tyler.durden/notepad-plus-plus
1
0
Fork 0
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-07-27 07:44:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

A small modification regarding the certificate checking function

Browse Source
This commit is contained in:
Don HO 2017-05-10 18:14:27 +02:00
parent e2329fd15c
commit bfb672d8bb
1 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
PowerEditor/src/MISC/Common/verifySignedfile.cpp
View File

@ -57,7 +57,9 @@ bool VerifySignedLibrary(const wstring& filepath,
OutputDebugString(dmsg.c_str()); OutputDebugString(dmsg.c_str());
////////////////////// Signature verification //
// Signature verification
//
// Initialize the WINTRUST_FILE_INFO structure. // Initialize the WINTRUST_FILE_INFO structure.
LPCWSTR pwszfilepath = filepath.c_str(); LPCWSTR pwszfilepath = filepath.c_str();
@ -74,10 +76,13 @@ bool VerifySignedLibrary(const wstring& filepath,
winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN; // verify the whole certificate chain winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN; // verify the whole certificate chain
winTEXTrust_data.pFile = &file_data; winTEXTrust_data.pFile = &file_data;
#if defined( VerifySignedLibrary_DISABLE_REVOCATION_CHECK ) if (!doCheckRevocation)
{
winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE; winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE;
OutputDebugString(TEXT("VerifyLibrary: certificate revocation disabled at compile time\n")); OutputDebugString(TEXT("VerifyLibrary: certificate revocation checking is disabled\n"));
#else }
else
{
// if offline, revocation is not checked // if offline, revocation is not checked
// depending of windows version, this may introduce a latency on offline systems // depending of windows version, this may introduce a latency on offline systems
DWORD netstatus; DWORD netstatus;
@ -85,15 +90,15 @@ bool VerifySignedLibrary(const wstring& filepath,
oci.dwSize = sizeof(oci); oci.dwSize = sizeof(oci);
CONST TCHAR* msftTEXTest_site = TEXT("http://www.msftncsi.com/ncsi.txt"); CONST TCHAR* msftTEXTest_site = TEXT("http://www.msftncsi.com/ncsi.txt");
bool online = false; bool online = false;
online = (0 != IsNetworkAlive(&netstatus) ); online = (0 != IsNetworkAlive(&netstatus));
online = online && ( 0 == GetLastError()); online = online && (0 == GetLastError());
online = online && (0 == IsDestinationReachable(msftTEXTest_site, &oci)); online = online && (0 == IsDestinationReachable(msftTEXTest_site, &oci));
if (!online || !doCheckRevocation) if (!online)
{ {
winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE; winTEXTrust_data.fdwRevocationChecks = WTD_REVOKE_NONE;
OutputDebugString(TEXT("VerifyLibrary: system is offline - certificate revocation wont be checked\n")); OutputDebugString(TEXT("VerifyLibrary: system is offline - certificate revocation wont be checked\n"));
} }
#endif }
// Verify signature and cert-chain validity // Verify signature and cert-chain validity
GUID policy = WINTRUST_ACTION_GENERIC_VERIFY_V2; GUID policy = WINTRUST_ACTION_GENERIC_VERIFY_V2;
@ -115,8 +120,9 @@ bool VerifySignedLibrary(const wstring& filepath,
return false; return false;
} }
////////////////////// Certificate verification //
// Certificate verification
//
HCERTSTORE hStore = nullptr; HCERTSTORE hStore = nullptr;
HCRYPTMSG hMsg = nullptr; HCRYPTMSG hMsg = nullptr;
PCMSG_SIGNER_INFO pSignerInfo = nullptr; PCMSG_SIGNER_INFO pSignerInfo = nullptr;