I'm trying to verify a server's SSL certificate. I have a bundle of CA certificates which I can use to verify, but I can't see any way to pass those to the Nim SSL code (the certFile and keyFile parameters are, I believe, used for server-side context setup, not client-side, which is my use case).
My code:
import net
proc verify_cert(domain: string): bool =
let context = newContext(protVersion=protTLSv1)
try:
let socket = newSocket()
try:
context.wrapSocket(socket)
try:
socket.connect(domain, Port(443), timeout=3000)
result = true
except SslError:
echo getCurrentExceptionMsg()
let e = getCurrentException()
echo getStackTrace(e)
result = false
finally:
socket.close()
finally:
destroyContext(context)
echo verify_cert("github.com")
I would expect to be able to pass somewhere to the Nim net code info about where the CA certificates live (either my own store, or an OS-specific store) - perhaps in newContext or in wrapSocket, but can't see anything which looks like it). The code in httpclient seems to avoid certificate verification.
Any suggestions?