use std::env;
use std::path::{Path, PathBuf};
pub const ENV_CERT_FILE: &'static str = "SSL_CERT_FILE";
pub const ENV_CERT_DIR: &'static str = "SSL_CERT_DIR";
pub struct ProbeResult {
pub cert_file: Option<PathBuf>,
pub cert_dir: Option<PathBuf>,
}
#[doc(hidden)]
#[deprecated(note = "use `candidate_cert_dirs` instead")]
pub fn find_certs_dirs() -> Vec<PathBuf> {
candidate_cert_dirs().map(Path::to_path_buf).collect()
}
pub fn candidate_cert_dirs() -> impl Iterator<Item = &'static Path> {
[
"/var/ssl",
"/usr/share/ssl",
"/usr/local/ssl",
"/usr/local/openssl",
"/usr/local/etc/openssl",
"/usr/local/share",
"/usr/lib/ssl",
"/usr/ssl",
"/etc/openssl",
"/etc/pki/ca-trust/extracted/pem",
"/etc/pki/tls",
"/etc/ssl",
"/etc/certs",
"/opt/etc/ssl", #[cfg(target_os = "android")]
"/data/data/com.termux/files/usr/etc/tls",
#[cfg(target_os = "haiku")]
"/boot/system/data/ssl",
]
.iter()
.map(Path::new)
.filter(|p| p.exists())
}
#[doc(hidden)]
#[deprecated(note = "this function is not safe, use `init_openssl_env_vars` instead")]
pub fn init_ssl_cert_env_vars() {
unsafe {
init_openssl_env_vars();
}
}
pub unsafe fn init_openssl_env_vars() {
try_init_openssl_env_vars();
}
#[doc(hidden)]
#[deprecated(note = "use try_init_openssl_env_vars instead, this function is not safe")]
pub fn try_init_ssl_cert_env_vars() -> bool {
unsafe { try_init_openssl_env_vars() }
}
pub unsafe fn try_init_openssl_env_vars() -> bool {
let ProbeResult {
cert_file,
cert_dir,
} = probe();
if let Some(path) = &cert_file {
unsafe {
put(ENV_CERT_FILE, path);
}
}
if let Some(path) = &cert_dir {
unsafe {
put(ENV_CERT_DIR, path);
}
}
unsafe fn put(var: &str, path: &Path) {
if env::var_os(var).as_deref() != Some(path.as_os_str()) {
unsafe {
env::set_var(var, path);
}
}
}
cert_file.is_some() || cert_dir.is_some()
}
pub fn has_ssl_cert_env_vars() -> bool {
let probe = probe_from_env();
probe.cert_file.is_some() || probe.cert_dir.is_some()
}
fn probe_from_env() -> ProbeResult {
let var = |name| env::var_os(name).map(PathBuf::from).filter(|p| p.exists());
ProbeResult {
cert_file: var(ENV_CERT_FILE),
cert_dir: var(ENV_CERT_DIR),
}
}
pub fn probe() -> ProbeResult {
let mut result = probe_from_env();
for certs_dir in candidate_cert_dirs() {
let cert_filenames = [
"cert.pem",
"certs.pem",
"ca-bundle.pem",
"cacert.pem",
"ca-certificates.crt",
"certs/ca-certificates.crt",
"certs/ca-root-nss.crt",
"certs/ca-bundle.crt",
"CARootCertificates.pem",
"tls-ca-bundle.pem",
];
if result.cert_file.is_none() {
result.cert_file = cert_filenames
.iter()
.map(|fname| certs_dir.join(fname))
.find(|p| p.exists());
}
if result.cert_dir.is_none() {
let cert_dir = certs_dir.join("certs");
if cert_dir.exists() {
result.cert_dir = Some(cert_dir);
}
}
if result.cert_file.is_some() && result.cert_dir.is_some() {
break;
}
}
result
}