crypt32: Don't fail chain creation if signature doesn't match.

dlls/crypt32/chain.c

@@ -252,24 +252,14 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
 }
 
 /* Gets cert's issuer from store, and returns the validity flags associated
- * with it.  Returns NULL if no issuer whose public key matches cert's
+ * with it.  Returns NULL if no issuer signature could be found.
- * signature could be found.
  */
 static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
  PCCERT_CONTEXT cert, PDWORD pdwFlags)
 {
-    PCCERT_CONTEXT issuer = NULL;
+    *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG |
-
+     CERT_STORE_TIME_VALIDITY_FLAG;
-    /* There might be more than issuer with the same name, so keep looking until
+    return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
-     * one produces the correct signature for this cert.
-     */
-    do {
-        *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG |
-         CERT_STORE_TIME_VALIDITY_FLAG;
-        issuer = CertGetIssuerCertificateFromStore(store, cert, issuer,
-         pdwFlags);
-    } while (issuer && (*pdwFlags & CERT_STORE_SIGNATURE_FLAG));
-    return issuer;
 }
 
 static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,

dlls/crypt32/tests/chain.c

@@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = {
      { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID |
        CERT_TRUST_IS_NOT_TIME_VALID, 0 },
      1, simpleStatus1 },
-   TODO_CHAIN | TODO_ERROR | TODO_INFO },
+   TODO_ERROR | TODO_INFO },
  { { sizeof(chain2) / sizeof(chain2[0]), chain2 },
    { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
      { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },