Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
b659dee9
Commit
b659dee9
authored
May 17, 2010
by
Juan Lang
Committed by
Alexandre Julliard
May 18, 2010
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
winhttp: Honor security flags when verifying a certificate.
parent
2a569a9e
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
17 additions
and
5 deletions
+17
-5
net.c
dlls/winhttp/net.c
+17
-5
No files found.
dlls/winhttp/net.c
View file @
b659dee9
...
...
@@ -254,7 +254,7 @@ static PCCERT_CONTEXT X509_to_cert_context(X509 *cert)
}
static
DWORD
netconn_verify_cert
(
PCCERT_CONTEXT
cert
,
HCERTSTORE
store
,
WCHAR
*
server
)
WCHAR
*
server
,
DWORD
security_flags
)
{
BOOL
ret
;
CERT_CHAIN_PARA
chainPara
=
{
sizeof
(
chainPara
),
{
0
}
};
...
...
@@ -272,7 +272,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
if
(
chain
->
TrustStatus
.
dwErrorStatus
)
{
if
(
chain
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_NOT_TIME_VALID
)
err
=
ERROR_WINHTTP_SECURE_CERT_DATE_INVALID
;
{
if
(
!
(
security_flags
&
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
))
err
=
ERROR_WINHTTP_SECURE_CERT_DATE_INVALID
;
}
else
if
(
chain
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_UNTRUSTED_ROOT
)
err
=
ERROR_WINHTTP_SECURE_INVALID_CA
;
...
...
@@ -285,7 +288,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
err
=
ERROR_WINHTTP_SECURE_CERT_REVOKED
;
else
if
(
chain
->
TrustStatus
.
dwErrorStatus
&
CERT_TRUST_IS_NOT_VALID_FOR_USAGE
)
err
=
ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE
;
{
if
(
!
(
security_flags
&
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE
))
err
=
ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE
;
}
else
err
=
ERROR_WINHTTP_SECURE_INVALID_CERT
;
}
...
...
@@ -310,7 +316,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
if
(
ret
&&
policyStatus
.
dwError
)
{
if
(
policyStatus
.
dwError
==
CERT_E_CN_NO_MATCH
)
err
=
ERROR_WINHTTP_SECURE_CERT_CN_INVALID
;
{
if
(
!
(
security_flags
&
SECURITY_FLAG_IGNORE_CERT_CN_INVALID
))
err
=
ERROR_WINHTTP_SECURE_CERT_CN_INVALID
;
}
else
err
=
ERROR_WINHTTP_SECURE_INVALID_CERT
;
}
...
...
@@ -328,9 +337,11 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
SSL
*
ssl
;
WCHAR
*
server
;
BOOL
ret
=
FALSE
;
netconn_t
*
conn
;
ssl
=
pX509_STORE_CTX_get_ex_data
(
ctx
,
pSSL_get_ex_data_X509_STORE_CTX_idx
()
);
server
=
pSSL_get_ex_data
(
ssl
,
hostname_idx
);
conn
=
pSSL_get_ex_data
(
ssl
,
conn_idx
);
if
(
preverify_ok
)
{
HCERTSTORE
store
=
CertOpenStore
(
CERT_STORE_PROV_MEMORY
,
0
,
0
,
...
...
@@ -362,7 +373,8 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
if
(
!
endCert
)
ret
=
FALSE
;
if
(
ret
)
{
DWORD_PTR
err
=
netconn_verify_cert
(
endCert
,
store
,
server
);
DWORD_PTR
err
=
netconn_verify_cert
(
endCert
,
store
,
server
,
conn
->
security_flags
);
if
(
err
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment