Feature request: handle "No SSL/TLS CA certificates found"

[FedericoCeratto]

Nimble could suggest solutions for missing CA certificates based on the OS.

Related: https://github.com/nim-lang/Nim/issues/782#issuecomment-785531690 https://forum.nim-lang.org/t/7551 https://forum.nim-lang.org/t/7582

[treeform]

import httpclient
var client = newHttpClient()
echo client.getContent("http://google.com")

nim c -r -d:ssl .\certtest.nim

C:\Users\me\.choosenim\toolchains\nim-1.4.4\lib\pure\httpclient.nim(557) certtest
C:\Users\me\.choosenim\toolchains\nim-1.4.4\lib\pure\httpclient.nim(324) getDefaultSSL
C:\Users\me\.choosenim\toolchains\nim-1.4.4\lib\pure\net.nim(658) newContext
Error: unhandled exception: No SSL/TLS CA certificates found. [IOError]

Event though I have

C:\Users\me\.choosenim\toolchains\nim-1.4.4\bin\cacert.pam

I need to copy this file to the folder of the exe to make it work.

Fix found:

I copied it to

C:\Users\me\.nimble\bin\cacert.pam

Turns out C:\Users\me\.choosenim\toolchains\nim-1.4.4\bin\ is not on $PATH as I thought it was. But this is the folder where nim puts cacert.pam it should put it into C:\Users\me\.nimble\bin\ instead.

[dom96]

Yes, so it does work when put in the $PATH. What mechanism does Nim use to put it in C:\Users\me\.choosenim\toolchains\nim-1.4.4\bin\?

[enthus1ast]

On windows we could use the os cert store, since this is updated automatically by the os on windows updates, so no need to get the cacert.pem from "somewhere".

https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store

[dom96]

We can do this: https://github.com/nim-lang/nimble/issues/949

[Araq]

@enthus1ast I considered it and the interaction only works through temporary generated files. It's not clear where to put these and when to generate these so there are no known benefits of using the Windows API in this case.