Fossil SCM

Amend the previous commit: Display a warning on failure to load the Windows root certificates, which may be helpful until the feature has proven to work well. Add a hint how to list the Windows root certificates. Use consistent code style.

florian 2024-07-13 08:23 trunk
Commit de6a059493bdc1210f2c1c6e13c84919546d216ff80db7a94b791fc5eb230332
Parent 6fc64abe3485605…
1 file changed +9 -5
~ src/http_ssl.c
M src/http_ssl.c
+9 -5
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -317,13 +317,15 @@
317317
 ** for future versions of OpenSSL, and explicit initialization may be redundant.
318318
 ** NOTE TO HACKERS TWEAKING THEIR OPENSSL CONFIGURATION:
319319
 ** The following OpenSSL configuration options must not be used for this feature
320320
 ** to be available: `no-autoalginit', `no-winstore'. The Fossil makefiles do not
321321
 ** currently set these options when building OpenSSL for Windows. */
322
-#if defined (_WIN32)
322
+#if defined(_WIN32)
323323
 #if OPENSSL_VERSION_NUMBER >= 0x030200000
324
- SSL_CTX_load_verify_store(sslCtx, "org.openssl.winstore:");
324
+ if( SSL_CTX_load_verify_store(sslCtx, "org.openssl.winstore:")==0 ){
325
+ fprintf(stderr,"WARNING: Failed to load Windows root certificates.\n");
326
+ }
325327
 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
326328
 #endif /* _WIN32 */
327329
328330
 /* Load client SSL identity, preferring the filename specified on the
329331
 ** command line */
@@ -1046,20 +1048,22 @@
10461048
 " come into play when Fossil is used as a TLS client. These\n"
10471049
 " values are built into your OpenSSL library.\n\n"
10481050
 );
10491051
 }
10501052
1051
-#if defined (_WIN32)
1053
+#if defined(_WIN32)
10521054
 #if OPENSSL_VERSION_NUMBER >= 0x030200000
10531055
 fossil_print(" OpenSSL-winstore: Yes\n");
10541056
 #else /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
10551057
 fossil_print(" OpenSSL-winstore: No\n");
10561058
 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
10571059
 if( verbose ){
10581060
 fossil_print("\n"
1059
- " OpenSSL 3.2.0 (or newer) also uses the certificates managed by\n"
1060
- " the Windows operating system.\n\n"
1061
+ " OpenSSL 3.2.0, or newer, use the root certificates managed by\n"
1062
+ " the Windows operating system. The installed root certificates\n"
1063
+ " are listed by the command:\n\n"
1064
+ " certutil -store \"ROOT\"\n\n"
10611065
 );
10621066
 }
10631067
 #endif /* _WIN32 */
10641068
10651069
 if( zUsed==0 ) zUsed = "";
10661070
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -317,13 +317,15 @@
317 ** for future versions of OpenSSL, and explicit initialization may be redundant.
318 ** NOTE TO HACKERS TWEAKING THEIR OPENSSL CONFIGURATION:
319 ** The following OpenSSL configuration options must not be used for this feature
320 ** to be available: `no-autoalginit', `no-winstore'. The Fossil makefiles do not
321 ** currently set these options when building OpenSSL for Windows. */
322 #if defined (_WIN32)
323 #if OPENSSL_VERSION_NUMBER >= 0x030200000
324 SSL_CTX_load_verify_store(sslCtx, "org.openssl.winstore:");
 
 
325 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
326 #endif /* _WIN32 */
327
328 /* Load client SSL identity, preferring the filename specified on the
329 ** command line */
@@ -1046,20 +1048,22 @@
1046 " come into play when Fossil is used as a TLS client. These\n"
1047 " values are built into your OpenSSL library.\n\n"
1048 );
1049 }
1050
1051 #if defined (_WIN32)
1052 #if OPENSSL_VERSION_NUMBER >= 0x030200000
1053 fossil_print(" OpenSSL-winstore: Yes\n");
1054 #else /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
1055 fossil_print(" OpenSSL-winstore: No\n");
1056 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
1057 if( verbose ){
1058 fossil_print("\n"
1059 " OpenSSL 3.2.0 (or newer) also uses the certificates managed by\n"
1060 " the Windows operating system.\n\n"
 
 
1061 );
1062 }
1063 #endif /* _WIN32 */
1064
1065 if( zUsed==0 ) zUsed = "";
1066
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -317,13 +317,15 @@
317 ** for future versions of OpenSSL, and explicit initialization may be redundant.
318 ** NOTE TO HACKERS TWEAKING THEIR OPENSSL CONFIGURATION:
319 ** The following OpenSSL configuration options must not be used for this feature
320 ** to be available: `no-autoalginit', `no-winstore'. The Fossil makefiles do not
321 ** currently set these options when building OpenSSL for Windows. */
322 #if defined(_WIN32)
323 #if OPENSSL_VERSION_NUMBER >= 0x030200000
324 if( SSL_CTX_load_verify_store(sslCtx, "org.openssl.winstore:")==0 ){
325 fprintf(stderr,"WARNING: Failed to load Windows root certificates.\n");
326 }
327 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
328 #endif /* _WIN32 */
329
330 /* Load client SSL identity, preferring the filename specified on the
331 ** command line */
@@ -1046,20 +1048,22 @@
1048 " come into play when Fossil is used as a TLS client. These\n"
1049 " values are built into your OpenSSL library.\n\n"
1050 );
1051 }
1052
1053 #if defined(_WIN32)
1054 #if OPENSSL_VERSION_NUMBER >= 0x030200000
1055 fossil_print(" OpenSSL-winstore: Yes\n");
1056 #else /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
1057 fossil_print(" OpenSSL-winstore: No\n");
1058 #endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
1059 if( verbose ){
1060 fossil_print("\n"
1061 " OpenSSL 3.2.0, or newer, use the root certificates managed by\n"
1062 " the Windows operating system. The installed root certificates\n"
1063 " are listed by the command:\n\n"
1064 " certutil -store \"ROOT\"\n\n"
1065 );
1066 }
1067 #endif /* _WIN32 */
1068
1069 if( zUsed==0 ) zUsed = "";
1070

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button