generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-03-26 00:20:34 +01:00
Code Issues Projects Releases Wiki Activity

#3221: Crash reported on Windows in X509Certificate verification

Browse Source
This commit is contained in:
Günter Obiltschnig 2021-11-05 13:46:17 +01:00
parent 5902bb1277
commit 270c2643cf
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
NetSSL_Win/src/SecureSocketImpl.cpp
View File

@ -1317,7 +1317,7 @@ void SecureSocketImpl::verifyCertificateChainClient(PCCERT_CONTEXT pServerCert)
// Revocation check of the root certificate may fail due to missing CRL points, etc.
// We ignore all errors checking the root certificate except CRYPT_E_REVOKED.
if (!ok && (revStat.dwIndex < certs.size() - 1 || revStat.dwError == CRYPT_E_REVOKED))
if (!ok && revStat.dwIndex < certs.size() - 1 && revStat.dwError == CRYPT_E_REVOKED)
{
VerificationErrorArgs args(cert, revStat.dwIndex, revStat.dwReason, Utility::formatError(revStat.dwError));
SSLManager::instance().ClientVerificationError(this, args);
@ -1421,7 +1421,10 @@ void SecureSocketImpl::serverVerifyCertificate()
CERT_VERIFY_REV_CHAIN_FLAG,
NULL,
&revStat);
if (!ok && (revStat.dwIndex < certs.size() - 1 || revStat.dwError == CRYPT_E_REVOKED))
// Revocation check of the root certificate may fail due to missing CRL points, etc.
// We ignore all errors checking the root certificate except CRYPT_E_REVOKED.
if (!ok && revStat.dwIndex < certs.size() - 1 && revStat.dwError == CRYPT_E_REVOKED)
{
VerificationErrorArgs args(cert, revStat.dwIndex, revStat.dwReason, Utility::formatError(revStat.dwReason));
SSLManager::instance().ServerVerificationError(this, args);

12
NetSSL_Win/src/X509Certificate.cpp
View File

@ -278,10 +278,14 @@ void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>&
PCERT_ALT_NAME_INFO pNameInfo = reinterpret_cast<PCERT_ALT_NAME_INFO>(buffer.begin());
for (int i = 0; i < pNameInfo->cAltEntry; i++)
{
std::wstring waltName(pNameInfo->rgAltEntry[i].pwszDNSName);
std::string altName;
Poco::UnicodeConverter::toUTF8(waltName, altName);
domainNames.insert(altName);
// Some certificates have Subject Alternative Name entries that are not DNS Name. Skip them.
if (pNameInfo->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME)
{
std::wstring waltName(pNameInfo->rgAltEntry[i].pwszDNSName);
std::string altName;
Poco::UnicodeConverter::toUTF8(waltName, altName);
domainNames.insert(altName);
}
}
}
}