f6700c744b
- Use CERT_CONTEXT's pbCertEncoded to determine chain order. CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains end-entity/server certificate in pbCertEncoded. We can use this pointer to determine the order of certificates when enumerating hCertStore using CertEnumCertificatesInStore. This change is to help ensure that the ordering of the certificate chain requested by the user via CURLINFO_CERTINFO has the same ordering on all versions of Windows. Prior to this change Schannel certificate order was reversed in8986df80but that was later reverted inf540a39bwhen it was discovered that Windows 11 22H2 does the reversal on its own. Ref: https://github.com/curl/curl/issues/9706 Closes https://github.com/curl/curl/pull/11632
52 lines
616 B
Plaintext
52 lines
616 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTPS
|
|
HTTP GET
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
# SSL with libraries supporting CURLOPT_CERTINFO
|
|
<features>
|
|
SSL
|
|
!bearssl
|
|
!mbedtls
|
|
!rustls
|
|
!wolfssl
|
|
</features>
|
|
<server>
|
|
https
|
|
</server>
|
|
<tool>
|
|
lib%TESTNUMBER
|
|
</tool>
|
|
<name>
|
|
verify certificate chain order with simple HTTPS GET
|
|
</name>
|
|
<command>
|
|
https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
|
|
</command>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
GET /%TESTNUMBER HTTP/1.1
|
|
Host: %HOSTIP:%HTTPSPORT
|
|
Accept: */*
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|