Juan Lang : crypt32: Don't abort chain creation if the root signature
isn' t valid.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Sep 10 10:18:01 CDT 2007
Module: wine
Branch: master
Commit: dfd2d3d9bc3785c2a0051dc94bca4adb7a60a12c
URL: http://source.winehq.org/git/wine.git/?a=commit;h=dfd2d3d9bc3785c2a0051dc94bca4adb7a60a12c
Author: Juan Lang <juan.lang at gmail.com>
Date: Thu Sep 6 10:01:22 2007 -0700
crypt32: Don't abort chain creation if the root signature isn't valid.
---
dlls/crypt32/chain.c | 17 +++++++----------
dlls/crypt32/tests/chain.c | 2 +-
2 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 5af49e6..b8bb0df 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -349,22 +349,20 @@ static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
CertFreeCertificateContext(trustedRoot);
}
-static BOOL CRYPT_CheckRootCert(HCERTCHAINENGINE hRoot,
+static void CRYPT_CheckRootCert(HCERTCHAINENGINE hRoot,
PCERT_CHAIN_ELEMENT rootElement)
{
PCCERT_CONTEXT root = rootElement->pCertContext;
- BOOL ret;
- if (!(ret = CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType,
+ if (!CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)root,
- CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, 0, NULL)))
+ CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, 0, NULL))
{
TRACE("Last certificate's signature is invalid\n");
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
}
CRYPT_CheckTrustedStatus(hRoot, rootElement);
- return ret;
}
/* Decodes a cert's basic constraints extension (either szOID_BASIC_CONSTRAINTS
@@ -468,12 +466,12 @@ static BOOL CRYPT_CheckBasicConstraintsForCA(PCCERT_CONTEXT cert,
return validBasicConstraints;
}
-static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
+static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
{
PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1];
int i;
- BOOL ret = TRUE, pathLengthConstraintViolated = FALSE;
+ BOOL pathLengthConstraintViolated = FALSE;
CERT_BASIC_CONSTRAINTS2_INFO constraints = { TRUE, FALSE, 0 };
for (i = chain->cElement - 1; i >= 0; i--)
@@ -509,10 +507,9 @@ static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
{
rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
- ret = CRYPT_CheckRootCert(engine->hRoot, rootElement);
+ CRYPT_CheckRootCert(engine->hRoot, rootElement);
}
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
- return ret;
}
/* Builds a simple chain by finding an issuer for the last cert in the chain,
@@ -563,7 +560,7 @@ static BOOL CRYPT_GetSimpleChainForCert(PCertificateChainEngine engine,
{
ret = CRYPT_BuildSimpleChain(engine, world, chain);
if (ret)
- ret = CRYPT_CheckSimpleChain(engine, chain, pTime);
+ CRYPT_CheckSimpleChain(engine, chain, pTime);
}
if (!ret)
{
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index f713c1d..e6cdfd2 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1597,7 +1597,7 @@ static ChainCheck chainCheck[] = {
{ { sizeof(chain12) / sizeof(chain12[0]), chain12 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus12 },
- TODO_CHAIN | TODO_ERROR | TODO_INFO },
+ TODO_INFO },
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
More information about the wine-cvs
mailing list