crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.

7a40fdbf · Bruno Jesus · Alexandre Julliard · 69d198a9 · 7a40fdbf · 7a40fdbf
Commit 7a40fdbf authored Jul 22, 2014 by Bruno Jesus Committed by Alexandre Julliard Jul 23, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 5 deletions

cert.c dlls/crypt32/cert.c +6 -0

chain.c dlls/crypt32/chain.c +1 -1

crypt32_private.h dlls/crypt32/crypt32_private.h +1 -0

cert.c dlls/crypt32/tests/cert.c +0 -4

No files found.
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1883,6 +1883,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
            CertFreeCertificateContext(ret);
            ret = NULL;
        }
+        if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+        {
+            CertFreeCertificateContext(ret);
+            ret = NULL;
+            SetLastError(CRYPT_E_SELF_SIGNED);
+        }
    }
    TRACE("returning %p\n", ret);
    return ret;

--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
    LONG ref;
 } CertificateChain;

-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
 {
    PCERT_EXTENSION ext;
    DWORD size;

--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -337,6 +337,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
 WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
 DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
 WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;

 /* Allocates and initializes a certificate chain engine, but without creating
 * the root store.  Instead, it uses root, and assumes the caller has done any

--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -1728,9 +1728,7 @@ static void testGetIssuerCert(void)
    SetLastError(0xdeadbeef);
    flags = 0;
    parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
-todo_wine
    ok(!parent, "Expected NULL\n");
-todo_wine
    ok(GetLastError() == CRYPT_E_SELF_SIGNED,
       "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
    CertFreeCertificateContext(child);
@@ -1747,9 +1745,7 @@ todo_wine
    ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
    SetLastError(0xdeadbeef);
    parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
-todo_wine
    ok(!parent, "Expected NULL\n");
-todo_wine
    ok(GetLastError() == CRYPT_E_SELF_SIGNED,
       "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
    CertCloseStore(store, 0);