try to run the unittest

(windows) when using OpenSSL, the system store is used to populate the cacert. No need to ship a cacert.pem file with your app.
2020-04-05 12:39:19 -07:00 · 2020-04-04 18:33:01 -07:00
4 changed files with 82 additions and 6 deletions
--- a/.github/workflows/ccpp.yml
+++ b/.github/workflows/ccpp.yml
@ -37,19 +37,33 @@ jobs:
    - name: make test
      run: make test_tsan_mbedtls

-  windows_mbedtls:
+  windows_no_tls:
    runs-on: windows-latest
    steps:
    - uses: actions/checkout@v1
    - uses: seanmiddleditch/gha-setup-vsdevenv@master
-    - run: |
-        vcpkg install zlib:x64-windows
-        vcpkg install mbedtls:x64-windows
    - run: |
        mkdir build
        cd build
-        cmake -DCMAKE_TOOLCHAIN_FILE=c:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_CXX_COMPILER=cl.exe -DUSE_MBED_TLS=1 -DUSE_TLS=1 -DUSE_WS=1 -DUSE_TEST=1 ..
+        cmake -DCMAKE_CXX_COMPILER=cl.exe -DUSE_TEST=1 ..
    - run: cmake --build build
+    - run: |
+        cd test
+        ..\build\test\ixwebsocket_unittest.exe
+
+      # windows_mbedtls:
+      #   runs-on: windows-latest
+      #   steps:
+      #   - uses: actions/checkout@v1
+      #   - uses: seanmiddleditch/gha-setup-vsdevenv@master
+      #   - run: |
+      #       vcpkg install zlib:x64-windows
+      #       vcpkg install mbedtls:x64-windows
+      #   - run: |
+      #       mkdir build
+      #       cd build
+      #       cmake -DCMAKE_TOOLCHAIN_FILE=c:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_CXX_COMPILER=cl.exe -DUSE_MBED_TLS=1 -DUSE_TLS=1 -DUSE_WS=1 -DUSE_TEST=1 ..
+      #   - run: cmake --build build

    # Running the unittest does not work, the binary cannot be found
    #- run: ../build/test/ixwebsocket_unittest.exe
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@ -1,6 +1,10 @@
 # Changelog
 All changes to this project will be documented in this file.

+## [9.2.1] - 2020-04-04
+
+(windows) when using OpenSSL, the system store is used to populate the cacert. No need to ship a cacert.pem file with your app.
+
 ## [9.2.0] - 2020-04-04

 (windows) ci: windows build with TLS (mbedtls) + verify that we can be build with OpenSSL
--- a/ixwebsocket/IXSocketOpenSSL.cpp
+++ b/ixwebsocket/IXSocketOpenSSL.cpp
@ -21,6 +21,57 @@
 #endif
 #define socketerrno errno

+#ifdef _WIN32
+namespace
+{
+    bool loadWindowsSystemCertificates(SSL_CTX* ssl, std::string& errorMsg)
+    {
+        DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG |
+                      CERT_SYSTEM_STORE_CURRENT_USER;
+        HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root");
+
+        if (!systemStore)
+        {
+            errorMsg = "CertOpenStore failed with ";
+            errorMsg += std::to_string(GetLastError());
+            return false;
+        }
+
+        PCCERT_CONTEXT certificateIterator = NULL;
+        X509_STORE* opensslStore = SSL_CTX_get_cert_store(ssl);
+
+        int certificateCount = 0;
+        while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator))
+        {
+            X509* x509 = d2i_X509(NULL,
+                                  (const unsigned char**) &certificateIterator->pbCertEncoded,
+                                  certificateIterator->cbCertEncoded);
+
+            if (x509)
+            {
+                if (X509_STORE_add_cert(opensslStore, x509) == 1)
+                {
+                    ++certificateCount;
+                }
+
+                X509_free(x509);
+            }
+        }
+
+        CertFreeCertificateContext(certificateIterator);
+        CertCloseStore(systemStore, 0);
+
+        if (certificateCount == 0)
+        {
+            errorMsg = "No certificates found";
+            return false;
+        }
+
+        return true;
+    }
+} // namespace
+#endif
+
 namespace ix
 {
    const std::string kDefaultCiphers =
@ -336,6 +387,12 @@ namespace ix
        {
            if (_tlsOptions.isUsingSystemDefaults())
            {
+#ifdef _WIN32
+                if (!loadWindowsSystemCertificates(_ssl_context, errMsg))
+                {
+                    return false;
+                }
+#else
                if (SSL_CTX_set_default_verify_paths(_ssl_context) == 0)
                {
                    auto sslErr = ERR_get_error();
@ -343,6 +400,7 @@ namespace ix
                    errMsg += ERR_error_string(sslErr, nullptr);
                    return false;
                }
+#endif
            }
            else if (SSL_CTX_load_verify_locations(
                         _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1)
--- a/ixwebsocket/IXWebSocketVersion.h
+++ b/ixwebsocket/IXWebSocketVersion.h
@ -6,4 +6,4 @@

 #pragma once

-#define IX_WEBSOCKET_VERSION "9.2.0"
+#define IX_WEBSOCKET_VERSION "9.2.1"
Author	SHA1	Message	Date
Benjamin Sergeant	2cbe198497	try to run the unittest	2020-04-05 12:39:19 -07:00
Benjamin Sergeant	f9d75c9374	(windows) when using OpenSSL, the system store is used to populate the cacert. No need to ship a cacert.pem file with your app.	2020-04-04 18:33:01 -07:00