config_host/config_crypto.h.in
| 2
configure.ac
| 3
desktop/source/app/updater.cxx
| 4
desktop/source/minidump/minidump.cxx
| 4
extensions/source/update/check/download.cxx
| 4
external/libcmis/0002-HttpSession-add-a-callback-that-can-be-used-to-confi.patch
| 142 ++++++++++
external/libcmis/UnpackedTarball_libcmis.mk
| 1
include/curlinit.hxx
| 38 ++
include/opensslinit.hxx
| 41 ++
lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx
| 3
linguistic/source/translate.cxx
| 6
svl/source/crypto/cryptosign.cxx
| 6
ucb/source/ucp/cmis/cmis_content.cxx
| 4
ucb/source/ucp/ftp/ftploaderthread.cxx
| 4
ucb/source/ucp/webdav-curl/CurlSession.cxx
| 2
vcl/source/app/svmain.cxx
| 21 +
16 files changed, 284 insertions(+), 1 deletion(-)
New commits:
commit 764aedc18c7066173e04b2980e38a8d5248216cd
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Nov 8 14:50:26 2023 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Jun 24 23:46:19 2024 +0200
vcl,openssl: set SSL_CERT_FILE for bundled OpenSSL
OpenSSL may read a CA certificate file from $SSL_CERT_FILE, if the
client library calls SSL_CTX_set_default_verify_paths(); python's ssl
module does it but apparently libcurl does not.
So split the code from commit 3fc632c0261c75fb4079a5305e814698e791f75c
and set the environment variable in ImplSVMain(), hopefully before
any threads are spawned; seems to work for PyMailSMTPService.
This needs to have SYSTEM_OPENSSL available in a config header.
Change-Id: I63b747cb61bb236cf4f605bb9858e5b0083388fe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159149
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 1472e2d68b9cff43b99069d3ba9439fff0a5684c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159283
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
(cherry picked from commit 4961f1d7173101a64b77a1e8d38f53ed0625bc68)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169122
diff --git a/config_host/config_crypto.h.in b/config_host/config_crypto.h.in
index 106485d55213..33877f99af36 100644
--- a/config_host/config_crypto.h.in
+++ b/config_host/config_crypto.h.in
@@ -33,4 +33,6 @@
#endif
+#undef SYSTEM_OPENSSL
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
diff --git a/configure.ac b/configure.ac
index 4fc222611915..0290ab2058a9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10936,6 +10936,9 @@ if test "$enable_openssl" = "yes"; then
OPENSSL_LIBS="-lssl -lcrypto"
else
libo_CHECK_SYSTEM_MODULE([openssl],[OPENSSL],[openssl])
+ if test -n "${SYSTEM_OPENSSL}"; then
+ AC_DEFINE([SYSTEM_OPENSSL])
+ fi
fi
if test "$with_system_openssl" = "yes"; then
AC_MSG_CHECKING([whether openssl supports SHA512])
diff --git a/include/curlinit.hxx b/include/curlinit.hxx
index 8b3a9968419d..18888cf766f9 100644
--- a/include/curlinit.hxx
+++ b/include/curlinit.hxx
@@ -14,28 +14,7 @@
#if defined(LINUX) && !defined(SYSTEM_CURL)
#include <com/sun/star/uno/RuntimeException.hpp>
-#include <unistd.h>
-
-static char const* GetCABundleFile()
-{
- // try system ones first; inspired by:
- //
https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
- auto const candidates = {
- "/etc/pki/tls/certs/ca-bundle.crt",
- "/etc/pki/tls/certs/ca-bundle.trust.crt",
- "/etc/ssl/certs/ca-certificates.crt",
- "/var/lib/ca-certificates/ca-bundle.pem",
- };
- for (char const* const candidate : candidates)
- {
- if (access(candidate, R_OK) == 0)
- {
- return candidate;
- }
- }
-
