Juan Lang : winhttp: Don't make use of OpenSSL's security checks, as crypt32 also verifies certificate chain.
Alexandre Julliard
julliard at winehq.org
Fri Oct 1 11:38:42 CDT 2010
Module: wine
Branch: master
Commit: 5566d424f1e3e7298adcb2ea4941964e27b04627
URL: http://source.winehq.org/git/wine.git/?a=commit;h=5566d424f1e3e7298adcb2ea4941964e27b04627
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Sep 29 08:18:39 2010 -0700
winhttp: Don't make use of OpenSSL's security checks, as crypt32 also verifies certificate chain.
---
dlls/winhttp/net.c | 64 ++++++++++++++++++++++++---------------------------
1 files changed, 30 insertions(+), 34 deletions(-)
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c
index 92996a7..a85eecd 100644
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -343,53 +343,49 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
WCHAR *server;
BOOL ret = FALSE;
netconn_t *conn;
+ HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
+ CERT_STORE_CREATE_NEW_FLAG, NULL );
ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() );
server = pSSL_get_ex_data( ssl, hostname_idx );
conn = pSSL_get_ex_data( ssl, conn_idx );
- if (preverify_ok)
+ if (store)
{
- HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
- CERT_STORE_CREATE_NEW_FLAG, NULL );
+ X509 *cert;
+ int i;
+ PCCERT_CONTEXT endCert = NULL;
- if (store)
+ ret = TRUE;
+ for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++)
{
- X509 *cert;
- int i;
- PCCERT_CONTEXT endCert = NULL;
+ PCCERT_CONTEXT context;
- ret = TRUE;
- for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++)
+ cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i);
+ if ((context = X509_to_cert_context( cert )))
{
- PCCERT_CONTEXT context;
-
- cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i);
- if ((context = X509_to_cert_context( cert )))
- {
- if (i == 0)
- ret = CertAddCertificateContextToStore( store, context,
- CERT_STORE_ADD_ALWAYS, &endCert );
- else
- ret = CertAddCertificateContextToStore( store, context,
- CERT_STORE_ADD_ALWAYS, NULL );
- CertFreeCertificateContext( context );
- }
+ if (i == 0)
+ ret = CertAddCertificateContextToStore( store, context,
+ CERT_STORE_ADD_ALWAYS, &endCert );
+ else
+ ret = CertAddCertificateContextToStore( store, context,
+ CERT_STORE_ADD_ALWAYS, NULL );
+ CertFreeCertificateContext( context );
}
- if (!endCert) ret = FALSE;
- if (ret)
- {
- DWORD_PTR err = netconn_verify_cert( endCert, store, server,
- conn->security_flags );
+ }
+ if (!endCert) ret = FALSE;
+ if (ret)
+ {
+ DWORD_PTR err = netconn_verify_cert( endCert, store, server,
+ conn->security_flags );
- if (err)
- {
- pSSL_set_ex_data( ssl, error_idx, (void *)err );
- ret = FALSE;
- }
+ if (err)
+ {
+ pSSL_set_ex_data( ssl, error_idx, (void *)err );
+ ret = FALSE;
}
- CertFreeCertificateContext( endCert );
- CertCloseStore( store, 0 );
}
+ CertFreeCertificateContext( endCert );
+ CertCloseStore( store, 0 );
}
return ret;
}
More information about the wine-cvs
mailing list