curl / Mailing Lists / curl-meet / Single Mail

curl-meet

Using Windows cert store

From: David Weisgerber <david.weisgerber_at_ms-gmbh.de>
Date: Sat, 18 Mar 2017 13:19:03 +0000

Upon the recent request just find some code snippets that should give you an idea how to load the certificates from the Windows CA Store into the OpenSSL context of libcurl.
(Just note that I stripped a lot of things in order to remove Qt dependencies and our class names)

std::vector<X509*> m_trustedCertificateList;

void addCertificatesForStore(LPCWSTR name)
{
        HCERTSTORE storeHandle = CertOpenSystemStore(NULL, name);

        if (storeHandle == nullptr)
        {
                return;
        }

        PCCERT_CONTEXT windowsCertificate = CertEnumCertificatesInStore(storeHandle, nullptr);
        while (windowsCertificate != nullptr)
        {
                X509 *opensslCertificate = d2i_X509(nullptr, const_cast<unsigned char const **>(&windowsCertificate->pbCertEncoded), windowsCertificate->cbCertEncoded);
                if (opensslCertificate == nullptr)
                {
                        printf("A certificate could not be converted");
                }
                else
                {
                        m_trustedCertificateList << opensslCertificate;
                }

                windowsCertificate = CertEnumCertificatesInStore(storeHandle, windowsCertificate);
        }

        CertCloseStore(storeHandle, 0);
}

void init()
{
        addCertificatesForStore("CA");
        addCertificatesForStore("AuthRoot");
        addCertificatesForStore("ROOT");
}

void setupSslContext(SSL_CTX* context)
{
        init();

        X509Store* certStore = SSL_CTX_get_cert_store(context);
        for(X509 *x509 : m_trustedCertificateList)
        {
                X509_STORE_add_cert(certStore, x509);
        }
}

int sslContextFunction(void* curl, void* sslctx, void* userdata)
{
        setupSslContext(reinterpret_cast<SSL_CTX *>(sslctx));
        return CURLE_OK;
}

void setupCurl()
{
        /*...*/
        
        curl_easy_setopt(handle, CURLOPT_SSL_CTX_FUNCTION, sslContextFunction);
        
        /*...*/
}

_______________________________________________
curl-meet mailing list
curl-meet_at_cool.haxx.se
https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-meet
Received on 2017-03-18