hexonaut
commented
11 years ago You can change the default location by calling neko.tls.Socket.setCertificateLocations(). I am open to alternatives in how to deal with this.
Closed mockey closed 11 years ago
hexonaut
commented
11 years ago You can change the default location by calling neko.tls.Socket.setCertificateLocations(). I am open to alternatives in how to deal with this.
mockey
commented
11 years ago Ah, didn't see this. The previous hxssl version I used worked without certificates I think. Anyway, neko.tls.Socket.setCertificateLocations seems a bit complicated for a simple https-request, doesn't it? Need to use a customRequest then, I think. How about a static method for this? Also I tried: https.customRequest(false, output, sock); with: var sock = new neko.tls.Socket(); sock.setCertificateLocations("/etc/ssl/certs/ca-certificates.crt"); but doesn't work. _SSL_CTX_load_verify_locations looks pretty wrong actually, I would say...
mockey
commented
11 years ago Ok, you have to use neko.Lib.haxeToNeko in haxe if you want a val_string (otherwise you get a val_object). Then you can write: char *sslCertFile = "/etc/ssl/certs/ca-bundle.crt"; if (val_is_string(certFile)) sslCertFile = val_string(certFile); or so... Still, I think a static method (or two static properties) for setting this would be better, so you don't have to mess with the socket instance and customRequest.
I just compiled a Linux64 ndll (got some libcrypto load error with the ndll from the repo). You should add -fPIC in the makefile, but I guess you know that already. Also there is a hard-coded path: sslCertFile = "/etc/ssl/certs/ca-bundle.crt". Is this the right way to deal with it? My cert-file is "/etc/ssl/certs/ca-certificates.crt" e.g.