Skip to content
This repository was archived by the owner on Aug 31, 2021. It is now read-only.

Use the system certificate store for Win32 server SSL verification #3775

Merged
livecodefraser merged 4 commits into from
Mar 21, 2016
Merged

Use the system certificate store for Win32 server SSL verification #3775

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9bdb50d
Merge branch 'bugfix-16940' of https://github.com/livecodefraser/live…
livecodefraser Mar 21, 2016
df11746
Use the system certificate store for Win32 server SSL verification
livecodefraser Mar 21, 2016
8d2f6f2
[[ Bugfix 17174 ]] Add bugfix note
livecodefraser Mar 21, 2016
91026e2
Merge branch 'develop-7.0' of https://github.com/livecode/livecode in…
livecodefraser Mar 21, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/notes/bugfix-17174.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Use the system certificate store for Win32 server SSL verification
12 changes: 2 additions & 10 deletions engine/src/mcssl.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -774,7 +774,7 @@ bool load_ssl_ctx_certs_from_file(SSL_CTX *p_ssl_ctx, const char *p_path)
return SSL_CTX_load_verify_locations(p_ssl_ctx, p_path, NULL) != 0;
}

#if defined(TARGET_PLATFORM_MACOS_X) || defined(TARGET_PLATFORM_WINDOWS)
#if defined(TARGET_PLATFORM_MACOS_X) || defined(_WIN32)

void free_x509_stack(STACK_OF(X509) *p_stack)
{
Expand Down Expand Up @@ -958,7 +958,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
return true;
}

#elif defined(TARGET_PLATFORM_WINDOWS)
#elif defined(_WIN32)

bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
{
Expand All @@ -981,11 +981,7 @@ bool export_system_root_cert_stack(STACK_OF(X509) *&r_cert_stack)
if (t_valid)
{
X509 *t_x509 = NULL;
#if defined(TARGET_PLATFORM_WINDOWS)
const unsigned char *t_data = (const unsigned char*) t_cert_enum->pbCertEncoded;
#else
unsigned char *t_data = t_cert_enum->pbCertEncoded;
#endif
long t_len = t_cert_enum->cbCertEncoded;

t_success = NULL != (t_x509 = d2i_X509(NULL, &t_data, t_len));
Expand Down Expand Up @@ -1027,11 +1023,7 @@ bool export_system_crl_stack(STACK_OF(X509_CRL) *&r_crls)
if (t_valid)
{
X509_CRL *t_crl = NULL;
#if defined(TARGET_PLATFORM_WINDOWS)
const unsigned char *t_data = (const unsigned char*)t_crl_enum->pbCrlEncoded;
#else
unsigned char *t_data = t_crl_enum->pbCrlEncoded;
#endif
long t_len = t_crl_enum->cbCrlEncoded;

t_success = NULL != (t_crl = d2i_X509_CRL(NULL, &t_data, t_len));
Expand Down
2 changes: 1 addition & 1 deletion engine/src/srvspec.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@ static void url_execute(MCStringRef p_url, MCUrlExecuteCallback p_callback, void
// IM-2014-07-28: [[ Bug 12822 ]] Override default ssl certificate loading.
if (curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYPEER, 1) != CURLE_OK ||
curl_easy_setopt(t_url_handle, CURLOPT_SSL_VERIFYHOST, 2) != CURLE_OK
#if TARGET_PLATFORM_LINUX
#if defined(_LINUX) || defined(_WIN32)
// These options are not supported when using the OSX system libcurl
// as it uses the OS' certificate database and not a cert file.
|| curl_easy_setopt(t_url_handle, CURLOPT_CAINFO, nil) != CURLE_OK
Expand Down