VirtualBox

Ignore:
Timestamp:
Jun 3, 2020 7:53:34 PM (5 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
138429
Message:

IPRT/RTCrX509CertPaths: Hack the code to accept trusted targets some more. Previous hack only worked for self-signed certificates. duh. bugref:9699

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Runtime/common/crypto/x509-certpaths.cpp

    r84379 r84670  
    571571}
    572572
     573/**
     574 * Helper for checking whether a certificate is in the trusted store or not.
     575 */
     576static bool rtCrX509CertPathsIsCertInStore(PRTCRX509CERTPATHNODE pNode, RTCRSTORE hStore)
     577{
     578    bool fRc = false;
     579    PCRTCRCERTCTX pCertCtx = RTCrStoreCertByIssuerAndSerialNo(hStore, &pNode->pCert->TbsCertificate.Issuer,
     580                                                              &pNode->pCert->TbsCertificate.SerialNumber);
     581    if (pCertCtx)
     582    {
     583        if (pCertCtx->pCert)
     584            fRc = RTCrX509Certificate_Compare(pCertCtx->pCert, pNode->pCert) == 0;
     585        RTCrCertCtxRelease(pCertCtx);
     586    }
     587    return fRc;
     588}
     589
    573590/** @}  */
    574591
     
    579596 */
    580597
    581 /**
    582  *
    583  * @returns
    584  * @param   pThis               .
    585  */
    586598static PRTCRX509CERTPATHNODE rtCrX509CertPathsNewNode(PRTCRX509CERTPATHSINT pThis)
    587599{
     
    919931        pCur->uDepth = 0;
    920932        pCur->uSrc   = RTCRX509CERTPATHNODE_SRC_TARGET;
     933
     934        /* Check if the target is trusted and do the upgrade (this is outside the RFC,
     935           but this simplifies the path validator usage a lot (less work for the caller)). */
     936        if (   pThis->pTrustedCert
     937            && RTCrX509Certificate_Compare(pThis->pTrustedCert, pCur->pCert) == 0)
     938            pCur->uSrc = RTCRX509CERTPATHNODE_SRC_TRUSTED_CERT;
     939        else if (   pThis->hTrustedStore != NIL_RTCRSTORE
     940                 && rtCrX509CertPathsIsCertInStore(pCur, pThis->hTrustedStore))
     941            pCur->uSrc = RTCRX509CERTPATHNODE_SRC_TRUSTED_STORE;
    921942
    922943        pThis->pErrInfo = pErrInfo;
     
    11951216            else if (uVerbosity >= 3)
    11961217                RTAsn1Dump(&pCurLeaf->pCert->TbsCertificate.T3.Extensions.SeqCore.Asn1Core, 0, iIndent, pfnPrintfV, pvUser);
     1218
     1219            rtDumpIndent(pfnPrintfV, pvUser, iIndent, "Valid  : %s thru %s\n",
     1220                         RTTimeToString(&pCurLeaf->pCert->TbsCertificate.Validity.NotBefore.Time,
     1221                                        pThis->szTmp, sizeof(pThis->szTmp) / 2),
     1222                         RTTimeToString(&pCurLeaf->pCert->TbsCertificate.Validity.NotAfter.Time,
     1223                                        &pThis->szTmp[sizeof(pThis->szTmp) / 2], sizeof(pThis->szTmp) / 2) );
    11971224        }
    11981225        else
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette