Load system certificate store manually on Windows because boost.asio doesn't

2021-05-22 01:06:10 +03:00 · 2021-05-22 01:06:10 +03:00 · f59f5a4091
commit f59f5a4091
parent 8255d9a928
6 changed files with 50 additions and 3 deletions
--- a/2
+++ b/2
@ -630,7 +630,7 @@ for env in [test_env, client_env, env]:
        env[d] = os.path.join(env["prefix"], env[d])

    if env["PLATFORM"] == 'win32':
-        env.Append(LIBS = ["wsock32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"])
+        env.Append(LIBS = ["wsock32", "crypt32", "iconv", "z", "shlwapi", "winmm", "ole32", "uuid"], CCFLAGS = ["-mthreads"], LINKFLAGS = ["-mthreads"], CPPDEFINES = ["_WIN32_WINNT=0x0601"])

    if env["PLATFORM"] == 'darwin':            # Mac OS X
        env.Append(FRAMEWORKS = "Cocoa")            # Cocoa GUI
--- a/source_lists/wesnoth
+++ b/source_lists/wesnoth
@ -354,6 +354,7 @@ syncmp_handler.cpp
 team.cpp
 teambuilder.cpp
 terrain/filter.cpp
+tls_root_store.cpp
 tod_manager.cpp
 units/abilities.cpp
 units/animation.cpp
--- a/src/network_asio.cpp
+++ b/src/network_asio.cpp
@ -18,6 +18,7 @@

 #include "log.hpp"
 #include "serialization/parser.hpp"
+#include "tls_root_store.hpp"

 #include <boost/asio/connect.hpp>
 #include <boost/asio/read.hpp>
@ -162,7 +163,7 @@ void connection::handle_handshake(const boost::system::error_code& ec)
 		}

 		if(handshake_response_.num == 0x00000000) {
-			tls_context_.set_default_verify_paths();
+			load_tls_root_certs(tls_context_);
 			raw_socket s { std::move(utils::get<raw_socket>(socket_)) };
 			tls_socket ts { new tls_socket::element_type { std::move(*s), tls_context_ } };
 			socket_ = std::move(ts);
--- a/src/tls_root_store.cpp
+++ b/src/tls_root_store.cpp
@ -0,0 +1,33 @@
+#include "tls_root_store.hpp"
+
+namespace network_asio
+{
+
+void load_tls_root_certs(boost::asio::ssl::context &ctx)
+{
+#ifdef _WIN32
+	HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT");
+	assert(hStore != NULL);
+
+	X509_STORE *store = X509_STORE_new();
+	PCCERT_CONTEXT pContext = NULL;
+	while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
+		X509 *x509 = d2i_X509(NULL,
+			(const unsigned char **)&pContext->pbCertEncoded,
+			pContext->cbCertEncoded);
+		if(x509 != NULL) {
+			X509_STORE_add_cert(store, x509);
+			X509_free(x509);
+		}
+	}
+
+	CertFreeCertificateContext(pContext);
+	CertCloseStore(hStore, 0);
+
+	SSL_CTX_set_cert_store(ctx.native_handle(), store);
+#else
+	ctx.set_default_verify_paths();
+#endif
+}
+
+}
--- a/src/tls_root_store.hpp
+++ b/src/tls_root_store.hpp
@ -0,0 +1,11 @@
+#pragma once
+
+#include <boost/asio/ssl/context.hpp>
+#include <wincrypt.h>
+
+namespace network_asio
+{
+
+void load_tls_root_certs(boost::asio::ssl::context &ctx);
+
+}
--- a/src/wesnothd_connection.cpp
+++ b/src/wesnothd_connection.cpp
@ -19,6 +19,7 @@
 #include "gettext.hpp"
 #include "log.hpp"
 #include "serialization/parser.hpp"
+#include "tls_root_store.hpp"

 #include <boost/asio/connect.hpp>
 #include <boost/asio/read.hpp>
@ -193,7 +194,7 @@ void wesnothd_connection::handle_handshake(const error_code& ec)
 		}

 		if(handshake_response_.num == 0x00000000) {
-			tls_context_.set_default_verify_paths();
+			network_asio::load_tls_root_certs(tls_context_);
 			raw_socket s { std::move(utils::get<raw_socket>(socket_)) };
 			tls_socket ts { new tls_socket::element_type{std::move(*s), tls_context_} };
 			socket_ = std::move(ts);