2 năm trước cách đây · 265ae0ba49
--- a/source/core/Http.cpp
+++ b/source/core/Http.cpp
@@ -5,6 +5,7 @@
 
				 #include "Http.h"

			
 
				 #include "NeonIntf.h"

			
 
				 #include "Exceptions.h"

			
 
				+#include "CoreMain.h"

			
 
				 #include "ne_request.h"

			
 
				 #include "TextsCore.h"

			
 
				 #include <openssl/ssl.h>

			
@@ -234,12 +235,22 @@ int THttp::NeonServerSSLCallbackImpl(int Failures, const ne_ssl_certificate * Ce
 
				   UnicodeString WindowsCertificateError;

			
 
				   if (Failures != 0)

			
 
				   {

			
 
				-    NeonWindowsValidateCertificate(Failures, AsciiCert, WindowsCertificateError);

			
 
				+    AppLogFmt(L"TLS failure: %s (%d)", (NeonCertificateFailuresErrorStr(Failures, FHostName), Failures));

			
 
				+    AppLogFmt(L"Hostname: %s, Certificate: %s", (FHostName, AsciiCert, AsciiCert));

			
 
				+    if (NeonWindowsValidateCertificate(Failures, AsciiCert, WindowsCertificateError))

			
 
				+    {

			
 
				+      AppLogFmt(L"Certificate trusted by Windows certificate store (%d)", (Failures));

			
 
				+    }

			
 
				+    if (!WindowsCertificateError.IsEmpty())

			
 
				+    {

			
 
				+      AppLogFmt(L"Error from Windows certificate store: %s", (WindowsCertificateError));

			
 
				+    }

			
 
				   }

			
 
				 

			
 
				   if (Failures != 0)

			
 
				   {

			
 
				     FCertificateError = NeonCertificateFailuresErrorStr(Failures, FHostName);

			
 
				+    AppLogFmt(L"TLS certificate error: %s", (FCertificateError));

			
 
				     AddToList(FCertificateError, WindowsCertificateError, L"\n");

			
 
				   }

			
 
				 

			
--- a/source/core/Security.cpp
+++ b/source/core/Security.cpp
@@ -151,7 +151,11 @@ bool WindowsValidateCertificate(const unsigned char * Certificate, size_t Len, U
 
				     CertCreateCertificateContext(

			
 
				       X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, Certificate, Len);

			
 
				 

			
 
				-  if (CertContext != NULL)

			
 
				+  if (CertContext == NULL)

			
 
				+  {

			
 
				+    Error = L"Cannot create certificate context";

			
 
				+  }

			
 
				+  else

			
 
				   {

			
 
				     CERT_CHAIN_PARA ChainPara;

			
 
				     // Retrieve the certificate chain of the certificate

			
@@ -182,13 +186,21 @@ bool WindowsValidateCertificate(const unsigned char * Certificate, size_t Len, U
 
				 

			
 
				     HCERTCHAINENGINE ChainEngine;

			
 
				     bool ChainEngineResult = CertCreateCertificateChainEngine(&ChainConfig, &ChainEngine);

			
 
				-    if (ChainEngineResult)

			
 
				+    if (!ChainEngineResult)

			
 
				+    {

			
 
				+      Error = L"Cannot create certificate chain engine";

			
 
				+    }

			
 
				+    else

			
 
				     {

			
 
				       const CERT_CHAIN_CONTEXT * ChainContext = NULL;

			
 
				-      if (CertGetCertificateChain(ChainEngine, CertContext, NULL, NULL, &ChainPara,

			
 
				+      if (!CertGetCertificateChain(ChainEngine, CertContext, NULL, NULL, &ChainPara,

			
 
				             CERT_CHAIN_CACHE_END_CERT |

			
 
				             CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,

			
 
				             NULL, &ChainContext))

			
 
				+      {

			
 
				+        Error = L"Cannot get certificate chain";

			
 
				+      }

			
 
				+      else

			
 
				       {

			
 
				         CERT_CHAIN_POLICY_PARA PolicyPara;

			
 
				 

			
@@ -199,8 +211,11 @@ bool WindowsValidateCertificate(const unsigned char * Certificate, size_t Len, U
 
				         CERT_CHAIN_POLICY_STATUS PolicyStatus;

			
 
				         PolicyStatus.cbSize = sizeof(PolicyStatus);

			
 
				 

			
 
				-        if (CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL,

			
 
				-              ChainContext, &PolicyPara, &PolicyStatus))

			
 
				+        if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, ChainContext, &PolicyPara, &PolicyStatus))

			
 
				+        {

			
 
				+          Error = L"Cannot verify certificate chain policy";

			
 
				+        }

			
 
				+        else

			
 
				         {

			
 
				           // Windows thinks the certificate is valid.

			
 
				           Result = (PolicyStatus.dwError == S_OK);

			
--- a/source/windows/Setup.cpp
+++ b/source/windows/Setup.cpp
@@ -875,6 +875,10 @@ static THttp * __fastcall CreateHttp(const TUpdatesConfiguration & Updates)
 
				       break;

			
 
				   }

			
 
				 

			
 
				+  if (!ProxyHost.IsEmpty())

			
 
				+  {

			
 
				+    AppLogFmt("Using proxy: %s:%d", (ProxyHost, ProxyPort));

			
 
				+  }

			
 
				   Http->ProxyHost = ProxyHost;

			
 
				   Http->ProxyPort = ProxyPort;

			
 
				 

			
@@ -944,6 +948,7 @@ static bool __fastcall DoQueryUpdates(TUpdatesConfiguration & Updates, bool Coll
 
				     {

			
 
				       if (CheckForUpdatesHTTP->IsCertificateError())

			
 
				       {

			
 
				+        AppLog(L"Certificate error detected.");

			
 
				         Configuration->Usage->Inc(L"UpdateCertificateErrors");

			
 
				       }

			
 
				       throw;

			
--- a/source/windows/Tools.cpp
+++ b/source/windows/Tools.cpp
@@ -1628,6 +1628,7 @@ bool __fastcall AutodetectProxy(UnicodeString & HostName, int & PortNumber)
 
				     {

			
 
				       HostName = CutToChar(Proxy, L':', true);

			
 
				       PortNumber = StrToIntDef(Proxy, ProxyPortNumber);

			
 
				+      AppLogFmt("Proxy autodetected: %s:%d", (HostName, PortNumber));

			
 
				     }

			
 
				   }