Skip to content

windows root certificate scanning#14229

Merged
andrewrk merged 6 commits intoziglang:masterfrom
star-tek-mb:wincerts
Jan 17, 2023
Merged

windows root certificate scanning#14229
andrewrk merged 6 commits intoziglang:masterfrom
star-tek-mb:wincerts

Conversation

@star-tek-mb
Copy link
Contributor

@star-tek-mb star-tek-mb commented Jan 6, 2023

Closes #14170

Works as expected.
Any code reviews are pleased.

andrewrk
andrewrk requested changes Jan 6, 2023
View reviewed changes
Copy link
Member

@andrewrk andrewrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Good work.

Would you mind using CertOpenSystemStoreW instead of CertOpenSystemStoreA? See #534 for more details.

andrewrk
andrewrk reviewed Jan 6, 2023
View reviewed changes
Copy link
Member

@andrewrk andrewrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more thing-

lib/std/crypto/Certificate/Bundle.zig Outdated
cb.bytes.clearRetainingCapacity();
cb.map.clearRetainingCapacity();

const store = os.windows.crypt32.CertOpenSystemStoreA(null, "ROOT");
Copy link
Member

@andrewrk andrewrk Jan 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function may fail. Please check for an error after this call.

Copy link
Contributor Author

@star-tek-mb star-tek-mb Jan 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. There is no documentation about possible errors, so I used unexpectedError. Also, used unreachable in closeStore function in defer clause (closeStore also can return error), because in any case, it will free memory (should I change it to do noop?). I hope this is ok. Also, I don't think that CertOpenSystemStoreW can return error, if i provide string other than "ROOT" (some other unexpected string), it doesn't seem to return any error. But in any case, i handled possible errors, i think.

Copy link
Contributor

@truemedian truemedian Jan 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CertOpenSystemStoreW
Errors from the called function CertOpenStore are propagated to this function.

Which includes ERROR_FILE_NOT_FOUND.

CertOpenStore
CreateFile, ReadFile, or registry errors might be propagated and their error codes returned.

Alongside these all of the error codes associated with ReadFile and WriteFile.

@star-tek-mb star-tek-mb requested a review from andrewrk January 7, 2023 09:22
@andrewrk andrewrk force-pushed the wincerts branch 3 times, most recently from 6a6c76a to 1eb311a Compare January 17, 2023 01:11
@andrewrk andrewrk enabled auto-merge January 17, 2023 01:13
@andrewrk andrewrk disabled auto-merge January 17, 2023 02:40
@andrewrk andrewrk enabled auto-merge January 17, 2023 07:10
@andrewrk andrewrk merged commit f4b4e57 into ziglang:master Jan 17, 2023
@jacwil jacwil mentioned this pull request Jan 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewrk andrewrk Awaiting requested review from andrewrk

1 more reviewer

@truemedian truemedian truemedian left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

std.crypto.Certificate.Bundle: find system-installed root certificates on Windows

3 participants

@star-tek-mb @andrewrk @truemedian