Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
dfd2d3d9
Commit
dfd2d3d9
authored
Sep 06, 2007
by
Juan Lang
Committed by
Alexandre Julliard
Sep 10, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Don't abort chain creation if the root signature isn't valid.
parent
5b029479
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
8 additions
and
11 deletions
+8
-11
chain.c
dlls/crypt32/chain.c
+7
-10
chain.c
dlls/crypt32/tests/chain.c
+1
-1
No files found.
dlls/crypt32/chain.c
View file @
dfd2d3d9
...
...
@@ -349,22 +349,20 @@ static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
CertFreeCertificateContext
(
trustedRoot
);
}
static
BOOL
CRYPT_CheckRootCert
(
HCERTCHAINENGINE
hRoot
,
static
void
CRYPT_CheckRootCert
(
HCERTCHAINENGINE
hRoot
,
PCERT_CHAIN_ELEMENT
rootElement
)
{
PCCERT_CONTEXT
root
=
rootElement
->
pCertContext
;
BOOL
ret
;
if
(
!
(
ret
=
CryptVerifyCertificateSignatureEx
(
0
,
root
->
dwCertEncodingType
,
if
(
!
CryptVerifyCertificateSignatureEx
(
0
,
root
->
dwCertEncodingType
,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
,
(
void
*
)
root
,
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
,
(
void
*
)
root
,
0
,
NULL
))
)
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
,
(
void
*
)
root
,
0
,
NULL
))
{
TRACE
(
"Last certificate's signature is invalid
\n
"
);
rootElement
->
TrustStatus
.
dwErrorStatus
|=
CERT_TRUST_IS_NOT_SIGNATURE_VALID
;
}
CRYPT_CheckTrustedStatus
(
hRoot
,
rootElement
);
return
ret
;
}
/* Decodes a cert's basic constraints extension (either szOID_BASIC_CONSTRAINTS
...
...
@@ -468,12 +466,12 @@ static BOOL CRYPT_CheckBasicConstraintsForCA(PCCERT_CONTEXT cert,
return
validBasicConstraints
;
}
static
BOOL
CRYPT_CheckSimpleChain
(
PCertificateChainEngine
engine
,
static
void
CRYPT_CheckSimpleChain
(
PCertificateChainEngine
engine
,
PCERT_SIMPLE_CHAIN
chain
,
LPFILETIME
time
)
{
PCERT_CHAIN_ELEMENT
rootElement
=
chain
->
rgpElement
[
chain
->
cElement
-
1
];
int
i
;
BOOL
ret
=
TRUE
,
pathLengthConstraintViolated
=
FALSE
;
BOOL
pathLengthConstraintViolated
=
FALSE
;
CERT_BASIC_CONSTRAINTS2_INFO
constraints
=
{
TRUE
,
FALSE
,
0
};
for
(
i
=
chain
->
cElement
-
1
;
i
>=
0
;
i
--
)
...
...
@@ -509,10 +507,9 @@ static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
if
(
CRYPT_IsCertificateSelfSigned
(
rootElement
->
pCertContext
))
{
rootElement
->
TrustStatus
.
dwInfoStatus
|=
CERT_TRUST_IS_SELF_SIGNED
;
ret
=
CRYPT_CheckRootCert
(
engine
->
hRoot
,
rootElement
);
CRYPT_CheckRootCert
(
engine
->
hRoot
,
rootElement
);
}
CRYPT_CombineTrustStatus
(
&
chain
->
TrustStatus
,
&
rootElement
->
TrustStatus
);
return
ret
;
}
/* Builds a simple chain by finding an issuer for the last cert in the chain,
...
...
@@ -563,7 +560,7 @@ static BOOL CRYPT_GetSimpleChainForCert(PCertificateChainEngine engine,
{
ret
=
CRYPT_BuildSimpleChain
(
engine
,
world
,
chain
);
if
(
ret
)
ret
=
CRYPT_CheckSimpleChain
(
engine
,
chain
,
pTime
);
CRYPT_CheckSimpleChain
(
engine
,
chain
,
pTime
);
}
if
(
!
ret
)
{
...
...
dlls/crypt32/tests/chain.c
View file @
dfd2d3d9
...
...
@@ -1597,7 +1597,7 @@ static ChainCheck chainCheck[] = {
{
{
sizeof
(
chain12
)
/
sizeof
(
chain12
[
0
]),
chain12
},
{
{
0
,
CERT_TRUST_HAS_PREFERRED_ISSUER
},
{
CERT_TRUST_IS_UNTRUSTED_ROOT
,
0
},
1
,
simpleStatus12
},
TODO_
CHAIN
|
TODO_ERROR
|
TODO_
INFO
},
TODO_INFO
},
{
{
sizeof
(
selfSignedChain
)
/
sizeof
(
selfSignedChain
[
0
]),
selfSignedChain
},
{
{
0
,
CERT_TRUST_HAS_PREFERRED_ISSUER
},
{
CERT_TRUST_IS_NOT_TIME_VALID
|
CERT_TRUST_IS_UNTRUSTED_ROOT
,
0
},
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment