generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2026-01-02 19:02:11 +01:00
Code Issues Projects Releases Wiki Activity

#3221: Crash reported on Windows in X509Certificate verification

Browse Source
This commit is contained in:
Günter Obiltschnig
2021-11-05 13:46:17 +01:00
parent 5902bb1277
commit 270c2643cf
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
NetSSL_Win/src/SecureSocketImpl.cpp
View File

@@ -1317,7 +1317,7 @@ void SecureSocketImpl::verifyCertificateChainClient(PCCERT_CONTEXT pServerCert)
// Revocation check of the root certificate may fail due to missing CRL points, etc.
// We ignore all errors checking the root certificate except CRYPT_E_REVOKED.
if (!ok && (revStat.dwIndex < certs.size() - 1 || revStat.dwError == CRYPT_E_REVOKED))
if (!ok && revStat.dwIndex < certs.size() - 1 && revStat.dwError == CRYPT_E_REVOKED)
{
VerificationErrorArgs args(cert, revStat.dwIndex, revStat.dwReason, Utility::formatError(revStat.dwError));
SSLManager::instance().ClientVerificationError(this, args);
@@ -1421,7 +1421,10 @@ void SecureSocketImpl::serverVerifyCertificate()
CERT_VERIFY_REV_CHAIN_FLAG,
NULL,
&revStat);
if (!ok && (revStat.dwIndex < certs.size() - 1 || revStat.dwError == CRYPT_E_REVOKED))
// Revocation check of the root certificate may fail due to missing CRL points, etc.
// We ignore all errors checking the root certificate except CRYPT_E_REVOKED.
if (!ok && revStat.dwIndex < certs.size() - 1 && revStat.dwError == CRYPT_E_REVOKED)
{
VerificationErrorArgs args(cert, revStat.dwIndex, revStat.dwReason, Utility::formatError(revStat.dwReason));
SSLManager::instance().ServerVerificationError(this, args);