[GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening fix
Date:	Tue, 11 Sep 2018 12:53:15 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 6b6c2b8d57a69a256f7a727784876d8cc37aa669
Author: Ihor Karpenko <address@hidden>
AuthorDate: Thu Aug 23 14:18:17 2018 +0300

    schannel: client certificate store opening fix
    
    1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
    while opening certificate store would be sufficient in this scenario and
    less-demanding in sense of required user credentials ( for example,
    IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
    call without any of flags mentioned above ),
    
    2) as 'cert_store_name' is a DWORD, attempt to format its value like a
    string ( in "Failed to open cert store" error message ) will throw null
    pointer exception
    
    3) adding GetLastError(), in my opinion, will make error message more
    useful.
    
    Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
    
    Closes #2909
---
 lib/vtls/schannel.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ebd1c1c04..8f6c301d1 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -602,12 +602,15 @@ schannel_connect_step1(struct connectdata *conn, int 
sockindex)
         return result;
       }
 
-      cert_store = CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
-                                 (HCRYPTPROV)NULL,
-                                 cert_store_name, cert_store_path);
+      cert_store =
+        CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
+                      (HCRYPTPROV)NULL,
+                      CERT_STORE_OPEN_EXISTING_FLAG | cert_store_name,
+                      cert_store_path);
       if(!cert_store) {
-        failf(data, "schannel: Failed to open cert store %s %s",
-              cert_store_name, cert_store_path);
+        failf(data, "schannel: Failed to open cert store %x %s, "
+              "last error is %x",
+              cert_store_name, cert_store_path, GetLastError());
         Curl_unicodefree(cert_path);
         return CURLE_SSL_CONNECT_ERROR;
       }

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, (continued)
- [GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 135/153: CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 129/153: cmdline-opts/page-footer: fix edit mistake, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 140/153: all: s/int/size_t cleanup, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 139/153: ssh-libssh: use FALLTHROUGH to silence gcc8, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 131/153: CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 126/153: curl_threads: silence bad-function-cast warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 130/153: curl: fix time-of-check, time-of-use race in dir creation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 142/153: http2: Use correct format identifier for stream_id, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 113/153: curl-compilers: enable -Wimplicit-fallthrough=4 for GCC, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening fix, gnunet <=
- [GNUnet-SVN] [gnurl] 125/153: README: add appveyor build badge [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 109/153: x509asn1: make several functions static, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 136/153: Don't use Windows path %PWD for SSH tests, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 147/153: sftp: don't send post-qoute sequence when retrying a connection, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 72/153: README.md: add LGTM.com code quality grade for C/C++, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 107/153: http2: avoid set_stream_user_data() before stream is assigned, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 118/153: http2: abort the send_callback if not setup yet, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 117/153: http2: remove four unused nghttp2 callbacks, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 123/153: gopher: Do not translate `?' to `%09', gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 120/153: RELEASE-NOTES: synced, gnunet, 2018/09/11

Prev by Date: [GNUnet-SVN] [gnurl] 113/153: curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
Next by Date: [GNUnet-SVN] [gnurl] 125/153: README: add appveyor build badge [ci skip]
Previous by thread: [GNUnet-SVN] [gnurl] 113/153: curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
Next by thread: [GNUnet-SVN] [gnurl] 125/153: README: add appveyor build badge [ci skip]
Index(es):
- Date
- Thread