diff options
author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-06-04 21:17:59 +0100 |
---|---|---|
committer | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-08-23 21:52:26 +0200 |
commit | 2a5c998d4cdfd54ba65b93318292dab542beaabd (patch) | |
tree | b5670906c4b864704142cda9cbd1fef2fd8d3ceb | |
parent | map LO_CERTIFICATE_AUTHORITY_PATH to CURLOPT_CAPATH (diff) | |
download | core-2a5c998d4cdfd54ba65b93318292dab542beaabd.tar.gz core-2a5c998d4cdfd54ba65b93318292dab542beaabd.zip |
allow an exemption to be made for a specific host
Change-Id: Ie423df7839e793a9c07561efb56d5649876947ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168826
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172328
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
-rw-r--r-- | desktop/source/lib/init.cxx | 3 | ||||
-rw-r--r-- | include/tools/hostfilter.hxx | 4 | ||||
-rw-r--r-- | tools/source/inet/hostfilter.cxx | 11 | ||||
-rw-r--r-- | ucb/source/ucp/webdav-curl/CurlSession.cxx | 5 |
4 files changed, 23 insertions, 0 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 2d9f489b6c74..f06cffe5eaae 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -2825,6 +2825,9 @@ static LibreOfficeKitDocument* lo_documentLoadWithOptions(LibreOfficeKit* pThis, OutputDevice::StartTrackingFontMappingUse(); + if (const char* pExemptVerifyHost = ::getenv("LOK_EXEMPT_VERIFY_HOST")) + HostFilter::setExemptVerifyHost(OUString(pExemptVerifyHost, strlen(pExemptVerifyHost), RTL_TEXTENCODING_UTF8)); + const int nThisDocumentId = nDocumentIdCounter++; SfxViewShell::SetCurrentDocId(ViewShellDocId(nThisDocumentId)); uno::Reference<lang::XComponent> xComponent = xComponentLoader->loadComponentFromURL( diff --git a/include/tools/hostfilter.hxx b/include/tools/hostfilter.hxx index afbf885b0cb4..ca2d91355986 100644 --- a/include/tools/hostfilter.hxx +++ b/include/tools/hostfilter.hxx @@ -21,6 +21,10 @@ public: static void setAllowedHostsRegex(const char* sAllowedRegex); static bool isForbidden(const OUString& rHost); + + static void setExemptVerifyHost(const OUString& rExemptVerifyHost); + + static bool isExemptVerifyHost(const std::u16string_view rHost); }; #endif diff --git a/tools/source/inet/hostfilter.cxx b/tools/source/inet/hostfilter.cxx index 5bc63d42cfb7..e13e3d66cab6 100644 --- a/tools/source/inet/hostfilter.cxx +++ b/tools/source/inet/hostfilter.cxx @@ -11,6 +11,7 @@ #include <regex> static std::regex g_AllowedHostsRegex(""); +static OUString g_ExceptVerifyHost; static bool g_AllowedHostsSet = false; void HostFilter::setAllowedHostsRegex(const char* sAllowedRegex) @@ -28,4 +29,14 @@ bool HostFilter::isForbidden(const OUString& rHost) return !std::regex_match(rHost.toUtf8().getStr(), g_AllowedHostsRegex); } +void HostFilter::setExemptVerifyHost(const OUString& rExemptVerifyHost) +{ + g_ExceptVerifyHost = rExemptVerifyHost; +} + +bool HostFilter::isExemptVerifyHost(const std::u16string_view rHost) +{ + return rHost == g_ExceptVerifyHost; +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx index 128cb4b538af..8d933acf200a 100644 --- a/ucb/source/ucp/webdav-curl/CurlSession.cxx +++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx @@ -758,6 +758,11 @@ CurlSession::CurlSession(uno::Reference<uno::XComponentContext> xContext, rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_FORBID_REUSE, 1L); assert(rc == CURLE_OK); } + if (HostFilter::isExemptVerifyHost(m_URI.GetHost())) + { + rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYHOST, 0L); + assert(rc == CURLE_OK); + } } CurlSession::~CurlSession() {} |