crypt32(10/17): Don't fail chain creation if root isn't self-signed
Juan Lang
juan.lang at gmail.com
Thu Aug 30 20:17:03 CDT 2007
--Juan
-------------- next part --------------
From 5690db6bd0395ea46e28c93e2862c35ea3d6721f Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Thu, 30 Aug 2007 17:55:43 -0700
Subject: [PATCH] Don't fail chain creation if root isn't self-signed
---
dlls/crypt32/chain.c | 42 ++++++++++++++++++++++--------------------
dlls/crypt32/tests/chain.c | 3 +--
2 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 1372ad8..658b7c7 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_
CryptMemFree(chain);
}
+static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
+ PCERT_CHAIN_ELEMENT rootElement)
+{
+ BYTE hash[20];
+ DWORD size = sizeof(hash);
+ CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
+ PCCERT_CONTEXT trustedRoot;
+
+ CertGetCertificateContextProperty(rootElement->pCertContext,
+ CERT_HASH_PROP_ID, hash, &size);
+ trustedRoot = CertFindCertificateInStore(hRoot,
+ rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
+ &blob, NULL);
+ if (!trustedRoot)
+ rootElement->TrustStatus.dwErrorStatus |=
+ CERT_TRUST_IS_UNTRUSTED_ROOT;
+ else
+ CertFreeCertificateContext(trustedRoot);
+}
+
static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
PCERT_SIMPLE_CHAIN *ppChain)
@@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERT
chain->rgpElement[chain->cElement - 1];
PCCERT_CONTEXT root = rootElement->pCertContext;
- if (!(ret = CRYPT_IsCertificateSelfSigned(root)))
- TRACE("Last certificate is not self-signed\n");
- else
+ if (CRYPT_IsCertificateSelfSigned(root))
{
rootElement->TrustStatus.dwInfoStatus |=
CERT_TRUST_IS_SELF_SIGNED;
@@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERT
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
}
- }
- if (CRYPT_IsCertificateSelfSigned(root))
- {
- BYTE hash[20];
- DWORD size = sizeof(hash);
- CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
- PCCERT_CONTEXT trustedRoot;
-
- CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash,
- &size);
- trustedRoot = CertFindCertificateInStore(engine->hRoot,
- root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL);
- if (!trustedRoot)
- rootElement->TrustStatus.dwErrorStatus |=
- CERT_TRUST_IS_UNTRUSTED_ROOT;
- else
- CertFreeCertificateContext(trustedRoot);
+ CRYPT_CheckTrustedStatus(engine->hRoot, rootElement);
}
chain->TrustStatus.dwErrorStatus |=
rootElement->TrustStatus.dwErrorStatus;
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index ebab3ca..90100fc 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1528,13 +1528,12 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus8 },
TODO_ERROR | TODO_INFO },
- /* This (cyclic) chain fails in Wine */
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
1, simpleStatus9 },
- TODO_CHAIN | TODO_ERROR | TODO_INFO },
+ TODO_ERROR | TODO_INFO },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
--
1.4.1
More information about the wine-patches
mailing list