环境:macos、libsoup-2.4
问题:通过soup_session_send调用http api报错 "unacceptable TLS certificate"
原因:libsoup使用gio-network的gnutls后端,默认查找证书在/opt/homebrew/etc/gnutls/cert.pem下,部分mac不存在这个证书文件。
解决:将/opt/homebrew/etc/gnutls/cert.pem证书打包到程序中,在代码中将证书设置到SoupSession的tls-database属性上
cpp
self->session = soup_session_new();
char exePath[512];
uint32_t size = sizeof(exePath);
if (_NSGetExecutablePath(exePath, &size) != 0) {
g_warning("Executable path too long\n");
return;
}
char *dir = dirname(exePath);
char env_path[512];
memset(env_path, 0, sizeof(env_path));
snprintf(env_path, sizeof(env_path), "%s/../Resources/gnutls/cert.pem", dir);
GError *error = NULL;
GTlsDatabase *db = g_tls_file_database_new(env_path, &error);
if (!db) {
g_warning("load cert failed: %s", error->message);
g_clear_error(&error);
}
g_object_set(self->session, "tls-database", db, NULL);
g_object_unref(db);