On Monday 20 October 2008 21:48:37 Juan Lang wrote:
- /* FIXME: verify certificate and determine store name dynamically */
- if (!(store = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,
CERT_SYSTEM_STORE_CURRENT_USER, Root)))
- {
WARN("unable to open certificate store\n");CertFreeCertificateContext(cert);HeapFree(GetProcessHeap(), 0, buffer);return FALSE;- }
- ret = CertAddCertificateContextToStore(store, cert,
CERT_STORE_ADD_REPLACE_EXISTING, NULL);
This doesn't look correct. Why are you always using the root store, and ignoring hDestCertStore? Even if you expect hDestCertStore to be NULL (in which case a default store may make sense), using the Root store seems like it won't do what the user wants. The certificate won't be persisted if it's added to the Root store, because the Root store is only read from the local system. When the process (Outlook) exits, the certificate will no longer exist.
It's my limited manual testing with a self-signed root CA certificate that turned this up on Windows. The certificate is still there after Outook is closed.
It's an absolute minimal implementation and you are right that we need to find out what determines the store for the whole range of certificate types. The FIXME comment I put in should really have been a FIXME().
-Hans