- throw css::uno::RuntimeException("no OpenSSL CA certificate bundle found");
-}
+#include "opensslinit.hxx"
static void InitCurl_easy(CURL* const pCURL)
{
diff --git a/include/opensslinit.hxx b/include/opensslinit.hxx
new file mode 100644
index 000000000000..9c3f4c860895
--- /dev/null
+++ b/include/opensslinit.hxx
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4;
fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <config_crypto.h>
+
+#if defined(LINUX) && !defined(SYSTEM_OPENSSL)
+#include <com/sun/star/uno/RuntimeException.hpp>
+
+#include <unistd.h>
+
+static char const* GetCABundleFile()
+{
+ // try system ones first; inspired by:
+ //
https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
+ auto const candidates = {
+ "/etc/pki/tls/certs/ca-bundle.crt",
+ "/etc/pki/tls/certs/ca-bundle.trust.crt",
+ "/etc/ssl/certs/ca-certificates.crt",
+ "/var/lib/ca-certificates/ca-bundle.pem",
+ };
+ for (char const* const candidate : candidates)
+ {
+ if (access(candidate, R_OK) == 0)
+ {
+ return candidate;
+ }
+ }
+
+ throw css::uno::RuntimeException("no OpenSSL CA certificate bundle found");
+}
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
diff --git a/vcl/source/app/svmain.cxx b/vcl/source/app/svmain.cxx
index 30169e7428c1..5a76a8105140 100644
--- a/vcl/source/app/svmain.cxx
+++ b/vcl/source/app/svmain.cxx
@@ -81,6 +81,7 @@
#include <config_features.h>
#include <config_feature_opencl.h>
+#include <opensslinit.hxx>
#include <osl/process.h>
#include <com/sun/star/lang/XComponent.hpp>
@@ -187,6 +188,26 @@ int ImplSVMain()
int nReturn = EXIT_FAILURE;
const bool bWasInitVCL = IsVCLInit();
+
+#if defined(LINUX) && !defined(SYSTEM_OPENSSL)
+ if (!bWasInitVCL)
+ {
+ try // to point bundled OpenSSL to some system certificate file
+ { // ... this only works if the client actually calls
+ // SSL_CTX_set_default_verify_paths() or similar; e.g. python ssl.
+ char const*const path = GetCABundleFile();
+ OUString const name("SSL_CERT_FILE");
+ OUString const filepath(::rtl::OStringToOUString(
+ ::std::string_view(path), osl_getThreadTextEncoding()));
+ osl_setEnvironment(name.pData, filepath.pData);
+ }
+ catch (uno::RuntimeException const& e)
+ {
+ SAL_WARN("vcl", e.Message);
+ }
+ }
+#endif
+
const bool bInit = bWasInitVCL || InitVCL();
int nRet = 0;
if (!bWasInitVCL && bInit && pSVData->mpDefInst->SVMainHook(&nRet))
commit 7ba779aa35e1b211f9f821c2db0586b35253614b
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 3 20:16:09 2023 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Jun 24 23:46:09 2024 +0200
curl: mitigate migration to OpenSSL on Linux
The problem is that curl 8.3.0 removed the NSS backend, so we now
have no other choice than to use the bundled OpenSSL on Linux.
Currently any curl https connection fails with:
CurlSession.cxx:963: curl_easy_perform failed: (60) SSL certificate
problem: unable to get local issuer certificate
Apparently this requires manually telling curl which CA certificates to
trust; there is a configure flag --with-ca-bundle but that is useless as
it tries to load the file relative to whatever is the current working
directory, and also did i mention that there are at least 3 different
locations where a Linux system may store its system trusted CA
certificates because ALL ABOUT CHOICE.
So add a new header with an init function to try out various file
locations listed in this nice blog article and call it from way too many
places that independently use curl.
