diff options
| author | ringabout <43030857+ringabout@users.noreply.github.com> | 2022-08-29 10:16:19 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-28 22:16:19 -0400 |
| commit | 04642335c1f7be8f62ae7528070bb07c2a289b02 (patch) | |
| tree | 6cb4128d96e552bcd3cd5716d76dd407cf2947c0 | |
| parent | ee11302c2493795c630b080fe3dd7ea7721a9fdc (diff) | |
| download | Nim-04642335c1f7be8f62ae7528070bb07c2a289b02.tar.gz | |
fixes #17658; add cert dir for ssl ctx (#19920)
add cert dir for ssl ctx Co-authored-by: Paul Roberts <pmr@stelo.org.uk> Co-authored-by: sandytypical <43030857+xflywind@users.noreply.github.com> Co-authored-by: Clay Sweetser <Varriount@users.noreply.github.com>
| -rw-r--r-- | lib/pure/net.nim | 6 | ||||
| -rw-r--r-- | lib/pure/ssl_certs.nim | 6 |
2 files changed, 11 insertions, 1 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index dcc35d65d..73a085220 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -696,7 +696,11 @@ when defineSsl: var found = false let useEnvVars = (if verifyMode == CVerifyPeerUseEnvVars: true else: false) for fn in scanSSLCertificates(useEnvVars = useEnvVars): - if newCTX.SSL_CTX_load_verify_locations(fn.cstring, nil) == VerifySuccess: + if fn.extractFilename == "": + if newCTX.SSL_CTX_load_verify_locations(nil, cstring(fn.normalizePathEnd(false))) == VerifySuccess: + found = true + break + elif newCTX.SSL_CTX_load_verify_locations(cstring(fn), nil) == VerifySuccess: found = true break if not found: diff --git a/lib/pure/ssl_certs.nim b/lib/pure/ssl_certs.nim index c7ce04ffa..c40eadf04 100644 --- a/lib/pure/ssl_certs.nim +++ b/lib/pure/ssl_certs.nim @@ -126,7 +126,13 @@ iterator scanSSLCertificates*(useEnvVars = false): string = if fileExists(p): yield p elif dirExists(p): + # check if it's a dir where each cert is one file + # named by it's hasg + for fn in joinPath(p, "*.0").walkFiles: + yield p.normalizePathEnd(true) + break for fn in joinPath(p, "*").walkFiles(): + yield fn else: var |