openssl.recipe: Fix crash on iOS TestFlight

Don't try to look for a portable ca cert when running on anything
other than macOS, since there's no portable prefix there at all.
All libraries and plugins are usually linked statically into the app.

Fixes https://gitlab.freedesktop.org/gstreamer/cerbero/-/issues/342

Part-of: <https://gitlab.freedesktop.org/gstreamer/cerbero/-/merge_requests/770>

1 files changed, 21 insertions, 12 deletions

diff --git a/recipes/openssl/0001-Load-ca-certificate.crt-from-PREFIX-etc-ssl-on-macOS.patch b/recipes/openssl/0001-Load-ca-certificate.crt-from-PREFIX-etc-ssl-on-macOS.patch
index 421bb6b8..ebeef746 100644
--- a/recipes/openssl/0001-Load-ca-certificate.crt-from-PREFIX-etc-ssl-on-macOS.patch
+++ b/recipes/openssl/0001-Load-ca-certificate.crt-from-PREFIX-etc-ssl-on-macOS.patch
@@ -1,15 +1,15 @@
-From 903e3b9db2a2425a75f36df4edcc40876e9a0ada Mon Sep 17 00:00:00 2001
-From: Cerbero Build System <cerbero@gstreamer.freedesktop.org>
-Date: Tue, 31 Mar 2020 12:41:07 +0530
+From 4f2c094d92bb5d16029333699dabad894e252e9b Mon Sep 17 00:00:00 2001
+From: Nirbheek Chauhan <nirbheek@centricular.com>
+Date: Thu, 23 Sep 2021 16:16:08 +0530
 Subject: [PATCH] Load ca-certificate.crt from PREFIX/etc/ssl on macOS and
  Windows
 
 PREFIX is automatically detected based on the location of the crypto
 library.
 ---
- crypto/dllmain.c      | 31 +++++++++++++++++++++++++++++++
- crypto/x509/by_file.c | 41 ++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 71 insertions(+), 1 deletion(-)
+ crypto/dllmain.c      | 31 +++++++++++++++++++++++++++
+ crypto/x509/by_file.c | 50 ++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 80 insertions(+), 1 deletion(-)
 
 diff --git a/crypto/dllmain.c b/crypto/dllmain.c
 index e821789..67568e3 100644
@@ -61,17 +61,26 @@ index e821789..67568e3 100644
      case DLL_THREAD_ATTACH:
          break;
 diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
-index 237b362..25ce782 100644
+index 237b362..5f67759 100644
 --- a/crypto/x509/by_file.c
 +++ b/crypto/x509/by_file.c
-@@ -17,6 +17,40 @@
+@@ -17,6 +17,49 @@
  #include <openssl/pem.h>
  #include "x509_local.h"
  
++// We only want to look for portable ca certificates when running on macOS,
++// not on iPhone, watchOS, tvOS, a simulator, etc.
++#ifdef __APPLE__
++#include "TargetConditionals.h"
++#if TARGET_OS_OSX
++#define WANT_PORTABLE_CERT_FILE_DLADDR
++#endif
++#endif
++
 +#ifdef _WIN32
 +/* defined in crypto/dllmain.c */
 +char* _get_portable_X509_cert_file (void);
-+#elif defined(__APPLE__)
++#elif defined(WANT_PORTABLE_CERT_FILE_DLADDR)
 +#include <dlfcn.h>
 +char *
 +_get_portable_X509_cert_file (void)
@@ -105,7 +114,7 @@ index 237b362..25ce782 100644
  static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                          long argl, char **ret);
  static X509_LOOKUP_METHOD x509_file_lookup = {
-@@ -46,11 +80,15 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+@@ -46,11 +89,15 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
      switch (cmd) {
      case X509_L_FILE_LOAD:
          if (argl == X509_FILETYPE_DEFAULT) {
@@ -122,7 +131,7 @@ index 237b362..25ce782 100644
              else
                  ok = (X509_load_cert_crl_file
                        (ctx, X509_get_default_cert_file(),
-@@ -59,6 +97,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+@@ -59,6 +106,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
              if (!ok) {
                  X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
              }
@@ -131,5 +140,5 @@ index 237b362..25ce782 100644
              if (argl == X509_FILETYPE_PEM)
                  ok = (X509_load_cert_crl_file(ctx, argp,
 -- 
-2.21.1 (Apple Git-122.3)
+2.31.1