[update_checker] Use bundled Mozilla certificates for httplib (#2785)

Previously, using bundled OpenSSL would result in the SSL library to
fail to resolve certificates due to weird system funkiness that is
basically impossible to deal with in a way that won't give you anal
cancer. So to solve this the OpenSSL CI now bundles a precompiled
certificate from Mozilla, which makes the update checker work

Needs update checker testing on Windows and Android first and foremost

Signed-off-by: crueter <crueter@eden-emu.dev>
Reviewed-on: https://git.eden-emu.dev/eden-emu/eden/pulls/2785
Reviewed-by: MaranBr <maranbr@eden-emu.dev>

CMakeLists.txt

@@ -431,6 +431,9 @@ include(CPMUtil)
 if (ENABLE_OPENSSL)
     if (YUZU_USE_BUNDLED_OPENSSL)
         AddJsonPackage(openssl)
+        if (OpenSSL_ADDED)
+            add_compile_definitions(YUZU_BUNDLED_OPENSSL)
+        endif()
     endif()
 
     find_package(OpenSSL 1.1.1 REQUIRED)

src/yuzu/update_checker.cpp

@@ -5,20 +5,29 @@
 // Licensed under GPLv2 or any later version
 // Refer to the license.txt file included.
 
-// SPDX-FileCopyrightText: eden Emulator Project
-// SPDX-License-Identifier: GPL-3.0-or-later
-
 #include "update_checker.h"
 #include "common/logging/log.h"
+#include "common/scm_rev.h"
 #include <fmt/format.h>
+
+#ifndef CPPHTTPLIB_OPENSSL_SUPPORT
+#define CPPHTTPLIB_OPENSSL_SUPPORT
+#endif
+
 #include <httplib.h>
+
+#ifdef YUZU_BUNDLED_OPENSSL
+#include <openssl/cert.h>
+#endif
+
 #include <nlohmann/json.hpp>
 #include <optional>
+#include <qdebug.h>
 #include <string>
-#include "common/scm_rev.h"
 
 std::optional<std::string> UpdateChecker::GetResponse(std::string url, std::string path)
 {
+    try {
         constexpr std::size_t timeout_seconds = 15;
 
         std::unique_ptr<httplib::Client> client = std::make_unique<httplib::Client>(url);
@@ -26,6 +35,10 @@ std::optional<std::string> UpdateChecker::GetResponse(std::string url, std::stri
         client->set_read_timeout(timeout_seconds);
         client->set_write_timeout(timeout_seconds);
 
+#ifdef YUZU_BUNDLED_OPENSSL
+        client->load_ca_cert_store(kCert, sizeof(kCert));
+#endif
+
         if (client == nullptr) {
             LOG_ERROR(Frontend, "Invalid URL {}{}", url, path);
             return {};
@@ -37,7 +50,9 @@ std::optional<std::string> UpdateChecker::GetResponse(std::string url, std::stri
         };
 
         client->set_follow_location(true);
-    const auto result = client->send(request);
+        httplib::Result result;
+        result = client->send(request);
+
         if (!result) {
             LOG_ERROR(Frontend, "GET to {}{} returned null", url, path);
             return {};
@@ -45,7 +60,11 @@ std::optional<std::string> UpdateChecker::GetResponse(std::string url, std::stri
 
         const auto &response = result.value();
         if (response.status >= 400) {
-        LOG_ERROR(Frontend, "GET to {}{} returned error status code: {}", url, path, response.status);
+            LOG_ERROR(Frontend,
+                      "GET to {}{} returned error status code: {}",
+                      url,
+                      path,
+                      response.status);
             return {};
         }
         if (!response.headers.contains("content-type")) {
@@ -54,12 +73,17 @@ std::optional<std::string> UpdateChecker::GetResponse(std::string url, std::stri
         }
 
         return response.body;
+    } catch (std::exception &e) {
+        qDebug() << e.what();
+        return std::nullopt;
+    }
 }
 
 std::optional<std::string> UpdateChecker::GetLatestRelease(bool include_prereleases)
 {
     const auto update_check_url = std::string{Common::g_build_auto_update_api};
-    std::string update_check_path = fmt::format("/repos/{}", std::string{Common::g_build_auto_update_repo});
+    std::string update_check_path = fmt::format("/repos/{}",
+                                                std::string{Common::g_build_auto_update_repo});
     try {
         if (include_prereleases) { // This can return either a prerelease or a stable release,
             // whichever is more recent.