external/serf/UnpackedTarball_serf.mk | 1 + external/serf/ssl.verify.none.patch.1 | 11 +++++++++++ 2 files changed, 12 insertions(+)
New commits: commit afe5dc2d4360964d176325c5499a614b989f181f Author: Andras Timar <[email protected]> AuthorDate: Fri May 1 21:41:37 2020 +0200 Commit: Andras Timar <[email protected]> CommitDate: Mon Jun 22 21:16:50 2020 +0200 [cp] Be more relaxed with accepting certs in serf The Desktop product uses neon, so this patch is for Online. When the WOPI-like host uses a self-signed SSL certificate, serf refuses to fetch resources from it, so Insert - Image and Create from Template operations fail. Related commit: a08552a8c36754930a3268e27aefee70d5cf21df But in case of serf somehow we do not trigger the interaction handler, we get an information message box with the text "Image file cannot be opened" So I decided to patch serf. The result is the same. * In Collabora Online 4.0.x we do not check the cert of WOPI-like host anyway. * In Collabora Online 4.2.x we optionally check the cert of WOPI-like host. The Create from Template and Insert - Image cases will be exceptional, where we won't check it. Generally it should not make a big difference. Change-Id: I3937bf450ef70f3a793ec1c793336d18209b6e62 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93306 Tested-by: Andras Timar <[email protected]> Reviewed-by: Andras Timar <[email protected]> diff --git a/external/serf/UnpackedTarball_serf.mk b/external/serf/UnpackedTarball_serf.mk index e6e950920b95..3cea304dbcc4 100644 --- a/external/serf/UnpackedTarball_serf.mk +++ b/external/serf/UnpackedTarball_serf.mk @@ -17,6 +17,7 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,serf,\ $(eval $(call gb_UnpackedTarball_add_patches,serf,\ external/serf/windows.build.patch.1 \ + external/serf/ssl.verify.none.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/serf/ssl.verify.none.patch.1 b/external/serf/ssl.verify.none.patch.1 new file mode 100644 index 000000000000..3bf48e0fc5c2 --- /dev/null +++ b/external/serf/ssl.verify.none.patch.1 @@ -0,0 +1,11 @@ +--- serf.org/buckets/ssl_buckets.c 2020-05-01 20:45:32.463464917 +0200 ++++ serf/buckets/ssl_buckets.c 2020-05-01 20:46:00.643301728 +0200 +@@ -1205,7 +1205,7 @@ + ssl_ctx->server_cert_callback = NULL; + ssl_ctx->server_cert_chain_callback = NULL; + +- SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_PEER, ++ SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_NONE, + validate_server_certificate); + SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_ALL); + /* Disable SSL compression by default. */ _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
