diff options
| author | Andreas Rumpf <rumpf_a@web.de> | 2021-02-08 13:54:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-08 13:54:03 +0100 |
| commit | abac35e7437dd1ac2b3687dfa51de7f9d4b6e853 (patch) | |
| tree | 2b455ca45c7d8c19aa93d29dd714c622b68d8eca /lib/pure/net.nim | |
| parent | f140c924090f29e11c2b1d8348413eb4efa4ebe9 (diff) | |
| download | Nim-abac35e7437dd1ac2b3687dfa51de7f9d4b6e853.tar.gz | |
basic cleanups regarding SSL handling (#16940) [backport:1.0]
* basic cleanups regarding SSL handling * enabled certificate checking on Windows * updated the SSL test * quoting helps
Diffstat (limited to 'lib/pure/net.nim')
| -rw-r--r-- | lib/pure/net.nim | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index c59babba7..4504170e8 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -626,11 +626,13 @@ when defineSsl: discard newCTX.SSLCTXSetMode(SSL_MODE_AUTO_RETRY) newCTX.loadCertificates(certFile, keyFile) - when not defined(nimDisableCertificateValidation) and not defined(windows): + const VerifySuccess = 1 # SSL_CTX_load_verify_locations returns 1 on success. + + when not defined(nimDisableCertificateValidation): if verifyMode != CVerifyNone: # Use the caDir and caFile parameters if set if caDir != "" or caFile != "": - if newCTX.SSL_CTX_load_verify_locations(caFile, caDir) != 0: + if newCTX.SSL_CTX_load_verify_locations(caFile, caDir) != VerifySuccess: raise newException(IOError, "Failed to load SSL/TLS CA certificate(s).") else: @@ -638,7 +640,7 @@ when defineSsl: # the SSL_CERT_FILE and SSL_CERT_DIR env vars var found = false for fn in scanSSLCertificates(): - if newCTX.SSL_CTX_load_verify_locations(fn, "") == 0: + if newCTX.SSL_CTX_load_verify_locations(fn, nil) == VerifySuccess: found = true break if not found: |