mirror of
https://github.com/kovidgoyal/calibre.git
synced 2025-07-09 03:04:10 -04:00
Windows: Use calibre's bundled SSL certificates instead of the system store by default
I am tired of all the bug reports about SSL cerificate verify failures on windows caused by the windows certificate store not having needed intermediate certificates. So use the bundled certificates instead which are the set of certificates trusted by Firefox and curl. Can be turned off via CALIBRE_USE_SYSTEM_CERTIFICATES=1 env var
This commit is contained in:
parent
a003b0303d
commit
97d476811a
@ -17,6 +17,7 @@ set_env_vars(const char* contents_path) {
|
||||
|
||||
for (size_t i = 0; i < arraysz(env_vars); i++) {
|
||||
env_var = env_vars[i]; val = env_var_vals[i];
|
||||
if (strcmp(env_var, "SSL_CERT_FILE") == 0 && getenv("CALIBRE_USE_SYSTEM_CERTIFICATES") && strcmp(getenv("CALIBRE_USE_SYSTEM_CERTIFICATES"), "1") == 0) continue;
|
||||
if (strstr(val, EXE) == val && strlen(val) >= sizeof(EXE)) {
|
||||
snprintf(buf, sizeof(buf) - 1, "%s%s", contents_path, val + sizeof(EXE) - 1);
|
||||
setenv(env_var, buf, 1);
|
||||
|
@ -49,6 +49,12 @@ get_install_locations(void) {
|
||||
_wputenv_s(L"QTWEBENGINE_DISABLE_SANDBOX", "1");
|
||||
_snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\app", interpreter_data.app_dir);
|
||||
_wputenv_s(L"CALIBRE_QT_PREFIX", qt_prefix_dir);
|
||||
// Lots of people have trouble with various websites failing to download
|
||||
// because of missing intermediate certificates in the windows store
|
||||
// so use the Mozilla certificate bundle
|
||||
_snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\mozilla-ca-certs.pem", interpreter_data.resources_path);
|
||||
const char *s = getenv("CALIBRE_USE_SYSTEM_CERTIFICATES");
|
||||
if (!s || strcmp(s, "1") != 0) _wputenv_s(L"SSL_CERT_FILE", qt_prefix_dir);
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -52,6 +52,7 @@ Environment variables
|
||||
the system theme -- beware of crashes and hangs.
|
||||
* ``CALIBRE_SHOW_DEPRECATION_WARNINGS`` - causes calibre to print deprecation warnings to stdout. Useful for calibre developers.
|
||||
* ``CALIBRE_NO_DEFAULT_PROGRAMS`` - prevent calibre from automatically registering the filetypes it is capable of handling with Windows.
|
||||
* ``CALIBRE_USE_SYSTEM_CERTIFICATES`` - make calibre use the system certificate store for SSL certificate verification instead of its own certificate store on Windows and macOS.
|
||||
* ``QT_QPA_PLATFORM`` - On Linux set this to ``wayland`` to force calibre to use Wayland and ``xcb`` to force use of X11.
|
||||
* ``SYSFS_PATH`` - Use if sysfs is mounted somewhere other than /sys
|
||||
* ``http_proxy``, ``https_proxy`` - used on Linux to specify an HTTP(S) proxy
|
||||
|
@ -1479,9 +1479,13 @@ def sanitize_env_vars():
|
||||
}
|
||||
elif iswindows:
|
||||
env_vars = {'OPENSSL_MODULES': None, 'QTWEBENGINE_DISABLE_SANDBOX': None}
|
||||
if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
|
||||
env_vars['SSL_CERT_FILE'] = None
|
||||
elif ismacos:
|
||||
env_vars = {k:None for k in (
|
||||
'FONTCONFIG_FILE FONTCONFIG_PATH SSL_CERT_FILE OPENSSL_ENGINES OPENSSL_MODULES').split()}
|
||||
'FONTCONFIG_FILE FONTCONFIG_PATH OPENSSL_ENGINES OPENSSL_MODULES').split()}
|
||||
if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
|
||||
env_vars['SSL_CERT_FILE'] = None
|
||||
else:
|
||||
env_vars = {}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user