Load system certificate store manually on Windows because boost.asio doesn't

2021-05-22 01:06:10 +03:00 · 2021-05-22 01:06:10 +03:00 · f59f5a4091
commit f59f5a4091
parent 8255d9a928
6 changed files with 50 additions and 3 deletions
--- a/2
+++ b/2
@ -630,7 +630,7 @@ for env in [test_env, client_env, env]:
        env[d] = os.path.join(env["prefix"], env[d])
    if env["PLATFORM"] == 'win32':
-        env.Append(LIBS = ["wsock32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"])
+        env.Append(LIBS = ["wsock32", "crypt32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"])
    if env["PLATFORM"] == 'darwin':            # Mac OS X
        env.Append(FRAMEWORKS = "Cocoa")            # Cocoa GUI
--- a/source_lists/wesnoth
+++ b/source_lists/wesnoth
@ -354,6 +354,7 @@ syncmp_handler.cpp
 team.cpp
 teambuilder.cpp
 terrain/filter.cpp
 tls_root_store.cpp
 tod_manager.cpp
 units/abilities.cpp
 units/animation.cpp
--- a/src/network_asio.cpp
+++ b/src/network_asio.cpp
@ -18,6 +18,7 @@
 #include "log.hpp"
 #include "serialization/parser.hpp"
 #include "tls_root_store.hpp"
 #include <boost/asio/connect.hpp>
 #include <boost/asio/read.hpp>
@ -162,7 +163,7 @@ void connection::handle_handshake(const boost::system::error_code& ec)
 		}
 		if(handshake_response_.num == 0x00000000) {
-			tls_context_.set_default_verify_paths();
+			load_tls_root_certs(tls_context_);
 			raw_socket s { std::move(utils::get<raw_socket>(socket_)) };
 			tls_socket ts { new tls_socket::element_type { std::move(*s), tls_context_ } };
 			socket_ = std::move(ts);
--- a/src/tls_root_store.cpp
+++ b/src/tls_root_store.cpp
@ -0,0 +1,33 @@
 #include "tls_root_store.hpp"
 namespace network_asio
 {
 void load_tls_root_certs(boost::asio::ssl::context &ctx)
 {
 #ifdef _WIN32
 	HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT");
 	assert(hStore != NULL);
 	X509_STORE *store = X509_STORE_new();
 	PCCERT_CONTEXT pContext = NULL;
 	while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
 		X509 *x509 = d2i_X509(NULL,
 			(const unsigned char **)&pContext->pbCertEncoded,
 			pContext->cbCertEncoded);
 		if(x509 != NULL) {
 			X509_STORE_add_cert(store, x509);
 			X509_free(x509);
 		}
 	}
 	CertFreeCertificateContext(pContext);
 	CertCloseStore(hStore, 0);
 	SSL_CTX_set_cert_store(ctx.native_handle(), store);
 #else
 	ctx.set_default_verify_paths();
 #endif
 }
 }
--- a/src/tls_root_store.hpp
+++ b/src/tls_root_store.hpp
@ -0,0 +1,11 @@
 #pragma once
 #include <boost/asio/ssl/context.hpp>
 #include <wincrypt.h>
 namespace network_asio
 {
 void load_tls_root_certs(boost::asio::ssl::context &ctx);
 }
--- a/src/wesnothd_connection.cpp
+++ b/src/wesnothd_connection.cpp
@ -19,6 +19,7 @@
 #include "gettext.hpp"
 #include "log.hpp"
 #include "serialization/parser.hpp"
 #include "tls_root_store.hpp"
 #include <boost/asio/connect.hpp>
 #include <boost/asio/read.hpp>
@ -193,7 +194,7 @@ void wesnothd_connection::handle_handshake(const error_code& ec)
 		}
 		if(handshake_response_.num == 0x00000000) {
-			tls_context_.set_default_verify_paths();
+			network_asio::load_tls_root_certs(tls_context_);
 			raw_socket s { std::move(utils::get<raw_socket>(socket_)) };
 			tls_socket ts { new tls_socket::element_type{std::move(*s), tls_context_} };
 			socket_ = std::move(ts);