diff options
| author | Yossi Gottlieb <yossigo@gmail.com> | 2022-02-14 13:52:57 +0200 |
|---|---|---|
| committer | Yossi Gottlieb <yossigo@gmail.com> | 2022-02-14 13:52:57 +0200 |
| commit | 886a04c2c3899611b352e87070aa874e321f9034 (patch) | |
| tree | d8f1723ffbe6b87c3f8c878f4759b4e0acd0c8f8 /deps/hiredis/ssl.c | |
| parent | e6478cfd10ae5ce8312c49823142d4dfcf0f45bb (diff) | |
| parent | 418de21d8feb35303904ec718fcd1387e4699d2f (diff) | |
| download | redis-886a04c2c3899611b352e87070aa874e321f9034.tar.gz | |
Merge commit '418de21d8feb35303904ec718fcd1387e4699d2f' into refresh-hiredis
Diffstat (limited to 'deps/hiredis/ssl.c')
| -rw-r--r-- | deps/hiredis/ssl.c | 47 |
1 files changed, 45 insertions, 2 deletions
diff --git a/deps/hiredis/ssl.c b/deps/hiredis/ssl.c index fe9a2fdce..c581f63dc 100644 --- a/deps/hiredis/ssl.c +++ b/deps/hiredis/ssl.c @@ -38,6 +38,7 @@ #include <string.h> #ifdef _WIN32 #include <windows.h> +#include <wincrypt.h> #else #include <pthread.h> #endif @@ -182,6 +183,10 @@ const char *redisSSLContextGetError(redisSSLContextError error) return "Failed to load client certificate"; case REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED: return "Failed to load private key"; + case REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED: + return "Failed to open system certifcate store"; + case REDIS_SSL_CTX_OS_CERT_ADD_FAILED: + return "Failed to add CA certificates obtained from system to the SSL context"; default: return "Unknown error code"; } @@ -214,6 +219,11 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char * const char *cert_filename, const char *private_key_filename, const char *server_name, redisSSLContextError *error) { +#ifdef _WIN32 + HCERTSTORE win_store = NULL; + PCCERT_CONTEXT win_ctx = NULL; +#endif + redisSSLContext *ctx = hi_calloc(1, sizeof(redisSSLContext)); if (ctx == NULL) goto error; @@ -234,6 +244,31 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char * } if (capath || cacert_filename) { +#ifdef _WIN32 + if (0 == strcmp(cacert_filename, "wincert")) { + win_store = CertOpenSystemStore(NULL, "Root"); + if (!win_store) { + if (error) *error = REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED; + goto error; + } + X509_STORE* store = SSL_CTX_get_cert_store(ctx->ssl_ctx); + while (win_ctx = CertEnumCertificatesInStore(win_store, win_ctx)) { + X509* x509 = NULL; + x509 = d2i_X509(NULL, (const unsigned char**)&win_ctx->pbCertEncoded, win_ctx->cbCertEncoded); + if (x509) { + if ((1 != X509_STORE_add_cert(store, x509)) || + (1 != SSL_CTX_add_client_CA(ctx->ssl_ctx, x509))) + { + if (error) *error = REDIS_SSL_CTX_OS_CERT_ADD_FAILED; + goto error; + } + X509_free(x509); + } + } + CertFreeCertificateContext(win_ctx); + CertCloseStore(win_store, 0); + } else +#endif if (!SSL_CTX_load_verify_locations(ctx->ssl_ctx, cacert_filename, capath)) { if (error) *error = REDIS_SSL_CTX_CA_CERT_LOAD_FAILED; goto error; @@ -257,6 +292,10 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char * return ctx; error: +#ifdef _WIN32 + CertFreeCertificateContext(win_ctx); + CertCloseStore(win_store, 0); +#endif redisFreeSSLContext(ctx); return NULL; } @@ -353,7 +392,11 @@ int redisInitiateSSLWithContext(redisContext *c, redisSSLContext *redis_ssl_ctx) } } - return redisSSLConnect(c, ssl); + if (redisSSLConnect(c, ssl) != REDIS_OK) { + goto error; + } + + return REDIS_OK; error: if (ssl) @@ -437,7 +480,7 @@ static ssize_t redisSSLRead(redisContext *c, char *buf, size_t bufcap) { static ssize_t redisSSLWrite(redisContext *c) { redisSSL *rssl = c->privctx; - size_t len = rssl->lastLen ? rssl->lastLen : hi_sdslen(c->obuf); + size_t len = rssl->lastLen ? rssl->lastLen : sdslen(c->obuf); int rv = SSL_write(rssl->ssl, c->obuf, len); if (rv > 0) { |