forked from Mirrors/wine-wine
crypt32: Correctly return how the issuer of a self signed certificate was matched.
Original patch by Michael Müller. Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>oldstable
Nikolay Sivov
Alexandre Julliard
parent
5d7fa27a2f
commit
e353656804
|
|
@ -265,10 +265,10 @@ typedef struct _CertificateChain
|
||||||
LONG ref;
|
LONG ref;
|
||||||
} CertificateChain;
|
} CertificateChain;
|
||||||
|
|
||||||
BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
|
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
|
||||||
{
|
{
|
||||||
|
DWORD size, status = 0;
|
||||||
PCERT_EXTENSION ext;
|
PCERT_EXTENSION ext;
|
||||||
DWORD size;
|
|
||||||
BOOL ret;
|
BOOL ret;
|
||||||
|
|
||||||
if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
|
if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
|
||||||
|
|
@ -296,10 +296,9 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
|
||||||
&info->AuthorityCertIssuer.rgAltEntry[i];
|
&info->AuthorityCertIssuer.rgAltEntry[i];
|
||||||
if (directoryName)
|
if (directoryName)
|
||||||
{
|
{
|
||||||
ret = CertCompareCertificateName(cert->dwCertEncodingType,
|
if (CertCompareCertificateName(cert->dwCertEncodingType, &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
|
||||||
&directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
|
&& CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, &cert->pCertInfo->SerialNumber))
|
||||||
&& CertCompareIntegerBlob(&info->AuthorityCertSerialNumber,
|
status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
|
||||||
&cert->pCertInfo->SerialNumber);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -317,16 +316,12 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
|
||||||
|
|
||||||
if (buf)
|
if (buf)
|
||||||
{
|
{
|
||||||
CertGetCertificateContextProperty(cert,
|
CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
|
||||||
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
|
if (!memcmp(buf, info->KeyId.pbData, size))
|
||||||
ret = !memcmp(buf, info->KeyId.pbData, size);
|
status = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
|
||||||
CryptMemFree(buf);
|
CryptMemFree(buf);
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = FALSE;
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = FALSE;
|
|
||||||
}
|
}
|
||||||
LocalFree(info);
|
LocalFree(info);
|
||||||
}
|
}
|
||||||
|
|
@ -344,10 +339,9 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
|
||||||
{
|
{
|
||||||
if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
|
if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
|
||||||
{
|
{
|
||||||
ret = CertCompareCertificateName(cert->dwCertEncodingType,
|
if (CertCompareCertificateName(cert->dwCertEncodingType, &info->CertIssuer, &cert->pCertInfo->Issuer)
|
||||||
&info->CertIssuer, &cert->pCertInfo->Issuer) &&
|
&& CertCompareIntegerBlob(&info->CertSerialNumber, &cert->pCertInfo->SerialNumber))
|
||||||
CertCompareIntegerBlob(&info->CertSerialNumber,
|
status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
|
||||||
&cert->pCertInfo->SerialNumber);
|
|
||||||
}
|
}
|
||||||
else if (info->KeyId.cbData)
|
else if (info->KeyId.cbData)
|
||||||
{
|
{
|
||||||
|
|
@ -361,24 +355,23 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
|
||||||
{
|
{
|
||||||
CertGetCertificateContextProperty(cert,
|
CertGetCertificateContextProperty(cert,
|
||||||
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
|
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
|
||||||
ret = !memcmp(buf, info->KeyId.pbData, size);
|
if (!memcmp(buf, info->KeyId.pbData, size))
|
||||||
|
status = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
|
||||||
CryptMemFree(buf);
|
CryptMemFree(buf);
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = FALSE;
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = FALSE;
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ret = FALSE;
|
|
||||||
LocalFree(info);
|
LocalFree(info);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
ret = CertCompareCertificateName(cert->dwCertEncodingType,
|
if (CertCompareCertificateName(cert->dwCertEncodingType, &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer))
|
||||||
&cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
|
status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
|
||||||
return ret;
|
|
||||||
|
if (status)
|
||||||
|
status |= CERT_TRUST_IS_SELF_SIGNED;
|
||||||
|
|
||||||
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
|
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
|
||||||
|
|
@ -1890,6 +1883,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
|
||||||
int i;
|
int i;
|
||||||
BOOL pathLengthConstraintViolated = FALSE;
|
BOOL pathLengthConstraintViolated = FALSE;
|
||||||
CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
|
CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
|
||||||
|
DWORD status;
|
||||||
|
|
||||||
TRACE_(chain)("checking chain with %d elements for time %s\n",
|
TRACE_(chain)("checking chain with %d elements for time %s\n",
|
||||||
chain->cElement, filetime_to_str(time));
|
chain->cElement, filetime_to_str(time));
|
||||||
|
|
@ -1977,10 +1971,9 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
|
||||||
}
|
}
|
||||||
CRYPT_CheckChainNameConstraints(chain);
|
CRYPT_CheckChainNameConstraints(chain);
|
||||||
CRYPT_CheckChainPolicies(chain);
|
CRYPT_CheckChainPolicies(chain);
|
||||||
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
|
if ((status = CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)))
|
||||||
{
|
{
|
||||||
rootElement->TrustStatus.dwInfoStatus |=
|
rootElement->TrustStatus.dwInfoStatus |= status;
|
||||||
CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER;
|
|
||||||
CRYPT_CheckRootCert(engine->hRoot, rootElement);
|
CRYPT_CheckRootCert(engine->hRoot, rootElement);
|
||||||
}
|
}
|
||||||
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
|
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
|
||||||
|
|
|
||||||
|
|
@ -343,7 +343,7 @@ void CRYPT_ImportSystemRootCertsToReg(void) DECLSPEC_HIDDEN;
|
||||||
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface,
|
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface,
|
||||||
HCERTSTORE memStore) DECLSPEC_HIDDEN;
|
HCERTSTORE memStore) DECLSPEC_HIDDEN;
|
||||||
|
|
||||||
BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
|
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert) DECLSPEC_HIDDEN;
|
||||||
|
|
||||||
/* Allocates and initializes a certificate chain engine, but without creating
|
/* Allocates and initializes a certificate chain engine, but without creating
|
||||||
* the root store. Instead, it uses root, and assumes the caller has done any
|
* the root store. Instead, it uses root, and assumes the caller has done any
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue