This is an automated email from the ASF dual-hosted git repository. astitcher pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 9e329f67624b68c89a5ab33c49e6db1385593ec5 Author: Andrew Stitcher <[email protected]> AuthorDate: Tue Jun 11 16:28:59 2024 -0400 PROTON-2831: [Win] Change mistaken use of logical-or to bitwise-or PROTON-2835: [Win TLS] Incorrect flags set for CertGetIssuerCertificateFromStore --- c/src/ssl/schannel.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/c/src/ssl/schannel.cpp b/c/src/ssl/schannel.cpp index e517cf9de..61ad2bf3f 100644 --- a/c/src/ssl/schannel.cpp +++ b/c/src/ssl/schannel.cpp @@ -2226,15 +2226,16 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se if (!trust_anchor) { // We don't trust any of the certs in the chain, see if the last cert // is issued by a Proton trusted CA. - DWORD flags = CERT_STORE_NO_ISSUER_FLAG || CERT_STORE_SIGNATURE_FLAG || - CERT_STORE_TIME_VALIDITY_FLAG; + DWORD flags = CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG; trust_anchor = CertGetIssuerCertificateFromStore(root_store, trunk_cert, 0, &flags); if (trust_anchor) { if (tracing) { + if (flags & CERT_STORE_NO_ISSUER_FLAG) + ssl_log_error("certificate no issuer"); if (flags & CERT_STORE_SIGNATURE_FLAG) - ssl_log_error("root certificate signature failure"); + ssl_log_error("certificate signature failure"); if (flags & CERT_STORE_TIME_VALIDITY_FLAG) - ssl_log_error("root certificate time validity failure"); + ssl_log_error("certificate time validity failure"); } if (flags) { CertFreeCertificateContext(trust_anchor); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
