[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening fix |
Date: |
Tue, 11 Sep 2018 12:53:15 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 6b6c2b8d57a69a256f7a727784876d8cc37aa669
Author: Ihor Karpenko <address@hidden>
AuthorDate: Thu Aug 23 14:18:17 2018 +0300
schannel: client certificate store opening fix
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),
2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception
3) adding GetLastError(), in my opinion, will make error message more
useful.
Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
Closes #2909
---
lib/vtls/schannel.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ebd1c1c04..8f6c301d1 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -602,12 +602,15 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
return result;
}
- cert_store = CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
- (HCRYPTPROV)NULL,
- cert_store_name, cert_store_path);
+ cert_store =
+ CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
+ (HCRYPTPROV)NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | cert_store_name,
+ cert_store_path);
if(!cert_store) {
- failf(data, "schannel: Failed to open cert store %s %s",
- cert_store_name, cert_store_path);
+ failf(data, "schannel: Failed to open cert store %x %s, "
+ "last error is %x",
+ cert_store_name, cert_store_path, GetLastError());
Curl_unicodefree(cert_path);
return CURLE_SSL_CONNECT_ERROR;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, (continued)
- [GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 135/153: CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 129/153: cmdline-opts/page-footer: fix edit mistake, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 140/153: all: s/int/size_t cleanup, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 139/153: ssh-libssh: use FALLTHROUGH to silence gcc8, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 131/153: CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 126/153: curl_threads: silence bad-function-cast warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 130/153: curl: fix time-of-check, time-of-use race in dir creation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 142/153: http2: Use correct format identifier for stream_id, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 113/153: curl-compilers: enable -Wimplicit-fallthrough=4 for GCC, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening fix,
gnunet <=
- [GNUnet-SVN] [gnurl] 125/153: README: add appveyor build badge [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 109/153: x509asn1: make several functions static, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 136/153: Don't use Windows path %PWD for SSH tests, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 147/153: sftp: don't send post-qoute sequence when retrying a connection, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 72/153: README.md: add LGTM.com code quality grade for C/C++, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 107/153: http2: avoid set_stream_user_data() before stream is assigned, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 118/153: http2: abort the send_callback if not setup yet, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 117/153: http2: remove four unused nghttp2 callbacks, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 123/153: gopher: Do not translate `?' to `%09', gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 120/153: RELEASE-NOTES: synced, gnunet, 2018/09/11