final SSL changes [backport:1.2] (#16983)

(cherry picked from commit 74d6a4d7f4)
2026-01-07 21:43:33 +00:00 · 2021-02-09 13:40:09 +01:00
parent aa98aee18d
commit 2db37e2e0e
3 changed files with 31 additions and 8 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -125,6 +125,14 @@
  Proc `rightSize` for Tables and HashSets is deprecated, as it is not needed anymore.
  `CountTable.inc` takes `val: int` again not `val: Positive`; I.e. it can "count down" again.
 - Removed deprecated symbols from `macros` module, deprecated as far back as `0.15`.
+- On Windows the SSL library now checks for valid certificates.
+  It uses the `cacert.pem` file for this purpose which was extracted
+  from `https://curl.se/ca/cacert.pem`. Besides
+  the OpenSSL DLLs (e.g. libssl-1_1-x64.dll, libcrypto-1_1-x64.dll) you
+  now also need to ship `cacert.pem` with your `.exe` file.
+
+
+- Make `{.requiresInit.}` pragma to work for `distinct` types.


 - Added `asyncdispatch.activeDescriptors` that returns the number of currently
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -22,6 +22,17 @@
 ## In order to use the SSL procedures defined in this module, you will need to
 ## compile your application with the ``-d:ssl`` flag.
 ##
+##
+## SSL on Windows
+## ==============
+##
+## On Windows the SSL library checks for valid certificates.
+## It uses the `cacert.pem` file for this purpose which was extracted
+## from `https://curl.se/ca/cacert.pem`. Besides
+## the OpenSSL DLLs (e.g. libssl-1_1-x64.dll, libcrypto-1_1-x64.dll) you
+## also need to ship `cacert.pem` with your `.exe` file.
+##
+##
 ## Examples
 ## ========
 ##
--- a/lib/pure/ssl_certs.nim
+++ b/lib/pure/ssl_certs.nim
@@ -107,14 +107,18 @@ iterator scanSSLCertificates*(useEnvVars = false): string =

  else:
    when defined(windows):
-      let pem = getAppDir() / "cacert.pem"
-      # We download the certificates according to https://curl.se/docs/caextract.html
-      # These are the certificates from Firefox. The 'bitsadmin.exe' tool ships with every
-      # recent version of Windows (Windows 8, Windows XP, etc.)
-      if not fileExists(pem):
-        discard os.execShellCmd("""bitsadmin.exe /rawreturn /transfer "JobName" /priority FOREGROUND https://curl.se/ca/cacert.pem """ &
-          quoteShell(pem))
-      yield pem
+      const cacert = "cacert.pem"
+      let pem = getAppDir() / cacert
+      if fileExists(pem):
+        yield pem
+      else:
+        let path = getEnv("PATH")
+        for candidate in split(path, PathSep):
+          if candidate.len != 0:
+            let x = (if candidate[0] == '"' and candidate[^1] == '"':
+                      substr(candidate, 1, candidate.len-2) else: candidate) / cacert
+            if fileExists(x):
+              yield x
    elif not defined(haiku):
      for p in certificatePaths:
        if p.endsWith(".pem") or p.endsWith(".crt"):