mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "schannel: reverse the order of certinfo insertions"

Browse Source 
This reverts commit 8986df802d.

Windows does not guarantee a particular certificate ordering, even
though TLS may have its own ordering/relationship guarantees. Recent
versions of Windows 11 reversed the ordering of ceritifcates returned by
CertEnumCertificatesInStore, therefore this commit no longer works as
initially intended. libcurl makes no guarantees about certificate
ordering if the operating system can't.

Ref: https://github.com/curl/curl/issues/9706

Closes https://github.com/curl/curl/pull/11536
This commit is contained in:
Nathan Moinvaziri 2023-07-28 12:20:09 -07:00 committed by Jay Satiro
parent 7bfb10c180
commit f540a39b8b
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/vtls/schannel.c
View File

@ -1665,7 +1665,6 @@ struct Adder_args
struct Curl_easy *data;
CURLcode result;
int idx;
int certs_count;
};
static bool
@ -1676,10 +1675,7 @@ add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, void *raw_arg)
if(valid_cert_encoding(ccert_context)) {
const char *beg = (const char *) ccert_context->pbCertEncoded;
const char *end = beg + ccert_context->cbCertEncoded;
int insert_index = (args->certs_count - 1) - args->idx;
args->result = Curl_extract_certinfo(args->data, insert_index,
beg, end);
args->idx++;
args->result = Curl_extract_certinfo(args->data, (args->idx)++, beg, end);
}
return args->result == CURLE_OK;
}
@ -1813,7 +1809,6 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
struct Adder_args args;
args.data = data;
args.idx = 0;
args.certs_count = certs_count;
traverse_cert_store(ccert_context, add_cert_to_certinfo, &args);
result = args.result;
}