Files
MINGW-packages/mingw-w64-wget/openssl-windows-cert-store.patch
Ilya Rakhlin 41446e561d Wget 1.19.1 update (#2948)
* 1. Updated wget to 1.19.1
2. Added patch for support of windows cert store
3. Added patch for taskbar progress using cmd
4. Minor changes to PKGBUILD to fix gettext issue after running autoconf

* Modified dependency to ${MINGW_PACKAGE_PREFIX}-libidn

* switch dependency back to libidn2 for proper compile in build system

* Fix 32bit build; build without c-ares for now makes it work
2017-09-24 10:54:07 +03:00

114 lines
3.3 KiB
Diff

diff --git a/src/openssl.c b/src/openssl.c
index 0404d2d..f1cae1c 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -169,6 +169,71 @@ static int ssl_true_initialized = 0;
Returns true on success, false otherwise. */
+/* Start: Windows SSL Cert Changes */
+#ifdef WINDOWS
+/* Local version of CERT_CONTEXT, to prevent from bringing in a specific
+ version of the Windows SDK */
+typedef struct _CERT_CONTEXT
+{
+ unsigned int dwCertEncodingType;
+ unsigned char *pbCertEncoded;
+ unsigned int cbCertEncoded;
+ void* pCertInfo;
+ void* hCertStore;
+} CERT_CONTEXT, *PCERT_CONTEXT;typedef const CERT_CONTEXT *PCCERT_CONTEXT;
+
+/* Load crypt32.dll manually to prevent bringing it in unless used */
+HMODULE Local_Crypt32()
+{
+ static HMODULE ret = NULL;
+ if (!ret)
+ {
+ ret = LoadLibraryA("Crypt32.dll");
+ }
+ return ret;
+}
+
+/* Bounce these APIs to our loaded version of crypt32.dll */
+void* Local_CertOpenSystemStoreA(void* hprov, char* szSubsystemProtocol)
+{
+ if (Local_Crypt32())
+ {
+ static FARPROC ret = NULL;
+ if (!ret)
+ {
+ ret = GetProcAddress(Local_Crypt32(), "CertOpenSystemStoreA");
+ }
+ if (ret)
+ {
+ typedef void* (WINAPI * PFN_Func)(void*, char*);
+ return ((PFN_Func) ret)(hprov, szSubsystemProtocol);
+ }
+ }
+ return NULL;
+}
+
+void* Local_CertEnumCertificatesInStore(void* hCertStore, void* pPrevCertContext)
+{
+ if (Local_Crypt32())
+ {
+ static FARPROC ret = NULL;
+ if (!ret)
+ {
+ ret = GetProcAddress(Local_Crypt32(), "CertEnumCertificatesInStore");
+ }
+ if (ret)
+ {
+ typedef void* (WINAPI * PFN_Func)(void*, void*);
+ return ((PFN_Func) ret)(hCertStore, pPrevCertContext);
+ }
+ }
+ return NULL;
+}
+
+#define PKCS_7_ASN_ENCODING 0x00010000
+#endif
+/* End: Windows SSL Cert Changes */
+
bool
ssl_init (void)
{
@@ -272,6 +337,36 @@ ssl_init (void)
SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:!aNULL@STRENGTH");
SSL_CTX_set_default_verify_paths (ssl_ctx);
+
+ /* Start: Windows SSL Cert Changes */
+#ifdef WINDOWS
+ /* Only attempt to use the Windows store if one is not specified */
+ if (!opt.ca_cert)
+ {
+ /* Open the default Windows cert store */
+ void* hStore = Local_CertOpenSystemStoreA(NULL, "ROOT");
+ if (hStore)
+ {
+ /* And then open the OpenSSL store */
+ X509_STORE * store = SSL_CTX_get_cert_store(ssl_ctx);
+ CERT_CONTEXT * pCertCtx = NULL;
+ /* Loop through all the certs in the Windows cert store */
+ for ( pCertCtx = Local_CertEnumCertificatesInStore(hStore, NULL);
+ pCertCtx != NULL;
+ pCertCtx = Local_CertEnumCertificatesInStore(hStore, pCertCtx) )
+ {
+ if (!((pCertCtx->dwCertEncodingType & PKCS_7_ASN_ENCODING) == PKCS_7_ASN_ENCODING))
+ {
+ /* Add all certs we find to OpenSSL's store */
+ X509 *cert = d2i_X509(NULL, (const unsigned char**)&pCertCtx->pbCertEncoded, pCertCtx->cbCertEncoded);
+ X509_STORE_add_cert(store, cert);
+ X509_free(cert);
+ }
+ }
+ }
+ }
+#endif
+ /* End: Windows SSL Cert Changes */
SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
if (opt.crl_file)