summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2011-04-18 17:41:05 (GMT)
committerRemko Tronçon <git@el-tramo.be>2011-04-18 17:41:05 (GMT)
commite494f9a206cbb44903f3a032f858b0ef35a039d1 (patch)
tree7ca1110f6efb325874a3ea1dcdeb4ce8e8d9b979
parentf0cc7282e0e60de3a0deebd3975c535dd96d4c34 (diff)
downloadswift-contrib-e494f9a206cbb44903f3a032f858b0ef35a039d1.zip
swift-contrib-e494f9a206cbb44903f3a032f858b0ef35a039d1.tar.bz2
Explicitly add system store trust anchors on Mac OS X 10.5.swift-1.0
-rw-r--r--BuildTools/SCons/SConstruct1
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp25
2 files changed, 26 insertions, 0 deletions
diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct
index 86f4cda..bd40f1f 100644
--- a/BuildTools/SCons/SConstruct
+++ b/BuildTools/SCons/SConstruct
@@ -160,6 +160,7 @@ if env.get("mac105", 0) :
"-mmacosx-version-min=10.5",
"-isysroot", "/Developer/SDKs/MacOSX10.5.sdk",
"-arch", "i386"])
+ env.Append(FRAMEWORKS = ["Security"])
# If we build shared libs on AMD64, we need -fPIC.
# This should have no performance impact om AMD64
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 21e377f..378b6aa 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -14,6 +14,9 @@
#include <openssl/err.h>
#include <openssl/pkcs12.h>
+#if defined(SWIFTEN_PLATFORM_MACOSX) && OPENSSL_VERSION_NUMBER < 0x00908000
+#include <Security/Security.h>
+#endif
#include "Swiften/TLS/OpenSSL/OpenSSLContext.h"
#include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"
@@ -54,6 +57,28 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
}
#elif !defined(SWIFTEN_PLATFORM_MACOSX)
SSL_CTX_load_verify_locations(context_, NULL, "/etc/ssl/certs");
+#elif defined(SWIFTEN_PLATFORM_MACOSX) && OPENSSL_VERSION_NUMBER < 0x00908000
+ // On Mac OS X 10.5 (OpenSSL < 0.9.8), OpenSSL does not automatically look in the system store.
+ // We therefore add all certs from the system store ourselves.
+ X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ CFArrayRef anchorCertificates;
+ if (SecTrustCopyAnchorCertificates(&anchorCertificates) == 0) {
+ for (int i = 0; i < CFArrayGetCount(anchorCertificates); ++i) {
+ SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(const_cast<void*>(CFArrayGetValueAtIndex(anchorCertificates, i)));
+ CSSM_DATA certCSSMData;
+ if (SecCertificateGetData(cert, &certCSSMData) != 0 || certCSSMData.Length == 0) {
+ continue;
+ }
+ std::vector<unsigned char> certData;
+ certData.resize(certCSSMData.Length);
+ memcpy(&certData[0], certCSSMData.Data, certCSSMData.Length);
+ OpenSSLCertificate certificate(certData);
+ if (store && certificate.getInternalX509()) {
+ X509_STORE_add_cert(store, certificate.getInternalX509().get());
+ }
+ }
+ CFRelease(anchorCertificates);
+ }
#endif
}