Certificate verification now works on windows using windows CA store

luprex/core/cpp/driver-mingw.cpp

@@ -184,6 +184,10 @@ static int socket_close(SOCKET socket) {
 }
 
 static int socket_poll(struct pollfd *pollvec, int pollcount, int mstimeout, std::string &err) {
+    if (pollcount == 0) {
+        if (mstimeout > 0) Sleep(mstimeout);
+        return 0;
+    }
     int status = WSAPoll(pollvec, pollcount, mstimeout);
     if (status < 0) {
         err = strerror_str(WSAGetLastError());
@@ -235,6 +239,29 @@ static int console_read(char *bytes, int nbytes) {
     }
 }
 
+static void load_root_certs(SSL_CTX *ctx) {
+    HCERTSTORE hStore = CertOpenSystemStoreW(0, L"ROOT");
+    PCCERT_CONTEXT pContext = NULL;
+    X509 *x509;
+    X509_STORE *store = SSL_CTX_get_cert_store(ctx);
+
+    if (!hStore) {
+        fprintf(stderr, "Cannot open system certificate store.\n");
+        exit(1);
+    }
+
+    while ((pContext = CertEnumCertificatesInStore(hStore, pContext))) {
+        const unsigned char *encoded_cert = pContext->pbCertEncoded; 
+        x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
+        if (x509) {
+            X509_STORE_add_cert(store, x509);
+            X509_free(x509);
+        }
+    }
+
+    CertCloseStore(hStore, 0);
+}
+
 static void ssl_ctx_use_dummycert(SSL_CTX *ctx);
 
 static SSL_CTX *new_ssl_server_context() {
@@ -250,6 +277,7 @@ static SSL_CTX *new_ssl_client_context(int verify) {
     SSL_CTX *ctx = SSL_CTX_new(TLS_method());
     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
     SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+    if (verify == SSL_VERIFY_PEER) load_root_certs(ctx);
     SSL_CTX_set_verify(ctx, verify, nullptr);
     return ctx;
 }