From eda48d8868065d2d7debafa79ba25fd8e1d8bc59 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Tue, 28 Aug 2007 15:52:37 -0700 Subject: [PATCH] crypt32: Set trust status on root element in chain. --- dlls/crypt32/chain.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 161ba291d4c..2b00ff0b8bc 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -340,20 +340,25 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, } if (ret) { - PCCERT_CONTEXT root = chain->rgpElement[chain->cElement - 1]-> - pCertContext; + PCERT_CHAIN_ELEMENT rootElement = + chain->rgpElement[chain->cElement - 1]; + PCCERT_CONTEXT root = rootElement->pCertContext; if (!(ret = CRYPT_IsCertificateSelfSigned(root))) TRACE("Last certificate is not self-signed\n"); else { - chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus - |= CERT_TRUST_IS_SELF_SIGNED; + rootElement->TrustStatus.dwInfoStatus |= + CERT_TRUST_IS_SELF_SIGNED; if (!(ret = CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)root, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, 0, NULL))) + { TRACE("Last certificate's signature is invalid\n"); + rootElement->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_SIGNATURE_VALID; + } } if (ret) { @@ -367,11 +372,15 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, trustedRoot = CertFindCertificateInStore(engine->hRoot, root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL); if (!trustedRoot) - chain->TrustStatus.dwErrorStatus |= + rootElement->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_UNTRUSTED_ROOT; else CertFreeCertificateContext(trustedRoot); } + chain->TrustStatus.dwErrorStatus |= + rootElement->TrustStatus.dwErrorStatus; + chain->TrustStatus.dwInfoStatus |= + rootElement->TrustStatus.dwInfoStatus & ~CERT_TRUST_IS_SELF_SIGNED; } if (!ret) {