Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
03612884
Commit
03612884
authored
Sep 22, 2008
by
Juan Lang
Committed by
Alexandre Julliard
Sep 23, 2008
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wintrust: Check that the end certificate in the chain isn't disallowed to match native behavior.
parent
2844cb5a
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
54 additions
and
21 deletions
+54
-21
softpub.c
dlls/wintrust/softpub.c
+54
-21
No files found.
dlls/wintrust/softpub.c
View file @
03612884
...
...
@@ -784,27 +784,60 @@ HRESULT WINAPI SoftpubAuthenticode(CRYPT_PROVIDER_DATA *data)
ret
=
TRUE
;
for
(
i
=
0
;
ret
&&
i
<
data
->
csSigners
;
i
++
)
{
CERT_CHAIN_POLICY_PARA
policyPara
=
{
sizeof
(
policyPara
),
0
};
if
(
data
->
dwRegPolicySettings
&
WTPF_TRUSTTEST
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_TESTCANBEVALID
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_IGNOREEXPIRATION
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG
|
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_IGNOREREVOKATION
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG
;
CertVerifyCertificateChainPolicy
(
CERT_CHAIN_POLICY_AUTHENTICODE
,
data
->
pasSigners
[
i
].
pChainContext
,
&
policyPara
,
&
policyStatus
);
if
(
policyStatus
.
dwError
!=
NO_ERROR
)
ret
=
FALSE
;
BYTE
hash
[
20
];
DWORD
size
=
sizeof
(
hash
);
/* First make sure cert isn't disallowed */
if
((
ret
=
CertGetCertificateContextProperty
(
data
->
pasSigners
[
i
].
pasCertChain
[
0
].
pCert
,
CERT_SIGNATURE_HASH_PROP_ID
,
hash
,
&
size
)))
{
static
const
WCHAR
disallowedW
[]
=
{
'D'
,
'i'
,
's'
,
'a'
,
'l'
,
'l'
,
'o'
,
'w'
,
'e'
,
'd'
,
0
};
HCERTSTORE
disallowed
=
CertOpenStore
(
CERT_STORE_PROV_SYSTEM_W
,
X509_ASN_ENCODING
,
0
,
CERT_SYSTEM_STORE_CURRENT_USER
,
disallowedW
);
if
(
disallowed
)
{
PCCERT_CONTEXT
found
=
CertFindCertificateInStore
(
disallowed
,
X509_ASN_ENCODING
,
0
,
CERT_FIND_SIGNATURE_HASH
,
hash
,
NULL
);
if
(
found
)
{
/* Disallowed! Can't verify it. */
policyStatus
.
dwError
=
TRUST_E_SUBJECT_NOT_TRUSTED
;
ret
=
FALSE
;
CertFreeCertificateContext
(
found
);
}
CertCloseStore
(
disallowed
,
0
);
}
}
if
(
ret
)
{
CERT_CHAIN_POLICY_PARA
policyPara
=
{
sizeof
(
policyPara
),
0
};
if
(
data
->
dwRegPolicySettings
&
WTPF_TRUSTTEST
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_TESTCANBEVALID
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_IGNOREEXPIRATION
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG
|
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG
;
if
(
data
->
dwRegPolicySettings
&
WTPF_IGNOREREVOKATION
)
policyPara
.
dwFlags
|=
CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG
|
CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG
;
CertVerifyCertificateChainPolicy
(
CERT_CHAIN_POLICY_AUTHENTICODE
,
data
->
pasSigners
[
i
].
pChainContext
,
&
policyPara
,
&
policyStatus
);
if
(
policyStatus
.
dwError
!=
NO_ERROR
)
ret
=
FALSE
;
}
}
}
if
(
!
ret
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment