using safeRequest from nimtuils to fallback to bundled CA bundle

crashappsec · Feb 8, 2024 · 82acde2 · 82acde2
1 parent d2a081b
commit 82acde2
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 25 deletions.
diff --git a/files/con4m/builtins.nim b/files/con4m/builtins.nim
@@ -8,10 +8,7 @@
 import os, tables, osproc, strformat, strutils, options, streams, base64,
        macros, types, typecheck, st, parse, nimutils, errmsg,
        otherlits, treecheck, dollars, unicode, json, httpclient, net, uri,
-       openssl, sugar, nimutils/managedtmp
-
-proc SSL_CTX_load_verify_file(ctx: SslCtx, CAfile: cstring):
-                       cint {.cdecl, dynlib: DLLSSLName, importc.}
+       sugar, nimutils/managedtmp
 
 var externalActionCallback: Option[(string, string) -> void]
 
@@ -1235,23 +1232,19 @@ proc c4mUrlBase*(url: string, post: bool, body: string,
 
   hdrObj = newHttpHeaders(tups)
 
-  if uri.scheme == "https":
-    context = newContext(verifyMode = CVerifyPeer)
-    if pinnedCert != "":
-      discard context.context.SSL_CTX_load_verify_file(pinnedCert)
-    client = newHttpClient(sslContext = context, timeout = timeout)
-  else:
-    client = newHttpClient(timeout = timeout)
-
-  if client == nil:
-    return "ERR 000 Invalid HTTP configuration"
-
   if post:
-    response = client.safeRequest(url = uri, httpMethod = HttpPost,
-                                  body = body, headers = hdrObj)
+    response = safeRequest(url = uri,
+                           httpMethod = HttpPost,
+                           body = body,
+                           headers = hdrObj,
+                           timeout = timeout,
+                           pinnedCert = pinnedCert)
   else:
-    response = client.safeRequest(url = uri, httpMethod = HttpGet,
-                                  headers = hdrObj)
+    response = safeRequest(url = uri,
+                           httpMethod = HttpGet,
+                           headers = hdrObj,
+                           timeout = timeout,
+                           pinnedCert = pinnedCert)
   if response.status[0] != '2':
     result = "ERR " & response.status
 

diff --git a/files/con4m/components.nim b/files/con4m/components.nim
@@ -42,16 +42,12 @@ proc getComponentReference*(s: ConfigState, name, loc: string): ComponentInfo =
   return s.getComponentReference(fullComponentSpec(name, loc))
 
 proc fetchAttempt(url: string): string =
-  var
-    uri      = parseUri(url)
-    context  = newContext(verifyMode = CVerifyPeer)
-    client   = newHttpClient(sslContext = context, timeout = 1000)
-    response = client.safeRequest(url = uri, httpMethod = HttpGet)
+  let response = safeRequest(url = url, httpMethod = HttpGet, timeout = 1000)
 
   if response.status[0] != '2':
     return ""
 
-  return response.bodyStream.readAll()
+  return response.body()
 
 proc cacheComponent*(component: ComponentInfo, str: string, force = false) =
   if component.entrypoint != nil and not force: