winhttp: Don't make use of OpenSSL's security checks, as crypt32 also verifies certificate chain.

5566d424 · Juan Lang · Alexandre Julliard · 10ef3453 · 5566d424
Commit 5566d424 authored Sep 29, 2010 by Juan Lang Committed by Alexandre Julliard Oct 01, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 34 deletions

net.c dlls/winhttp/net.c +30 -34

No files found.
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -343,53 +343,49 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
    WCHAR *server;
    BOOL ret = FALSE;
    netconn_t *conn;
+    HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
+     CERT_STORE_CREATE_NEW_FLAG, NULL );
    ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() );
    server = pSSL_get_ex_data( ssl, hostname_idx );
    conn = pSSL_get_ex_data( ssl, conn_idx );
-    if (preverify_ok)
+    if (store)
    {
-        HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
+        X509 *cert;
-         CERT_STORE_CREATE_NEW_FLAG, NULL );
+        int i;
+        PCCERT_CONTEXT endCert = NULL;
-        if (store)
+        ret = TRUE;
+        for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++)
        {
-            X509 *cert;
+            PCCERT_CONTEXT context;
-            int i;
-            PCCERT_CONTEXT endCert = NULL;
-            ret = TRUE;
+            cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i);
-            for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++)
+            if ((context = X509_to_cert_context( cert )))
            {
-                PCCERT_CONTEXT context;
+                if (i == 0)
+                    ret = CertAddCertificateContextToStore( store, context,
-                cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i);
+                        CERT_STORE_ADD_ALWAYS, &endCert );
-                if ((context = X509_to_cert_context( cert )))
+                else
-                {
+                    ret = CertAddCertificateContextToStore( store, context,
-                    if (i == 0)
+                        CERT_STORE_ADD_ALWAYS, NULL );
-                        ret = CertAddCertificateContextToStore( store, context,
+                CertFreeCertificateContext( context );
-                            CERT_STORE_ADD_ALWAYS, &endCert );
-                    else
-                        ret = CertAddCertificateContextToStore( store, context,
-                            CERT_STORE_ADD_ALWAYS, NULL );
-                    CertFreeCertificateContext( context );
-                }
            }
-            if (!endCert) ret = FALSE;
+        }
-            if (ret)
+        if (!endCert) ret = FALSE;
-            {
+        if (ret)
-                DWORD_PTR err = netconn_verify_cert( endCert, store, server,
+        {
-                                                     conn->security_flags );
+            DWORD_PTR err = netconn_verify_cert( endCert, store, server,
+                                                 conn->security_flags );
-                if (err)
+            if (err)
-                {
+            {
-                    pSSL_set_ex_data( ssl, error_idx, (void *)err );
+                pSSL_set_ex_data( ssl, error_idx, (void *)err );
-                    ret = FALSE;
+                ret = FALSE;
-                }
            }
-            CertFreeCertificateContext( endCert );
-            CertCloseStore( store, 0 );
        }
+        CertFreeCertificateContext( endCert );
+        CertCloseStore( store, 0 );
    }
    return ret;
 }