默认校验路径

.github/workflows/windows.yml

@@ -46,15 +46,15 @@ jobs:
         if: steps.cache-xmake.outputs.cache-hit != 'true'
         run: |
             # xmake g --pkg_installdir=./cache/.xmake/packages
-            xmake f -vD -y -F action_xmake.lua
+            xmake f -vD -y -F --openssl_no_sys=y
         
       - name: Build
         run: |
-            xmake -vrDw -y -F action_xmake.lua
+            xmake -vrDw -y -F 
 
       - name: Package
         run: |
-            xmake pack -y -o ./ -F action_xmake.lua
+            xmake pack -y -o ./ -F 
 
       - name: Upload Artifact
         uses: actions/upload-artifact@v4

src/config.cpp

@@ -144,6 +144,8 @@ namespace hcpp
                 if (path_prefix != nullptr)
                 {
                     i = path_prefix + i.substr(1);
+                }else{
+                    log::warn("没有HOME系统变量,不处理 ~");
                 }
             }
         };

src/https/ssl_socket_wrap.cpp

@@ -1,5 +1,6 @@
 #include "ssl_socket_wrap.h"
 #include "http/thack.h"
+#include "os/common.h"
 
 #include <asio/streambuf.hpp>
 #include <asio/read_until.hpp>
@@ -187,8 +188,6 @@ namespace hcpp
         // context.use_certificate_file("output.crt", ssl::context::file_format::pem);
         ctx_->use_certificate_chain(asio::buffer(si.cert_pem_));
         ctx_->use_private_key(asio::buffer(si.pkey_pem_), asio::ssl::context::pem);
-        // ctx_->use_certificate_chain_file("server.crt.pem");
-        // ctx_->use_private_key_file("server.key.pem", asio::ssl::context::pem);
         ssl_sock_ = std::make_unique<ssl_socket>(std::move(sock), *ctx_);
     }
 
@@ -228,9 +227,14 @@ namespace hcpp
         }
     }
 
-    void ssl_sock_mem::set_verify_callback(verify_callback cb)
+    void ssl_sock_mem::set_verify_callback(verify_callback cb, std::optional<string> verify_path)
     {
-        ctx_->add_verify_path(X509_get_default_cert_dir());
+        if (!verify_path)
+        {
+            set_platform_default_verify_store(*ctx_);
+        }else{
+            ctx_->add_verify_path(*verify_path);
+        } 
         ssl_sock_->set_verify_mode(ssl::verify_peer);
         ssl_sock_->set_verify_callback(cb);
     }

src/https/ssl_socket_wrap.h

@@ -4,6 +4,7 @@
 #include "asio_coroutine_net.h"
 
 #include <set>
+#include <optional>
 
 #include <asio/ssl.hpp>
 
@@ -58,7 +59,7 @@ namespace hcpp
         void set_sni(std::string sni);
         void close_sni();
         using verify_callback = std::function<bool(bool, ssl::verify_context &)>;
-        void set_verify_callback(verify_callback cb);
+        void set_verify_callback(verify_callback cb,std::optional<string> verify_path=std::nullopt);
 
     public:
         ~ssl_sock_mem();

src/httpserver.cpp

@@ -181,7 +181,7 @@ namespace hcpp
         ta_ = w;
     }
 
-    static thread_local std::unordered_map<std::string, subject_identify> ca_subject_map;
+    static thread_local std::unordered_map<std::string, subject_identify> server_subject_map;
 
     awaitable<void> mimt_https_server::wait_c(std::size_t cn, std::vector<proxy_service> ps)
     {
@@ -210,7 +210,6 @@ namespace hcpp
             {
                 try
                 {
-                    // 放到单独的协程运行
                     std::shared_ptr<channel_client> cc = co_await c->async_receive();
                     auto hsc = std::make_unique<https_client>();
                     hsc->host_ = cc->host_;
@@ -221,6 +220,7 @@ namespace hcpp
                         log::error("无法获取socket");
                         continue;
                     }
+                    //TODO 抽象工厂方法
                     auto sk = std::make_shared<mitm_svc>();
                     part_cert_info pci{};
 
