You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/01/05 20:01:00 UTC
[jira] [Commented] (SANTUARIO-461) Internal key store should be
deleted on any CryptoAcquireContext() error
[ https://issues.apache.org/jira/browse/SANTUARIO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15802370#comment-15802370 ]
Scott Cantor commented on SANTUARIO-461:
----------------------------------------
Nobody left maintaining this code uses the WinCAPI support, and I don't make changes to it unless the changes are obvious or have been tested by somebody who does use it. If you want to propose a patch and can vouch for it working, I have no objection to checking it in.
> Internal key store should be deleted on any CryptoAcquireContext() error
> -------------------------------------------------------------------------
>
> Key: SANTUARIO-461
> URL: https://issues.apache.org/jira/browse/SANTUARIO-461
> Project: Santuario
> Issue Type: Improvement
> Components: C++
> Affects Versions: C++ 1.7.2, C++ 1.7.3
> Environment: Windows 10, VS2015 Update 3
> Reporter: Craig Brett
> Assignee: Scott Cantor
> Priority: Minor
> Fix For: C++ 1.7.4
>
>
> In the WinCAPICryptoProvider constructor, if CryptAcquireContext fails when obtaining the internal key store, it only calls CryptAcquireContext again with the CRYPT_DELETEKEYSET option if the error encountered was NTE_BAD_KEYSET. We have seen this API fail with error NTE_KEYSET_ENTRY_BAD as well, but in that case, the key store is not deleted and the initialization fails. Why not just call CryptAcquireContext with the CRYPT_DELETEKEYSET option if any error is encountered (not just NTE_BAD_KEYSET) since the code block tries to subsequently re-create the key store anyway?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)