crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates
Bruno Jesus
00cpxxx at gmail.com
Tue Jul 22 18:43:06 CDT 2014
Thanks for Anastasius Focht for the analysis and Juan Lang for the assistance.
Fixes bug http://bugs.winehq.org/show_bug.cgi?id=33742
-------------- next part --------------
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 074b924..34fb85d 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1882,6 +1882,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
{
CertFreeCertificateContext(ret);
ret = NULL;
+ }
+ if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+ {
+ CertFreeCertificateContext(ret);
+ ret = NULL;
+ SetLastError(CRYPT_E_SELF_SIGNED);
}
}
TRACE("returning %p\n", ret);
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 94d228a..056910f 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
LONG ref;
} CertificateChain;
-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
{
PCERT_EXTENSION ext;
DWORD size;
diff --git a/dlls/crypt32/crypt32_private.h b/dlls/crypt32/crypt32_private.h
index 02bd902..fb5c5c3 100644
--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -337,6 +337,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
/* Allocates and initializes a certificate chain engine, but without creating
* the root store. Instead, it uses root, and assumes the caller has done any
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index a19ef1e..259361c 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -1728,9 +1728,7 @@ static void testGetIssuerCert(void)
SetLastError(0xdeadbeef);
flags = 0;
parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
-todo_wine
ok(!parent, "Expected NULL\n");
-todo_wine
ok(GetLastError() == CRYPT_E_SELF_SIGNED,
"Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
CertFreeCertificateContext(child);
@@ -1747,9 +1745,7 @@ todo_wine
ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
SetLastError(0xdeadbeef);
parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
-todo_wine
ok(!parent, "Expected NULL\n");
-todo_wine
ok(GetLastError() == CRYPT_E_SELF_SIGNED,
"Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
CertCloseStore(store, 0);
More information about the wine-patches
mailing list