https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
TODO: perhaps bundle a cacert.pem as a fallback in case the system chose
to innovate by putting its certificates in yet another unexpected place
(regression from commit c2930ebff82c4f7ffe8377ab82627131f8544226)
Change-Id: Ibf1cc0069bc2ae011ecead9a4c2b455e94b01241
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158915
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 11f439b861922b9286b2e47ed326f3508a48d44e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159218
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
(cherry picked from commit 6bb273876fb608d51f00b20e8cf7393eea6ce6b4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169121
diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx
index 2748373e5f62..c1fe24e055d8 100644
--- a/desktop/source/app/updater.cxx
+++ b/desktop/source/app/updater.cxx
@@ -37,6 +37,8 @@
#include <orcus/json_document_tree.hpp>
#include <orcus/config.hpp>
#include <orcus/pstring.hpp>
+
+#include <curlinit.hxx>
#include <comphelper/hash.hxx>
#include <com/sun/star/container/XNameAccess.hpp>
@@ -546,6 +548,8 @@ std::string download_content(const OString& rURL, bool
bFile, OUString& rHash)
if (!curl)
return std::string();
+ ::InitCurl_easy(curl.get());
+
curl_easy_setopt(curl.get(), CURLOPT_URL, rURL.getStr());
curl_easy_setopt(curl.get(), CURLOPT_USERAGENT, kUserAgent);
bool bUseProxy = false;
diff --git a/desktop/source/minidump/minidump.cxx
b/desktop/source/minidump/minidump.cxx
index d61922cdaac6..a3c357f78209 100644
--- a/desktop/source/minidump/minidump.cxx
+++ b/desktop/source/minidump/minidump.cxx
@@ -16,6 +16,8 @@
#include <curl/curl.h>
+#include <curlinit.hxx>
+
#ifdef _WIN32
#include <memory>
#include <windows.h>
@@ -94,6 +96,8 @@ static bool uploadContent(std::map<std::string, std::string>&
parameters, std::s
if (!curl)
return false;
+ ::InitCurl_easy(curl);
+
std::string proxy, proxy_user_pwd, ca_certificate_file, file, url, version;
getProperty("Proxy", proxy, parameters);
diff --git a/extensions/source/update/check/download.cxx
b/extensions/source/update/check/download.cxx
index 387c1efd7a4f..ce595c0ed4ff 100644
--- a/extensions/source/update/check/download.cxx
+++ b/extensions/source/update/check/download.cxx
@@ -23,6 +23,8 @@
#include <curl/curl.h>
+#include <curlinit.hxx>
+
#include <o3tl/string_view.hxx>
#include <osl/diagnose.h>
#include <osl/file.h>
@@ -222,6 +224,8 @@ static bool curl_run(std::u16string_view rURL, OutData&
out, const OString& aPro
if( nullptr != pCURL )
{
+ ::InitCurl_easy(pCURL);
+
out.curl = pCURL;
OString aURL(OUStringToOString(rURL, RTL_TEXTENCODING_UTF8));
diff --git
a/external/libcmis/0002-HttpSession-add-a-callback-that-can-be-used-to-confi.patch
b/external/libcmis/0002-HttpSession-add-a-callback-that-can-be-used-to-confi.patch
new file mode 100644
index 000000000000..ae4859af7e0f
--- /dev/null
+++
b/external/libcmis/0002-HttpSession-add-a-callback-that-can-be-used-to-confi.patch
@@ -0,0 +1,142 @@
+From 94012ca5b669e71ea35508159f63576364736dc2 Mon Sep 17 00:00:00 2001
+From: Michael Stahl <michael.st...@allotropia.de>
+Date: Mon, 6 Nov 2023 14:18:59 +0100
+Subject: [PATCH 2/2] HttpSession: add a callback that can be used to configure
+ libcurl
+
+---
+ inc/libcmis/session-factory.hxx | 7 +++++++
+ src/libcmis/http-session.cxx | 8 +++++++-
+ src/libcmis/http-session.hxx | 8 +++++++-
+ src/libcmis/session-factory.cxx | 9 ++++++++-
+ 4 files changed, 29 insertions(+), 3 deletions(-)
+
+diff --git a/inc/libcmis/session-factory.hxx b/inc/libcmis/session-factory.hxx
+index 45abd8b..227ac4d 100644
+--- a/inc/libcmis/session-factory.hxx
++++ b/inc/libcmis/session-factory.hxx
+@@ -38,6 +38,9 @@
+ #include "libcmis/repository.hxx"
+ #include "libcmis/session.hxx"
+
++// needed for a callback type
++typedef void CURL;
++
+ namespace libcmis
+ {
+ /** This callback provides the OAuth2 code or NULL.
