crypt32: Don't fail chain creation if root isn't self-signed.
This commit is contained in:
parent
b8b787a810
commit
1540f24e92
|
@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
|
||||||
CryptMemFree(chain);
|
CryptMemFree(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
|
||||||
|
PCERT_CHAIN_ELEMENT rootElement)
|
||||||
|
{
|
||||||
|
BYTE hash[20];
|
||||||
|
DWORD size = sizeof(hash);
|
||||||
|
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
|
||||||
|
PCCERT_CONTEXT trustedRoot;
|
||||||
|
|
||||||
|
CertGetCertificateContextProperty(rootElement->pCertContext,
|
||||||
|
CERT_HASH_PROP_ID, hash, &size);
|
||||||
|
trustedRoot = CertFindCertificateInStore(hRoot,
|
||||||
|
rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
|
||||||
|
&blob, NULL);
|
||||||
|
if (!trustedRoot)
|
||||||
|
rootElement->TrustStatus.dwErrorStatus |=
|
||||||
|
CERT_TRUST_IS_UNTRUSTED_ROOT;
|
||||||
|
else
|
||||||
|
CertFreeCertificateContext(trustedRoot);
|
||||||
|
}
|
||||||
|
|
||||||
static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
|
static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
|
||||||
PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
|
PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore,
|
||||||
PCERT_SIMPLE_CHAIN *ppChain)
|
PCERT_SIMPLE_CHAIN *ppChain)
|
||||||
|
@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
|
||||||
chain->rgpElement[chain->cElement - 1];
|
chain->rgpElement[chain->cElement - 1];
|
||||||
PCCERT_CONTEXT root = rootElement->pCertContext;
|
PCCERT_CONTEXT root = rootElement->pCertContext;
|
||||||
|
|
||||||
if (!(ret = CRYPT_IsCertificateSelfSigned(root)))
|
if (CRYPT_IsCertificateSelfSigned(root))
|
||||||
TRACE("Last certificate is not self-signed\n");
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
rootElement->TrustStatus.dwInfoStatus |=
|
rootElement->TrustStatus.dwInfoStatus |=
|
||||||
CERT_TRUST_IS_SELF_SIGNED;
|
CERT_TRUST_IS_SELF_SIGNED;
|
||||||
|
@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine,
|
||||||
rootElement->TrustStatus.dwErrorStatus |=
|
rootElement->TrustStatus.dwErrorStatus |=
|
||||||
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
|
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
|
||||||
}
|
}
|
||||||
}
|
CRYPT_CheckTrustedStatus(engine->hRoot, rootElement);
|
||||||
if (CRYPT_IsCertificateSelfSigned(root))
|
|
||||||
{
|
|
||||||
BYTE hash[20];
|
|
||||||
DWORD size = sizeof(hash);
|
|
||||||
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
|
|
||||||
PCCERT_CONTEXT trustedRoot;
|
|
||||||
|
|
||||||
CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash,
|
|
||||||
&size);
|
|
||||||
trustedRoot = CertFindCertificateInStore(engine->hRoot,
|
|
||||||
root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL);
|
|
||||||
if (!trustedRoot)
|
|
||||||
rootElement->TrustStatus.dwErrorStatus |=
|
|
||||||
CERT_TRUST_IS_UNTRUSTED_ROOT;
|
|
||||||
else
|
|
||||||
CertFreeCertificateContext(trustedRoot);
|
|
||||||
}
|
}
|
||||||
chain->TrustStatus.dwErrorStatus |=
|
chain->TrustStatus.dwErrorStatus |=
|
||||||
rootElement->TrustStatus.dwErrorStatus;
|
rootElement->TrustStatus.dwErrorStatus;
|
||||||
|
|
|
@ -1529,13 +1529,12 @@ static ChainCheck chainCheck[] = {
|
||||||
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
|
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
|
||||||
1, simpleStatus8 },
|
1, simpleStatus8 },
|
||||||
TODO_ERROR | TODO_INFO },
|
TODO_ERROR | TODO_INFO },
|
||||||
/* This (cyclic) chain fails in Wine */
|
|
||||||
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
|
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 },
|
||||||
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
|
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
|
||||||
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
|
{ CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
|
||||||
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
|
CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
|
||||||
1, simpleStatus9 },
|
1, simpleStatus9 },
|
||||||
TODO_CHAIN | TODO_ERROR | TODO_INFO },
|
TODO_ERROR | TODO_INFO },
|
||||||
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
|
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 },
|
||||||
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
|
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
|
||||||
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
|
{ CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
|
||||||
|
|
Loading…
Reference in New Issue