diff options
| author | Andreas Rumpf <rumpf_a@web.de> | 2021-02-09 13:40:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-09 13:40:09 +0100 |
| commit | 74d6a4d7f4fb9fb00632150f666e4de1cc5f7c63 (patch) | |
| tree | 1907aea1d913b0b9c18a53d9a407d2bfd9911954 /lib/pure | |
| parent | ceab5e49f2d789ec15ca71973bb3cd67d3caa07a (diff) | |
| download | Nim-74d6a4d7f4fb9fb00632150f666e4de1cc5f7c63.tar.gz | |
final SSL changes [backport:1.2] (#16983)
Diffstat (limited to 'lib/pure')
| -rw-r--r-- | lib/pure/net.nim | 11 | ||||
| -rw-r--r-- | lib/pure/ssl_certs.nim | 20 |
2 files changed, 23 insertions, 8 deletions
diff --git a/lib/pure/net.nim b/lib/pure/net.nim index 4504170e8..b353227a3 100644 --- a/lib/pure/net.nim +++ b/lib/pure/net.nim @@ -24,6 +24,17 @@ ## `newContext<net.html#newContext%2Cstring%2Cstring%2Cstring%2Cstring>`_ ## procedure for additional details. ## +## +## SSL on Windows +## ============== +## +## On Windows the SSL library checks for valid certificates. +## It uses the `cacert.pem` file for this purpose which was extracted +## from `https://curl.se/ca/cacert.pem`. Besides +## the OpenSSL DLLs (e.g. libssl-1_1-x64.dll, libcrypto-1_1-x64.dll) you +## also need to ship `cacert.pem` with your `.exe` file. +## +## ## Examples ## ======== ## diff --git a/lib/pure/ssl_certs.nim b/lib/pure/ssl_certs.nim index 72ec17292..2d2644ebe 100644 --- a/lib/pure/ssl_certs.nim +++ b/lib/pure/ssl_certs.nim @@ -107,14 +107,18 @@ iterator scanSSLCertificates*(useEnvVars = false): string = else: when defined(windows): - let pem = getAppDir() / "cacert.pem" - # We download the certificates according to https://curl.se/docs/caextract.html - # These are the certificates from Firefox. The 'bitsadmin.exe' tool ships with every - # recent version of Windows (Windows 8, Windows XP, etc.) - if not fileExists(pem): - discard os.execShellCmd("""bitsadmin.exe /rawreturn /transfer "JobName" /priority FOREGROUND https://curl.se/ca/cacert.pem """ & - quoteShell(pem)) - yield pem + const cacert = "cacert.pem" + let pem = getAppDir() / cacert + if fileExists(pem): + yield pem + else: + let path = getEnv("PATH") + for candidate in split(path, PathSep): + if candidate.len != 0: + let x = (if candidate[0] == '"' and candidate[^1] == '"': + substr(candidate, 1, candidate.len-2) else: candidate) / cacert + if fileExists(x): + yield x elif not defined(haiku): for p in certificatePaths: if p.endsWith(".pem") or p.endsWith(".crt"): |