The Battle for Wesnoth  1.19.13+dev
tls_root_store.cpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2021 - 2025
3  Part of the Battle for Wesnoth Project https://www.wesnoth.org/
4 
5  This program is free software; you can redistribute it and/or modify
6  it under the terms of the GNU General Public License as published by
7  the Free Software Foundation; either version 2 of the License, or
8  (at your option) any later version.
9  This program is distributed in the hope that it will be useful,
10  but WITHOUT ANY WARRANTY.
11 
12  See the COPYING file for more details.
13 */
14 
15 #include "tls_root_store.hpp"
16 
17 #include "log.hpp"
18 
19 #ifdef _WIN32
20 #include <wincrypt.h>
21 #elif defined(__APPLE__)
22 #include <Security/Security.h>
23 #elif defined(__ANDROID__)
24 #include "filesystem.hpp"
25 #endif
26 
27 static lg::log_domain log_network("network");
28 #define DBG_NW LOG_STREAM(debug, log_network)
29 #define LOG_NW LOG_STREAM(info, log_network)
30 #define WRN_NW LOG_STREAM(warn, log_network)
31 #define ERR_NW LOG_STREAM(err, log_network)
32 
33 namespace network_asio
34 {
35 
36 void load_tls_root_certs(boost::asio::ssl::context &ctx)
37 {
38 #ifdef _WIN32
39  HCERTSTORE hStore = CertOpenSystemStore(0, TEXT("ROOT"));
40  assert(hStore != NULL);
41 
42  X509_STORE *store = X509_STORE_new();
43  PCCERT_CONTEXT pContext = NULL;
44  while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
45  X509 *x509 = d2i_X509(NULL,
46  const_cast<const unsigned char**>(&pContext->pbCertEncoded),
47  pContext->cbCertEncoded);
48  if(x509 != NULL) {
49  X509_STORE_add_cert(store, x509);
50  X509_free(x509);
51  }
52  }
53 
54  CertFreeCertificateContext(pContext);
55  CertCloseStore(hStore, 0);
56 
57  SSL_CTX_set_cert_store(ctx.native_handle(), store);
58 #elif defined(__APPLE__)
59  X509_STORE *store = X509_STORE_new();
60  CFArrayRef certs = NULL;
61  // copy all system certs
62  OSStatus os_status = SecTrustCopyAnchorCertificates(&certs);
63 
64  // check for any problems copying the certs
65  if(os_status != 0) {
66  ERR_NW << "Error enumerating certificates.";
67 
68  if (certs != NULL) {
69  CFRelease(certs);
70  }
71  return;
72  }
73 
74  for(CFIndex i = 0; i < CFArrayGetCount(certs); i++) {
75  SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
76 
77  // convert the cert to DER format
78  CFDataRef der_cert = SecCertificateCopyData(cert);
79  if(!der_cert) {
80  ERR_NW << "Error getting a DER representation of a certificate.";
81  continue;
82  }
83 
84  // decode each cert to an openssl X509 object
85  const uint8_t* der_cert_ptr = CFDataGetBytePtr(der_cert);
86  X509* x509_cert = d2i_X509(NULL, &der_cert_ptr, CFDataGetLength(der_cert));
87  if(!x509_cert) {
88  ERR_NW << "Error deciding the X509 certificate.";
89  CFRelease(der_cert);
90  continue;
91  }
92 
93  // Add the X509 openssl object to the verification store
94  if(X509_STORE_add_cert(store, x509_cert) != 1) {
95  CFRelease(der_cert);
96  X509_free(x509_cert);
97  ERR_NW << "Error adding the X509 certificate to the store.";
98  continue;
99  }
100  }
101 
102  CFRelease(certs);
103  SSL_CTX_set_cert_store(ctx.native_handle(), store);
104 #elif defined(__ANDROID__)
105  ctx.load_verify_file(game_config::path + "/certificates/cacert.pem");
106 #else
107  ctx.set_default_verify_paths();
108 #endif
109 }
110 
111 }
lg::log_domain
Definition: log.hpp:124
filesystem.hpp
Declarations for File-IO.
i
std::size_t i
Definition: function.cpp:1032
log.hpp
Standard logging facilities (interface).
game_config::path
std::string path
Definition: filesystem.cpp:106
network_asio
Definition: network_asio.cpp:61
network_asio::load_tls_root_certs
void load_tls_root_certs(boost::asio::ssl::context &ctx)
Definition: tls_root_store.cpp:36
ERR_NW
#define ERR_NW
Definition: tls_root_store.cpp:31
log_network
static lg::log_domain log_network("network")
tls_root_store.hpp
Generated by doxygen 1.9.1