winhttp: Return error directly from netconn_verify_cert.

2009-12-14 12:29:41 -08:00 · 2009-12-14 12:29:41 -08:00 · 1308c4287f
parent 2f56ef09e6
commit 1308c4287f
1 changed files with 16 additions and 10 deletions
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@ -251,15 +251,15 @@ static PCCERT_CONTEXT X509_to_cert_context(X509 *cert)
    return ret;
 }

-static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
-                                 WCHAR *server )
+static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
+                                  WCHAR *server )
 {
    BOOL ret;
    CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
    PCCERT_CHAIN_CONTEXT chain;
    char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH;
    char *server_auth[] = { oid_server_auth };
-    DWORD err;
+    DWORD err = ERROR_SUCCESS;

    TRACE("verifying %s\n", debugstr_w( server ));
    chainPara.RequestedUsage.Usage.cUsageIdentifier = 1;
@ -286,8 +286,6 @@ static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
                err = ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE;
            else
                err = ERROR_WINHTTP_SECURE_INVALID_CERT;
-            set_last_error( err );
-            ret = FALSE;
        }
        else
        {
@ -313,14 +311,14 @@ static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
                    err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
                else
                    err = ERROR_WINHTTP_SECURE_INVALID_CERT;
-                set_last_error( err );
-                ret = FALSE;
            }
        }
        CertFreeCertificateChain( chain );
    }
-    TRACE("returning %d\n", ret);
-    return ret;
+    else
+        err = ERROR_WINHTTP_SECURE_CHANNEL_ERROR;
+    TRACE("returning %08x\n", err);
+    return err;
 }

 static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
@ -361,7 +359,15 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
            }
            if (!endCert) ret = FALSE;
            if (ret)
-                ret = netconn_verify_cert( endCert, store, server );
+            {
+                DWORD err = netconn_verify_cert( endCert, store, server );
+
+                if (err)
+                {
+                    set_last_error( err );
+                    ret = FALSE;
+                }
+            }
            CertFreeCertificateContext( endCert );
            CertCloseStore( store, 0 );
        }