16 years ago · ea41a5a834
--- a/panda/src/configfiles/panda.prc.pp
+++ b/panda/src/configfiles/panda.prc.pp
@@ -119,6 +119,6 @@ egg-object-type-glow            <Scalar> blend { add }
 
				 # used when packaging up the p3dcert application for publish.
			
 
				 #define install_dir $[$[upcase $[PACKAGE]]_INSTALL]
			
 
				 #define install_data_dir $[or $[INSTALL_DATA_DIR],$[install_dir]/shared]
			
 
				-ssl-certificates $[install_data_dir]/ca-bundle.crt
			
 
				+ca-bundle-filename $[install_data_dir]/ca-bundle.crt
			
 
				 
			
 
				 #end 20_panda.prc
			
--- a/panda/src/express/config_express.cxx
+++ b/panda/src/express/config_express.cxx
@@ -69,12 +69,15 @@ ConfigVariableBool collect_tcp
 
				 ConfigVariableDouble collect_tcp_interval
			
 
				 ("collect-tcp-interval", 0.2);
			
 
				 
			
 
				-ConfigVariableList ssl_certificates
			
 
				-("ssl-certificates",
			
 
				- PRC_DESC("This names one or more certificate authority files for OpenSSL "
			
 
				+ConfigVariableFilename ca_bundle_filename
			
 
				+("ca-bundle-filename", "",
			
 
				+ PRC_DESC("This names the certificate authority file for OpenSSL "
			
 
				           "to use to verify whether SSL certificates are trusted or not.  "
			
 
				-          "The file(s) named by this setting should contain one or more "
			
 
				-          "PEM-formatted certificates from trusted certificate authorities."));
			
 
				+          "The file named by this setting should contain one or more "
			
 
				+          "PEM-formatted certificates from trusted certificate "
			
 
				+          "authorities.  This is a fairly standard file; a copy of "
			
 
				+          "ca-bundle.crt is included in the OpenSSL distribution, and "
			
 
				+          "is also included with Panda."));
			
 
				 
			
 
				 ////////////////////////////////////////////////////////////////////
			
 
				 //     Function: init_libexpress
			
--- a/panda/src/express/config_express.h
+++ b/panda/src/express/config_express.h
@@ -23,6 +23,7 @@
 
				 #include "configVariableInt.h"
			
 
				 #include "configVariableDouble.h"
			
 
				 #include "configVariableList.h"
			
 
				+#include "configVariableFilename.h"
			
 
				 
			
 
				 // Include this so interrogate can find it.
			
 
				 #include "executionEnvironment.h"
			
@@ -52,7 +53,7 @@ extern ConfigVariableBool keep_temporary_files;
 
				 
			
 
				 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
			
 
				 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
			
 
				-extern ConfigVariableList ssl_certificates;
			
 
				+extern ConfigVariableFilename ca_bundle_filename;
			
 
				 
			
 
				 // Expose the Config variable for Python access.
			
 
				 BEGIN_PUBLISH
			
--- a/panda/src/express/openSSLWrapper.cxx
+++ b/panda/src/express/openSSLWrapper.cxx
@@ -39,11 +39,8 @@ OpenSSLWrapper() {
 
				   X509_STORE_set_default_paths(_x509_store);
			
 
				 
			
 
				   // Load in any default certificates listed in the Config.prc file.
			
 
				-  int num_certs = ssl_certificates.get_num_unique_values();
			
 
				-  for (int ci = 0; ci < num_certs; ci++) {
			
 
				-    string cert_file = ssl_certificates.get_unique_value(ci);
			
 
				-    Filename filename = Filename::expand_from(cert_file);
			
 
				-    load_certificates(filename);
			
 
				+  if (!ca_bundle_filename.empty()) {
			
 
				+    load_certificates(ca_bundle_filename);
			
 
				   }
			
 
				 }