From 09246aa1a73f039bc6676a890781a06f351a3e0f Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Mon, 14 Dec 2009 16:02:33 -0800 Subject: [PATCH] wininet: Set error and fail if a secure connection's certificate couldn't be verified. --- dlls/wininet/netconnection.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c index f8975706d5c..db57e1d25c1 100644 --- a/dlls/wininet/netconnection.c +++ b/dlls/wininet/netconnection.c @@ -116,6 +116,7 @@ static void *OpenSSL_crypto_handle; static SSL_METHOD *meth; static SSL_CTX *ctx; static int hostname_idx; +static int error_idx; #define MAKE_FUNCPTR(f) static typeof(f) * p##f @@ -321,7 +322,7 @@ static int netconn_secure_verify(int preverify_ok, X509_STORE_CTX *ctx) if (err) { - INTERNET_SetLastError(err); + pSSL_set_ex_data(ssl, error_idx, (void *)err); ret = FALSE; } } @@ -445,6 +446,15 @@ DWORD NETCON_init(WININET_NETCONNECTION *connection, BOOL useSSL) LeaveCriticalSection(&init_ssl_cs); return ERROR_OUTOFMEMORY; } + error_idx = pSSL_get_ex_new_index(0, (void *)"error index", + NULL, NULL, NULL); + if (error_idx == -1) + { + ERR("SSL_get_ex_new_index failed; %s\n", + pERR_error_string(pERR_get_error(), 0)); + LeaveCriticalSection(&init_ssl_cs); + return ERROR_OUTOFMEMORY; + } pSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, netconn_secure_verify); pCRYPTO_set_id_callback(ssl_thread_id); @@ -650,9 +660,10 @@ DWORD NETCON_secure_connect(WININET_NETCONNECTION *connection, LPWSTR hostname) if (pSSL_connect(connection->ssl_s) <= 0) { - ERR("SSL_connect failed: %s\n", - pERR_error_string(pERR_get_error(), 0)); - res = ERROR_INTERNET_SECURITY_CHANNEL_ERROR; + res = (DWORD)pSSL_get_ex_data(connection->ssl_s, error_idx); + if (!res) + res = ERROR_INTERNET_SECURITY_CHANNEL_ERROR; + ERR("SSL_connect failed: %d\n", res); goto fail; } pSSL_set_ex_data(connection->ssl_s, hostname_idx, hostname);