ssl-certificates -> ca-bundle-filename

2025-10-03 10:22:45 -04:00 · 2009-09-17 15:45:09 +00:00 · 2009-09-17 15:45:09 +00:00 · ea41a5a834
commit ea41a5a834
parent 9f80ba33d1
4 changed files with 13 additions and 12 deletions
--- a/panda/src/configfiles/panda.prc.pp
+++ b/panda/src/configfiles/panda.prc.pp
@ -119,6 +119,6 @@ egg-object-type-glow            <Scalar> blend { add }
 # used when packaging up the p3dcert application for publish.
 #define install_dir $[$[upcase $[PACKAGE]]_INSTALL]
 #define install_data_dir $[or $[INSTALL_DATA_DIR],$[install_dir]/shared]
-ssl-certificates $[install_data_dir]/ca-bundle.crt
+ca-bundle-filename $[install_data_dir]/ca-bundle.crt

 #end 20_panda.prc
--- a/panda/src/express/config_express.cxx
+++ b/panda/src/express/config_express.cxx
@ -69,12 +69,15 @@ ConfigVariableBool collect_tcp
 ConfigVariableDouble collect_tcp_interval
 ("collect-tcp-interval", 0.2);

-ConfigVariableList ssl_certificates
-("ssl-certificates",
- PRC_DESC("This names one or more certificate authority files for OpenSSL "
+ConfigVariableFilename ca_bundle_filename
+("ca-bundle-filename", "",
+ PRC_DESC("This names the certificate authority file for OpenSSL "
          "to use to verify whether SSL certificates are trusted or not.  "
-          "The file(s) named by this setting should contain one or more "
-          "PEM-formatted certificates from trusted certificate authorities."));
+          "The file named by this setting should contain one or more "
+          "PEM-formatted certificates from trusted certificate "
+          "authorities.  This is a fairly standard file; a copy of "
+          "ca-bundle.crt is included in the OpenSSL distribution, and "
+          "is also included with Panda."));

 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress
--- a/panda/src/express/config_express.h
+++ b/panda/src/express/config_express.h
@ -23,6 +23,7 @@
 #include "configVariableInt.h"
 #include "configVariableDouble.h"
 #include "configVariableList.h"
+#include "configVariableFilename.h"

 // Include this so interrogate can find it.
 #include "executionEnvironment.h"
@ -52,7 +53,7 @@ extern ConfigVariableBool keep_temporary_files;

 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
-extern ConfigVariableList ssl_certificates;
+extern ConfigVariableFilename ca_bundle_filename;

 // Expose the Config variable for Python access.
 BEGIN_PUBLISH
--- a/panda/src/express/openSSLWrapper.cxx
+++ b/panda/src/express/openSSLWrapper.cxx
@ -39,11 +39,8 @@ OpenSSLWrapper() {
  X509_STORE_set_default_paths(_x509_store);

  // Load in any default certificates listed in the Config.prc file.
-  int num_certs = ssl_certificates.get_num_unique_values();
-  for (int ci = 0; ci < num_certs; ci++) {
-    string cert_file = ssl_certificates.get_unique_value(ci);
-    Filename filename = Filename::expand_from(cert_file);
-    load_certificates(filename);
+  if (!ca_bundle_filename.empty()) {
+    load_certificates(ca_bundle_filename);
  }
 }