From 82acde24e90c855ac434a3e8cc0e235e39f5673c Mon Sep 17 00:00:00 2001
From: Miroslav Shubernetskiy <miroslav@miki725.com>
Date: Thu, 8 Feb 2024 17:14:03 -0500
Subject: [PATCH] using safeRequest from nimtuils to fallback to bundled CA
 bundle

---
 files/con4m/builtins.nim   | 31 ++++++++++++-------------------
 files/con4m/components.nim |  8 ++------
 2 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/files/con4m/builtins.nim b/files/con4m/builtins.nim
index 62fcedc1..69f89515 100644
--- a/files/con4m/builtins.nim
+++ b/files/con4m/builtins.nim
@@ -8,10 +8,7 @@
 import os, tables, osproc, strformat, strutils, options, streams, base64,
        macros, types, typecheck, st, parse, nimutils, errmsg,
        otherlits, treecheck, dollars, unicode, json, httpclient, net, uri,
-       openssl, sugar, nimutils/managedtmp
-
-proc SSL_CTX_load_verify_file(ctx: SslCtx, CAfile: cstring):
-                       cint {.cdecl, dynlib: DLLSSLName, importc.}
+       sugar, nimutils/managedtmp
 
 var externalActionCallback: Option[(string, string) -> void]
 
@@ -1235,23 +1232,19 @@ proc c4mUrlBase*(url: string, post: bool, body: string,
 
   hdrObj = newHttpHeaders(tups)
 
-  if uri.scheme == "https":
-    context = newContext(verifyMode = CVerifyPeer)
-    if pinnedCert != "":
-      discard context.context.SSL_CTX_load_verify_file(pinnedCert)
-    client = newHttpClient(sslContext = context, timeout = timeout)
-  else:
-    client = newHttpClient(timeout = timeout)
-
-  if client == nil:
-    return "ERR 000 Invalid HTTP configuration"
-
   if post:
-    response = client.safeRequest(url = uri, httpMethod = HttpPost,
-                                  body = body, headers = hdrObj)
+    response = safeRequest(url = uri,
+                           httpMethod = HttpPost,
+                           body = body,
+                           headers = hdrObj,
+                           timeout = timeout,
+                           pinnedCert = pinnedCert)
   else:
-    response = client.safeRequest(url = uri, httpMethod = HttpGet,
-                                  headers = hdrObj)
+    response = safeRequest(url = uri,
+                           httpMethod = HttpGet,
+                           headers = hdrObj,
+                           timeout = timeout,
+                           pinnedCert = pinnedCert)
   if response.status[0] != '2':
     result = "ERR " & response.status
 
diff --git a/files/con4m/components.nim b/files/con4m/components.nim
index 52716e08..515be2a4 100644
--- a/files/con4m/components.nim
+++ b/files/con4m/components.nim
@@ -42,16 +42,12 @@ proc getComponentReference*(s: ConfigState, name, loc: string): ComponentInfo =
   return s.getComponentReference(fullComponentSpec(name, loc))
 
 proc fetchAttempt(url: string): string =
-  var
-    uri      = parseUri(url)
-    context  = newContext(verifyMode = CVerifyPeer)
-    client   = newHttpClient(sslContext = context, timeout = 1000)
-    response = client.safeRequest(url = uri, httpMethod = HttpGet)
+  let response = safeRequest(url = url, httpMethod = HttpGet, timeout = 1000)
 
   if response.status[0] != '2':
     return ""
 
-  return response.bodyStream.readAll()
+  return response.body()
 
 proc cacheComponent*(component: ComponentInfo, str: string, force = false) =
   if component.entrypoint != nil and not force: