diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2015-04-16 09:37:33 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2015-04-16 09:37:33 +0200 |
| commit | d931421851c73b676a0a5c566780ad940791ad1e (patch) | |
| tree | c24d59b82eebc898216673212994ea0b893217d6 /cpp/src/IceSSL/Util.cpp | |
| parent | README updates (diff) | |
| download | ice-d931421851c73b676a0a5c566780ad940791ad1e.tar.bz2 ice-d931421851c73b676a0a5c566780ad940791ad1e.tar.xz ice-d931421851c73b676a0a5c566780ad940791ad1e.zip | |
New set of certificates for IceSSL/configuration test and various
IceSSL fixes.
- Windows C++ and C# implementation of IceSSL is now a bit less picky
for SUBJECTDN and ISSUERDN
- Windows SChannel implementation now accept PKCS#1 certificates
Diffstat (limited to 'cpp/src/IceSSL/Util.cpp')
| -rw-r--r-- | cpp/src/IceSSL/Util.cpp | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp index 98eeeb1a91f..19713f79364 100644 --- a/cpp/src/IceSSL/Util.cpp +++ b/cpp/src/IceSSL/Util.cpp @@ -1110,27 +1110,37 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri else if(field == "SUBJECTDN" || field == "ISSUERDN") { const wstring argW = stringToWstring(arg); - DWORD length = 0; - if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, - 0, 0, &length, 0)) + DWORD flags[] = { + CERT_OID_NAME_STR, + CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + CERT_OID_NAME_STR | CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG, + CERT_OID_NAME_STR | CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG | CERT_NAME_STR_REVERSE_FLAG + }; + for(int i = 0; i < sizeof(flags) / sizeof(DWORD); ++i) { - throw PluginInitializationException(__FILE__, __LINE__, - "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" + - IceUtilInternal::lastErrorToString()); - } + DWORD length = 0; + if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), flags[i], 0, 0, &length, 0)) + { + throw PluginInitializationException( + __FILE__, __LINE__, + "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" + + IceUtilInternal::lastErrorToString()); + } - vector<BYTE> buffer(length); - if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, - 0, &buffer[0], &length, 0)) - { - throw PluginInitializationException(__FILE__, __LINE__, - "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" + - IceUtilInternal::lastErrorToString()); - } + vector<BYTE> buffer(length); + if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), flags[i], 0, &buffer[0], &length, 0)) + { + throw PluginInitializationException( + __FILE__, __LINE__, + "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" + + IceUtilInternal::lastErrorToString()); + } - CERT_NAME_BLOB name = { length, &buffer[0] }; - DWORD findType = field == "SUBJECTDN" ? CERT_FIND_SUBJECT_NAME : CERT_FIND_ISSUER_NAME; - addMatchingCertificates(store, tmpStore, findType, &name); + CERT_NAME_BLOB name { length, &buffer[0] }; + + DWORD findType = field == "SUBJECTDN" ? CERT_FIND_SUBJECT_NAME : CERT_FIND_ISSUER_NAME; + addMatchingCertificates(store, tmpStore, findType, &name); + } } else if(field == "THUMBPRINT" || field == "SUBJECTKEYID") { |