@@ -232,15 +232,15 @@ namespace hcpp
                             sk->close_sni();
                     }
                     co_await sk->make_memory(hsc->host_, hsc->service_, pci);
-                    if (auto i = ca_subject_map.find(hsc->host_); i != ca_subject_map.end())
+                    if (auto i = server_subject_map.find(hsc->host_); i != server_subject_map.end())
                     {
                         si = i->second;
                     }
                     else
                     {
-                        log::info("mimt_https_server::wait_c:创建ca_subject_map缓存 => {}", hsc->host_);
+                        log::info("mimt_https_server::wait_c:创建server_subject_map缓存 => {}", hsc->host_);
                         si = sk->make_fake_server_id(pci.dns_name_, ca_subject);
-                        ca_subject_map.insert({hsc->host_, si});
+                        server_subject_map.insert({hsc->host_, si});
                     }
 
                     hsc->set_mem(co_await std::move(*cc).make(std::move(si)));
@@ -300,4 +300,9 @@ namespace hcpp
         ca_subject_ = std::make_shared<subject_identify>(std::move(ca_subject));
     }
 
+    void mimt_https_server::set_root_verify_store_path(std::string_view root_verify_store_path)
+    {
+        root_verify_store_path_=root_verify_store_path;
+    }
+
 } // namespace hcpp

src/httpserver.h

@@ -16,7 +16,6 @@
 
 namespace hcpp
 {
-
     using asio::awaitable;
     using namespace asio::experimental;
 
@@ -85,9 +84,11 @@ namespace hcpp
         std::set<std::pair<std::string, std::string>> tunnel_set_;
 
         void set_ca(subject_identify ca_subject);
+        void set_root_verify_store_path(std::string_view root_verify_store_path);
     private:
         std::shared_ptr<socket_channel> channel_;
         std::shared_ptr<subject_identify> ca_subject_;
+        std::string root_verify_store_path_;
     };
 
     using notify_channel = asio::use_awaitable_t<>::as_default_on_t<concurrent_channel<void(asio::error_code, std::string)>>;

src/os/common.h

@@ -0,0 +1,13 @@
+#ifndef SRC_OS_COMMON
+#define SRC_OS_COMMON
+
+#include <asio/ssl.hpp>
+
+namespace hcpp
+{
+    using namespace asio;
+
+    void set_platform_default_verify_store(ssl::context& ctx);
+} // namespace hcpp
+
+#endif /* SRC_OS_COMMON */

src/os/linux.cpp

@@ -0,0 +1,10 @@
+#include "common.h"
+
+namespace hcpp
+{
+    void set_platform_default_verify_store(ssl::context& ctx)
+    {
+        // ctx_->add_verify_path(X509_get_default_cert_dir());
+        ctx.set_default_verify_paths();
+    }
+} // namespace hcpp

src/os/windows.cpp

@@ -0,0 +1,9 @@
+#include "common.h"
+
+namespace hcpp
+{
+    void set_platform_default_verify_store(ssl::context& ctx)
+    {
+
+    }
+} // namespace hcpp

xmake.lua

@@ -2,17 +2,6 @@ set_project("hcpp")
 set_xmakever("2.8.6")
 add_rules("mode.debug", "mode.release")
 
-if is_os("linux") then
-    set_allowedmodes("debug")
-    set_defaultmode("debug")
-    set_toolchains("clang")
-elseif is_os("windows") then
-    set_encodings("utf-8")
-    -- add_cxxflags("/source-charset:utf-8")
-else
-
-end
-
 set_warnings("all")
 
 set_languages("c++20")
@@ -34,16 +23,34 @@ package("lsf")
 package_end()
 
 local openssl_package_name = ""  
+
+local platform_cpp_file=""
+
 if is_os("windows") then
+    set_encodings("utf-8")
+    -- add_defines("HCPP_XMAKE_WINDOWS")
+
     add_requires("asio 1.28.0",{verify = false})
     add_requires("openssl3",{verify = false})
     add_requires("lsf")
     openssl_package_name = "openssl3"
+    platform_cpp_file="src/os/windows.cpp"
+
+    option("openssl_no_sys")
+        set_default(false)
+        add_requireconfs(openssl_package_name,{system = false})
+
+    add_options("openssl_no_sys")
 else
+    set_allowedmodes("debug")
+    set_defaultmode("debug")
+    set_toolchains("clang")
+
     add_requires("asio >=1.28.0",{verify = false})
     add_requires("openssl >=3.2.0",{verify = false})
     add_requires("lsf" ,{debug = true})
     openssl_package_name = "openssl"
+    platform_cpp_file="src/os/linux.cpp"
 end
 
 add_requires("spdlog >=1.12.0")
@@ -57,6 +64,7 @@ target("hcpp")
 
     add_includedirs("src",{public = true})
     add_files("src/*.cpp","src/https/*.cpp","src/http/*.cpp","src/dns/*.cc","src/certificate/*.cpp")
+    add_files(platform_cpp_file)
     add_files("main.cpp")
 
     set_policy("build.c++.modules", true)