Open wahnwitz opened 4 years ago
I don't see it mentioned here, but I recall it being mentioned that this wasn't a problem with the some other Raku HTTP client. I took a look into why and...they don't do certificate verification, it seems. :scream_cat:
Thus one can, I guess, pass :insecure
and to this module and get the same result (e.g. it works), though that's a really bad idea. It seems the underlying issue is that SSL_CTX_set_default_verify_paths
on Windows doesn't really do anything useful since there isn't anything to hand in the right kind of format for it to load; this post on SO hints at what we might do to resolve this.
This code seems to work for getting certificates from the Windows certificate store:
#!/usr/bin/env perl6
use NativeCall;
my constant HStore = Pointer;
sub CertOpenSystemStoreA(Pointer, Str) returns HStore
is native('Crypt32.dll') {*}
sub CertCloseStore(HStore, int32)
is native('Crypt32.dll') {*}
my class PContext is repr('CStruct') {
has int32 $.cert-encoding-type;
has Pointer $.cert-encoded;
has int32 $.cert-encoded-bytes;
# There's further properties, but we don't need to access them
}
sub CertEnumCertificatesInStore(HStore, PContext) returns PContext
is native('Crypt32.dll') {*}
sub CertFreeCertificateContext(PContext)
is native('Crypt32.dll') {*}
my $win-cert-store = CertOpenSystemStoreA(Pointer, "ROOT");
my $p-context = PContext;
while $p-context = CertEnumCertificatesInStore($win-cert-store, $p-context) {
note $p-context;
}
CertFreeCertificateContext($p-context);
CertCloseStore($win-cert-store, 0);
Now it's a matter of figuring out how to integrate it.
I can confirm that I can install and test IO::Socket::Async::SSL:ver<0.7.5> successfully.
Test with:
await runs out of time.