crypt32: Also import user/admin defined root certificates on macOS.

Signed-off-by: Piotr Caban <piotr@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2021-01-25 14:52:20 +01:00 · 2021-01-25 14:52:20 +01:00 · c53d6a4a7c
parent 2129e335f2
commit c53d6a4a7c
1 changed files with 22 additions and 13 deletions
--- a/dlls/crypt32/unixlib.c
+++ b/dlls/crypt32/unixlib.c
@ -580,26 +580,35 @@ static void load_root_certs(void)
    DWORD i;
 #ifdef HAVE_SECURITY_SECURITY_H
    const SecTrustSettingsDomain domains[] = {
        kSecTrustSettingsDomainSystem,
        kSecTrustSettingsDomainAdmin,
        kSecTrustSettingsDomainUser
    };
    OSStatus status;
-    CFArrayRef rootCerts;
+    CFArrayRef certs;
    DWORD domain;
-    status = SecTrustCopyAnchorCertificates(&rootCerts);
+    for (domain = 0; domain < ARRAY_SIZE(domains); domain++)
    if (status == noErr)
    {
-        for (i = 0; i < CFArrayGetCount(rootCerts); i++)
+        status = SecTrustSettingsCopyCertificates(domains[domain], &certs);
        if (status == noErr)
        {
-            SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
+            for (i = 0; i < CFArrayGetCount(certs); i++)
            CFDataRef certData;
            if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
            {
-                BYTE *data = add_cert( CFDataGetLength(certData) );
+                SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
-                if (data) memcpy( data, CFDataGetBytePtr(certData), CFDataGetLength(certData) );
+                CFDataRef certData;
-                CFRelease(certData);
+                if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
                {
                    BYTE *data = add_cert( CFDataGetLength(certData) );
                    if (data) memcpy( data, CFDataGetBytePtr(certData), CFDataGetLength(certData) );
                    CFRelease(certData);
                }
                else
                    WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
            }
-            else
+            CFRelease(certs);
                WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
        }
        CFRelease(rootCerts);
    }
 #endif