diff options
| author | Cédric Bosdonnat <cedric.bosdonnat@free.fr> | 2014-07-15 10:31:14 +0200 |
|---|---|---|
| committer | Cédric Bosdonnat <cedric.bosdonnat@free.fr> | 2014-07-15 11:15:45 +0200 |
| commit | 165075e0d705cbd146463c94b027e728db864ab2 (patch) | |
| tree | 3bd692bbf4e4c7688888b377474ca27736e56558 /ucb | |
| parent | 1a6e47e3fda10e6d220b67d766ec6fbdfd852b80 (diff) | |
fdo#72277: Use NSS CACERT in cmis ucp with internal curl
This fix contains two parts:
* initialize NSS in the CMIS UCP right before sending an HTTP request
in case internal curl is used. This makes internal curl find the NSS
CACERT database from the user mozilla profile.
* add nsspem to allow curl to use CACERTs from libnssckbi. Without
libnsspem curl is unable to read the certificates from the NSS
database. The nss-pem code has been extracted from the fedora-hosted
repository: https://git.fedorahosted.org/cgit/nss-pem.git
Change-Id: Ie8dedf020480cca01bf9761382886566a1150778
Diffstat (limited to 'ucb')
| -rw-r--r-- | ucb/source/ucp/cmis/cmis_content.cxx | 14 | ||||
| -rw-r--r-- | ucb/source/ucp/cmis/cmis_repo_content.cxx | 14 |
2 files changed, 28 insertions, 0 deletions
diff --git a/ucb/source/ucp/cmis/cmis_content.cxx b/ucb/source/ucp/cmis/cmis_content.cxx index 748aadd09c17..5b817485e7a7 100644 --- a/ucb/source/ucp/cmis/cmis_content.cxx +++ b/ucb/source/ucp/cmis/cmis_content.cxx @@ -32,6 +32,10 @@ #include <com/sun/star/ucb/UnsupportedOpenModeException.hpp> #include <com/sun/star/ucb/XCommandInfo.hpp> #include <com/sun/star/ucb/XDynamicResultSet.hpp> +#include <com/sun/star/xml/crypto/XDigestContext.hpp> +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/NSSInitializer.hpp> #include <comphelper/processfactory.hxx> #include <config_oauth2.h> @@ -272,6 +276,16 @@ namespace cmis if ( NULL == m_pSession ) { + // Initialize NSS library to make sure libcmis (and curl) can access CACERTs using NSS + // when using internal libcurl. + uno::Reference< com::sun::star::xml::crypto::XNSSInitializer > + xNSSInitializer = com::sun::star::xml::crypto::NSSInitializer::create( m_xContext ); + + uno::Reference< com::sun::star::xml::crypto::XDigestContext > xDigestContext( + xNSSInitializer->getDigestContext( com::sun::star::xml::crypto::DigestID::SHA256, + uno::Sequence< beans::NamedValue >() ), + uno::UNO_SET_THROW ); + // Set the SSL Validation handler libcmis::CertValidationHandlerPtr certHandler( new CertValidationHandler( xEnv, m_xContext, aBindingUrl.GetHost( ) ) ); diff --git a/ucb/source/ucp/cmis/cmis_repo_content.cxx b/ucb/source/ucp/cmis/cmis_repo_content.cxx index 3771e1a365da..3adc2b34e0b9 100644 --- a/ucb/source/ucp/cmis/cmis_repo_content.cxx +++ b/ucb/source/ucp/cmis/cmis_repo_content.cxx @@ -15,6 +15,10 @@ #include <com/sun/star/ucb/XCommandInfo.hpp> #include <com/sun/star/ucb/XDynamicResultSet.hpp> #include <com/sun/star/ucb/XProgressHandler.hpp> +#include <com/sun/star/xml/crypto/XDigestContext.hpp> +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/NSSInitializer.hpp> #include <comphelper/processfactory.hxx> #include <config_oauth2.h> @@ -120,6 +124,16 @@ namespace cmis void RepoContent::getRepositories( const uno::Reference< ucb::XCommandEnvironment > & xEnv ) { + // Initialize NSS library to make sure libcmis (and curl) can access CACERTs using NSS + // when using internal libcurl. + uno::Reference< com::sun::star::xml::crypto::XNSSInitializer > + xNSSInitializer = com::sun::star::xml::crypto::NSSInitializer::create( m_xContext ); + + uno::Reference< com::sun::star::xml::crypto::XDigestContext > xDigestContext( + xNSSInitializer->getDigestContext( com::sun::star::xml::crypto::DigestID::SHA256, + uno::Sequence< beans::NamedValue >() ), + uno::UNO_SET_THROW ); + // Set the proxy if needed. We are doing that all times as the proxy data shouldn't be cached. ucbhelper::InternetProxyDecider aProxyDecider( m_xContext ); INetURLObject aBindingUrl( m_aURL.getBindingUrl( ) ); |