Created
February 21, 2019 12:29
-
-
Save ma8ma/280db4d5d481820edd97f1357b337e32 to your computer and use it in GitHub Desktop.
JDim GnuTLSを使って自前で用意した証明書でhostnameを検証するパッチ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2ちゃんねるブラウザ JDimのパッチです | |
修正内容:GnuTLSを使うビルドで自前で用意したX.509証明書でhostnameを検証する | |
証明書:https://curl.haxx.se/docs/caextract.html | |
使い方 | |
1. https://github.com/ma8ma/JDim/tree/minefield にパッチを適応してビルドします。 | |
ビルド方法はリンク先の説明を見てください。 | |
2. 適当な証明書をダウンロードしてディレクトリにコピーします。(shaの検査もしてください) | |
$ wget https://curl.haxx.se/ca/cacert.pem | |
$ wget https://curl.haxx.se/ca/cacert.pem.sha256 | |
$ sha256sum -c cacert.pem.sha256 | |
=> cacert.pem: OK | |
3. JDimを実行して適当なhttpsリンクの画像を開いてください。 | |
$ ./src/jdim | |
diff --git a/src/jdlib/ssl.cpp b/src/jdlib/ssl.cpp | |
index 750218f6..2673ded0 100644 | |
--- a/src/jdlib/ssl.cpp | |
+++ b/src/jdlib/ssl.cpp | |
@@ -73,7 +73,12 @@ bool JDSSL::connect( const int soc, const char *host ) | |
#if GNUTLS_VERSION_NUMBER >= 0x030406 | |
gnutls_certificate_allocate_credentials( &m_cred ); | |
+#if 0 | |
ret = gnutls_certificate_set_x509_system_trust( m_cred ); | |
+#else | |
+ constexpr const char* cafile = "cacert.pem"; | |
+ ret = gnutls_certificate_set_x509_trust_file( m_cred, cafile, GNUTLS_X509_FMT_PEM ); | |
+#endif | |
assert( ret >= 0 ); | |
gnutls_server_name_set( m_session, GNUTLS_NAME_DNS, host, strlen( host ) ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment