From 8dbd956344c1d6a25eed790ccbd22b9760c3de2e Mon Sep 17 00:00:00 2001 From: Don HO Date: Tue, 16 May 2017 19:50:22 +0200 Subject: [PATCH] Disable the certification chain verification WinTrust library checks chain of trust on line which makes Notepad++ hanging due to the Firewall's restriction. --- .../src/MISC/Common/verifySignedfile.cpp | 38 ++++++++++--------- .../src/MISC/Common/verifySignedfile.h | 3 +- .../ScitillaComponent/ScintillaEditView.cpp | 2 +- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/PowerEditor/src/MISC/Common/verifySignedfile.cpp b/PowerEditor/src/MISC/Common/verifySignedfile.cpp index 5523bf48e..591b4917e 100644 --- a/PowerEditor/src/MISC/Common/verifySignedfile.cpp +++ b/PowerEditor/src/MISC/Common/verifySignedfile.cpp @@ -45,7 +45,8 @@ bool VerifySignedLibrary(const wstring& filepath, const wstring& cert_key_id_hex, const wstring& cert_subject, const wstring& cert_display_name, - bool doCheckRevocation) + bool doCheckRevocation, + bool doCheckChainOfTrust) { wstring display_name; wstring key_id_hex; @@ -100,24 +101,27 @@ bool VerifySignedLibrary(const wstring& filepath, } } - // Verify signature and cert-chain validity - GUID policy = WINTRUST_ACTION_GENERIC_VERIFY_V2; - LONG vtrust = ::WinVerifyTrust(NULL, &policy, &winTEXTrust_data ); - - // Post check cleanup - winTEXTrust_data.dwStateAction = WTD_STATEACTION_CLOSE; - LONG t2 = ::WinVerifyTrust(NULL, &policy, &winTEXTrust_data); - - if (vtrust) + if (doCheckChainOfTrust) { - OutputDebugString(TEXT("VerifyLibrary: trust verification failed\n")); - return false; - } + // Verify signature and cert-chain validity + GUID policy = WINTRUST_ACTION_GENERIC_VERIFY_V2; + LONG vtrust = ::WinVerifyTrust(NULL, &policy, &winTEXTrust_data); - if (t2) - { - OutputDebugString(TEXT("VerifyLibrary: error encountered while cleaning up after WinVerifyTrust\n")); - return false; + // Post check cleanup + winTEXTrust_data.dwStateAction = WTD_STATEACTION_CLOSE; + LONG t2 = ::WinVerifyTrust(NULL, &policy, &winTEXTrust_data); + + if (vtrust) + { + OutputDebugString(TEXT("VerifyLibrary: trust verification failed\n")); + return false; + } + + if (t2) + { + OutputDebugString(TEXT("VerifyLibrary: error encountered while cleaning up after WinVerifyTrust\n")); + return false; + } } // diff --git a/PowerEditor/src/MISC/Common/verifySignedfile.h b/PowerEditor/src/MISC/Common/verifySignedfile.h index eea49dd92..d9d10d042 100644 --- a/PowerEditor/src/MISC/Common/verifySignedfile.h +++ b/PowerEditor/src/MISC/Common/verifySignedfile.h @@ -64,4 +64,5 @@ bool VerifySignedLibrary(const std::wstring& filepath, const std::wstring& key_id_hex, const std::wstring& cert_subject, const std::wstring& display_name, - bool doCheckRevocation); + bool doCheckRevocation, + bool doCheckChainOfTrust); diff --git a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp index 2283302d8..309765290 100644 --- a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp +++ b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp @@ -185,7 +185,7 @@ HMODULE loadSciLexerDll() { generic_string sciLexerPath = getSciLexerFullPathName(moduleFileName, 1024); - bool isOK = VerifySignedLibrary(sciLexerPath, scintilla_signer_key_id, scintilla_signer_subject, scintilla_signer_display_name, false); + bool isOK = VerifySignedLibrary(sciLexerPath, scintilla_signer_key_id, scintilla_signer_subject, scintilla_signer_display_name, false, false); if (!isOK) {