crypt32: Also import user/admin defined root certificates on macOS.

Signed-off-by: Piotr Caban <piotr@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

crypt32: Also import user/admin defined root certificates on macOS.
c53d6a4a · Piotr Caban · Alexandre Julliard · 2129e335 · c53d6a4a
Commit c53d6a4a authored Jan 25, 2021 by Piotr Caban Committed by Alexandre Julliard Jan 25, 2021
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

unixlib.c dlls/crypt32/unixlib.c +14 -5

No files found.
--- a/dlls/crypt32/unixlib.c
+++ b/dlls/crypt32/unixlib.c
@@ -580,15 +580,23 @@ static void load_root_certs(void)
    DWORD i;

 #ifdef HAVE_SECURITY_SECURITY_H
+    const SecTrustSettingsDomain domains[] = {
+        kSecTrustSettingsDomainSystem,
+        kSecTrustSettingsDomainAdmin,
+        kSecTrustSettingsDomainUser
+    };
    OSStatus status;
-    CFArrayRef rootCerts;
+    CFArrayRef certs;
+    DWORD domain;

-    status = SecTrustCopyAnchorCertificates(&rootCerts);
+    for (domain = 0; domain < ARRAY_SIZE(domains); domain++)
+    {
+        status = SecTrustSettingsCopyCertificates(domains[domain], &certs);
        if (status == noErr)
        {
-        for (i = 0; i < CFArrayGetCount(rootCerts); i++)
+            for (i = 0; i < CFArrayGetCount(certs); i++)
            {
-            SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
+                SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
                CFDataRef certData;
                if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
                {
@@ -599,7 +607,8 @@ static void load_root_certs(void)
                else
                    WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
            }
-        CFRelease(rootCerts);
+            CFRelease(certs);
+        }
    }
 #endif