Swift
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Swift/QtUI/CAPICertificateSelector.cpp7
-rw-r--r--Swiften/TLS/CAPICertificate.cpp4
-rw-r--r--Swiften/TLS/CAPICertificate.h3
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp11
4 files changed, 11 insertions, 14 deletions
diff --git a/Swift/QtUI/CAPICertificateSelector.cpp b/Swift/QtUI/CAPICertificateSelector.cpp
index e7948ef..0d4768c 100644
--- a/Swift/QtUI/CAPICertificateSelector.cpp
+++ b/Swift/QtUI/CAPICertificateSelector.cpp
@@ -24,28 +24,31 @@ namespace Swift {
#define exclude_columns CRYPTUI_SELECT_LOCATION_COLUMN \
|CRYPTUI_SELECT_INTENDEDUSE_COLUMN
// Size of the SHA1 hash
#define SHA1_HASH_LEN 20
static std::string getCertUri(PCCERT_CONTEXT cert, const char * cert_store_name) {
DWORD cbHash = SHA1_HASH_LEN;
BYTE aHash[SHA1_HASH_LEN];
- std::string ret = std::string("certstore:") + cert_store_name + ":" + "sha1:";
+ std::string ret("certstore:");
+
+ ret += cert_store_name;
+ ret += ":sha1:";
if (CertGetCertificateContextProperty(cert,
CERT_HASH_PROP_ID,
aHash,
&cbHash) == FALSE ) {
return "";
}
- ByteArray byteArray = createByteArray((char *)(&aHash[0]));
+ ByteArray byteArray = createByteArray((char *)(&aHash[0]), cbHash);
ret += Hexify::hexify(byteArray);
return ret;
}
std::string selectCAPICertificate() {
const char * cert_store_name = "MY";
PCCERT_CONTEXT cert;
diff --git a/Swiften/TLS/CAPICertificate.cpp b/Swiften/TLS/CAPICertificate.cpp
index a6725c9..0dc3009 100644
--- a/Swiften/TLS/CAPICertificate.cpp
+++ b/Swiften/TLS/CAPICertificate.cpp
@@ -32,19 +32,19 @@ bool CAPICertificate::isNull() const {
const std::string& CAPICertificate::getCertStoreName() const {
return certStore_;
}
const std::string& CAPICertificate::getCertName() const {
return certName_;
}
-static PCCERT_CONTEXT findCertificateInStore (HCERTSTORE certStoreHandle, const std::string &certName) {
+PCCERT_CONTEXT findCertificateInStore (HCERTSTORE certStoreHandle, const std::string &certName) {
PCCERT_CONTEXT pCertContext = NULL;
if (!boost::iequals(certName.substr(0, 5), "sha1:")) {
// Find client certificate. Note that this sample just searches for a
// certificate that contains the user name somewhere in the subject name.
pCertContext = CertFindCertificateInStore(certStoreHandle,
X509_ASN_ENCODING,
0, // dwFindFlags
@@ -107,19 +107,19 @@ void CAPICertificate::setUri (const std::string& capiUri) {
if (certStoreHandle_ != NULL) {
if (new_certStore_name != certStore_) {
CertCloseStore(certStoreHandle_, 0);
certStoreHandle_ = NULL;
}
}
if (certStoreHandle_ == NULL) {
- certStoreHandle_ = CertOpenSystemStore(0, certStore_.c_str());
+ certStoreHandle_ = CertOpenSystemStore(0, new_certStore_name.c_str());
if (!certStoreHandle_) {
return;
}
}
certStore_ = new_certStore_name;
pCertContext = findCertificateInStore (certStoreHandle_, certName_);
diff --git a/Swiften/TLS/CAPICertificate.h b/Swiften/TLS/CAPICertificate.h
index d9e2704..4204a6b 100644
--- a/Swiften/TLS/CAPICertificate.h
+++ b/Swiften/TLS/CAPICertificate.h
@@ -33,10 +33,13 @@ namespace Swift {
bool valid_;
std::string uri_;
HCERTSTORE certStoreHandle_;
/* Parsed components of the uri_ */
std::string certStore_;
std::string certName_;
};
+
+PCCERT_CONTEXT findCertificateInStore (HCERTSTORE certStoreHandle, const std::string &certName);
+
}
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index ddbebcb..b2fea65 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -63,44 +63,35 @@ void SchannelContext::connect()
m_my_cert_store = CertOpenSystemStore(0, m_cert_store_name.c_str());
if (!m_my_cert_store)
{
///// printf( "**** Error 0x%x returned by CertOpenSystemStore\n", GetLastError() );
indicateError();
return;
}
}
- // Find client certificate. Note that this sample just searches for a
- // certificate that contains the user name somewhere in the subject name.
- pCertContext = CertFindCertificateInStore( m_my_cert_store,
- X509_ASN_ENCODING,
- 0, // dwFindFlags
- CERT_FIND_SUBJECT_STR_A,
- m_cert_name.c_str(), // *pvFindPara
- NULL ); // pPrevCertContext
-
+ pCertContext = findCertificateInStore( m_my_cert_store, m_cert_name );
if (pCertContext == NULL)
{
///// printf("**** Error 0x%x returned by CertFindCertificateInStore\n", GetLastError());
indicateError();
return;
}
}
// We use an empty list for client certificates
PCCERT_CONTEXT clientCerts[1] = {0};
SCHANNEL_CRED sc = {0};
sc.dwVersion = SCHANNEL_CRED_VERSION;
/////SSL3?
sc.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
-/////Check SCH_CRED_REVOCATION_CHECK_CHAIN
sc.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | SCH_CRED_REVOCATION_CHECK_CHAIN;
if (pCertContext)
{
sc.cCreds = 1;
sc.paCred = &pCertContext;
sc.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
}
else