Commit c39696eb authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Don't fail chain creation if signature doesn't match.

parent 1540f24e
......@@ -252,24 +252,14 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
}
/* Gets cert's issuer from store, and returns the validity flags associated
* with it. Returns NULL if no issuer whose public key matches cert's
* signature could be found.
* with it. Returns NULL if no issuer signature could be found.
*/
static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
PCCERT_CONTEXT cert, PDWORD pdwFlags)
{
PCCERT_CONTEXT issuer = NULL;
/* There might be more than issuer with the same name, so keep looking until
* one produces the correct signature for this cert.
*/
do {
*pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG |
CERT_STORE_TIME_VALIDITY_FLAG;
issuer = CertGetIssuerCertificateFromStore(store, cert, issuer,
pdwFlags);
} while (issuer && (*pdwFlags & CERT_STORE_SIGNATURE_FLAG));
return issuer;
*pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG |
CERT_STORE_TIME_VALIDITY_FLAG;
return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
}
static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
......
......@@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = {
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID |
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus1 },
TODO_CHAIN | TODO_ERROR | TODO_INFO },
TODO_ERROR | TODO_INFO },
{ { sizeof(chain2) / sizeof(chain2[0]), chain2 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment