wintrust: Fail creating a chain if a store couldn't be created.

2010-01-27 14:14:53 -08:00 · 2010-01-27 14:14:53 -08:00 · 711ca0f4f3
parent 59dcf9c9ee
commit 711ca0f4f3
1 changed files with 34 additions and 28 deletions
--- a/dlls/wintrust/softpub.c
+++ b/dlls/wintrust/softpub.c
@ -771,46 +771,52 @@ static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
            for (i = 0; i < data->chStores; i++)
                CertAddStoreToCollection(store, data->pahStores[i], 0, 0);
        }
        else
            ret = FALSE;
    }
-    /* Expect the end certificate for each signer to be the only cert in the
+    if (ret)
     * chain:
     */
    if (data->pasSigners[signer].csCertChain)
    {
-        /* Create a certificate chain for each signer */
+        /* Expect the end certificate for each signer to be the only cert in
-        ret = CertGetCertificateChain(createInfo->hChainEngine,
+         * the chain:
-         data->pasSigners[signer].pasCertChain[0].pCert,
+         */
-         &data->pasSigners[signer].sftVerifyAsOf, store,
+        if (data->pasSigners[signer].csCertChain)
         chainPara, createInfo->dwFlags, createInfo->pvReserved,
         &data->pasSigners[signer].pChainContext);
        if (ret)
        {
-            if (data->pasSigners[signer].pChainContext->cChain != 1)
+            /* Create a certificate chain for each signer */
            ret = CertGetCertificateChain(createInfo->hChainEngine,
             data->pasSigners[signer].pasCertChain[0].pCert,
             &data->pasSigners[signer].sftVerifyAsOf, store,
             chainPara, createInfo->dwFlags, createInfo->pvReserved,
             &data->pasSigners[signer].pChainContext);
            if (ret)
            {
-                FIXME("unimplemented for more than 1 simple chain\n");
+                if (data->pasSigners[signer].pChainContext->cChain != 1)
                ret = FALSE;
            }
            else
            {
                DWORD err;
                if (!(err = WINTRUST_CopyChain(data, signer)))
                {
-                    if (data->psPfns->pfnCertCheckPolicy)
+                    FIXME("unimplemented for more than 1 simple chain\n");
-                        ret = data->psPfns->pfnCertCheckPolicy(data, signer,
+                    ret = FALSE;
                         FALSE, 0);
                    else
                        TRACE("no cert check policy, skipping policy check\n");
                }
                else
                {
-                    SetLastError(err);
+                    DWORD err;
-                    ret = FALSE;
+
                    if (!(err = WINTRUST_CopyChain(data, signer)))
                    {
                        if (data->psPfns->pfnCertCheckPolicy)
                            ret = data->psPfns->pfnCertCheckPolicy(data, signer,
                             FALSE, 0);
                        else
                            TRACE(
                             "no cert check policy, skipping policy check\n");
                    }
                    else
                    {
                        SetLastError(err);
                        ret = FALSE;
                    }
                }
            }
        }
        CertCloseStore(store, 0);
    }
    CertCloseStore(store, 0);
    return ret;
 }