Juan Lang : winhttp: Don't make use of OpenSSL's security checks, as crypt32 also verifies certificate chain.

Module: wine Branch: master Commit: 5566d424f1e3e7298adcb2ea4941964e27b04627 URL: http://source.winehq.org/git/wine.git/?a=commit;h=5566d424f1e3e7298adcb2ea49...

Author: Juan Lang juan.lang@gmail.com Date: Wed Sep 29 08:18:39 2010 -0700

winhttp: Don't make use of OpenSSL's security checks, as crypt32 also verifies certificate chain.

---

dlls/winhttp/net.c | 64 ++++++++++++++++++++++++--------------------------- 1 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index 92996a7..a85eecd 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -343,53 +343,49 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) WCHAR *server; BOOL ret = FALSE; netconn_t *conn; + HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL );

ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() ); server = pSSL_get_ex_data( ssl, hostname_idx ); conn = pSSL_get_ex_data( ssl, conn_idx ); - if (preverify_ok) + if (store) { - HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0, - CERT_STORE_CREATE_NEW_FLAG, NULL ); + X509 *cert; + int i; + PCCERT_CONTEXT endCert = NULL;

- if (store) + ret = TRUE; + for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++) { - X509 *cert; - int i; - PCCERT_CONTEXT endCert = NULL; + PCCERT_CONTEXT context;

- ret = TRUE; - for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++) + cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i); + if ((context = X509_to_cert_context( cert ))) { - PCCERT_CONTEXT context; - - cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i); - if ((context = X509_to_cert_context( cert ))) - { - if (i == 0) - ret = CertAddCertificateContextToStore( store, context, - CERT_STORE_ADD_ALWAYS, &endCert ); - else - ret = CertAddCertificateContextToStore( store, context, - CERT_STORE_ADD_ALWAYS, NULL ); - CertFreeCertificateContext( context ); - } + if (i == 0) + ret = CertAddCertificateContextToStore( store, context, + CERT_STORE_ADD_ALWAYS, &endCert ); + else + ret = CertAddCertificateContextToStore( store, context, + CERT_STORE_ADD_ALWAYS, NULL ); + CertFreeCertificateContext( context ); } - if (!endCert) ret = FALSE; - if (ret) - { - DWORD_PTR err = netconn_verify_cert( endCert, store, server, - conn->security_flags ); + } + if (!endCert) ret = FALSE; + if (ret) + { + DWORD_PTR err = netconn_verify_cert( endCert, store, server, + conn->security_flags );

- if (err) - { - pSSL_set_ex_data( ssl, error_idx, (void *)err ); - ret = FALSE; - } + if (err) + { + pSSL_set_ex_data( ssl, error_idx, (void *)err ); + ret = FALSE; } - CertFreeCertificateContext( endCert ); - CertCloseStore( store, 0 ); } + CertFreeCertificateContext( endCert ); + CertCloseStore( store, 0 ); } return ret; }