Commit 1540f24e authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Don't fail chain creation if root isn't self-signed.

parent b8b787a8
......@@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
CryptMemFree(chain);
}
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
PCERT_CHAIN_ELEMENT rootElement)
{
BYTE hash[20];
DWORD size = sizeof(hash);
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
PCCERT_CONTEXT trustedRoot;
CertGetCertificateContextProperty(rootElement->pCertContext,
CERT_HASH_PROP_ID, hash, &size);
trustedRoot = CertFindCertificateInStore(hRoot,
rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
&blob, NULL);
if (!trustedRoot)
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_UNTRUSTED_ROOT;
else
CertFreeCertificateContext(trustedRoot);
}
static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
PCERT_SIMPLE_CHAIN *ppChain)
......@@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
chain->rgpElement[chain->cElement - 1];
PCCERT_CONTEXT root = rootElement->pCertContext;
if (!(ret = CRYPT_IsCertificateSelfSigned(root)))
TRACE("Last certificate is not self-signed\n");
else
if (CRYPT_IsCertificateSelfSigned(root))
{
rootElement->TrustStatus.dwInfoStatus |=
CERT_TRUST_IS_SELF_SIGNED;
......@@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
}
}
if (CRYPT_IsCertificateSelfSigned(root))
{
BYTE hash[20];
DWORD size = sizeof(hash);
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
PCCERT_CONTEXT trustedRoot;
CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash,
&size);
trustedRoot = CertFindCertificateInStore(engine->hRoot,
root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL);
if (!trustedRoot)
rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_UNTRUSTED_ROOT;
else
CertFreeCertificateContext(trustedRoot);
CRYPT_CheckTrustedStatus(engine->hRoot, rootElement);
}
chain->TrustStatus.dwErrorStatus |=
rootElement->TrustStatus.dwErrorStatus;
......
......@@ -1529,13 +1529,12 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus8 },
TODO_ERROR | TODO_INFO },
/* This (cyclic) chain fails in Wine */
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
1, simpleStatus9 },
TODO_CHAIN | TODO_ERROR | TODO_INFO },
TODO_ERROR | TODO_INFO },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment