GitHub/libevent
1
0
Fork 0
mirror of https://github.com/libevent/libevent.git synced 2025-01-09 00:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

https-client: load certificates from the system cert store on Windows

Browse Source
This commit is contained in:
yuangongji 2019-09-15 21:45:26 +08:00
parent 095c8ae111
commit 572a565130
2 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CMakeLists.txt
View File

@ -977,6 +977,9 @@ macro(add_sample_prog ssl name)
if (${ssl}) if (${ssl})
target_link_libraries(${name} event_openssl) target_link_libraries(${name} event_openssl)
if(WIN32)
target_link_libraries(${name} crypt32)
endif()
endif() endif()
endmacro() endmacro()
if (NOT EVENT__DISABLE_SAMPLES) if (NOT EVENT__DISABLE_SAMPLES)

44
sample/https-client.c
View File

@ -118,7 +118,6 @@ err_openssl(const char *func)
exit(1); exit(1);
} }
#ifndef _WIN32
/* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */ /* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */
static int cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg) static int cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg)
{ {
@ -181,6 +180,35 @@ static int cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg)
return 0; return 0;
} }
} }
#ifdef _WIN32
static int
add_cert_for_store(X509_STORE *store, const char *name)
{
HCERTSTORE sys_store = NULL;
PCCERT_CONTEXT ctx = NULL;
int r = 0;
sys_store = CertOpenSystemStore(0, name);
if (!sys_store) {
err("failed to open system certificate store");
return -1;
}
while ((ctx = CertEnumCertificatesInStore(sys_store, ctx))) {
X509 *x509 = d2i_X509(NULL, (unsigned char const **)&ctx->pbCertEncoded,
ctx->cbCertEncoded);
if (x509) {
X509_STORE_add_cert(store, x509);
X509_free(x509);
} else {
r = -1;
err_openssl("d2i_X509");
break;
}
}
CertCloseStore(sys_store, 0);
return r;
}
#endif #endif
int int
@ -335,17 +363,22 @@ main(int argc, char **argv)
goto error; goto error;
} }
#ifndef _WIN32
/* TODO: Add certificate loading on Windows as well */
if (crt == NULL) { if (crt == NULL) {
X509_STORE *store; X509_STORE *store;
/* Attempt to use the system's trusted root certificates. */ /* Attempt to use the system's trusted root certificates. */
store = SSL_CTX_get_cert_store(ssl_ctx); store = SSL_CTX_get_cert_store(ssl_ctx);
#ifdef _WIN32
if (add_cert_for_store(store, "CA") < 0 ||
add_cert_for_store(store, "AuthRoot") < 0 ||
add_cert_for_store(store, "ROOT") < 0) {
goto error;
}
#else // _WIN32
if (X509_STORE_set_default_paths(store) != 1) { if (X509_STORE_set_default_paths(store) != 1) {
err_openssl("X509_STORE_set_default_paths"); err_openssl("X509_STORE_set_default_paths");
goto error; goto error;
} }
#endif // _WIN32
} else { } else {
if (SSL_CTX_load_verify_locations(ssl_ctx, crt, NULL) != 1) { if (SSL_CTX_load_verify_locations(ssl_ctx, crt, NULL) != 1) {
err_openssl("SSL_CTX_load_verify_locations"); err_openssl("SSL_CTX_load_verify_locations");
@ -376,9 +409,6 @@ main(int argc, char **argv)
* "wrapping" OpenSSL's routine, not replacing it. */ * "wrapping" OpenSSL's routine, not replacing it. */
SSL_CTX_set_cert_verify_callback(ssl_ctx, cert_verify_callback, SSL_CTX_set_cert_verify_callback(ssl_ctx, cert_verify_callback,
(void *) host); (void *) host);
#else // _WIN32
(void)crt;
#endif // _WIN32
// Create event base // Create event base
base = event_base_new(); base = event_base_new();