forked from lthn/blockchain
hotfix for incorrect handling of SSL certs on Linux/macOS
This reverts commit 6a4fc0d34f.
This commit is contained in:
sowle
parent
36a09972c9
commit
c0bb2dddda
2 changed files with 20 additions and 85 deletions
|
|
@ -48,6 +48,7 @@
|
|||
#include "misc_helpers.h"
|
||||
//#include "profile_tools.h"
|
||||
#include "../string_tools.h"
|
||||
|
||||
#ifndef MAKE_IP
|
||||
#define MAKE_IP( a1, a2, a3, a4 ) (a1|(a2<<8)|(a3<<16)|(a4<<24))
|
||||
#endif
|
||||
|
|
@ -57,37 +58,6 @@ namespace epee
|
|||
{
|
||||
namespace net_utils
|
||||
{
|
||||
|
||||
#ifdef _WIN32
|
||||
// https://stackoverflow.com/questions/40307541
|
||||
#include <wincrypt.h>
|
||||
static void add_windows_root_certs(boost::asio::ssl::context& ctx) noexcept
|
||||
{
|
||||
HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT");
|
||||
if (hStore == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
X509_STORE *store = X509_STORE_new();
|
||||
PCCERT_CONTEXT pContext = NULL;
|
||||
while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
|
||||
// convert from DER to internal format
|
||||
X509 *x509 = d2i_X509(NULL,
|
||||
(const unsigned char **)&pContext->pbCertEncoded,
|
||||
pContext->cbCertEncoded);
|
||||
if(x509 != NULL) {
|
||||
X509_STORE_add_cert(store, x509);
|
||||
X509_free(x509);
|
||||
}
|
||||
}
|
||||
|
||||
CertFreeCertificateContext(pContext);
|
||||
CertCloseStore(hStore, 0);
|
||||
|
||||
// attach X509_STORE to boost ssl context
|
||||
SSL_CTX_set_cert_store(ctx.native_handle(), store);
|
||||
}
|
||||
#endif
|
||||
|
||||
template<bool is_ssl>
|
||||
struct socket_backend;
|
||||
|
|
@ -100,12 +70,11 @@ namespace epee
|
|||
{
|
||||
// Create a context that uses the default paths for
|
||||
// finding CA certificates.
|
||||
#ifdef _WIN32
|
||||
add_windows_root_certs(m_ssl_context);
|
||||
#else
|
||||
m_ssl_context.set_default_verify_paths();
|
||||
#endif
|
||||
m_ssl_context.set_verify_mode(boost::asio::ssl::verify_peer);
|
||||
/*m_socket.set_verify_mode(boost::asio::ssl::verify_peer);
|
||||
m_socket.set_verify_callback(
|
||||
boost::bind(&socket_backend::verify_certificate, this, _1, _2));*/
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -132,21 +101,7 @@ namespace epee
|
|||
|
||||
void set_domain(const std::string& domain_name)
|
||||
{
|
||||
SSL* ssl = m_socket.native_handle();
|
||||
|
||||
SSL_set_tlsext_host_name(ssl, domain_name.c_str());
|
||||
#if BOOST_VERSION >= 107300
|
||||
m_socket.set_verify_callback(boost::asio::ssl::host_name_verification(domain_name));
|
||||
#else
|
||||
m_socket.set_verify_callback(boost::asio::ssl::rfc2818_verification(domain_name));
|
||||
#endif
|
||||
|
||||
X509_VERIFY_PARAM* param = SSL_get0_param(ssl);
|
||||
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
||||
if (X509_VERIFY_PARAM_set1_host(param, domain_name.c_str(), 0) != 1)
|
||||
{
|
||||
LOG_PRINT_L0("Failed to set expected hostname: " << domain_name);
|
||||
}
|
||||
SSL_set_tlsext_host_name(m_socket.native_handle(), domain_name.c_str());
|
||||
}
|
||||
|
||||
boost::asio::ip::tcp::socket& get_socket()
|
||||
|
|
@ -159,27 +114,11 @@ namespace epee
|
|||
return m_socket;
|
||||
}
|
||||
|
||||
bool on_after_connect()
|
||||
void on_after_connect()
|
||||
{
|
||||
LOG_PRINT_L2("SSL Handshake....");
|
||||
m_socket.set_verify_mode(boost::asio::ssl::verify_peer);
|
||||
|
||||
boost::system::error_code ec;
|
||||
m_socket.handshake(boost::asio::ssl::stream_base::client, ec);
|
||||
|
||||
if (ec)
|
||||
{
|
||||
