From 170795ad0664a956f921e5edfc8eeb2e96a69783 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 1 Feb 2016 10:56:45 -0500 Subject: [PATCH] More review changes and made comments C style, req Willem. --- src/context.c | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/src/context.c b/src/context.c index 98c38cd1..19249049 100644 --- a/src/context.c +++ b/src/context.c @@ -140,28 +140,28 @@ static void set_ub_edns_maximum_udp_payload_size(struct getdns_context*, #ifdef USE_WINSOCK -// For windows, the CA trust store is not read by openssl. -// Add code to open the trust store using wincrypt API and add -// the root certs into openssl trust store +/* For windows, the CA trust store is not read by openssl. + Add code to open the trust store using wincrypt API and add + the root certs into openssl trust store */ static int add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) { HCERTSTORE hSystemStore; PCCERT_CONTEXT pTargetCert = NULL; - // load just once per context lifetime for this version of getdns - // TODO: dynamically update CA trust changes as they are available + /* load just once per context lifetime for this version of getdns + TODO: dynamically update CA trust changes as they are available */ if (!tls_ctx) return 0; - // Call wincrypt's CertOpenStore to open the CA root store. + /* Call wincrypt's CertOpenStore to open the CA root store. */ if ((hSystemStore = CertOpenStore( CERT_STORE_PROV_SYSTEM, 0, - NULL, - // NOTE: mingw does not have this const: replace with 1 << 16 from code - // CERT_SYSTEM_STORE_CURRENT_USER, + 0, + /* NOTE: mingw does not have this const: replace with 1 << 16 from code + CERT_SYSTEM_STORE_CURRENT_USER, */ 1 << 16, L"root")) == 0) { @@ -172,23 +172,28 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) if (!store) return 0; - // iterate over the windows cert store and add to openssl store - while (pTargetCert = CertEnumCertificatesInStore( - hSystemStore, - pTargetCert)) + /* failure if the CA store is empty or the call fails */ + if ((pTargetCert = CertEnumCertificatesInStore( + hSystemStore, pTargetCert)) == 0) { + DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__, + "CA certificate store for Windows is empty."); + return 0; + } + /* iterate over the windows cert store and add to openssl store */ + do { X509 *cert1 = d2i_X509(NULL, (const unsigned char **)&pTargetCert->pbCertEncoded, pTargetCert->cbCertEncoded); if (!cert1) { - // do not return if a cert fails, continue and retrieve the rest + /* return error if a cert fails */ DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__, "unable to parse certificate in memory", ERR_get_error(), ERR_error_string(ERR_get_error(), NULL)); return 0; } else { - // do not return if a cert add to store fails, continue and retrieve the rest + /* return error if a cert add to store fails */ if (X509_STORE_add_cert(store, cert1) == 0) { DEBUG_STUB("*** %s(%s %d:%s)\n", __FUNCTION__, "error adding certificate", ERR_get_error(), @@ -197,9 +202,10 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) } X509_free(cert1); } - } + } while ((pTargetCert = CertEnumCertificatesInStore( + hSystemStore, pTargetCert)) != 0); - // Clean up memory and quit. + /* Clean up memory and quit. */ if (pTargetCert) CertFreeCertificateContext(pTargetCert); if (hSystemStore) @@ -209,7 +215,6 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx) return 0; } return 1; - } #endif