Skip to content

Commit

Permalink
load extra certificates from intermediate CA store on windows
Browse files Browse the repository at this point in the history
Signed-off-by: Matthieu Gallien <[email protected]>
  • Loading branch information
mgallien committed Aug 12, 2024
1 parent 74fa0a6 commit 94fd66c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 1 deletion.
27 changes: 26 additions & 1 deletion src/gui/accountstate.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -317,8 +317,33 @@ void AccountState::checkConnectivity()

// If we don't reset the ssl config a second CheckServerJob can produce a
// ssl config that does not have a sensible certificate chain.
#if defined(Q_OS_WIN)
auto sslConfig = QSslConfiguration::defaultConfiguration();

for (const auto &storeName : std::vector<std::wstring>{L"CA"}) {
auto systemStore = CertOpenSystemStore(0, storeName.data());
if (systemStore) {
auto certificatePointer = PCCERT_CONTEXT{nullptr};
while (true) {
certificatePointer = CertFindCertificateInStore(systemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, certificatePointer);
if (!certificatePointer) {
break;
}
const auto der = QByteArray{reinterpret_cast<const char *>(certificatePointer->pbCertEncoded),
static_cast<int>(certificatePointer->cbCertEncoded)};
const auto cert = QSslCertificate{der, QSsl::Der};

qCDebug(lcAccountState()) << "found certificate" << cert.subjectDisplayName() << cert.issuerDisplayName() << "from store" << storeName;

sslConfig.addCaCertificate(cert);
}
CertCloseStore(systemStore, 0);
}
}

QSslConfiguration::setDefaultConfiguration(sslConfig);
#endif
account()->setSslConfiguration(QSslConfiguration::defaultConfiguration());
//#endif
conValidator->checkServerAndAuth();
}
}
Expand Down
6 changes: 6 additions & 0 deletions src/libsync/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ if ( APPLE )
)
endif()

if (WIN32)
list(APPEND OS_SPECIFIC_LINK_LIBRARIES
Crypt32
)
endif()

set(libsync_SRCS
account.h
account.cpp
Expand Down

0 comments on commit 94fd66c

Please sign in to comment.