Bruno Jesus : crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates. - wine-commits

23 Jul 2014

Module: wine
Branch: master
Commit: 7a40fdbf8cb68df269c1a1c47f6cc276ba1929e8
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=7a40fdbf8cb68df269c1a1c47f...
Author: Bruno Jesus 00cpxxx@gmail.com
Date:   Tue Jul 22 20:43:06 2014 -0300
crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.
---
dlls/crypt32/cert.c            | 6 ++++++
 dlls/crypt32/chain.c           | 2 +-
 dlls/crypt32/crypt32_private.h | 1 +
 dlls/crypt32/tests/cert.c      | 4 ----
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 074b924..c35f504 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1883,6 +1883,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
             CertFreeCertificateContext(ret);
             ret = NULL;
         }
+        if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+        {
+            CertFreeCertificateContext(ret);
+            ret = NULL;
+            SetLastError(CRYPT_E_SELF_SIGNED);
+        }
     }
     TRACE("returning %p\n", ret);
     return ret;
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 94d228a..056910f 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
     LONG ref;
 } CertificateChain;
-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
 {
     PCERT_EXTENSION ext;
     DWORD size;
diff --git a/dlls/crypt32/crypt32_private.h b/dlls/crypt32/crypt32_private.h
index 02bd902..fb5c5c3 100644
--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -337,6 +337,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
 WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
  DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
 WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
/* Allocates and initializes a certificate chain engine, but without creating
  * the root store.  Instead, it uses root, and assumes the caller has done any
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index a19ef1e..259361c 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -1728,9 +1728,7 @@ static void testGetIssuerCert(void)
     SetLastError(0xdeadbeef);
     flags = 0;
     parent = CertGetIssuerCertificateFromStore(store, cert3, NULL, &flags);
-todo_wine
     ok(!parent, "Expected NULL\n");
-todo_wine
     ok(GetLastError() == CRYPT_E_SELF_SIGNED,
        "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
     CertFreeCertificateContext(child);
@@ -1747,9 +1745,7 @@ todo_wine
     ok(cert1 != NULL, "CertEnumCertificatesInStore should have worked\n");
     SetLastError(0xdeadbeef);
     parent = CertGetIssuerCertificateFromStore(store, cert1, NULL, &flags);
-todo_wine
     ok(!parent, "Expected NULL\n");
-todo_wine
     ok(GetLastError() == CRYPT_E_SELF_SIGNED,
        "Expected CRYPT_E_SELF_SIGNED, got %08X\n", GetLastError());
     CertCloseStore(store, 0);

    