Hans Leidekker (@hans) commented about dlls/winhttp/session.c:
+ char *server_auth[] = { oid_server_auth }; + + CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } }; + + chainPara.RequestedUsage.Usage.cUsageIdentifier = 1; + chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth; + + if (!validate_buffer( buffer, buflen, sizeof(cert) )) return FALSE; + if (!(cert = CertDuplicateCertificateContext( request -> server_cert ))) return FALSE; + + if (!CertGetCertificateChain(NULL, cert, NULL, NULL, &chainPara, 0, NULL, &cert_chain)) return FALSE; + + *(CERT_CHAIN_CONTEXT **)buffer = (CERT_CHAIN_CONTEXT *)cert_chain; + *buflen = sizeof(cert_chain); + + return TRUE; 'cert' should be freed before returning but you don't actually need a copy. This should work:
``` if (!CertGetCertificateChain( NULL, request->server_cert, NULL, NULL, &chainPara, 0, NULL, &cert_chain )) return FALSE; ``` -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10357#note_132600