crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates

Bruno Jesus 00cpxxx at gmail.com
Tue Jul 22 18:43:06 CDT 2014


Thanks for Anastasius Focht for the analysis and Juan Lang for the assistance.

Fixes bug http://bugs.winehq.org/show_bug.cgi?id=33742
-------------- next part --------------
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 074b924..34fb85d 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1882,6 +1882,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
         {
             CertFreeCertificateContext(ret);
             ret = NULL;
+        } 
+        if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+        {
+            CertFreeCertificateContext(ret);
+            ret = NULL;
+            SetLastError(CRYPT_E_SELF_SIGNED);
         }
     }
     TRACE("returning %p\n", ret);
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 94d228a..056910f 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
     LONG ref;
 } CertificateChain;
 
-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
 {
     PCERT_EXTENSION ext;
     DWORD size;
diff --git a/dlls/crypt32/crypt32_private.h b/dlls/crypt32/crypt32_private.h
index 02bd902..fb5c5c3 100644
--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -337,6 +337,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
 WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
  DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
 WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
 
 /* Allocates and initializes a certificate chain engine, but without creating
  * the root store.  Instead, it uses root, and assumes the caller has done any
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index a19ef1e..259361c 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -1728,9 +1728,7 @@ static void testGetIssuerCert(void)
     SetLastError(0xdeadbeef);
     flags = 0;
     parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
-todo_wine
     ok(!parent, "Expected NULL\n");
-todo_wine
     ok(GetLastError() == CRYPT_E_SELF_SIGNED,
        "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
     CertFreeCertificateContext(child);
@@ -1747,9 +1745,7 @@ todo_wine
     ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
     SetLastError(0xdeadbeef);
     parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
-todo_wine
     ok(!parent, "Expected NULL\n");
-todo_wine
     ok(GetLastError() == CRYPT_E_SELF_SIGNED,
        "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
     CertCloseStore(store, 0);


More information about the wine-patches mailing list