+@@ -80,6 +83,8 @@ namespace libcmis
+ };
+ typedef boost::shared_ptr< CertValidationHandler >
CertValidationHandlerPtr;
+
++ typedef void(*CurlInitProtocolsFunction)(CURL *);
++
+ class LIBCMIS_API SessionFactory
+ {
+ private:
+@@ -109,6 +114,8 @@ namespace libcmis
+ static void setCertificateValidationHandler(
CertValidationHandlerPtr handler ) { s_certValidationHandler = handler; }
+ static CertValidationHandlerPtr getCertificateValidationHandler(
) { return s_certValidationHandler; }
+
++ static void
setCurlInitProtocolsFunction(CurlInitProtocolsFunction);
++
+ static void setProxySettings( std::string proxy,
+ std::string noProxy,
+ std::string proxyUser,
+diff --git a/src/libcmis/http-session.cxx b/src/libcmis/http-session.cxx
+index 9703427..8787c50 100644
+--- a/src/libcmis/http-session.cxx
++++ b/src/libcmis/http-session.cxx
+@@ -133,8 +133,10 @@ namespace
+ }
+
+ HttpSession::HttpSession( string username, string password, bool noSslCheck,
+- libcmis::OAuth2DataPtr oauth2, bool verbose ) :
++ libcmis::OAuth2DataPtr oauth2, bool verbose,
++ libcmis::CurlInitProtocolsFunction initProtocols) :
+ m_curlHandle( NULL ),
++ m_CurlInitProtocolsFunction(initProtocols),
+ m_no100Continue( false ),
+ m_oauth2Handler( NULL ),
+ m_username( username ),
+@@ -882,6 +884,10 @@
+ const unsigned long protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS;
+ curl_easy_setopt(m_curlHandle, CURLOPT_PROTOCOLS, protocols);
+ curl_easy_setopt(m_curlHandle, CURLOPT_REDIR_PROTOCOLS, protocols);
++ if (m_CurlInitProtocolsFunction)
++ {
++ (*m_CurlInitProtocolsFunction)(m_curlHandle);
++ }
+ }
+
+ const char* CurlException::what( ) const noexcept
+diff --git a/src/libcmis/http-session.hxx b/src/libcmis/http-session.hxx
+index 6c9ed1b..34223b2 100644
+--- a/src/libcmis/http-session.hxx
++++ b/src/libcmis/http-session.hxx
+@@ -43,6 +43,10 @@
+
+ class OAuth2Handler;
+
++namespace libcmis {
++ typedef void(*CurlInitProtocolsFunction)(CURL *);
++}
++
+ class CurlException : public std::exception
+ {
+ private:
+@@ -93,6 +97,7 @@ class HttpSession
+ {
+ protected:
+ CURL* m_curlHandle;
++ libcmis::CurlInitProtocolsFunction m_CurlInitProtocolsFunction =
nullptr;
+ private:
+ bool m_no100Continue;
+ protected:
+@@ -111,7 +116,8 @@ class HttpSession
+ HttpSession( std::string username, std::string password,
+ bool noSslCheck = false,
+ libcmis::OAuth2DataPtr oauth2 = libcmis::OAuth2DataPtr(),
+- bool verbose = false );
++ bool verbose = false,
++ libcmis::CurlInitProtocolsFunction = nullptr);
+
+ HttpSession( const HttpSession& copy );
+ virtual ~HttpSession( );
+diff --git a/src/libcmis/session-factory.cxx b/src/libcmis/session-factory.cxx
+index 1222473..47dc1c8 100644
+--- a/src/libcmis/session-factory.cxx
++++ b/src/libcmis/session-factory.cxx
+@@ -38,6 +38,7 @@ using namespace std;
+
+ namespace libcmis
+ {
++ CurlInitProtocolsFunction g_CurlInitProtocolsFunction = 0;
+ AuthProviderPtr SessionFactory::s_authProvider;
+ OAuth2AuthCodeProvider SessionFactory::s_oauth2AuthCodeProvider;
+
+@@ -48,6 +49,11 @@ namespace libcmis
+
+ CertValidationHandlerPtr SessionFactory::s_certValidationHandler;
+
++ void
SessionFactory::setCurlInitProtocolsFunction(CurlInitProtocolsFunction const
initProtocols)
++ {
++ g_CurlInitProtocolsFunction = initProtocols;
++ }
++
+ void SessionFactory::setProxySettings( string proxy, string noProxy,
+ string proxyUser, string proxyPass )
+ {
+@@ -81,7 +87,8 @@ namespace libcmis
+ libcmis::HttpResponsePtr response;
+ boost::shared_ptr< HttpSession> httpSession(
