Skip to content

Commit 14d025b

Browse files
livecodefraserlivecodefraser
committed
Merge pull request livecode#3775 from livecodefraser/bugfix-17174
Use the system certificate store for Win32 server SSL verification
2 parents a474d59 + 91026e2 commit 14d025b

3 files changed

Lines changed: 4 additions & 11 deletions

File tree

docs/notes/bugfix-17174.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
# Use the system certificate store for Win32 server SSL verification

engine/src/mcssl.cpp

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -774,7 +774,7 @@ bool load_ssl_ctx_certs_from_file(SSL_CTX *p_ssl_ctx, const char *p_path)
774774
return SSL_CTX_load_verify_locations(p_ssl_ctx, p_path, NULL) != 0;
775775
}
776776

777-
#if defined(TARGET_PLATFORM_MACOS_X) || defined(TARGET_PLATFORM_WINDOWS)
777+
#if defined(TARGET_PLATFORM_MACOS_X) || defined(_WIN32)
778778

779779
void free_x509_stack(STACK_OF(X509) *p_stack)
780780
{
@@ -958,7 +958,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
958958
return true;
959959
}
960960

961-
#elif defined(TARGET_PLATFORM_WINDOWS)
961+
#elif defined(_WIN32)
962962

963963
bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
964964
{
@@ -981,11 +981,7 @@ bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
981981
if (t_valid)
982982
{
983983
X509 *t_x509 = NULL;
984-
#if defined(TARGET_PLATFORM_WINDOWS)
985984
const unsigned char *t_data = (const unsigned char*) t_cert_enum->pbCertEncoded;
986-
#else
987-
unsigned char *t_data = t_cert_enum->pbCertEncoded;
988-
#endif
989985
long t_len = t_cert_enum->cbCertEncoded;
990986

991987
t_success = NULL != (t_x509 = d2i_X509(NULL, &t_data, t_len));
@@ -1027,11 +1023,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
10271023
if (t_valid)
10281024
{
10291025
X509_CRL *t_crl = NULL;
1030-
#if defined(TARGET_PLATFORM_WINDOWS)
10311026
const unsigned char *t_data = (const unsigned char*)t_crl_enum->pbCrlEncoded;
1032-
#else
1033-
unsigned char *t_data = t_crl_enum->pbCrlEncoded;
1034-
#endif
10351027
long t_len = t_crl_enum->cbCrlEncoded;
10361028

10371029
t_success = NULL != (t_crl = d2i_X509_CRL(NULL, &t_data, t_len));

engine/src/srvspec.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -351,7 +351,7 @@ static void url_execute(MCStringRef p_url, MCUrlExecuteCallback p_callback, void
351351
// IM-2014-07-28: [[ Bug 12822 ]] Override default ssl certificate loading.
352352
if (curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYPEER, 1) != CURLE_OK ||
353353
curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYHOST, 2) != CURLE_OK
354-
#if TARGET_PLATFORM_LINUX
354+
#if defined(_LINUX) || defined(_WIN32)
355355
// These options are not supported when using the OSX system libcurl
356356
// as it uses the OS' certificate database and not a cert file.
357357
|| curl_easy_setopt(t_url_handle, CURLOPT_CAINFO, nil) != CURLE_OK

0 commit comments

Comments
 (0)