winhttp: Store the server certificate context in the request.

Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

winhttp: Store the server certificate context in the request.
f5ea51d3 · Hans Leidekker · Alexandre Julliard · 6bc984a6 · f5ea51d3 · f5ea51d3
Commit f5ea51d3 authored Jun 11, 2018 by Hans Leidekker Committed by Alexandre Julliard Jun 11, 2018
5 changed files
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -47,7 +47,6 @@
 #include "windef.h"
 #include "winbase.h"
 #include "winhttp.h"
-#include "wincrypt.h"
 #include "schannel.h"

 #include "winhttp_private.h"

--- a/dlls/winhttp/request.c
+++ b/dlls/winhttp/request.c
@@ -1765,6 +1765,10 @@ static BOOL open_connection( request_t *request )
                    return FALSE;
                }
            }
+
+            CertFreeCertificateContext( request->server_cert );
+            request->server_cert = NULL;
+
            if (!ensure_cred_handle( connect->session ) ||
                !netconn_secure_connect( netconn, connect->hostname, request->security_flags,
                                         &connect->session->cred_handle ))
@@ -1787,6 +1791,13 @@ static BOOL open_connection( request_t *request )
        request->netconn = netconn;
    }

+    if (netconn->secure && !(request->server_cert = netconn_get_certificate( netconn )))
+    {
+        heap_free( addressW );
+        netconn_close( netconn );
+        return FALSE;
+    }
+
 done:
    request->read_pos = request->read_size = 0;
    request->read_chunked = FALSE;

--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -40,7 +40,6 @@
 #include "winsock2.h"
 #include "ws2ipdef.h"
 #include "winhttp.h"
-#include "wincrypt.h"
 #include "winreg.h"
 #define COBJMACROS
 #include "ole2.h"
@@ -597,6 +596,8 @@ static void request_destroy( object_header_t *hdr )
    }
    release_object( &request->connect->hdr );

+    CertFreeCertificateContext( request->server_cert );
+
    destroy_authinfo( request->authinfo );
    destroy_authinfo( request->proxy_authinfo );

@@ -759,14 +760,14 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf
            return FALSE;
        }

-        if (!request->netconn || !(cert = netconn_get_certificate( request->netconn ))) return FALSE;
+        if (!(cert = CertDuplicateCertificateContext( request->server_cert ))) return FALSE;
        *(CERT_CONTEXT **)buffer = (CERT_CONTEXT *)cert;
        *buflen = sizeof(cert);
        return TRUE;
    }
    case WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT:
    {
-        const CERT_CONTEXT *cert;
+        const CERT_CONTEXT *cert = request->server_cert;
        const CRYPT_OID_INFO *oidInfo;
        WINHTTP_CERTIFICATE_INFO *ci = buffer;

@@ -778,16 +779,14 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf
            set_last_error( ERROR_INSUFFICIENT_BUFFER );
            return FALSE;
        }
-        if (!request->netconn || !(cert = netconn_get_certificate( request->netconn ))) return FALSE;
+        if (!cert) return FALSE;

        ci->ftExpiry = cert->pCertInfo->NotAfter;
        ci->ftStart  = cert->pCertInfo->NotBefore;
        ci->lpszSubjectInfo = blob_to_str( cert->dwCertEncodingType, &cert->pCertInfo->Subject );
        ci->lpszIssuerInfo  = blob_to_str( cert->dwCertEncodingType, &cert->pCertInfo->Issuer );
        ci->lpszProtocolName      = NULL;
-        oidInfo = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY,
-                                    cert->pCertInfo->SignatureAlgorithm.pszObjId,
-                                    0 );
+        oidInfo = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY, cert->pCertInfo->SignatureAlgorithm.pszObjId, 0 );
        if (oidInfo)
            ci->lpszSignatureAlgName = (LPWSTR)oidInfo->pwszName;
        else
@@ -795,7 +794,6 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf
        ci->lpszEncryptionAlgName = NULL;
        ci->dwKeySize = request->netconn ? netconn_get_cipher_strength( request->netconn ) : 0;

-        CertFreeCertificateContext( cert );
        *buflen = sizeof(*ci);
        return TRUE;
    }

--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -1107,6 +1107,11 @@ static void test_secure_connection(void)
    }
    ok(read_size >= available_size, "read_size = %u, available_size = %u\n", read_size, available_size);

+    size = sizeof(cert);
+    ret = WinHttpQueryOption(req, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &cert, &size);
+    ok(ret, "failed to retrieve certificate context %u\n", GetLastError());
+    if (ret) CertFreeCertificateContext(cert);
+
 cleanup:
    WinHttpCloseHandle(req);
    WinHttpCloseHandle(con);

--- a/dlls/winhttp/winhttp_private.h
+++ b/dlls/winhttp/winhttp_private.h
@@ -46,6 +46,7 @@

 #include "ole2.h"
 #include "sspi.h"
+#include "wincrypt.h"

 static const WCHAR getW[]    = {'G','E','T',0};
 static const WCHAR postW[]   = {'P','O','S','T',0};
@@ -209,6 +210,7 @@ typedef struct
    DWORD optional_len;
    netconn_t *netconn;
    DWORD security_flags;
+    const CERT_CONTEXT *server_cert;
    int resolve_timeout;
    int connect_timeout;
    int send_timeout;