diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-04-13 21:17:55 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2023-05-12 09:58:23 +0200 |
| commit | 6fd99823581dd05d27a1ff773b67a8ea616993cc (patch) | |
| tree | 1baf791a581f4ce5a73433434400546b4a4051fe /platform/windows | |
| parent | 4e1d5be9d33e8a14254f0ccd0910743073970413 (diff) | |
| download | redot-engine-6fd99823581dd05d27a1ff773b67a8ea616993cc.tar.gz | |
[TLS] Add support for platform-specific CA bundles.
Adds a new OS::get_system_ca_certs method which can be implemented by
platforms to retrieve the list of trusted CA certificates using OS
specific APIs.
The function should return the certificates in PEM format, and is
currently implemented for Windows/macOS/LinuxBSD(*)/Android.
mbedTLS will fall back to bundled certificates when the OS returns no
certificates.
(*) LinuxBSD does not have a standardized certificates store location.
The current implementation will test for common locations and may
return an empty string on some distributions (falling back to the
bundled certificates).
Diffstat (limited to 'platform/windows')
| -rw-r--r-- | platform/windows/detect.py | 2 | ||||
| -rw-r--r-- | platform/windows/os_windows.cpp | 21 | ||||
| -rw-r--r-- | platform/windows/os_windows.h | 2 |
3 files changed, 25 insertions, 0 deletions
diff --git a/platform/windows/detect.py b/platform/windows/detect.py index cd6d461a93..963f533d67 100644 --- a/platform/windows/detect.py +++ b/platform/windows/detect.py @@ -413,6 +413,7 @@ def configure_msvc(env, vcvars_msvc_config): "dxguid", "imm32", "bcrypt", + "Crypt32", "Avrt", "dwmapi", "dwrite", @@ -592,6 +593,7 @@ def configure_mingw(env): "ksuser", "imm32", "bcrypt", + "crypt32", "avrt", "uuid", "dwmapi", diff --git a/platform/windows/os_windows.cpp b/platform/windows/os_windows.cpp index a13d6ed986..d119bce1bd 100644 --- a/platform/windows/os_windows.cpp +++ b/platform/windows/os_windows.cpp @@ -55,6 +55,7 @@ #include <regstr.h> #include <shlobj.h> #include <wbemcli.h> +#include <wincrypt.h> #ifdef DEBUG_ENABLED #pragma pack(push, before_imagehlp, 8) @@ -1677,6 +1678,26 @@ Error OS_Windows::move_to_trash(const String &p_path) { return OK; } +String OS_Windows::get_system_ca_certificates() { + HCERTSTORE cert_store = CertOpenSystemStoreA(0, "ROOT"); + ERR_FAIL_COND_V_MSG(!cert_store, "", "Failed to read the root certificate store."); + + String certs; + PCCERT_CONTEXT curr = CertEnumCertificatesInStore(cert_store, nullptr); + while (curr) { + DWORD size = 0; + bool success = CryptBinaryToStringA(curr->pbCertEncoded, curr->cbCertEncoded, CRYPT_STRING_BASE64HEADER | CRYPT_STRING_NOCR, nullptr, &size); + ERR_CONTINUE(!success); + PackedByteArray pba; + pba.resize(size); + CryptBinaryToStringA(curr->pbCertEncoded, curr->cbCertEncoded, CRYPT_STRING_BASE64HEADER | CRYPT_STRING_NOCR, (char *)pba.ptrw(), &size); + certs += String((char *)pba.ptr(), size); + curr = CertEnumCertificatesInStore(cert_store, curr); + } + CertCloseStore(cert_store, 0); + return certs; +} + OS_Windows::OS_Windows(HINSTANCE _hInstance) { hInstance = _hInstance; diff --git a/platform/windows/os_windows.h b/platform/windows/os_windows.h index 960c3f30a9..c5f95870b3 100644 --- a/platform/windows/os_windows.h +++ b/platform/windows/os_windows.h @@ -226,6 +226,8 @@ public: virtual Error move_to_trash(const String &p_path) override; + virtual String get_system_ca_certificates() override; + void set_main_window(HWND p_main_window) { main_window = p_main_window; } HINSTANCE get_hinstance() { return hInstance; } |