[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.2' - external/serf

Fri Jun 19 09:45:45 UTC 2020

external/serf/UnpackedTarball_serf.mk |    1 +
 external/serf/ssl.verify.none.patch.1 |   11 +++++++++++
 2 files changed, 12 insertions(+)

New commits:
commit 459134ea842ad8238ab3c4efffef26843a3853c9
Author:     Andras Timar <andras.timar at collabora.com>
AuthorDate: Fri May 1 21:41:37 2020 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Fri Jun 19 11:45:14 2020 +0200

    [cp] Be more relaxed with accepting certs in serf
    
    The Desktop product uses neon, so this patch is for Online.
    When the WOPI-like host uses a self-signed SSL certificate,
    serf refuses to fetch resources from it, so Insert - Image
    and Create from Template operations fail.
    
    Related commit: a08552a8c36754930a3268e27aefee70d5cf21df
    But in case of serf somehow we do not trigger the interaction
    handler, we get an information message box with the text
    "Image file cannot be opened"
    
    So I decided to patch serf. The result is the same.
    * In Collabora Online 4.0.x we do not check the cert of
      WOPI-like host anyway.
    * In Collabora Online 4.2.x we optionally check the cert
      of WOPI-like host. The Create from Template and Insert -
      Image cases will be exceptional, where we won't check it.
      Generally it should not make a big difference.
    
    Change-Id: I3937bf450ef70f3a793ec1c793336d18209b6e62
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96652
    Reviewed-by: Jan Holesovsky <kendy at collabora.com>
    Tested-by: Andras Timar <andras.timar at collabora.com>

diff --git a/external/serf/UnpackedTarball_serf.mk b/external/serf/UnpackedTarball_serf.mk
index e6e950920b95..3cea304dbcc4 100644
--- a/external/serf/UnpackedTarball_serf.mk
+++ b/external/serf/UnpackedTarball_serf.mk
@@ -17,6 +17,7 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,serf,\
 
 $(eval $(call gb_UnpackedTarball_add_patches,serf,\
 	external/serf/windows.build.patch.1 \
+	external/serf/ssl.verify.none.patch.1 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/serf/ssl.verify.none.patch.1 b/external/serf/ssl.verify.none.patch.1
new file mode 100644
index 000000000000..3bf48e0fc5c2
--- /dev/null
+++ b/external/serf/ssl.verify.none.patch.1
@@ -0,0 +1,11 @@
+--- serf.org/buckets/ssl_buckets.c	2020-05-01 20:45:32.463464917 +0200
++++ serf/buckets/ssl_buckets.c	2020-05-01 20:46:00.643301728 +0200
+@@ -1205,7 +1205,7 @@
+     ssl_ctx->server_cert_callback = NULL;
+     ssl_ctx->server_cert_chain_callback = NULL;
+
+-    SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_PEER,
++    SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_NONE,
+                        validate_server_certificate);
+     SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_ALL);
+     /* Disable SSL compression by default. */
