I'm trying to verify a server's SSL certificate. I have a bundle of CA
certificates which I can use to verify, but I can't see any way to pass those
to the Nim SSL code (the `certFile` and `keyFile` parameters are, I believe,
used for server-side context setup, not client-side, which is my use case).
My code:
import net
proc verify_cert(domain: string): bool =
let context = newContext(protVersion=protTLSv1)
try:
let socket = newSocket()
try:
context.wrapSocket(socket)
try:
socket.connect(domain, Port(443), timeout=3000)
result = true
except SslError:
echo getCurrentExceptionMsg()
let e = getCurrentException()
echo getStackTrace(e)
result = false
finally:
socket.close()
finally:
destroyContext(context)
echo verify_cert("github.com")
I would expect to be able to pass somewhere to the Nim `net` code info about
where the CA certificates live (either my own store, or an OS-specific store) -
perhaps in `newContext` or in `wrapSocket`, but can't see anything which looks
like it). The code in `httpclient` seems to avoid certificate verification.
Any suggestions?
