Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Use calibre's bundled SSL certificates instead of the system store by default

Browse Source 
I am tired of all the bug reports about SSL cerificate verify failures
on windows caused by the windows certificate store not having needed
intermediate certificates. So use the bundled certificates instead which
are the set of certificates trusted by Firefox and curl.

Can be turned off via CALIBRE_USE_SYSTEM_CERTIFICATES=1 env var
This commit is contained in:
Kovid Goyal 2024-10-08 15:06:35 +05:30
parent a003b0303d
commit 97d476811a
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
4 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bypy/macos/util.c
View File

@ -17,6 +17,7 @@ set_env_vars(const char* contents_path) {
for (size_t i = 0; i < arraysz(env_vars); i++) {
env_var = env_vars[i]; val = env_var_vals[i];
if (strcmp(env_var, "SSL_CERT_FILE") == 0 && getenv("CALIBRE_USE_SYSTEM_CERTIFICATES") && strcmp(getenv("CALIBRE_USE_SYSTEM_CERTIFICATES"), "1") == 0) continue;
if (strstr(val, EXE) == val && strlen(val) >= sizeof(EXE)) {
snprintf(buf, sizeof(buf) - 1, "%s%s", contents_path, val + sizeof(EXE) - 1);
setenv(env_var, buf, 1);

6
bypy/windows/util.c
View File

@ -49,6 +49,12 @@ get_install_locations(void) {
_wputenv_s(L"QTWEBENGINE_DISABLE_SANDBOX", "1");
_snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\app", interpreter_data.app_dir);
_wputenv_s(L"CALIBRE_QT_PREFIX", qt_prefix_dir);
// Lots of people have trouble with various websites failing to download
// because of missing intermediate certificates in the windows store
// so use the Mozilla certificate bundle
_snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\mozilla-ca-certs.pem", interpreter_data.resources_path);
const char *s = getenv("CALIBRE_USE_SYSTEM_CERTIFICATES");
if (!s || strcmp(s, "1") != 0) _wputenv_s(L"SSL_CERT_FILE", qt_prefix_dir);
}
static void

1
manual/customize.rst
View File

@ -52,6 +52,7 @@ Environment variables
the system theme -- beware of crashes and hangs.
* ``CALIBRE_SHOW_DEPRECATION_WARNINGS`` - causes calibre to print deprecation warnings to stdout. Useful for calibre developers.
* ``CALIBRE_NO_DEFAULT_PROGRAMS`` - prevent calibre from automatically registering the filetypes it is capable of handling with Windows.
* ``CALIBRE_USE_SYSTEM_CERTIFICATES`` - make calibre use the system certificate store for SSL certificate verification instead of its own certificate store on Windows and macOS.
* ``QT_QPA_PLATFORM`` - On Linux set this to ``wayland`` to force calibre to use Wayland and ``xcb`` to force use of X11.
* ``SYSFS_PATH`` - Use if sysfs is mounted somewhere other than /sys
* ``http_proxy``, ``https_proxy`` - used on Linux to specify an HTTP(S) proxy

6
src/calibre/gui2/__init__.py
View File

@ -1479,9 +1479,13 @@ def sanitize_env_vars():
}
elif iswindows:
env_vars = {'OPENSSL_MODULES': None, 'QTWEBENGINE_DISABLE_SANDBOX': None}
if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
env_vars['SSL_CERT_FILE'] = None
elif ismacos:
env_vars = {k:None for k in (
'FONTCONFIG_FILE FONTCONFIG_PATH SSL_CERT_FILE OPENSSL_ENGINES OPENSSL_MODULES').split()}
'FONTCONFIG_FILE FONTCONFIG_PATH OPENSSL_ENGINES OPENSSL_MODULES').split()}
if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
env_vars['SSL_CERT_FILE'] = None
else:
env_vars = {}