diff options
author | Adam Harrison <adamdharrison@gmail.com> | 2022-12-03 16:04:21 -0500 |
---|---|---|
committer | Adam Harrison <adamdharrison@gmail.com> | 2022-12-03 16:04:21 -0500 |
commit | 6152c9bf1e5842ea9ea5a86b46f1930a9bcd7c84 (patch) | |
tree | 2a389e7d9fe46d0fc599a57a73dd601dba59a901 /src | |
parent | e486ece910368c0e5849517b7dafefabd22f2209 (diff) | |
download | lite-xl-plugin-manager-6152c9bf1e5842ea9ea5a86b46f1930a9bcd7c84.tar.gz lite-xl-plugin-manager-6152c9bf1e5842ea9ea5a86b46f1930a9bcd7c84.zip |
Made it so we only pulling signing keys from the root store.
Diffstat (limited to 'src')
-rw-r--r-- | src/lpm.c | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -434,7 +434,7 @@ static int lpm_certs(lua_State* L) { FILE* file = fopen(path, "wb"); if (!file) return luaL_error(L, "can't open cert store %s for writing: %s", path, strerror(errno)); - HCERTSTORE hSystemStore = CertOpenSystemStore(0,"CA"); + HCERTSTORE hSystemStore = CertOpenSystemStore(0, TEXT("ROOT")); if (!hSystemStore) { fclose(file); return luaL_error(L, "error getting system certificate store"); @@ -444,7 +444,8 @@ static int lpm_certs(lua_State* L) { pCertContext = CertEnumCertificatesInStore(hSystemStore, pCertContext); if (!pCertContext) break; - if (pCertContext->dwCertEncodingType & X509_ASN_ENCODING) { + BYTE keyUsage[2]; + if (pCertContext->dwCertEncodingType & X509_ASN_ENCODING && (CertGetIntendedKeyUsage(pCertContext->dwCertEncodingType, pCertContext->pCertInfo, keyUsage, sizeof(keyUsage)) && (keyUsage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))) { DWORD size = 0; CryptBinaryToString(pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, CRYPT_STRING_BASE64HEADER, NULL, &size); char* buffer = malloc(size); @@ -461,7 +462,7 @@ static int lpm_certs(lua_State* L) { } git_libgit2_opts(GIT_OPT_SET_SSL_CERT_LOCATIONS, path, NULL); if ((status = mbedtls_x509_crt_parse_file(&x509_certificate, path)) != 0) - return luaL_mbedtls_error(L, status, "mbedtls_x509_crt_parse_file failed to parse CA certificate %s: %d", path, -status); + return luaL_mbedtls_error(L, status, "mbedtls_x509_crt_parse_file failed to parse CA certificate %s", path); mbedtls_ssl_conf_ca_chain(&ssl_config, &x509_certificate, NULL); } return 0; |