Bruno Jesus : crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Jul 23 14:44:09 CDT 2014
Module: wine
Branch: master
Commit: 7a40fdbf8cb68df269c1a1c47f6cc276ba1929e8
URL: http://source.winehq.org/git/wine.git/?a=commit;h=7a40fdbf8cb68df269c1a1c47f6cc276ba1929e8
Author: Bruno Jesus <00cpxxx at gmail.com>
Date: Tue Jul 22 20:43:06 2014 -0300
crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.
---
dlls/crypt32/cert.c | 6 ++++++
dlls/crypt32/chain.c | 2 +-
dlls/crypt32/crypt32_private.h | 1 +
dlls/crypt32/tests/cert.c | 4 ----
4 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 074b924..c35f504 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1883,6 +1883,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
CertFreeCertificateContext(ret);
ret = NULL;
}
+ if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+ {
+ CertFreeCertificateContext(ret);
+ ret = NULL;
+ SetLastError(CRYPT_E_SELF_SIGNED);
+ }
}
TRACE("returning %p\n", ret);
return ret;
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 94d228a..056910f 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
LONG ref;
} CertificateChain;
-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
{
PCERT_EXTENSION ext;
DWORD size;
diff --git a/dlls/crypt32/crypt32_private.h b/dlls/crypt32/crypt32_private.h
index 02bd902..fb5c5c3 100644
--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -337,6 +337,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
/* Allocates and initializes a certificate chain engine, but without creating
* the root store. Instead, it uses root, and assumes the caller has done any
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index a19ef1e..259361c 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -1728,9 +1728,7 @@ static void testGetIssuerCert(void)
SetLastError(0xdeadbeef);
flags = 0;
parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
-todo_wine
ok(!parent, "Expected NULL\n");
-todo_wine
ok(GetLastError() == CRYPT_E_SELF_SIGNED,
"Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
CertFreeCertificateContext(child);
@@ -1747,9 +1745,7 @@ todo_wine
ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
SetLastError(0xdeadbeef);
parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
-todo_wine
ok(!parent, "Expected NULL\n");
-todo_wine
ok(GetLastError() == CRYPT_E_SELF_SIGNED,
"Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
CertCloseStore(store, 0);
More information about the wine-cvs
mailing list