openharmony/communication_netstack
1
0
Fork 0
mirror of https://gitee.com/openharmony/communication_netstack synced 2024-11-23 06:50:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!1666 证书补充

Browse Source 
Merge pull request !1666 from 马千里/master
This commit is contained in:
openharmony_ci 2024-11-12 04:00:59 +00:00 committed by Gitee
commit 4ac5d2c74b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
View File

@ -713,8 +713,12 @@ bool WebSocketExec::FillCaPath(ConnectContext *context, lws_context_creation_inf
NETSTACK_LOGD("load customize CA: %{public}s", info.client_ssl_ca_filepath);
} else {
info.client_ssl_ca_dirs[0] = WEBSOCKET_SYSTEM_PREPARE_CA_PATH;
context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str();
#ifdef HAS_NETMANAGER_BASE
if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) {
context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str();
}
#endif
NETSTACK_LOGD("load system CA");
}
if (!context->clientCert_.empty()) {

8
frameworks/native/tls_socket/src/tls_context.cpp
View File

@ -182,8 +182,8 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
return false;
}
}
#endif // HAS_NETMANAGER_BASE
if (access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) {
if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca() &&
access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) {
NETSTACK_LOGD("root CA certificates folder exist and can read");
if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), ROOT_CERT_PATH.c_str())) {
NETSTACK_LOGE("load root certificates failed");
@ -193,7 +193,8 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
NETSTACK_LOGD("root CA certificates folder not exist or can not read");
}
std::string userCertPath = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
if (access(userCertPath.c_str(), F_OK | R_OK) == 0) {
if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa() &&
access(userCertPath.c_str(), F_OK | R_OK) == 0) {
NETSTACK_LOGD("user CA certificates folder exist and can read");
if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), userCertPath.c_str())) {
NETSTACK_LOGE("load user certificates failed");
@ -202,6 +203,7 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
} else {
NETSTACK_LOGD("user CA certificates folder not exist or can not read");
}
#endif // HAS_NETMANAGER_BASE
if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), SYSTEM_REPLACE_CA_PATH.c_str())) {
NETSTACK_LOGE("load system replace certificates failed");
return false;

9
test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn
View File

@ -77,6 +77,15 @@ ohos_fuzztest("WebSocketExecFuzzTest") {
"FUZZ_TEST",
"OPENSSL_SUPPRESS_DEPRECATED",
]
if (defined(global_parts_info) &&
defined(global_parts_info.communication_netmanager_base) &&
global_parts_info.communication_netmanager_base) {
external_deps += [ "netmanager_base:net_conn_manager_if" ]
defines += [ "HAS_NETMANAGER_BASE=1" ]
} else {
defines += [ "HAS_NETMANAGER_BASE=0" ]
}
}
group("fuzztest") {

9
test/unittest/websocket/BUILD.gn
View File

@ -63,6 +63,15 @@ ohos_unittest("websocket_unittest") {
external_deps = common_external_deps
external_deps += [ "openssl:libssl_shared" ]
if (defined(global_parts_info) &&
defined(global_parts_info.communication_netmanager_base) &&
global_parts_info.communication_netmanager_base) {
external_deps += [ "netmanager_base:net_conn_manager_if" ]
defines += [ "HAS_NETMANAGER_BASE=1" ]
} else {
defines += [ "HAS_NETMANAGER_BASE=0" ]
}
part_name = "netstack"
subsystem_name = "communication"
}