From 67a52fd70d11bc2b5e0195aa926bb601c1cdd5c8 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Wed, 21 Feb 2018 07:02:28 +0000
Subject: [PATCH] Better error reporting in TLS sockets. Reduce certificate
 checking... the default level will not validate the certificate used by
 acme-staging-v02.api.letsencrypt.org.  Presumably, that means other Google
 API stuff won't work either.

---
 src/sbbs3/js_socket.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/js_socket.c b/src/sbbs3/js_socket.c
index 838ce229b1..0d733c34a3 100644
--- a/src/sbbs3/js_socket.c
+++ b/src/sbbs3/js_socket.c
@@ -1701,12 +1701,19 @@ static JSBool js_socket_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict
 							nb=1;
 							setsockopt(p->sock,IPPROTO_TCP,TCP_NODELAY,(char*)&nb,sizeof(nb));
 							if((ret=do_cryptAttribute(p->session, CRYPT_SESSINFO_NETWORKSOCKET, p->sock))==CRYPT_OK) {
-//								if((ret=do_cryptAttribute(p->session, CRYPT_SESSINFO_VERSION, 0))==CRYPT_OK) {
+								// Reduced compliance checking... required for acme-staging-v02.api.letsencrypt.org
+								do_cryptAttribute(p->session, CRYPT_OPTION_CERT_COMPLIANCELEVEL, CRYPT_COMPLIANCELEVEL_REDUCED);
+//								if((ret=do_cryptAttribute(p->session, CRYPT_SESSINFO_VERSION, 3))==CRYPT_OK) {
 									if((ret=do_cryptAttributeString(p->session, CRYPT_SESSINFO_SERVER_NAME, p->hostname, strlen(p->hostname)))==CRYPT_OK) {
 										if((ret=do_cryptAttribute(p->session, CRYPT_SESSINFO_ACTIVE, 1))!=CRYPT_OK) {
+											char *estr = get_crypt_error(p->session);
+											lprintf(LOG_ERR, "Error setting session active: %s\n", estr);
+											free_crypt_attrstr(estr);
 											cryptDestroySession(p->session);
 											p->session=-1;
 											ioctlsocket(p->sock,FIONBIO,(ulong*)&(p->nonblocking));
+											closesocket(p->sock);
+											p->sock = INVALID_SOCKET;
 										}
 									}
 //								}
@@ -1715,6 +1722,8 @@ static JSBool js_socket_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict
 								cryptDestroySession(p->session);
 								p->session=-1;
 								ioctlsocket(p->sock,FIONBIO,(ulong*)&(p->nonblocking));
+								closesocket(p->sock);
+								p->sock = INVALID_SOCKET;
 							}
 						}
 						else lprintf(LOG_ERR,"cryptCreateSession() Error %d",ret);
@@ -1726,6 +1735,8 @@ static JSBool js_socket_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict
 					cryptDestroySession(p->session);
 					p->session=-1;
 					ioctlsocket(p->sock,FIONBIO,(ulong*)&(p->nonblocking));
+					closesocket(p->sock);
+					p->sock = INVALID_SOCKET;
 				}
 			}
 			JS_RESUMEREQUEST(cx, rc);
-- 
GitLab