You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/01 23:34:00 UTC

[jira] [Resolved] (SANTUARIO-461) Internal key store should be deleted on any CryptoAcquireContext() error

     [ https://issues.apache.org/jira/browse/SANTUARIO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor resolved SANTUARIO-461.
------------------------------------
       Resolution: Fixed
    Fix Version/s:     (was: C++ 1.7.4)
                   C++ 2.0.0

r1807016

Note that the 2.0 release will officially deprecate the WinCAPI support pending someone offering to maintain it.

> Internal key store should be deleted on any CryptoAcquireContext() error 
> -------------------------------------------------------------------------
>
>                 Key: SANTUARIO-461
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-461
>             Project: Santuario
>          Issue Type: Improvement
>          Components: C++
>    Affects Versions: C++ 1.7.2, C++ 1.7.3
>         Environment: Windows 10, VS2015 Update 3
>            Reporter: Craig Brett
>            Assignee: Scott Cantor
>            Priority: Minor
>             Fix For: C++ 2.0.0
>
>         Attachments: WinCAPICryptoProvider.cpp
>
>
> In the WinCAPICryptoProvider constructor, if CryptAcquireContext fails when obtaining the internal key store, it only calls CryptAcquireContext again with the CRYPT_DELETEKEYSET option if the error encountered was NTE_BAD_KEYSET. We have seen this API fail with error NTE_KEYSET_ENTRY_BAD as well, but in that case, the key store is not deleted and the initialization fails. Why not just call CryptAcquireContext with the CRYPT_DELETEKEYSET option if any error is encountered (not just NTE_BAD_KEYSET) since the code block tries to subsequently re-create the key store anyway?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)