From 4cca59f3c272d19b02e3a4a8ff4a1007fdfd65cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Remko=20Tron=C3=A7on?= <git@el-tramo.be> Date: Fri, 12 Nov 2010 18:50:30 +0100 Subject: Add Windows trust anchors to OpenSSL context. diff --git a/BuildTools/SCons/SConstruct b/BuildTools/SCons/SConstruct index 8690eca..8e06b4c 100644 --- a/BuildTools/SCons/SConstruct +++ b/BuildTools/SCons/SConstruct @@ -165,7 +165,7 @@ if env.get("coverage", 0) : env.Append(LINKFLAGS = ["-fprofile-arcs", "-ftest-coverage"]) if env["PLATFORM"] == "win32" : - env.Append(LIBS = ["user32", "dnsapi", "ws2_32", "wsock32"]) + env.Append(LIBS = ["user32", "crypt32", "dnsapi", "ws2_32", "wsock32"]) env.Append(CCFLAGS = ["/EHsc", "/nologo"]) # FIXME: We should find a decent solution for MSVS 10 if int(env["MSVS_VERSION"].split(".")[0]) < 10 : diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h index ad16081..2255826 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h @@ -40,6 +40,10 @@ namespace Swift { ByteArray toDER() const; + boost::shared_ptr<X509> getInternalX509() const { + return cert; + } + private: void parse(); diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 41c98c1..50436c7 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -3,11 +3,18 @@ * Licensed under the GNU General Public License v3. * See Documentation/Licenses/GPLv3.txt for more information. */ +#include "Swiften/Base/Platform.h" + +#ifdef SWIFTEN_PLATFORM_WINDOWS +#include <windows.h> +#include <wincrypt.h> +#endif #include <vector> #include <openssl/err.h> #include <openssl/pkcs12.h> + #include "Swiften/TLS/OpenSSL/OpenSSLContext.h" #include "Swiften/TLS/OpenSSL/OpenSSLCertificate.h" #include "Swiften/TLS/PKCS12Certificate.h" @@ -25,6 +32,26 @@ void freeX509Stack(STACK_OF(X509)* stack) { OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readBIO_(0), writeBIO_(0) { ensureLibraryInitialized(); context_ = SSL_CTX_new(TLSv1_client_method()); + + // Load system certs +#ifdef SWIFTEN_PLATFORM_WINDOWS + X509_STORE* store = SSL_CTX_get_cert_store(context_); + HCERTSTORE systemStore = CertOpenSystemStore(0, "ROOT"); + if (systemStore) { + PCCERT_CONTEXT certContext = NULL; + while (true) { + certContext = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, certContext); + if (!certContext) { + break; + } + ByteArray certData(certContext->pbCertEncoded, certContext->cbCertEncoded); + OpenSSLCertificate cert(certData); + if (store && cert.getInternalX509()) { + X509_STORE_add_cert(store, cert.getInternalX509().get()); + } + } + } +#endif } OpenSSLContext::~OpenSSLContext() { -- cgit v0.10.2-6-g49f6