From 18bccc0c25097a9dabb4dd04ed65ee5a25fe8827 Mon Sep 17 00:00:00 2001
From: Josh Yelon <jyelon@gmail.com>
Date: Mon, 3 Jan 2022 15:03:58 -0500
Subject: [PATCH] sslcon now builds on mingw (now broken on linux)

---
 luprex/core/Makefile                |  10 +-
 luprex/experiments/build-sslcon.bat |   1 +
 luprex/experiments/sslcon.c         | 138 +++++++++++++++++++---------
 3 files changed, 102 insertions(+), 47 deletions(-)
 create mode 100644 luprex/experiments/build-sslcon.bat

diff --git a/luprex/core/Makefile b/luprex/core/Makefile
index aa226158..4127305a 100644
--- a/luprex/core/Makefile
+++ b/luprex/core/Makefile
@@ -2,13 +2,15 @@
 
 ifeq ($(OS),mingw)
   EXE=main.exe
-  LIBS=-lws2_32
+  LIBS=-L ../mingwlib -lssl -lcrypto -lws2_32 -lcrypt32 -lcryptui
+  INCS=-I ../mingwlib
   LUAFLAGS=-DLUA_COMPAT_ALL
   OPT=-g -O1
   DRIVER=driver-mingw
 else ifeq ($(OS),linux)
   EXE=main
-  LIBS=
+  LIBS=-lssl -lcrypto
+  INCS=
   LUAFLAGS=-DLUA_USE_POSIX
   OPT=-g -O1
   DRIVER=driver-linux
@@ -18,6 +20,7 @@ else
   ERROR=$(error You must specify OS=linux or OS=mingw)
   EXE=main
   LIBS=$(ERROR)
+  INCS=$(ERROR)
   LUAFLAGS=$(ERROR)
   OPT=$(ERROR)
   DRIVER=driver-xxx
@@ -99,8 +102,7 @@ lobj/%.o: ../eris-master/src/%.c
 	gcc -Wall $(OPT) -DLUA_USE_APICHECK $(LUAFLAGS) -c -MMD $< -o $@
 
 obj/%.o: cpp/%.cpp
-	g++ -std=c++17 -Wall $(OPT) -I../eris-master/src -Icpp -c -MMD $< -o $@
-
+	g++ -std=c++17 -Wall $(OPT) -I../eris-master/src -Icpp $(INCS) -c -MMD $< -o $@
 
 $(EXE): $(CORE_OBJ_FILES) $(LUA_OBJ_FILES)
 	g++ -std=c++17 -Wall $(OPT) -o $@ $(CORE_OBJ_FILES) $(LUA_OBJ_FILES) $(LIBS)
diff --git a/luprex/experiments/build-sslcon.bat b/luprex/experiments/build-sslcon.bat
new file mode 100644
index 00000000..10699ca9
--- /dev/null
+++ b/luprex/experiments/build-sslcon.bat
@@ -0,0 +1 @@
+gcc -o sslcon.exe sslcon.c -I ../mingwlib -L ../mingwlib -lssl -lcrypto -lws2_32 -lcrypt32 -lcryptui
\ No newline at end of file
diff --git a/luprex/experiments/sslcon.c b/luprex/experiments/sslcon.c
index df90def9..dad33c4b 100644
--- a/luprex/experiments/sslcon.c
+++ b/luprex/experiments/sslcon.c
@@ -5,6 +5,15 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
+
+#ifdef WIN64
+#include <ws2tcpip.h>
+#include <winsock2.h>
+#include <synchapi.h>
+#include <sysinfoapi.h>
+#include <wincrypt.h>
+#include <cryptuiapi.h>
+#else
 #include <sys/time.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -13,8 +22,44 @@
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <netdb.h>
+typedef int SOCKET;
+#endif
 
 
+void set_nonblocking(SOCKET sock) {
+    u_long mode = 1;  // 1 to enable non-blocking socket
+    int status = ioctlsocket(sock, FIONBIO, &mode);
+    assert(status == 0);
+}
+
+void load_root_certs(SSL_CTX *ctx) {
+    // SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+    HCERTSTORE hStore = CertOpenSystemStoreW(0, L"ROOT");
+    PCCERT_CONTEXT pContext = NULL;
+    X509 *x509;
+    X509_STORE *store = SSL_CTX_get_cert_store(ctx);
+
+    if (!hStore) {
+        fprintf(stderr, "Cannot open system certificate store.\n");
+        exit(1);
+    }
+
+    while (pContext = CertEnumCertificatesInStore(hStore, pContext)) {
+        const unsigned char *encoded_cert = pContext->pbCertEncoded; 
+        x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
+        if (x509) {
+            int i = X509_STORE_add_cert(store, x509);
+            if (i == 1) {
+                fprintf(stderr, "Certificate added.\n");
+            }
+            X509_free(x509);
+        }
+    }
+
+    CertCloseStore(hStore, 0);
+}
+
 void main(int argc, char **argv) {
 