long vr = SSL_get_verify_result(m_socket.native_handle());
|
||||
LOG_PRINT_L0("TLS Handshake failed: " << ec.message() << " (verify: " << X509_verify_cert_error_string(vr) << ")");
|
||||
ERR_clear_error();
|
||||
boost::system::error_code ignored;
|
||||
m_socket.lowest_layer().shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored);
|
||||
m_socket.lowest_layer().close(ignored);
|
||||
return false;
|
||||
}
|
||||
|
||||
m_socket.handshake(boost::asio::ssl::stream_base::client);
|
||||
LOG_PRINT_L2("SSL Handshake OK");
|
||||
return true;
|
||||
}
|
||||
|
||||
private:
|
||||
|
|
@ -208,9 +147,9 @@ namespace epee
|
|||
return m_socket;
|
||||
}
|
||||
|
||||
bool on_after_connect()
|
||||
void on_after_connect()
|
||||
{
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
void reset()
|
||||
|
|
@ -243,7 +182,7 @@ namespace epee
|
|||
return m_pbackend->get_stream();
|
||||
}
|
||||
|
||||
bool on_after_connect()
|
||||
void on_after_connect()
|
||||
{
|
||||
return m_pbackend->on_after_connect();
|
||||
}
|
||||
|
|
@ -382,16 +321,13 @@ namespace epee
|
|||
{
|
||||
m_io_service.run_one();
|
||||
}
|
||||
|
||||
if (!ec && m_sct_back.get_socket().is_open())
|
||||
{
|
||||
if (!m_sct_back.on_after_connect())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
m_connected = true;
|
||||
m_sct_back.on_after_connect();
|
||||
m_connected = true;
|
||||
m_deadline.expires_at(boost::posix_time::pos_infin);
|
||||
LOG_PRINT_L1("TLS connected OK: " << addr << ":" << port);
|
||||
LOG_PRINT_L1("Connected OK: " << addr << ":" << port);
|
||||
return true;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -74,8 +74,7 @@ void test_plain_wallet()
|
|||
{
|
||||
//std::string res = plain_wallet::init("195.201.107.230", "33340", "C:\\Users\\roky\\home\\", 0);
|
||||
//std::string res = plain_wallet::init("", "", "C:\\Users\\roky\\home\\", 0);
|
||||
// std::string res = plain_wallet::init("https://195.201.107.230", "443", "C:\\git_repos\\zano\\build_msvc2022_64\\src\\Debug\\", LOG_LEVEL_2);
|
||||
std::string res = plain_wallet::init("https://node.zano.org", "443", "C:\\git_repos\\zano\\build_msvc2022_64\\src\\Debug\\", LOG_LEVEL_2);
|
||||
std::string res = plain_wallet::init("https://node.zano.org", "443", "C:\\Users\\roky\\home\\", LOG_LEVEL_2);
|
||||
//std::string res = plain_wallet::init("127.0.0.1", "12111", "C:\\Users\\roky\\home22\\", 0);
|
||||
|
||||
plain_wallet::configure_object conf = AUTO_VAL_INIT(conf);
|
||||
|
|
@ -229,16 +228,16 @@ void multithread_test_of_get_coinbase_hash_cached()
|
|||
int main(int argc, char** argv)
|
||||
{
|
||||
epee::string_tools::set_module_name_and_folder(argv[0]);
|
||||
epee::log_space::get_set_log_detalisation_level(true, LOG_LEVEL_3);
|
||||
epee::log_space::log_singletone::add_logger(LOGGER_CONSOLE, NULL, NULL, LOG_LEVEL_3);
|
||||
epee::log_space::get_set_log_detalisation_level(true, LOG_LEVEL_2);
|
||||
epee::log_space::log_singletone::add_logger(LOGGER_CONSOLE, NULL, NULL, LOG_LEVEL_2);
|
||||
//epee::log_space::log_singletone::add_logger(LOGGER_FILE,
|
||||
// epee::log_space::log_singletone::get_default_log_file().c_str(),
|
||||
// epee::log_space::log_singletone::get_default_log_folder().c_str());
|
||||
|
||||
//multithread_test_of_get_coinbase_hash_cached();
|
||||
multithread_test_of_get_coinbase_hash_cached();
|
||||
//test_tx_json_serialization();
|
||||
//test_base64_serialization();
|
||||
test_plain_wallet();
|
||||
//test_plain_wallet();
|
||||
//parse_weird_tx();
|
||||
//thread_pool_tests();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue