Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
涵涵努努
hiredis
提交
6693863f
H
hiredis
项目概览
涵涵努努
/
hiredis
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
H
hiredis
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
6693863f
编写于
9月 08, 2020
作者:
A
Alessio M
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add support for system CA certificate store on Windows
上级
2a5a57b9
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
46 addition
and
1 deletion
+46
-1
hiredis_ssl.h
hiredis_ssl.h
+3
-1
ssl.c
ssl.c
+43
-0
未找到文件。
hiredis_ssl.h
浏览文件 @
6693863f
...
...
@@ -56,7 +56,9 @@ typedef enum {
REDIS_SSL_CTX_CERT_KEY_REQUIRED
,
/* Client cert and key must both be specified or skipped */
REDIS_SSL_CTX_CA_CERT_LOAD_FAILED
,
/* Failed to load CA Certificate or CA Path */
REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED
,
/* Failed to load client certificate */
REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED
/* Failed to load private key */
REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED
,
/* Failed to load private key */
REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED
,
/* Failed to open system certifcate store */
REDIS_SSL_CTX_OS_CERT_ADD_FAILED
/* Failed to add CA certificates obtained from system to the SSL context */
}
redisSSLContextError
;
/**
...
...
ssl.c
浏览文件 @
6693863f
...
...
@@ -38,6 +38,7 @@
#include <string.h>
#ifdef _WIN32
#include <windows.h>
#include <wincrypt.h>
#else
#include <pthread.h>
#endif
...
...
@@ -182,6 +183,10 @@ const char *redisSSLContextGetError(redisSSLContextError error)
return
"Failed to load client certificate"
;
case
REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED
:
return
"Failed to load private key"
;
case
REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED
:
return
"Failed to open system certifcate store"
;
case
REDIS_SSL_CTX_OS_CERT_ADD_FAILED
:
return
"Failed to add CA certificates obtained from system to the SSL context"
;
default:
return
"Unknown error code"
;
}
...
...
@@ -214,6 +219,11 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *
const
char
*
cert_filename
,
const
char
*
private_key_filename
,
const
char
*
server_name
,
redisSSLContextError
*
error
)
{
#ifdef _WIN32
HCERTSTORE
win_store
=
NULL
;
PCCERT_CONTEXT
win_ctx
=
NULL
;
#endif
redisSSLContext
*
ctx
=
hi_calloc
(
1
,
sizeof
(
redisSSLContext
));
if
(
ctx
==
NULL
)
goto
error
;
...
...
@@ -234,6 +244,35 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *
}
if
(
capath
||
cacert_filename
)
{
#ifdef _WIN32
if
(
0
==
strcmp
(
cacert_filename
,
"wincert"
))
{
win_store
=
CertOpenSystemStore
(
NULL
,
"Root"
);
if
(
!
win_store
)
{
if
(
error
)
*
error
=
REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED
;
goto
error
;
}
X509_STORE
*
store
=
SSL_CTX_get_cert_store
(
ctx
->
ssl_ctx
);
while
(
win_ctx
=
CertEnumCertificatesInStore
(
win_store
,
win_ctx
))
{
X509
*
x509
=
NULL
;
x509
=
d2i_X509
(
NULL
,
(
const
unsigned
char
**
)
&
win_ctx
->
pbCertEncoded
,
win_ctx
->
cbCertEncoded
);
if
(
x509
)
{
if
((
1
!=
X509_STORE_add_cert
(
store
,
x509
))
||
(
1
!=
SSL_CTX_add_client_CA
(
ctx
->
ssl_ctx
,
x509
)))
{
if
(
error
)
*
error
=
REDIS_SSL_CTX_OS_CERT_ADD_FAILED
;
goto
error
;
}
X509_free
(
x509
);
}
}
CertFreeCertificateContext
(
win_ctx
);
CertCloseStore
(
win_store
,
0
);
}
else
#endif
if
(
!
SSL_CTX_load_verify_locations
(
ctx
->
ssl_ctx
,
cacert_filename
,
capath
))
{
if
(
error
)
*
error
=
REDIS_SSL_CTX_CA_CERT_LOAD_FAILED
;
goto
error
;
...
...
@@ -257,6 +296,10 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *
return
ctx
;
error:
#ifdef _WIN32
CertFreeCertificateContext
(
win_ctx
);
CertCloseStore
(
win_store
,
0
);
#endif
redisFreeSSLContext
(
ctx
);
return
NULL
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录