[PATCH 0/1] MR6044: crypt32: Make CertFindCertificateInStore(CERT_FIND_ISSUER_NAME) work.
From: Dmitry Timoshkov dmitry@baikal.ru
1. dwType (CERT_INFO_xxxx_FLAG) is not a mask. CERT_INFO_xxxx_FLAGs have values from 0 to 11, so for instance CERT_INFO_SUBJECT_FLAG is equal to 7 and CERT_INFO_ISSUER_FLAG is equal to 4. 2. CERT_COMPARE_xxxx have values from 0 to 10, so CERT_COMPARE_NAME is equal to 2 and CERT_COMPARE_SUBJECT_CERT is equal to 11, therefore combining CERT_COMPARE_NAME | CERT_COMPARE_SUBJECT_CERT doesn't make sense. 3. Because of 1 and 2 CertFindCertificateInStore(CERT_FIND_ISSUER_NAME) currently looks up a certificate by Subject instead of Issuer.
Fixing just one of the problems above leads to test failures. Existing tests work because they use a self-signed certificate where Issuer and Subject are the same.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/crypt32/cert.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c index 373805e858f..7b1edaa2236 100644 --- a/dlls/crypt32/cert.c +++ b/dlls/crypt32/cert.c @@ -1482,10 +1482,15 @@ static BOOL compare_cert_by_name(PCCERT_CONTEXT pCertContext, DWORD dwType, CERT_NAME_BLOB *blob = (CERT_NAME_BLOB *)pvPara, *toCompare; BOOL ret;
- if (dwType & CERT_INFO_SUBJECT_FLAG) + if ((dwType & CERT_COMPARE_MASK) == CERT_INFO_SUBJECT_FLAG) toCompare = &pCertContext->pCertInfo->Subject; - else + else if ((dwType & CERT_COMPARE_MASK) == CERT_INFO_ISSUER_FLAG) toCompare = &pCertContext->pCertInfo->Issuer; + else + { + ERR("dwType %08lx doesn't specify SUBJECT or ISSUER\n", dwType); + return FALSE; + } ret = CertCompareCertificateName(pCertContext->dwCertEncodingType, toCompare, blob); return ret; @@ -1735,7 +1740,7 @@ static PCCERT_CONTEXT find_cert_by_issuer(HCERTSTORE store, DWORD dwType, } else found = cert_compare_certs_in_store(store, prev, - compare_cert_by_name, CERT_COMPARE_NAME | CERT_COMPARE_SUBJECT_CERT, + compare_cert_by_name, CERT_FIND_SUBJECT_NAME, dwFlags, &subject->pCertInfo->Issuer); return found; } @@ -1747,7 +1752,7 @@ static BOOL compare_cert_by_name_str(PCCERT_CONTEXT pCertContext, DWORD len; BOOL ret = FALSE;
- if (dwType & CERT_INFO_SUBJECT_FLAG) + if ((dwType & CERT_COMPARE_MASK) == CERT_INFO_SUBJECT_FLAG) name = &pCertContext->pCertInfo->Subject; else name = &pCertContext->pCertInfo->Issuer;
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=146968
Your paranoid android.
=== debian11 (build log) ===
WineRunWineTest.pl:error: The task timed out
This merge request was approved by Hans Leidekker.
-
Dmitry Timoshkov -
Dmitry Timoshkov (@dmitry)
-
Hans Leidekker (@hans)
-
Marvin