More review changes and made comments C style, req Willem.

2016-02-01 10:56:45 -05:00 · 2016-02-01 10:56:45 -05:00 · 170795ad06
parent f5290b6a68
commit 170795ad06
1 changed files with 23 additions and 18 deletions
--- a/src/context.c
+++ b/src/context.c
@ -140,28 +140,28 @@ static void set_ub_edns_maximum_udp_payload_size(struct getdns_context*,


 #ifdef USE_WINSOCK
-// For windows, the CA trust store is not read by openssl. 
-// Add code to open the trust store using wincrypt API and add
-// the root certs into openssl trust store
+/* For windows, the CA trust store is not read by openssl. 
+   Add code to open the trust store using wincrypt API and add
+   the root certs into openssl trust store */
 static int 
 add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 {
 	HCERTSTORE      hSystemStore;
 	PCCERT_CONTEXT  pTargetCert = NULL;

-	// load just once per context lifetime for this version of getdns
-	// TODO: dynamically update CA trust changes as they are available
+	/* load just once per context lifetime for this version of getdns
+	   TODO: dynamically update CA trust changes as they are available */
 	if (!tls_ctx)
 		return 0;

-	// Call wincrypt's CertOpenStore to open the CA root store.
+	/* Call wincrypt's CertOpenStore to open the CA root store. */

 	if ((hSystemStore = CertOpenStore(
 		CERT_STORE_PROV_SYSTEM,
 		0,
-		NULL,
-		// NOTE: mingw does not have this const: replace with 1 << 16 from code
-		// CERT_SYSTEM_STORE_CURRENT_USER,
+		0,
+		/* NOTE: mingw does not have this const: replace with 1 << 16 from code 
+		   CERT_SYSTEM_STORE_CURRENT_USER, */
 		1 << 16,
 		L"root")) == 0)
 	{
@ -172,23 +172,28 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 	if (!store)
 		return 0;

-	// iterate over the windows cert store and add to openssl store
-	while (pTargetCert = CertEnumCertificatesInStore(
-		hSystemStore,
-		pTargetCert))
+	/* failure if the CA store is empty or the call fails */
+	if ((pTargetCert = CertEnumCertificatesInStore(
+		hSystemStore, pTargetCert)) == 0) {
+		DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__,
+			"CA certificate store for Windows is empty.");
+			return 0;
+	}
+	/* iterate over the windows cert store and add to openssl store */
+	do 
 	{
 		X509 *cert1 = d2i_X509(NULL, 
 			(const unsigned char **)&pTargetCert->pbCertEncoded,
 			pTargetCert->cbCertEncoded);
 		if (!cert1) {
-			// do not return if a cert fails, continue and retrieve the rest
+			/* return error if a cert fails */
 			DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__,
 				"unable to parse certificate in memory",
 				ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
 			return 0;
 		}
 		else {
-			// do not return if a cert add to store fails, continue and retrieve the rest
+			/* return error if a cert add to store fails */
 			if (X509_STORE_add_cert(store, cert1) == 0) {
 				DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__,
 					"error adding certificate", ERR_get_error(),
@ -197,9 +202,10 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 			}
 			X509_free(cert1);
 		}
-	}
+	} while ((pTargetCert = CertEnumCertificatesInStore(
+		hSystemStore, pTargetCert)) != 0);

-	// Clean up memory and quit.
+	/* Clean up memory and quit. */
 	if (pTargetCert)
 		CertFreeCertificateContext(pTargetCert);
 	if (hSystemStore)
@ -209,7 +215,6 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 			return 0;
 	}
 	return 1;
-
 }
 #endif