curl / Mailing Lists / curl-library / Single Mail

curl-library

Schannel client certificate store opening fix

From: Ihor Karpenko via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 23 Aug 2018 15:06:40 +0300

Hi,

Please find proposed fix in attached patch file.

The reasons for this change:

1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),

2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception

3) adding GetLastError(), in my opinion, will make error message more
useful.

Regards,
Ihor

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2018-08-23