From 3921454398d8808fb0e3d4e03f023c4ec70cba17 Mon Sep 17 00:00:00 2001 From: Ken Thomases Date: Fri, 20 Nov 2009 15:49:11 -0600 Subject: [PATCH] crypt32: Read trusted root certificates from system keychain on Mac OS X. --- dlls/crypt32/Makefile.in | 1 + dlls/crypt32/rootstore.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/dlls/crypt32/Makefile.in b/dlls/crypt32/Makefile.in index c2284b743f7..2daa01a1737 100644 --- a/dlls/crypt32/Makefile.in +++ b/dlls/crypt32/Makefile.in @@ -6,6 +6,7 @@ VPATH = @srcdir@ MODULE = crypt32.dll IMPORTLIB = crypt32 IMPORTS = user32 advapi32 kernel32 ntdll +EXTRALIBS = @SECURITYLIB@ C_SRCS = \ base64.c \ diff --git a/dlls/crypt32/rootstore.c b/dlls/crypt32/rootstore.c index a55b281601c..70b5ef80a3a 100644 --- a/dlls/crypt32/rootstore.c +++ b/dlls/crypt32/rootstore.c @@ -40,6 +40,9 @@ #include "winternl.h" #include "wine/debug.h" #include "crypt32_private.h" +#ifdef __APPLE__ +#include +#endif WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -713,6 +716,35 @@ static void read_trusted_roots_from_known_locations(HCERTSTORE store) DWORD i; BOOL ret = FALSE; +#ifdef __APPLE__ + OSStatus status; + CFArrayRef rootCerts; + + status = SecTrustCopyAnchorCertificates(&rootCerts); + if (status == noErr) + { + int i; + for (i = 0; i < CFArrayGetCount(rootCerts); i++) + { + SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i); + CFDataRef certData; + if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr) + { + if (CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING, + CFDataGetBytePtr(certData), CFDataGetLength(certData), + CERT_STORE_ADD_NEW, NULL)) + ret = TRUE; + else + WARN("adding root cert %d failed: %08x\n", i, GetLastError()); + CFRelease(certData); + } + else + WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status); + } + CFRelease(rootCerts); + } +#endif + for (i = 0; !ret && i < sizeof(CRYPT_knownLocations) / sizeof(CRYPT_knownLocations[0]); i++)