     /* OPENSSL_init_ssl(0, NULL); */
@@ -23,9 +68,11 @@ void main(int argc, char **argv) {
     SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
     SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-    SSL_CTX_set_default_verify_paths(ssl_ctx);
+    load_root_certs(ssl_ctx);
     
-    int sock_fd = socket(AF_INET, SOCK_STREAM, 0);
+    WSADATA whocares;
+    assert(WSAStartup(MAKEWORD(2,2), &whocares) == 0);
+    SOCKET sock_fd = socket(AF_INET, SOCK_STREAM, 0);
 
     /* this is mit.edu */
     unsigned int ip0 = 104;
@@ -40,35 +87,39 @@ void main(int argc, char **argv) {
     addr.sin_addr.s_addr = htonl(ip);
 
     int status = connect(sock_fd, (struct sockaddr *) &addr, sizeof(struct sockaddr_in));
+    if (status != 0) {
+        int err = WSAGetLastError();
+        fprintf(stderr, "err #%d\n", err);
+        exit(1);
+    }
     assert(status == 0);
     fprintf(stderr, "Connect successful.\n");
 
-    int flags = fcntl(sock_fd, F_GETFL, 0);
-    assert(0 == fcntl(sock_fd, F_SETFL, flags | O_NONBLOCK));
+    set_nonblocking(sock_fd);
 
     SSL *ssl = SSL_new(ssl_ctx);
     SSL_set_fd(ssl, sock_fd);
     SSL_set1_host(ssl, "web.mit.edu");
     
     while (1) {
-	int ret = SSL_connect(ssl);
-	if (ret == 1) break;
-	int err = SSL_get_error(ssl, ret);
-	if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
-	    /* sleep(1); */
+        int ret = SSL_connect(ssl);
+        if (ret == 1) break;
+        int err = SSL_get_error(ssl, ret);
+        if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+            /* sleep(1); */
         } else {
-	    ERR_print_errors_fp(stderr);
-	    exit(1);
-	}
+            ERR_print_errors_fp(stderr);
+            exit(1);
+        }
     }
     fprintf(stderr, "SSL connect done.\n");
 
     
     STACK_OF(X509)* certCollection = SSL_get_peer_cert_chain(ssl);
     for (size_t i = 0; i < sk_X509_num(certCollection); i++) {
-	X509* cert = sk_X509_value(certCollection, i);
-	X509_print_fp(stderr, cert);
-	fprintf(stderr, "\n----\n");
+        X509* cert = sk_X509_value(certCollection, i);
+        X509_print_fp(stderr, cert);
+        fprintf(stderr, "\n----\n");
     }
 
     const char *req =
@@ -76,38 +127,39 @@ void main(int argc, char **argv) {
     int reqlen = strlen(req);
 
     while (reqlen > 0) {
-	size_t nwrote;
-	int ret = SSL_write_ex(ssl, req, reqlen, &nwrote);
-	if (ret == 1) {
-	    req += nwrote;
-	    reqlen -= nwrote;
-	} else {
-	    int err = SSL_get_error(ssl, ret);
-	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
-		/* sleep(1); */
-	    } else {
-		ERR_print_errors_fp(stderr);
-		exit(1);
-	    }
-	}
+        size_t nwrote;
+        int ret = SSL_write_ex(ssl, req, reqlen, &nwrote);
+        if (ret == 1) {
+            req += nwrote;
+            reqlen -= nwrote;
+        } else {
+            int err = SSL_get_error(ssl, ret);
+            if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+                /* sleep(1); */
+            } else {
+                ERR_print_errors_fp(stderr);
+                exit(1);
+            }
+        }
     }
     fprintf(stderr, "Header transmitted.\n");
 
     while (1) {
-	char buf[256];
-	size_t nread;
-	int ret = SSL_read_ex(ssl, buf, 256, &nread);
-	if (ret == 1) {
-	    write(1, buf, nread);
-	} else {
-	    int err = SSL_get_error(ssl, ret);
-	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
-		/* sleep(1); */
-	    } else {
-		ERR_print_errors_fp(stderr);
-		exit(1);
-	    }
-	}
+        char buf[256];
+        size_t nread;
+        int ret = SSL_read_ex(ssl, buf, 256, &nread);
+        if (ret == 1) {
+            fwrite(buf, 1, nread, stdout);
+            fflush(stdout);
+        } else {
+            int err = SSL_get_error(ssl, ret);
+            if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+                /* sleep(1); */
+            } else {
+                ERR_print_errors_fp(stderr);
+                exit(1);
+            }
+        }
     }
 }