From 4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Remko=20Tron=C3=A7on?= <git@el-tramo.be>
Date: Fri, 12 Nov 2010 18:50:30 +0100
Subject: Add Windows trust anchors to OpenSSL context.


diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct
index 8690eca..8e06b4c 100644
--- a/BuildTools/SCons/SConstruct
+++ b/BuildTools/SCons/SConstruct
@@ -165,7 +165,7 @@ if env.get("coverage", 0) :
 	env.Append(LINKFLAGS = ["-fprofile-arcs", "-ftest-coverage"])
 
 if env["PLATFORM"] == "win32" :
-	env.Append(LIBS = ["user32", "dnsapi", "ws2_32", "wsock32"])
+	env.Append(LIBS = ["user32", "crypt32", "dnsapi", "ws2_32", "wsock32"])
 	env.Append(CCFLAGS = ["/EHsc", "/nologo"])
 	# FIXME: We should find a decent solution for MSVS 10
 	if int(env["MSVS_VERSION"].split(".")[0]) < 10 :
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
index ad16081..2255826 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h
@@ -40,6 +40,10 @@ namespace Swift {
 
 			ByteArray toDER() const;
 
+			boost::shared_ptr<X509> getInternalX509() const {
+				return cert;
+			}
+
 		private:
 			void parse();
 
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 41c98c1..50436c7 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -3,11 +3,18 @@
  * Licensed under the GNU General Public License v3.
  * See Documentation/Licenses/GPLv3.txt for more information.
  */
+#include "Swiften/Base/Platform.h"
+
+#ifdef SWIFTEN_PLATFORM_WINDOWS
+#include <windows.h>
+#include <wincrypt.h>
+#endif
 
 #include <vector>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
 
+
 #include "Swiften/TLS/OpenSSL/OpenSSLContext.h"
 #include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h"
 #include "Swiften/TLS/PKCS12Certificate.h"
@@ -25,6 +32,26 @@ void freeX509Stack(STACK_OF(X509)* stack) {
 OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) {
 	ensureLibraryInitialized();
 	context_ = SSL_CTX_new(TLSv1_client_method());
+
+	// Load system certs
+#ifdef SWIFTEN_PLATFORM_WINDOWS
+	X509_STORE* store = SSL_CTX_get_cert_store(context_);
+	HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT");
+	if (systemStore) {
+		PCCERT_CONTEXT certContext = NULL;
+		while (true) {
+			certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext);
+			if (!certContext) {
+				break;
+			}
+			ByteArray certData(certContext->pbCertEncoded, certContext->cbCertEncoded);
+			OpenSSLCertificate cert(certData);
+			if (store && cert.getInternalX509()) {
+				X509_STORE_add_cert(store, cert.getInternalX509().get());
+			}
+		}
+	}
+#endif
 }
 
 OpenSSLContext::~OpenSSLContext() {
-- 
cgit v0.10.2-6-g49f6