From f59f5a40914a83896d636e110b1e8b1f8655ef0f Mon Sep 17 00:00:00 2001 From: loonycyborg Date: Sat, 22 May 2021 01:06:10 +0300 Subject: [PATCH] Load system certificate store manually on Windows because boost.asio doesn't --- SConstruct | 2 +- source_lists/wesnoth | 1 + src/network_asio.cpp | 3 ++- src/tls_root_store.cpp | 33 +++++++++++++++++++++++++++++++++ src/tls_root_store.hpp | 11 +++++++++++ src/wesnothd_connection.cpp | 3 ++- 6 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 src/tls_root_store.cpp create mode 100644 src/tls_root_store.hpp diff --git a/SConstruct b/SConstruct index be3187e4b9d..bd8d2d4bad0 100755 --- a/SConstruct +++ b/SConstruct @@ -630,7 +630,7 @@ for env in [test_env, client_env, env]: env[d] = os.path.join(env["prefix"], env[d]) if env["PLATFORM"] == 'win32': - env.Append(LIBS = ["wsock32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"]) + env.Append(LIBS = ["wsock32", "crypt32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"]) if env["PLATFORM"] == 'darwin': # Mac OS X env.Append(FRAMEWORKS = "Cocoa") # Cocoa GUI diff --git a/source_lists/wesnoth b/source_lists/wesnoth index 5e56f1abc32..32a6f3eff8d 100644 --- a/source_lists/wesnoth +++ b/source_lists/wesnoth @@ -354,6 +354,7 @@ syncmp_handler.cpp team.cpp teambuilder.cpp terrain/filter.cpp +tls_root_store.cpp tod_manager.cpp units/abilities.cpp units/animation.cpp diff --git a/src/network_asio.cpp b/src/network_asio.cpp index 1e31b3f438f..154dbf3a57d 100644 --- a/src/network_asio.cpp +++ b/src/network_asio.cpp @@ -18,6 +18,7 @@ #include "log.hpp" #include "serialization/parser.hpp" +#include "tls_root_store.hpp" #include #include @@ -162,7 +163,7 @@ void connection::handle_handshake(const boost::system::error_code& ec) } if(handshake_response_.num == 0x00000000) { - tls_context_.set_default_verify_paths(); + load_tls_root_certs(tls_context_); raw_socket s { std::move(utils::get(socket_)) }; tls_socket ts { new tls_socket::element_type { std::move(*s), tls_context_ } }; socket_ = std::move(ts); diff --git a/src/tls_root_store.cpp b/src/tls_root_store.cpp new file mode 100644 index 00000000000..32f549471f1 --- /dev/null +++ b/src/tls_root_store.cpp @@ -0,0 +1,33 @@ +#include "tls_root_store.hpp" + +namespace network_asio +{ + +void load_tls_root_certs(boost::asio::ssl::context &ctx) +{ +#ifdef _WIN32 + HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT"); + assert(hStore != NULL); + + X509_STORE *store = X509_STORE_new(); + PCCERT_CONTEXT pContext = NULL; + while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) { + X509 *x509 = d2i_X509(NULL, + (const unsigned char **)&pContext->pbCertEncoded, + pContext->cbCertEncoded); + if(x509 != NULL) { + X509_STORE_add_cert(store, x509); + X509_free(x509); + } + } + + CertFreeCertificateContext(pContext); + CertCloseStore(hStore, 0); + + SSL_CTX_set_cert_store(ctx.native_handle(), store); +#else + ctx.set_default_verify_paths(); +#endif +} + +} diff --git a/src/tls_root_store.hpp b/src/tls_root_store.hpp new file mode 100644 index 00000000000..12c5786511e --- /dev/null +++ b/src/tls_root_store.hpp @@ -0,0 +1,11 @@ +#pragma once + +#include +#include + +namespace network_asio +{ + +void load_tls_root_certs(boost::asio::ssl::context &ctx); + +} diff --git a/src/wesnothd_connection.cpp b/src/wesnothd_connection.cpp index 93b0ee6b15b..6f632efd21e 100644 --- a/src/wesnothd_connection.cpp +++ b/src/wesnothd_connection.cpp @@ -19,6 +19,7 @@ #include "gettext.hpp" #include "log.hpp" #include "serialization/parser.hpp" +#include "tls_root_store.hpp" #include #include @@ -193,7 +194,7 @@ void wesnothd_connection::handle_handshake(const error_code& ec) } if(handshake_response_.num == 0x00000000) { - tls_context_.set_default_verify_paths(); + network_asio::load_tls_root_certs(tls_context_); raw_socket s { std::move(utils::get(socket_)) }; tls_socket ts { new tls_socket::element_type{std::move(*s), tls_context_} }; socket_ = std::move(ts);