mirror of
https://github.com/curl/curl.git
synced 2026-07-07 21:07:16 +03:00
schannel_verify: simplify CryptQueryObject use
- Specify that the content is base64 encoded, rather than rely on auto-detect. - Remove unnecessary sanity check of the returned content type. Closes https://github.com/curl/curl/pull/21760
This commit is contained in:
parent
d3e9a815c4
commit
3b9f0972e2
1 changed files with 16 additions and 41 deletions
|
|
@ -152,7 +152,6 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
|
|||
CERT_BLOB cert_blob;
|
||||
const CERT_CONTEXT *cert_context = NULL;
|
||||
BOOL add_cert_result = FALSE;
|
||||
DWORD actual_content_type = 0;
|
||||
DWORD cert_size =
|
||||
(DWORD)((end_cert_ptr + end_cert_len) - begin_cert_ptr);
|
||||
|
||||
|
|
@ -162,10 +161,10 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
|
|||
if(!CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
|
||||
&cert_blob,
|
||||
CERT_QUERY_CONTENT_FLAG_CERT,
|
||||
CERT_QUERY_FORMAT_FLAG_ALL,
|
||||
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED,
|
||||
0,
|
||||
NULL,
|
||||
&actual_content_type,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
|
|
@ -182,51 +181,27 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
|
|||
else {
|
||||
current_ca_file_ptr = begin_cert_ptr + cert_size;
|
||||
|
||||
/* Sanity check that the cert_context object is the right type */
|
||||
if(CERT_QUERY_CONTENT_CERT != actual_content_type) {
|
||||
add_cert_result =
|
||||
CertAddCertificateContextToStore(trust_store,
|
||||
cert_context,
|
||||
CERT_STORE_ADD_ALWAYS,
|
||||
NULL);
|
||||
if(!add_cert_result) {
|
||||
char buffer[WINAPI_ERROR_LEN];
|
||||
failf(data,
|
||||
"schannel: unexpected content type '%lu' when extracting "
|
||||
"certificate from CA file '%s'",
|
||||
actual_content_type, ca_file_text);
|
||||
"schannel: failed to add certificate from CA file '%s' "
|
||||
"to certificate store: %s",
|
||||
ca_file_text,
|
||||
curlx_winapi_strerror(GetLastError(), buffer,
|
||||
sizeof(buffer)));
|
||||
result = CURLE_SSL_CACERT_BADFILE;
|
||||
more_certs = 0;
|
||||
}
|
||||
else {
|
||||
add_cert_result =
|
||||
CertAddCertificateContextToStore(trust_store,
|
||||
cert_context,
|
||||
CERT_STORE_ADD_ALWAYS,
|
||||
NULL);
|
||||
if(!add_cert_result) {
|
||||
char buffer[WINAPI_ERROR_LEN];
|
||||
failf(data,
|
||||
"schannel: failed to add certificate from CA file '%s' "
|
||||
"to certificate store: %s",
|
||||
ca_file_text,
|
||||
curlx_winapi_strerror(GetLastError(), buffer,
|
||||
sizeof(buffer)));
|
||||
result = CURLE_SSL_CACERT_BADFILE;
|
||||
more_certs = 0;
|
||||
}
|
||||
else {
|
||||
num_certs++;
|
||||
}
|
||||
num_certs++;
|
||||
}
|
||||
|
||||
switch(actual_content_type) {
|
||||
case CERT_QUERY_CONTENT_CERT:
|
||||
case CERT_QUERY_CONTENT_SERIALIZED_CERT:
|
||||
CertFreeCertificateContext(cert_context);
|
||||
break;
|
||||
case CERT_QUERY_CONTENT_CRL:
|
||||
case CERT_QUERY_CONTENT_SERIALIZED_CRL:
|
||||
CertFreeCRLContext((PCCRL_CONTEXT)cert_context);
|
||||
break;
|
||||
case CERT_QUERY_CONTENT_CTL:
|
||||
case CERT_QUERY_CONTENT_SERIALIZED_CTL:
|
||||
CertFreeCTLContext((PCCTL_CONTEXT)cert_context);
|
||||
break;
|
||||
}
|
||||
CertFreeCertificateContext(cert_context);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue