diff options
| author | Andras Timar <andras.timar@collabora.com> | 2020-05-01 21:41:37 +0200 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2020-06-22 08:59:43 +0200 |
| commit | acba2dd40d8c72be160ad4d4b1424eadab66362b (patch) | |
| tree | 7c7e3e9520c2895f5a8a69a74e7ccfd4ce44d6cd /external | |
| parent | tdf#121384 don't leave a bare trailing : in PYTHONPATH (diff) | |
| download | core-acba2dd40d8c72be160ad4d4b1424eadab66362b.tar.gz core-acba2dd40d8c72be160ad4d4b1424eadab66362b.zip | |
[cp] Be more relaxed with accepting certs in serf
The Desktop product uses neon, so this patch is for Online.
When the WOPI-like host uses a self-signed SSL certificate,
serf refuses to fetch resources from it, so Insert - Image
and Create from Template operations fail.
Related commit: a08552a8c36754930a3268e27aefee70d5cf21df
But in case of serf somehow we do not trigger the interaction
handler, we get an information message box with the text
"Image file cannot be opened"
So I decided to patch serf. The result is the same.
* In Collabora Online 4.0.x we do not check the cert of
WOPI-like host anyway.
* In Collabora Online 4.2.x we optionally check the cert
of WOPI-like host. The Create from Template and Insert -
Image cases will be exceptional, where we won't check it.
Generally it should not make a big difference.
Change-Id: I3937bf450ef70f3a793ec1c793336d18209b6e62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96652
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
Diffstat (limited to 'external')
| -rw-r--r-- | external/serf/UnpackedTarball_serf.mk | 1 | ||||
| -rw-r--r-- | external/serf/ssl.verify.none.patch.1 | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/external/serf/UnpackedTarball_serf.mk b/external/serf/UnpackedTarball_serf.mk index e6e950920b95..3cea304dbcc4 100644 --- a/external/serf/UnpackedTarball_serf.mk +++ b/external/serf/UnpackedTarball_serf.mk @@ -17,6 +17,7 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,serf,\ $(eval $(call gb_UnpackedTarball_add_patches,serf,\ external/serf/windows.build.patch.1 \ + external/serf/ssl.verify.none.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/serf/ssl.verify.none.patch.1 b/external/serf/ssl.verify.none.patch.1 new file mode 100644 index 000000000000..3bf48e0fc5c2 --- /dev/null +++ b/external/serf/ssl.verify.none.patch.1 @@ -0,0 +1,11 @@ +--- serf.org/buckets/ssl_buckets.c 2020-05-01 20:45:32.463464917 +0200 ++++ serf/buckets/ssl_buckets.c 2020-05-01 20:46:00.643301728 +0200 +@@ -1205,7 +1205,7 @@ + ssl_ctx->server_cert_callback = NULL; + ssl_ctx->server_cert_chain_callback = NULL; + +- SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_PEER, ++ SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_NONE, + validate_server_certificate); + SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_ALL); + /* Disable SSL compression by default. */ |