diff options
| author | Remko Tronçon <git@el-tramo.be> | 2010-11-12 17:50:30 (GMT) | 
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2010-11-12 17:50:30 (GMT) | 
| commit | 4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf (patch) | |
| tree | 0f7cf05a0f747cdf6cdd0af9ed34f4093eb7be2c | |
| parent | 4f0feab0c23284f419270b3d82e04038277a0d91 (diff) | |
| download | swift-contrib-4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf.zip swift-contrib-4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf.tar.bz2 | |
Add Windows trust anchors to OpenSSL context.
| -rw-r--r-- | BuildTools/SCons/SConstruct | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.h | 4 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 27 | 
3 files changed, 32 insertions, 1 deletions
| diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct index 8690eca..8e06b4c 100644 --- a/BuildTools/SCons/SConstruct +++ b/BuildTools/SCons/SConstruct @@ -165,7 +165,7 @@ if env.get("coverage", 0) :  	env.Append(LINKFLAGS = ["-fprofile-arcs", "-ftest-coverage"])  if env["PLATFORM"] == "win32" : -	env.Append(LIBS = ["user32", "dnsapi", "ws2_32", "wsock32"]) +	env.Append(LIBS = ["user32", "crypt32", "dnsapi", "ws2_32", "wsock32"])  	env.Append(CCFLAGS = ["/EHsc", "/nologo"])  	# FIXME: We should find a decent solution for MSVS 10  	if int(env["MSVS_VERSION"].split(".")[0]) < 10 : diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h index ad16081..2255826 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h @@ -40,6 +40,10 @@ namespace Swift {  			ByteArray toDER() const; +			boost::shared_ptr<X509> getInternalX509() const { +				return cert; +			} +  		private:  			void parse(); diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 41c98c1..50436c7 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -3,11 +3,18 @@   * Licensed under the GNU General Public License v3.   * See Documentation/Licenses/GPLv3.txt for more information.   */ +#include "Swiften/Base/Platform.h" + +#ifdef SWIFTEN_PLATFORM_WINDOWS +#include <windows.h> +#include <wincrypt.h> +#endif  #include <vector>  #include <openssl/err.h>  #include <openssl/pkcs12.h> +  #include "Swiften/TLS/OpenSSL/OpenSSLContext.h"  #include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"  #include "Swiften/TLS/PKCS12Certificate.h" @@ -25,6 +32,26 @@ void freeX509Stack(STACK_OF(X509)* stack) {  OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) {  	ensureLibraryInitialized();  	context_ = SSL_CTX_new(TLSv1_client_method()); + +	// Load system certs +#ifdef SWIFTEN_PLATFORM_WINDOWS +	X509_STORE* store = SSL_CTX_get_cert_store(context_); +	HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT"); +	if (systemStore) { +		PCCERT_CONTEXT certContext = NULL; +		while (true) { +			certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext); +			if (!certContext) { +				break; +			} +			ByteArray certData(certContext->pbCertEncoded, certContext->cbCertEncoded); +			OpenSSLCertificate cert(certData); +			if (store && cert.getInternalX509()) { +				X509_STORE_add_cert(store, cert.getInternalX509().get()); +			} +		} +	} +#endif  }  OpenSSLContext::~OpenSSLContext() { | 
 Swift
 Swift