final SSL changes [backport:1.2] (#16983)

(cherry picked from commit 74d6a4d7f4)
2026-01-03 03:32:32 +00:00 · 2021-02-09 13:40:09 +01:00
parent de98648caa
commit ccbdb95539
3 changed files with 35 additions and 8 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -4,6 +4,18 @@

 ## Standard library additions and changes

+- On Windows the SSL library now checks for valid certificates.
+  It uses the `cacert.pem` file for this purpose which was extracted
+  from `https://curl.se/ca/cacert.pem`. Besides
+  the OpenSSL DLLs (e.g. libssl-1_1-x64.dll, libcrypto-1_1-x64.dll) you
+  now also need to ship `cacert.pem` with your `.exe` file.
+
+
+- Make `{.requiresInit.}` pragma to work for `distinct` types.
+
+- Added a macros `enumLen` for returning the number of items in an enum to the
+  `typetraits.nim` module.
+
 - `prelude` now works with the JavaScript target.

 - Added `ioutils` module containing `duplicate` and `duplicateTo` to duplicate `FileHandle` using C function `dup` and `dup2`.
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -24,6 +24,17 @@
 ## `newContext<net.html#newContext%2Cstring%2Cstring%2Cstring%2Cstring%2Cstring>`_
 ## procedure for additional details.
 ##
+##
+## SSL on Windows
+## ==============
+##
+## On Windows the SSL library checks for valid certificates.
+## It uses the `cacert.pem` file for this purpose which was extracted
+## from `https://curl.se/ca/cacert.pem`. Besides
+## the OpenSSL DLLs (e.g. libssl-1_1-x64.dll, libcrypto-1_1-x64.dll) you
+## also need to ship `cacert.pem` with your `.exe` file.
+##
+##
 ## Examples
 ## ========
 ##
--- a/lib/pure/ssl_certs.nim
+++ b/lib/pure/ssl_certs.nim
@@ -107,14 +107,18 @@ iterator scanSSLCertificates*(useEnvVars = false): string =

  else:
    when defined(windows):
-      let pem = getAppDir() / "cacert.pem"
-      # We download the certificates according to https://curl.se/docs/caextract.html
-      # These are the certificates from Firefox. The 'bitsadmin.exe' tool ships with every
-      # recent version of Windows (Windows 8, Windows XP, etc.)
-      if not fileExists(pem):
-        discard os.execShellCmd("""bitsadmin.exe /rawreturn /transfer "JobName" /priority FOREGROUND https://curl.se/ca/cacert.pem """ &
-          quoteShell(pem))
-      yield pem
+      const cacert = "cacert.pem"
+      let pem = getAppDir() / cacert
+      if fileExists(pem):
+        yield pem
+      else:
+        let path = getEnv("PATH")
+        for candidate in split(path, PathSep):
+          if candidate.len != 0:
+            let x = (if candidate[0] == '"' and candidate[^1] == '"':
+                      substr(candidate, 1, candidate.len-2) else: candidate) / cacert
+            if fileExists(x):
+              yield x
    elif not defined(haiku):
      for p in certificatePaths:
        if p.endsWith(".pem") or p.endsWith(".crt"):