Juan Lang : crypt32: Don't fail chain creation if root isn't
self-signed.
Alexandre Julliard
julliard at wine.codeweavers.com
Fri Aug 31 14:01:20 CDT 2007
Module: wine
Branch: master
Commit: 1540f24e9247a7418449b43aa45068afca1f76ed
URL: http://source.winehq.org/git/wine.git/?a=commit;h=1540f24e9247a7418449b43aa45068afca1f76ed
Author: Juan Lang <juan.lang at gmail.com>
Date: Thu Aug 30 17:55:43 2007 -0700
crypt32: Don't fail chain creation if root isn't self-signed.
---
dlls/crypt32/chain.c | 42 ++++++++++++++++++++++--------------------
dlls/crypt32/tests/chain.c | 3 +--
2 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 1372ad8..658b7c7 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
CryptMemFree(chain);
}
+static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
+ PCERT_CHAIN_ELEMENT rootElement)
+{
+ BYTE hash[20];
+ DWORD size = sizeof(hash);
+ CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
+ PCCERT_CONTEXT trustedRoot;
+
+ CertGetCertificateContextProperty(rootElement->pCertContext,
+ CERT_HASH_PROP_ID, hash, &size);
+ trustedRoot = CertFindCertificateInStore(hRoot,
+ rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
+ &blob, NULL);
+ if (!trustedRoot)
+ rootElement->TrustStatus.dwErrorStatus |=
+ CERT_TRUST_IS_UNTRUSTED_ROOT;
+ else
+ CertFreeCertificateContext(trustedRoot);
+}
+
static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
PCERT_SIMPLE_CHAIN *ppChain)
@@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
chain->rgpElement[chain->cElement - 1];
PCCERT_CONTEXT root = rootElement->pCertContext;
- if (!(ret = CRYPT_IsCertificateSelfSigned(root)))
- TRACE("Last certificate is not self-signed\n");
- else
+ if (CRYPT_IsCertificateSelfSigned(root))
{
rootElement->TrustStatus.dwInfoStatus |=
CERT_TRUST_IS_SELF_SIGNED;
@@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
}
- }
- if (CRYPT_IsCertificateSelfSigned(root))
- {
- BYTE hash[20];
- DWORD size = sizeof(hash);
- CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
- PCCERT_CONTEXT trustedRoot;
-
- CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash,
- &size);
- trustedRoot = CertFindCertificateInStore(engine->hRoot,
- root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL);
- if (!trustedRoot)
- rootElement->TrustStatus.dwErrorStatus |=
- CERT_TRUST_IS_UNTRUSTED_ROOT;
- else
- CertFreeCertificateContext(trustedRoot);
+ CRYPT_CheckTrustedStatus(engine->hRoot, rootElement);
}
chain->TrustStatus.dwErrorStatus |=
rootElement->TrustStatus.dwErrorStatus;
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 2d42ccb..3ec4dba 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1529,13 +1529,12 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus8 },
TODO_ERROR | TODO_INFO },
- /* This (cyclic) chain fails in Wine */
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
1, simpleStatus9 },
- TODO_CHAIN | TODO_ERROR | TODO_INFO },
+ TODO_ERROR | TODO_INFO },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
More information about the wine-cvs
mailing list