summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2010-11-12 17:50:30 (GMT)
committerRemko Tronçon <git@el-tramo.be>2010-11-12 17:50:30 (GMT)
commit4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf (patch)
tree0f7cf05a0f747cdf6cdd0af9ed34f4093eb7be2c
parent4f0feab0c23284f419270b3d82e04038277a0d91 (diff)
downloadswift-contrib-4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf.zip
swift-contrib-4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf.tar.bz2
Add Windows trust anchors to OpenSSL context.
-rw-r--r--BuildTools/SCons/SConstruct2
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLCertificate.h4
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp27
3 files changed, 32 insertions, 1 deletions
diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct
index 8690eca..8e06b4c 100644
--- a/BuildTools/SCons/SConstruct
+++ b/BuildTools/SCons/SConstruct
@@ -165,7 +165,7 @@ if env.get("coverage", 0) :
env.Append(LINKFLAGS = ["-fprofile-arcs", "-ftest-coverage"])
if env["PLATFORM"] == "win32" :
- env.Append(LIBS = ["user32", "dnsapi", "ws2_32", "wsock32"])
+ env.Append(LIBS = ["user32", "crypt32", "dnsapi", "ws2_32", "wsock32"])
env.Append(CCFLAGS = ["/EHsc", "/nologo"])
# FIXME: We should find a decent solution for MSVS 10
if int(env["MSVS_VERSION"].split(".")[0]) < 10 :
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
index ad16081..2255826 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
@@ -40,6 +40,10 @@ namespace Swift {
ByteArray toDER() const;
+ boost::shared_ptr<X509> getInternalX509() const {
+ return cert;
+ }
+
private:
void parse();
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 41c98c1..50436c7 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -3,11 +3,18 @@
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
+#include "Swiften/Base/Platform.h"
+
+#ifdef SWIFTEN_PLATFORM_WINDOWS
+#include <windows.h>
+#include <wincrypt.h>
+#endif
#include <vector>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
+
#include "Swiften/TLS/OpenSSL/OpenSSLContext.h"
#include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"
#include "Swiften/TLS/PKCS12Certificate.h"
@@ -25,6 +32,26 @@ void freeX509Stack(STACK_OF(X509)* stack) {
OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) {
ensureLibraryInitialized();
context_ = SSL_CTX_new(TLSv1_client_method());
+
+ // Load system certs
+#ifdef SWIFTEN_PLATFORM_WINDOWS
+ X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT");
+ if (systemStore) {
+ PCCERT_CONTEXT certContext = NULL;
+ while (true) {
+ certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext);
+ if (!certContext) {
+ break;
+ }
+ ByteArray certData(certContext->pbCertEncoded, certContext->cbCertEncoded);
+ OpenSSLCertificate cert(certData);
+ if (store && cert.getInternalX509()) {
+ X509_STORE_add_cert(store, cert.getInternalX509().get());
+ }
+ }
+ }
+#endif
}
OpenSSLContext::~OpenSSLContext() {