(cmake) make install cmake files optional to not conflict with vcpkg

See https://github.com/microsoft/vcpkg/pull/11030

CMakeLists.txt

@@ -123,8 +123,8 @@ if (USE_TLS)
       if (NOT USE_MBED_TLS AND NOT USE_OPEN_SSL) # unless we want something else
         set(USE_SECURE_TRANSPORT ON)
       endif()
-    # default to mbedtls on uwp (universal windows platform) if nothing is configured
+    # default to mbedtls on windows if nothing is configured
-    elseif (${CMAKE_SYSTEM_NAME} MATCHES "WindowsStore")
+    elseif (WIN32)
       if (NOT USE_OPEN_SSL) # unless we want something else
         set(USE_MBED_TLS ON)
       endif()
@@ -247,8 +247,13 @@ install(TARGETS ixwebsocket EXPORT ixwebsocket
 	PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/ixwebsocket/
 )
 
+# This gets in the way of vcpkg in ways I do not know how to fix
+# https://github.com/microsoft/vcpkg/pull/11030
+# Maybe using vcpkg_fixup_cmake_targets could fix it
+if (INSTALL_CMAKE_FILE)
   install(EXPORT ixwebsocket NAMESPACE ixwebsocket:: DESTINATION lib/cmake/ixwebsocket)
   export(EXPORT ixwebsocket NAMESPACE ixwebsocket:: FILE ixwebsocketConfig.cmake)
+endif()
 
 if (USE_WS OR USE_TEST)
   add_subdirectory(ixcore)

README.md

@@ -45,7 +45,7 @@ IXWebSocket client code is autobahn compliant beginning with the 6.0.0 version.
 If your company or project is using this library, feel free to open an issue or PR to amend this list.
 
 - [Machine Zone](https://www.mz.com)
-- [dis-light](https://gitlab.com/HCInk/dis-light), a discord library with a node frontend.
+- [Tokio](https://gitlab.com/HCInk/tokio), a discord library focused on audio playback with node bindings.
 - [libDiscordBot](https://github.com/tostc/libDiscordBot/tree/master), a work in progress discord library
 - [gwebsocket](https://github.com/norrbotten/gwebsocket), a websocket (lua) module for Garry's Mod
 - [DisCPP](https://github.com/DisCPP/DisCPP), a simple but feature rich Discord API wrapper

docs/CHANGELOG.md

@@ -1,6 +1,14 @@
 # Changelog
 All changes to this project will be documented in this file.
 
+## [9.6.2] - 2020-05-17
+
+(cmake) make install cmake files optional to not conflict with vcpkg
+
+## [9.6.1] - 2020-05-17
+
+(windows + tls) mbedtls is the default windows tls backend + add ability to load system certificates with mbdetls on windows
+
 ## [9.6.0] - 2020-05-12
 
 (ixbots) add options to limit how many messages per minute should be processed

ixwebsocket/IXSocketMbedTLS.cpp

@@ -43,6 +43,55 @@ namespace ix
         mbedtls_pk_init(&_pkey);
     }
 
+    bool SocketMbedTLS::loadSystemCertificates(std::string& errorMsg)
+    {
+#ifdef _WIN32
+        DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG |
+                      CERT_SYSTEM_STORE_CURRENT_USER;
+        HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root");
+
+        if (!systemStore)
+        {
+            errorMsg = "CertOpenStore failed with ";
+            errorMsg += std::to_string(GetLastError());
+            return false;
+        }
+
+        PCCERT_CONTEXT certificateIterator = NULL;
+
+        int certificateCount = 0;
+        while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator))
+        {
+            if (certificateIterator->dwCertEncodingType & X509_ASN_ENCODING)
+            {
+                int ret = mbedtls_x509_crt_parse(&_cacert,
+                                                 certificateIterator->pbCertEncoded,
+                                                 certificateIterator->cbCertEncoded);
+                if (ret == 0)
+                {
+                    ++certificateCount;
+                }
+            }
+        }
+
+        CertFreeCertificateContext(certificateIterator);
+        CertCloseStore(systemStore, 0);
+
+        if (certificateCount == 0)
+        {
+            errorMsg = "No certificates found";
+            return false;
+        }
+
+        return true;
+#else
+        // On macOS we can query the system cert location from the keychain
+        // On Linux we could try to fetch some local files based on the distribution
+        // On Android we could use JNI to get to the system certs
+        return false;
+#endif
+    }
+
     bool SocketMbedTLS::init(const std::string& host, bool isClient, std::string& errMsg)
     {
         initMBedTLS();
@@ -96,13 +145,15 @@ namespace ix
         }
         else
         {
-            mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-
             // FIXME: should we call mbedtls_ssl_conf_verify ?
+            mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
 
             if (_tlsOptions.isUsingSystemDefaults())
             {
-                ; // FIXME
+                if (!loadSystemCertificates(errMsg))
+                {
+                    return false;
+                }
             }
             else
             {

ixwebsocket/IXSocketMbedTLS.h

@@ -52,6 +52,7 @@ namespace ix
 
         bool init(const std::string& host, bool isClient, std::string& errMsg);
         void initMBedTLS();
+        bool loadSystemCertificates(std::string& errMsg);
     };
 
 } // namespace ix

ixwebsocket/IXWebSocketVersion.h

@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "9.6.0"
+#define IX_WEBSOCKET_VERSION "9.6.2"