }
 #endif
 
     curl_version_info_data const* const 
pVersion(curl_version_info(CURLVERSION_NOW));

core.git: Branch 'distro/collabora/co-23.05' - 2 commits - desktop/source include/systools include/tools tools/source ucb/source

Reply via email to