Signed-off-by: Hans Leidekker hans@codeweavers.com --- dlls/winhttp/net.c | 1 - dlls/winhttp/request.c | 11 +++++++++++ dlls/winhttp/session.c | 14 ++++++-------- dlls/winhttp/tests/winhttp.c | 5 +++++ dlls/winhttp/winhttp_private.h | 2 ++ 5 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index d0d02d535e..d577a64783 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -47,7 +47,6 @@ #include "windef.h" #include "winbase.h" #include "winhttp.h" -#include "wincrypt.h" #include "schannel.h"
#include "winhttp_private.h" diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c index 96a2c91de5..56ec910294 100644 --- a/dlls/winhttp/request.c +++ b/dlls/winhttp/request.c @@ -1765,6 +1765,10 @@ static BOOL open_connection( request_t *request ) return FALSE; } } + + CertFreeCertificateContext( request->server_cert ); + request->server_cert = NULL; + if (!ensure_cred_handle( connect->session ) || !netconn_secure_connect( netconn, connect->hostname, request->security_flags, &connect->session->cred_handle )) @@ -1787,6 +1791,13 @@ static BOOL open_connection( request_t *request ) request->netconn = netconn; }
+ if (netconn->secure && !(request->server_cert = netconn_get_certificate( netconn ))) + { + heap_free( addressW ); + netconn_close( netconn ); + return FALSE; + } + done: request->read_pos = request->read_size = 0; request->read_chunked = FALSE; diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c index e2b91fa513..fb815682c2 100644 --- a/dlls/winhttp/session.c +++ b/dlls/winhttp/session.c @@ -40,7 +40,6 @@ #include "winsock2.h" #include "ws2ipdef.h" #include "winhttp.h" -#include "wincrypt.h" #include "winreg.h" #define COBJMACROS #include "ole2.h" @@ -597,6 +596,8 @@ static void request_destroy( object_header_t *hdr ) } release_object( &request->connect->hdr );
+ CertFreeCertificateContext( request->server_cert ); + destroy_authinfo( request->authinfo ); destroy_authinfo( request->proxy_authinfo );
@@ -759,14 +760,14 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf return FALSE; }
- if (!request->netconn || !(cert = netconn_get_certificate( request->netconn ))) return FALSE; + if (!(cert = CertDuplicateCertificateContext( request->server_cert ))) return FALSE; *(CERT_CONTEXT **)buffer = (CERT_CONTEXT *)cert; *buflen = sizeof(cert); return TRUE; } case WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT: { - const CERT_CONTEXT *cert; + const CERT_CONTEXT *cert = request->server_cert; const CRYPT_OID_INFO *oidInfo; WINHTTP_CERTIFICATE_INFO *ci = buffer;
@@ -778,16 +779,14 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf set_last_error( ERROR_INSUFFICIENT_BUFFER ); return FALSE; } - if (!request->netconn || !(cert = netconn_get_certificate( request->netconn ))) return FALSE; + if (!cert) return FALSE;
ci->ftExpiry = cert->pCertInfo->NotAfter; ci->ftStart = cert->pCertInfo->NotBefore; ci->lpszSubjectInfo = blob_to_str( cert->dwCertEncodingType, &cert->pCertInfo->Subject ); ci->lpszIssuerInfo = blob_to_str( cert->dwCertEncodingType, &cert->pCertInfo->Issuer ); ci->lpszProtocolName = NULL; - oidInfo = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY, - cert->pCertInfo->SignatureAlgorithm.pszObjId, - 0 ); + oidInfo = CryptFindOIDInfo( CRYPT_OID_INFO_OID_KEY, cert->pCertInfo->SignatureAlgorithm.pszObjId, 0 ); if (oidInfo) ci->lpszSignatureAlgName = (LPWSTR)oidInfo->pwszName; else @@ -795,7 +794,6 @@ static BOOL request_query_option( object_header_t *hdr, DWORD option, LPVOID buf ci->lpszEncryptionAlgName = NULL; ci->dwKeySize = request->netconn ? netconn_get_cipher_strength( request->netconn ) : 0;
- CertFreeCertificateContext( cert ); *buflen = sizeof(*ci); return TRUE; } diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c index 4d8585be1a..2c22276899 100644 --- a/dlls/winhttp/tests/winhttp.c +++ b/dlls/winhttp/tests/winhttp.c @@ -1107,6 +1107,11 @@ static void test_secure_connection(void) } ok(read_size >= available_size, "read_size = %u, available_size = %u\n", read_size, available_size);
+ size = sizeof(cert); + ret = WinHttpQueryOption(req, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &cert, &size); + ok(ret, "failed to retrieve certificate context %u\n", GetLastError()); + if (ret) CertFreeCertificateContext(cert); + cleanup: WinHttpCloseHandle(req); WinHttpCloseHandle(con); diff --git a/dlls/winhttp/winhttp_private.h b/dlls/winhttp/winhttp_private.h index 0eb0dead87..d639a2deb2 100644 --- a/dlls/winhttp/winhttp_private.h +++ b/dlls/winhttp/winhttp_private.h @@ -46,6 +46,7 @@
#include "ole2.h" #include "sspi.h" +#include "wincrypt.h"
static const WCHAR getW[] = {'G','E','T',0}; static const WCHAR postW[] = {'P','O','S','T',0}; @@ -209,6 +210,7 @@ typedef struct DWORD optional_len; netconn_t *netconn; DWORD security_flags; + const CERT_CONTEXT *server_cert; int resolve_timeout; int connect_timeout; int send_timeout;
Hi,
While running your changed tests on Windows, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check? Full results can be found at https://testbot.winehq.org/JobDetails.pl?Key=39055
Your paranoid android.
=== w2003std (32 bit winhttp) === winhttp.c:3908: Test failed: got 80072f0d
=== wvistau64_zh_CN (32 bit winhttp) === winhttp.c:3104: Test failed: failed to receive response 12152 winhttp.c:3109: Test failed: failed to query status code 12019 winhttp.c:3110: Test failed: request failed unexpectedly 3735928559