This commit adds support for using Windows Schannel (Windows certificate store)
for SSL/TLS certificate verification instead of OpenSSL's verification on Windows.
This provides automatic root certificate updates from Windows Update.
Changes:
- Add CPPHTTPLIB_DISABLE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE macro
to optionally disable this feature and use OpenSSL verification
- Add HTTPLIB_USE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE CMake option (default ON)
- Add wincrypt_error() and wincrypt_chain_error() methods to Result class
for Windows-specific certificate error information
- Modify SSLClient::initialize_ssl() to use Windows CertGetCertificateChain()
and CertVerifyCertificateChainPolicy() APIs for certificate verification
- Update tests to handle both Windows Schannel and OpenSSL verification paths
- Update README.md with documentation for Windows certificate verification
Closes#1978
Based on PR #2116 by @solarispika
* Fix HTTP 414 errors hanging until timeout
* All errors (status code 400+) close the connection
* 🧹
---------
Co-authored-by: Wor Ker <worker@factory>
When the `SSLClient` is used to connect to a plain-HTTP server (which
can happen in clients due to some end-user misconfiguration) it can
return a failure from the `send()` call without setting the `Error`
reference to the corresponding error code. This can cause problems to
callers, that may expect that, when the check like this is passed on
the response:
```c++
if (res.error() == Error::Success)
```
then they can access the response contents with `res.value()`. When
`SSLClient`'s connection fails - the contents `unique_ptr` is not set
and an attemt to access it causes UB.
This change fixes the `SSLClient::create_and_connect_socket` method
making sure that, the `Error` value is set correctly when the
`is_valid()` check fails.
* Fix use of dangling references
When the resolve thread is detached, local variables were still used, which could lead to a program crash.
* Add test to verify dangling ref fix
* Add missing brace initialization
* Assert that the remaining fields are really zeroed
* Fix use of chrono literals
* Initialize start time for server
By initializing start_time_ for server, I hope to measure the time taken to process a request at the end maybe in the set_logger callback and print it.
I only see current usage in client with server retaining the inital min value
* Add test to verify start time is initialized
* Address review comments
* run clang format
* osx: fix inconsistent use of the macro `TARGET_OS_OSX`
Fixed the build error on iOS:
```
httplib.h:3583:3: error: unknown type name 'CFStringRef'
870 | CFStringRef hostname_ref = CFStringCreateWithCString(
```
Note, `TARGET_OS_OSX` is defined but is 0 when `TARGET_OS_IOS` is 1,
and vise versa. Hence, `TARGET_OS_MAC` should have been used, that is
set to 1 for the both targets.
* improve: non-blocking getaddrinfo() for all mac target variants
`TARGET_OS_MAC` should have been used, that is set to 1 for all other
targets: OSX, IPHONE (IOS, TV, WATCH, VISION, BRIDGE), SIMULATOR,
DRIVERKIT.
