diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index df6b9d93d83..588b11bfe86 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -251,15 +251,15 @@ static PCCERT_CONTEXT X509_to_cert_context(X509 *cert) return ret; } -static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store, - WCHAR *server ) +static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store, + WCHAR *server ) { BOOL ret; CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } }; PCCERT_CHAIN_CONTEXT chain; char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH; char *server_auth[] = { oid_server_auth }; - DWORD err; + DWORD err = ERROR_SUCCESS; TRACE("verifying %s\n", debugstr_w( server )); chainPara.RequestedUsage.Usage.cUsageIdentifier = 1; @@ -286,8 +286,6 @@ static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store, err = ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE; else err = ERROR_WINHTTP_SECURE_INVALID_CERT; - set_last_error( err ); - ret = FALSE; } else { @@ -313,14 +311,14 @@ static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store, err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID; else err = ERROR_WINHTTP_SECURE_INVALID_CERT; - set_last_error( err ); - ret = FALSE; } } CertFreeCertificateChain( chain ); } - TRACE("returning %d\n", ret); - return ret; + else + err = ERROR_WINHTTP_SECURE_CHANNEL_ERROR; + TRACE("returning %08x\n", err); + return err; } static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) @@ -361,7 +359,15 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) } if (!endCert) ret = FALSE; if (ret) - ret = netconn_verify_cert( endCert, store, server ); + { + DWORD err = netconn_verify_cert( endCert, store, server ); + + if (err) + { + set_last_error( err ); + ret = FALSE; + } + } CertFreeCertificateContext( endCert ); CertCloseStore( store, 0 ); }