This is because glib expects the modules to have the so suffix
instead of the dylib one that meson defaults to.

Ensure variables are declared on the top of the block.

openssl provides X509_get_default_cert_file_env() which gives the env var (SSL_CERT_FILE)
to use for configuring the ca file path at runtime and X509_get_default_cert_file() which
gives a default path.

Assuming openssl is properly configured this makes glib-openssl work without setting
any path.

One remaining problem on Windows is that while under MSYS2 openssl is patched to be
relocatable this is not the case for all Windows openssl users. For that introduce
a G_TLS_OPENSSL_HANDLE_CERT_RELOCATABLE env var which when set uses a hardcoded relative
path, as was the default before.

https://bugzilla.gnome.org/show_bug.cgi?id=795782

Due to name clashes between the Windows headers and openssl headers the include
order matters. In addition the 1.0 headers include the Windows headers themselves
which makes things more complicated.

According to
https://github.com/openssl/openssl/issues/1157#issuecomment-231330913
this is fixed in 1.1 by not including the Windows headers in the openssl headers
and requiring the user to include the Windows headers first (but I haven't tested this)

To avoid future breakage gather all openssl includes in one file, include the
Windows headers first and undef all the clashing macros.

https://bugzilla.gnome.org/show_bug.cgi?id=795782

Joakim Tosteberg authored Mar 16, 2018 and Ignacio Casal Quinteiro committed Mar 20, 2018

Add environment variables for enabling checking of certificate
revocation through OCSP. Policy is to allow connection in case of no
OCSP reply.

https://bugzilla.gnome.org/show_bug.cgi?id=794476

With this I am not saying that glib-openssl is less maintained
but that we want to use glib-networking instead of glib-openssl
for applications like Epiphany, since it is more tested for
those use cases. Instead I still encourage the usage of glib-openssl
since it is what we currently have available for windows and old
distributions.

See https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/

Meson is now the official build system to build with msvc

Iñigo Martínez authored Feb 08, 2018 and Ignacio Casal Quinteiro committed Mar 02, 2018

GIO modules are usually installed in a system directory that is
checked from the `gio-2.0.pc` file. However this might cause issues
to users without permissions to write in those system directories.

A new option has been added to allow anyone to choose a writable
directory. If this option is let empty it will fallback to the
previous behaviour by checking the information from the `gio-2.0.pc`
file.

The meson variable has also been renamed to prevent any confusion.

https://bugzilla.gnome.org/show_bug.cgi?id=793311

Iñigo Martínez authored Feb 08, 2018 and Ignacio Casal Quinteiro committed Mar 02, 2018

Following the meson porting guidelines[0], this patch renames the
`with-ca-certificates` build options. The following rules has been
applied:

- Remove the with prefix from string options.
- The character separator from multi-word options has been changed
  to underscore.

https://bugzilla.gnome.org/show_bug.cgi?id=793311

[0] https://wiki.gnome.org/Initiatives/GnomeGoals/MesonPorting

Silvio Lazzeretti authored Mar 01, 2018 and Ignacio Casal Quinteiro committed Mar 02, 2018

The ERR_error_string function is using a static
buffer to return the error string and this can
cause a data race in multithreaded environments.

This is the version supported by sles 11

This is instead of using the info callback which is not
supported on the new version of openssl

https://bugzilla.gnome.org/show_bug.cgi?id=792771

Joakim Tosteberg authored Jan 12, 2018 and Ignacio Casal Quinteiro committed Jan 19, 2018

Add environment variables for explictly setting the allowed signature
algorithms and curves that are used for tls connections.

https://bugzilla.gnome.org/show_bug.cgi?id=792605

Joakim Tosteberg authored Jan 12, 2018 and Ignacio Casal Quinteiro committed Jan 19, 2018

TLS compression is insecure and should not be used, so make sure it is
disabled.

https://bugzilla.gnome.org/show_bug.cgi?id=792604

Anders Skoglund authored Dec 19, 2017 and Ignacio Casal Quinteiro committed Dec 19, 2017

Add a check so that g_tls_client_connection_openssl_initable_init only
initialize the global data_index variable on the first call. If it is
initialized multiple times it can cause an error in retrieve_certificate
where it uses the index to retrieve stored data.

https://bugzilla.gnome.org/show_bug.cgi?id=791730