+ new HttpSession( username, password,
+- noSslCheck, oauth2, verbose ) );
++ noSslCheck, oauth2, verbose,
++ g_CurlInitProtocolsFunction) );
+
+ try
+ {
+--
+2.41.0
+
diff --git a/external/libcmis/UnpackedTarball_libcmis.mk
b/external/libcmis/UnpackedTarball_libcmis.mk
index f48201d319d0..d224ed6032ee 100644
--- a/external/libcmis/UnpackedTarball_libcmis.mk
+++ b/external/libcmis/UnpackedTarball_libcmis.mk
@@ -20,6 +20,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libcmis, \
external/libcmis/libcmis_oauth_pw_as_refreshtoken.patch.1 \
external/libcmis/libcmis_gdrive.patch.1 \
external/libcmis/libcmis-boost-string.patch \
+
external/libcmis/0002-HttpSession-add-a-callback-that-can-be-used-to-confi.patch
\
))
# vim: set noet sw=4 ts=4:
diff --git a/include/curlinit.hxx b/include/curlinit.hxx
new file mode 100644
index 000000000000..8b3a9968419d
--- /dev/null
+++ b/include/curlinit.hxx
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4;
fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <curl/curl.h>
+
+#if defined(LINUX) && !defined(SYSTEM_CURL)
+#include <com/sun/star/uno/RuntimeException.hpp>
+
+#include <unistd.h>
+
+static char const* GetCABundleFile()
+{
+ // try system ones first; inspired by:
+ //
https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
+ auto const candidates = {
+ "/etc/pki/tls/certs/ca-bundle.crt",
+ "/etc/pki/tls/certs/ca-bundle.trust.crt",
+ "/etc/ssl/certs/ca-certificates.crt",
+ "/var/lib/ca-certificates/ca-bundle.pem",
+ };
+ for (char const* const candidate : candidates)
+ {
+ if (access(candidate, R_OK) == 0)
+ {
+ return candidate;
+ }
+ }
+
+ throw css::uno::RuntimeException("no OpenSSL CA certificate bundle found");
+}
+
+static void InitCurl_easy(CURL* const pCURL)
+{
+ char const* const path = GetCABundleFile();
+ auto rc = curl_easy_setopt(pCURL, CURLOPT_CAINFO, path);
+ if (rc != CURLE_OK) // only if OOM?
+ {
+ throw css::uno::RuntimeException("CURLOPT_CAINFO failed");
+ }
+}
+
+#else
+
+static void InitCurl_easy(CURL* const)
+{
+ // these don't use OpenSSL so CAs work out of the box
+}
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
diff --git a/lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx
b/lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx
index c53f4bbd4fce..6880ee6caf2f 100644
--- a/lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx
+++ b/lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx
@@ -35,6 +35,7 @@
#include <boost/property_tree/json_parser.hpp>
#include <algorithm>
#include <string_view>
+#include <curlinit.hxx>
#include <svtools/languagetoolcfg.hxx>
#include <tools/color.hxx>
#include <tools/long.hxx>
@@ -462,6 +463,8 @@ std::string
LanguageToolGrammarChecker::makeHttpRequest(std::string_view aURL, H
if (!curl)
return {}; // empty string
+ ::InitCurl_easy(curl.get());
+
bool isPremium = false;
SvxLanguageToolOptions& rLanguageOpts = SvxLanguageToolOptions::Get();
OString apiKey = OUStringToOString(rLanguageOpts.getApiKey(),
RTL_TEXTENCODING_UTF8);
diff --git a/linguistic/source/translate.cxx b/linguistic/source/translate.cxx
index 316e3a8dbdcb..b336615a6d40 100644
--- a/linguistic/source/translate.cxx
+++ b/linguistic/source/translate.cxx
@@ -5,6 +5,7 @@
#include <rtl/string.h>
#include <boost/property_tree/ptree.hpp>
#include <boost/property_tree/json_parser.hpp>
+#include <curlinit.hxx>
#include <vcl/htmltransferable.hxx>
#include <tools/long.hxx>
@@ -17,6 +18,9 @@ OString Translate(const OString& rTargetLang, const OString&
rAPIUrl, const OStr
std::unique_ptr<CURL, std::function<void(CURL*)>> curl(curl_easy_init(),
