mirror of
https://github.com/monero-project/monero.git
synced 2024-11-17 00:07:38 +00:00
net_ssl: load default certificates in CA mode on Windows
Because it always does things wonkily doens't it
This commit is contained in:
parent
fe3f6a3e6b
commit
2d1afceb0d
1 changed files with 42 additions and 0 deletions
|
@ -43,6 +43,10 @@
|
||||||
// openssl req -new -key /tmp/KEY -out /tmp/REQ
|
// openssl req -new -key /tmp/KEY -out /tmp/REQ
|
||||||
// openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
|
// openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
|
static void add_windows_root_certs(SSL_CTX *ctx) noexcept;
|
||||||
|
#endif
|
||||||
|
|
||||||
namespace
|
namespace
|
||||||
{
|
{
|
||||||
struct openssl_bio_free
|
struct openssl_bio_free
|
||||||
|
@ -324,7 +328,12 @@ boost::asio::ssl::context ssl_options_t::create_context() const
|
||||||
switch (verification)
|
switch (verification)
|
||||||
{
|
{
|
||||||
case ssl_verification_t::system_ca:
|
case ssl_verification_t::system_ca:
|
||||||
|
#ifdef _WIN32
|
||||||
|
try { add_windows_root_certs(ssl_context.native_handle()); }
|
||||||
|
catch (const std::exception &e) { ssl_context.set_default_verify_paths(); }
|
||||||
|
#else
|
||||||
ssl_context.set_default_verify_paths();
|
ssl_context.set_default_verify_paths();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case ssl_verification_t::user_certificates:
|
case ssl_verification_t::user_certificates:
|
||||||
ssl_context.set_verify_depth(0);
|
ssl_context.set_verify_depth(0);
|
||||||
|
@ -558,3 +567,36 @@ bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s)
|
||||||
} // namespace
|
} // namespace
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
|
|
||||||
|
// https://stackoverflow.com/questions/40307541
|
||||||
|
// Because Windows always has to do things wonkily
|
||||||
|
#include <wincrypt.h>
|
||||||
|
static void add_windows_root_certs(SSL_CTX *ctx) noexcept
|
||||||
|
{
|
||||||
|
HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT");
|
||||||
|
if (hStore == NULL) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
X509_STORE *store = X509_STORE_new();
|
||||||
|
PCCERT_CONTEXT pContext = NULL;
|
||||||
|
while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
|
||||||
|
// convert from DER to internal format
|
||||||
|
X509 *x509 = d2i_X509(NULL,
|
||||||
|
(const unsigned char **)&pContext->pbCertEncoded,
|
||||||
|
pContext->cbCertEncoded);
|
||||||
|
if(x509 != NULL) {
|
||||||
|
X509_STORE_add_cert(store, x509);
|
||||||
|
X509_free(x509);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
CertFreeCertificateContext(pContext);
|
||||||
|
CertCloseStore(hStore, 0);
|
||||||
|
|
||||||
|
// attach X509_STORE to boost ssl context
|
||||||
|
SSL_CTX_set_cert_store(ctx, store);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue