From 073d6f5e80c497e4143dfdc88ff05a93af351ede Mon Sep 17 00:00:00 2001
From: Robin Gareus <robin@gareus.org>
Date: Tue, 18 Oct 2022 19:37:06 +0200
Subject: [PATCH] Disable cert check if no SSL certs are found (#9005)

---
 gtk2_ardour/ardour_http.cc | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/gtk2_ardour/ardour_http.cc b/gtk2_ardour/ardour_http.cc
index eb67598230..d164e47d81 100644
--- a/gtk2_ardour/ardour_http.cc
+++ b/gtk2_ardour/ardour_http.cc
@@ -55,13 +55,18 @@ const char* HttpGet::ca_info = NULL;
 void
 HttpGet::ca_setopt (CURL* c)
 {
-	if (ca_info) {
+	if (ca_info && strlen (ca_info) > 0) {
 		curl_easy_setopt (c, CURLOPT_CAINFO, ca_info);
 	}
 	if (ca_path) {
 		curl_easy_setopt (c, CURLOPT_CAPATH, ca_path);
 	}
-	if (ca_info || ca_path) {
+
+	if (ca_info && strlen (ca_info) == 0) {
+		/* not hat for you */
+		curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
+	} else if (ca_info || ca_path) {
 		curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 1);
 	}
 }
@@ -94,8 +99,9 @@ HttpGet::setup_certificate_paths ()
 	else if (Glib::file_test ("/etc/pki/tls/cert.pem", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_REGULAR)) {
 		// GNU/TLS can keep extra stuff here
 		ca_info = "/etc/pki/tls/cert.pem";
+	} else {
+		ca_info = ""; // disable cert check
 	}
-	// else NULL: use default (currently) "/etc/ssl/certs/ca-certificates.crt" if it exists
 
 	if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
 		// we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882
@@ -105,7 +111,7 @@ HttpGet::setup_certificate_paths ()
 		// Debian and derivs + OpenSuSe
 		ca_path = "/etc/ssl/certs";
 	} else {
-		ca_path = "/nonexistent_path"; // don't try -- just in case:
+		ca_path = "/nonexistent_path";
 	}
 
 	/* If we don't set anything defaults are used. at the time of writing we compile bundled curl on debian