[](CURL* p) {
curl_easy_cleanup(p); });
+
+ ::InitCurl_easy(curl.get());
+
curl_easy_setopt(curl.get(), CURLOPT_URL, rAPIUrl.getStr());
curl_easy_setopt(curl.get(), CURLOPT_FAILONERROR, 1L);
curl_easy_setopt(curl.get(), CURLOPT_TIMEOUT, CURL_TIMEOUT);
@@ -67,4 +71,4 @@ OString Translate(const OString& rTargetLang, const OString&
rAPIUrl, const OStr
const std::string text = translation.get<std::string>("text");
return OString(text);
}
-}
\ No newline at end of file
+}
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index f19c4dfcd663..6418680a1fb8 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -16,6 +16,10 @@
#include <svl/sigstruct.hxx>
#include <config_crypto.h>
+#if USE_CRYPTO_NSS
+#include <curlinit.hxx>
+#endif
+
#include <rtl/character.hxx>
#include <rtl/strbuf.hxx>
#include <rtl/string.hxx>
@@ -1082,6 +1086,8 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
return false;
}
+ ::InitCurl_easy(curl);
+
SAL_INFO("svl.crypto", "Setting curl to verbose: " <<
(curl_easy_setopt(curl, CURLOPT_VERBOSE, 1) == CURLE_OK ? "OK" : "FAIL"));
if ((rc = curl_easy_setopt(curl, CURLOPT_URL,
OUStringToOString(m_aSignTSA, RTL_TEXTENCODING_UTF8).getStr())) != CURLE_OK)
diff --git a/ucb/source/ucp/cmis/cmis_content.cxx
b/ucb/source/ucp/cmis/cmis_content.cxx
index 7980a1821bba..ce28f06c4a3a 100644
--- a/ucb/source/ucp/cmis/cmis_content.cxx
+++ b/ucb/source/ucp/cmis/cmis_content.cxx
@@ -57,6 +57,7 @@
#include <ucbhelper/proxydecider.hxx>
#include <ucbhelper/macros.hxx>
#include <sax/tools/converter.hxx>
+#include <curlinit.hxx>
#include "auth_provider.hxx"
#include "certvalidation_handler.hxx"
@@ -335,6 +336,9 @@ namespace cmis
new CertValidationHandler( xEnv, m_xContext,
aBindingUrl.GetHost( ) ) );
libcmis::SessionFactory::setCertificateValidationHandler(
certHandler );
+ // init libcurl callback
+
libcmis::SessionFactory::setCurlInitProtocolsFunction(&::InitCurl_easy);
+
// Get the auth credentials
AuthProvider aAuthProvider(xEnv,
m_xIdentifier->getContentIdentifier(), m_aURL.getBindingUrl());
AuthProvider::setXEnv( xEnv );
diff --git a/ucb/source/ucp/ftp/ftploaderthread.cxx
b/ucb/source/ucp/ftp/ftploaderthread.cxx
index f5ebfe36cdda..91130fc1bc9c 100644
--- a/ucb/source/ucp/ftp/ftploaderthread.cxx
+++ b/ucb/source/ucp/ftp/ftploaderthread.cxx
@@ -25,6 +25,8 @@
#include "ftploaderthread.hxx"
#include "curl.hxx"
+#include <curlinit.hxx>
+
using namespace ftp;
@@ -75,6 +77,8 @@ CURL* FTPLoaderThread::handle() {
if(!ret) {
ret = curl_easy_init();
if (ret != nullptr) {
+ ::InitCurl_easy(ret);
+
// Make sure curl is not internally using environment variables
like
// "ftp_proxy":
if (curl_easy_setopt(ret, CURLOPT_PROXY, "") != CURLE_OK) {
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx
b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index f33bd4e1c6bb..00adaaef02bf 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -33,6 +33,7 @@
#include <sal/log.hxx>
#include <rtl/strbuf.hxx>
#include <rtl/ustrbuf.hxx>
+#include <curlinit.hxx>
#include <config_version.h>
#include <map>
@@ -680,6 +681,7 @@
CurlSession::CurlSession(uno::Reference<uno::XComponentContext> const& xContext,
assert(rc == CURLE_OK);
rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_HEADERFUNCTION,
&header_callback);
assert(rc == CURLE_OK);
+ ::InitCurl_easy(m_pCurl.get());
// tdf#149921 by default, with schannel (WNT) connection fails if
revocation
// lists cannot be checked; try to limit the checking to when revocation
// lists can actually be retrieved (usually not the case for self-signed
CA)
