diff --git a/panda/src/configfiles/panda.prc.pp b/panda/src/configfiles/panda.prc.pp index 8587d9f2ef..b2aea68d44 100644 --- a/panda/src/configfiles/panda.prc.pp +++ b/panda/src/configfiles/panda.prc.pp @@ -119,6 +119,6 @@ egg-object-type-glow blend { add } # used when packaging up the p3dcert application for publish. #define install_dir $[$[upcase $[PACKAGE]]_INSTALL] #define install_data_dir $[or $[INSTALL_DATA_DIR],$[install_dir]/shared] -ssl-certificates $[install_data_dir]/ca-bundle.crt +ca-bundle-filename $[install_data_dir]/ca-bundle.crt #end 20_panda.prc diff --git a/panda/src/express/config_express.cxx b/panda/src/express/config_express.cxx index a5c7672bb0..5a1acf4277 100644 --- a/panda/src/express/config_express.cxx +++ b/panda/src/express/config_express.cxx @@ -69,12 +69,15 @@ ConfigVariableBool collect_tcp ConfigVariableDouble collect_tcp_interval ("collect-tcp-interval", 0.2); -ConfigVariableList ssl_certificates -("ssl-certificates", - PRC_DESC("This names one or more certificate authority files for OpenSSL " +ConfigVariableFilename ca_bundle_filename +("ca-bundle-filename", "", + PRC_DESC("This names the certificate authority file for OpenSSL " "to use to verify whether SSL certificates are trusted or not. " - "The file(s) named by this setting should contain one or more " - "PEM-formatted certificates from trusted certificate authorities.")); + "The file named by this setting should contain one or more " + "PEM-formatted certificates from trusted certificate " + "authorities. This is a fairly standard file; a copy of " + "ca-bundle.crt is included in the OpenSSL distribution, and " + "is also included with Panda.")); //////////////////////////////////////////////////////////////////// // Function: init_libexpress diff --git a/panda/src/express/config_express.h b/panda/src/express/config_express.h index 6ab94f3098..6804f7b8d3 100644 --- a/panda/src/express/config_express.h +++ b/panda/src/express/config_express.h @@ -23,6 +23,7 @@ #include "configVariableInt.h" #include "configVariableDouble.h" #include "configVariableList.h" +#include "configVariableFilename.h" // Include this so interrogate can find it. #include "executionEnvironment.h" @@ -52,7 +53,7 @@ extern ConfigVariableBool keep_temporary_files; extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp; extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval; -extern ConfigVariableList ssl_certificates; +extern ConfigVariableFilename ca_bundle_filename; // Expose the Config variable for Python access. BEGIN_PUBLISH diff --git a/panda/src/express/openSSLWrapper.cxx b/panda/src/express/openSSLWrapper.cxx index ba69cb79e4..6f9114c04b 100644 --- a/panda/src/express/openSSLWrapper.cxx +++ b/panda/src/express/openSSLWrapper.cxx @@ -39,11 +39,8 @@ OpenSSLWrapper() { X509_STORE_set_default_paths(_x509_store); // Load in any default certificates listed in the Config.prc file. - int num_certs = ssl_certificates.get_num_unique_values(); - for (int ci = 0; ci < num_certs; ci++) { - string cert_file = ssl_certificates.get_unique_value(ci); - Filename filename = Filename::expand_from(cert_file); - load_certificates(filename); + if (!ca_bundle_filename.empty()) { + load_certificates(ca_bundle_filename); } }