Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
a040dd22
Commit
a040dd22
authored
Sep 06, 2007
by
Juan Lang
Committed by
Alexandre Julliard
Sep 10, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Defer checking signatures until chain is complete.
parent
56d4a3c3
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
12 deletions
+11
-12
chain.c
dlls/crypt32/chain.c
+11
-12
No files found.
dlls/crypt32/chain.c
View file @
a040dd22
...
@@ -252,16 +252,6 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
...
@@ -252,16 +252,6 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
return
FALSE
;
return
FALSE
;
}
}
/* Gets cert's issuer from store, and returns the validity flags associated
* with it. Returns NULL if no issuer signature could be found.
*/
static
PCCERT_CONTEXT
CRYPT_GetIssuerFromStore
(
HCERTSTORE
store
,
PCCERT_CONTEXT
cert
,
PDWORD
pdwFlags
)
{
*
pdwFlags
=
CERT_STORE_SIGNATURE_FLAG
;
return
CertGetIssuerCertificateFromStore
(
store
,
cert
,
NULL
,
pdwFlags
);
}
static
inline
void
CRYPT_CombineTrustStatus
(
CERT_TRUST_STATUS
*
chainStatus
,
static
inline
void
CRYPT_CombineTrustStatus
(
CERT_TRUST_STATUS
*
chainStatus
,
CERT_TRUST_STATUS
*
elementStatus
)
CERT_TRUST_STATUS
*
elementStatus
)
{
{
...
@@ -482,6 +472,14 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
...
@@ -482,6 +472,14 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
CERT_TRUST_IS_NOT_TIME_VALID
;
CERT_TRUST_IS_NOT_TIME_VALID
;
if
(
i
!=
0
)
if
(
i
!=
0
)
{
{
/* Check the signature of the cert this issued */
if
(
!
CryptVerifyCertificateSignatureEx
(
0
,
X509_ASN_ENCODING
,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
,
(
void
*
)
chain
->
rgpElement
[
i
-
1
]
->
pCertContext
,
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
,
(
void
*
)
chain
->
rgpElement
[
i
]
->
pCertContext
,
0
,
NULL
))
chain
->
rgpElement
[
i
-
1
]
->
TrustStatus
.
dwErrorStatus
|=
CERT_TRUST_IS_NOT_SIGNATURE_VALID
;
/* Once a path length constraint has been violated, every remaining
/* Once a path length constraint has been violated, every remaining
* CA cert's basic constraints is considered invalid.
* CA cert's basic constraints is considered invalid.
*/
*/
...
@@ -525,8 +523,9 @@ static BOOL CRYPT_BuildSimpleChain(PCertificateChainEngine engine,
...
@@ -525,8 +523,9 @@ static BOOL CRYPT_BuildSimpleChain(PCertificateChainEngine engine,
while
(
ret
&&
!
CRYPT_IsSimpleChainCyclic
(
chain
)
&&
while
(
ret
&&
!
CRYPT_IsSimpleChainCyclic
(
chain
)
&&
!
CRYPT_IsCertificateSelfSigned
(
cert
))
!
CRYPT_IsCertificateSelfSigned
(
cert
))
{
{
DWORD
flags
;
DWORD
flags
=
0
;
PCCERT_CONTEXT
issuer
=
CRYPT_GetIssuerFromStore
(
world
,
cert
,
&
flags
);
PCCERT_CONTEXT
issuer
=
CertGetIssuerCertificateFromStore
(
world
,
cert
,
NULL
,
&
flags
);
if
(
issuer
)
if
(
issuer
)
{
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment