Piotr Caban : crypt32: Also import user/admin defined root certificates on macOS.
Alexandre Julliard
julliard at winehq.org
Mon Jan 25 16:42:06 CST 2021
Module: wine
Branch: master
Commit: c53d6a4a7cd2237afe293594d97e6906acb3cc70
URL: https://source.winehq.org/git/wine.git/?a=commit;h=c53d6a4a7cd2237afe293594d97e6906acb3cc70
Author: Piotr Caban <piotr at codeweavers.com>
Date: Mon Jan 25 14:52:20 2021 +0100
crypt32: Also import user/admin defined root certificates on macOS.
Signed-off-by: Piotr Caban <piotr at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/crypt32/unixlib.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/dlls/crypt32/unixlib.c b/dlls/crypt32/unixlib.c
index 035f2d936bb..0c2370968e9 100644
--- a/dlls/crypt32/unixlib.c
+++ b/dlls/crypt32/unixlib.c
@@ -580,26 +580,35 @@ static void load_root_certs(void)
DWORD i;
#ifdef HAVE_SECURITY_SECURITY_H
+ const SecTrustSettingsDomain domains[] = {
+ kSecTrustSettingsDomainSystem,
+ kSecTrustSettingsDomainAdmin,
+ kSecTrustSettingsDomainUser
+ };
OSStatus status;
- CFArrayRef rootCerts;
+ CFArrayRef certs;
+ DWORD domain;
- status = SecTrustCopyAnchorCertificates(&rootCerts);
- if (status == noErr)
+ for (domain = 0; domain < ARRAY_SIZE(domains); domain++)
{
- for (i = 0; i < CFArrayGetCount(rootCerts); i++)
+ status = SecTrustSettingsCopyCertificates(domains[domain], &certs);
+ if (status == noErr)
{
- SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
- CFDataRef certData;
- if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
+ for (i = 0; i < CFArrayGetCount(certs); i++)
{
- BYTE *data = add_cert( CFDataGetLength(certData) );
- if (data) memcpy( data, CFDataGetBytePtr(certData), CFDataGetLength(certData) );
- CFRelease(certData);
+ SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
+ CFDataRef certData;
+ if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
+ {
+ BYTE *data = add_cert( CFDataGetLength(certData) );
+ if (data) memcpy( data, CFDataGetBytePtr(certData), CFDataGetLength(certData) );
+ CFRelease(certData);
+ }
+ else
+ WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
}
- else
- WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
+ CFRelease(certs);
}
- CFRelease(rootCerts);
}
#endif
More information about the wine-cvs
mailing list