talezero/integration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Certificate verification now works on windows using windows CA store

Browse Source
This commit is contained in:
Joshua Yelon
2022-03-18 21:52:45 -04:00
parent 37ed57a178
commit fa7296cde1
4 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
luprex/core/Makefile
View File

@@ -4,7 +4,7 @@ ifeq ($(OS),mingw)
LIBS=-L../mingwlib -lssl -lcrypto -lws2_32 -lcrypt32 -lcryptui LIBS=-L../mingwlib -lssl -lcrypto -lws2_32 -lcrypt32 -lcryptui
INCS=-I../mingwlib INCS=-I../mingwlib
LUAFLAGS=-DLUA_COMPAT_ALL LUAFLAGS=-DLUA_COMPAT_ALL
OPT=-g -O1 OPT=-g -O0
DRIVER=driver-mingw DRIVER=driver-mingw
else ifeq ($(OS),linux) else ifeq ($(OS),linux)
EXE=main EXE=main

2
luprex/core/cpp/driver-common.cpp
View File

@@ -64,6 +64,8 @@ static std::string ssl_errors_string(bool lastonly = true)
const char *file, *data, *func; const char *file, *data, *func;
int line, flags; int line, flags;
// ERR_print_errors_fp(stderr);
// exit(1);
while (true) while (true)
{ {
unsigned long code = ERR_get_error_all(&file, &line, &func, &data, &flags); unsigned long code = ERR_get_error_all(&file, &line, &func, &data, &flags);

28
luprex/core/cpp/driver-mingw.cpp
View File

@@ -184,6 +184,10 @@ static int socket_close(SOCKET socket) {
} }
static int socket_poll(struct pollfd *pollvec, int pollcount, int mstimeout, std::string &err) { static int socket_poll(struct pollfd *pollvec, int pollcount, int mstimeout, std::string &err) {
if (pollcount == 0) {
if (mstimeout > 0) Sleep(mstimeout);
return 0;
}
int status = WSAPoll(pollvec, pollcount, mstimeout); int status = WSAPoll(pollvec, pollcount, mstimeout);
if (status < 0) { if (status < 0) {
err = strerror_str(WSAGetLastError()); err = strerror_str(WSAGetLastError());
@@ -235,6 +239,29 @@ static int console_read(char *bytes, int nbytes) {
} }
} }
static void load_root_certs(SSL_CTX *ctx) {
HCERTSTORE hStore = CertOpenSystemStoreW(0, L"ROOT");
PCCERT_CONTEXT pContext = NULL;
X509 *x509;
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
if (!hStore) {
fprintf(stderr, "Cannot open system certificate store.\n");
exit(1);
}
while ((pContext = CertEnumCertificatesInStore(hStore, pContext))) {
const unsigned char *encoded_cert = pContext->pbCertEncoded;
x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
if (x509) {
X509_STORE_add_cert(store, x509);
X509_free(x509);
}
}
CertCloseStore(hStore, 0);
}
static void ssl_ctx_use_dummycert(SSL_CTX *ctx); static void ssl_ctx_use_dummycert(SSL_CTX *ctx);
static SSL_CTX *new_ssl_server_context() { static SSL_CTX *new_ssl_server_context() {
@@ -250,6 +277,7 @@ static SSL_CTX *new_ssl_client_context(int verify) {
SSL_CTX *ctx = SSL_CTX_new(TLS_method()); SSL_CTX *ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
if (verify == SSL_VERIFY_PEER) load_root_certs(ctx);
SSL_CTX_set_verify(ctx, verify, nullptr); SSL_CTX_set_verify(ctx, verify, nullptr);
return ctx; return ctx;
} }

4
luprex/core/cpp/eng-tests.cpp
View File

@@ -35,8 +35,8 @@ class DriverWebServerTest : public DrivenEngine {
public: public:
eng::vector<SharedChannel> channels_; eng::vector<SharedChannel> channels_;
virtual void event_init(int argc, char *argv[]) { virtual void event_init(int argc, char *argv[]) {
SharedChannel ch = new_outgoing_channel("stanford.edu:80"); SharedChannel ch = new_outgoing_channel("cert:stanford.edu:443");
ch->out()->write_bytes("GET http://stanford.edu/index.html HTTP/1.1\n\n"); ch->out()->write_bytes("GET https://stanford.edu/xbanankjdsh.html HTTP/1.1\n\n");
channels_.emplace_back(std::move(ch)); channels_.emplace_back(std::move(ch));
} }