diff options
| author | Jack Lloyd <[email protected]> | 2019-04-10 11:27:44 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-04-10 11:27:44 -0400 |
| commit | 82f32632d58365846908ee838b0ff8ddc7606835 (patch) | |
| tree | 7aa0a04c73f26aa4cd044990a09d9f1b9384f270 | |
| parent | 6bfa5117b77aa760263d306901a7e3eff9c1ba2e (diff) | |
Add a option for setting path to trusted CA list
Related to #1885
| -rwxr-xr-x | configure.py | 21 | ||||
| -rw-r--r-- | src/build-data/buildh.in | 4 |
2 files changed, 25 insertions, 0 deletions
diff --git a/configure.py b/configure.py index 7ecbfa83a..fc3eb3b83 100755 --- a/configure.py +++ b/configure.py @@ -354,6 +354,9 @@ def process_command_line(args): # pylint: disable=too-many-locals,too-many-state build_group = optparse.OptionGroup(parser, 'Build options') + build_group.add_option('--system-cert-bundle', metavar='PATH', default=None, + help='set path to trusted CA bundle') + build_group.add_option('--with-debug-info', action='store_true', default=False, dest='with_debug_info', help='include debug symbols') @@ -1995,6 +1998,7 @@ def create_template_vars(source_paths, build_paths, options, modules, cc, arch, 'os_features': osinfo.enabled_features(options), 'os_name': osinfo.basename, 'cpu_features': arch.supported_isa_extensions(cc, options), + 'system_cert_bundle': options.system_cert_bundle, 'fuzzer_mode': options.unsafe_fuzzer_mode, 'fuzzer_type': options.build_fuzzers.upper() if options.build_fuzzers else '', @@ -2828,6 +2832,23 @@ def set_defaults_for_unset_options(options, info_arch, info_cc, info_os): # pyli if options.with_pkg_config is None: options.with_pkg_config = info_os[options.os].uses_pkg_config + if options.system_cert_bundle is None: + default_paths = [ + '/etc/ssl/certs/ca-certificates.crt', # Ubuntu, Arch + '/etc/ssl/ca-bundle.pem', # SuSE + '/etc/ssl/cert.pem', # OpenBSD, FreeBSD + ] + + for path in default_paths: + if os.access(path, os.R_OK): + logging.info('Using %s as system certificate store', path) + options.system_cert_bundle = path + break + else: + if not os.access(options.system_cert_bundle, os.R_OK): + logging.warning('Provided system cert bundle path %s not found, ignoring', options.system_cert_bundle) + options.system_cert_bundle = None + # Mutates `options` def canonicalize_options(options, info_os, info_arch): # pylint: disable=too-many-branches diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 91be93b1c..eb10abe5a 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -38,6 +38,10 @@ #define BOTAN_LIB_LINK "%{link_to}" #define BOTAN_LINK_FLAGS "%{cxx_abi_flags}" +%{if system_cert_bundle} +#define BOTAN_SYSTEM_CERT_BUNDLE "%{system_cert_bundle}" +%{endif} + #ifndef BOTAN_DLL #define BOTAN_DLL %{visibility_attribute} #endif |