From: Francois Rivard <frivard@coveo.com>
Date: Wed, 23 Oct 2019 14:04:09 +0000 (-0400)
Subject: schannel: reverse the order of certinfo insertions
X-Git-Tag: curl-7_67_0~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8986df802db9b5338d9d50a54232ebae4dbcf6dd;p=thirdparty%2Fcurl.git

schannel: reverse the order of certinfo insertions

Fixes #4518
Closes #4519
---

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 37273135c0..bbd2fe921c 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1181,6 +1181,7 @@ struct Adder_args
   struct connectdata *conn;
   CURLcode result;
   int idx;
+  int certs_count;
 };
 
 static bool
@@ -1191,7 +1192,9 @@ add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, void *raw_arg)
   if(valid_cert_encoding(ccert_context)) {
     const char *beg = (const char *) ccert_context->pbCertEncoded;
     const char *end = beg + ccert_context->cbCertEncoded;
-    args->result = Curl_extract_certinfo(args->conn, (args->idx)++, beg, end);
+    int insert_index = (args->certs_count - 1) - args->idx;
+    args->result = Curl_extract_certinfo(args->conn, insert_index, beg, end);
+    args->idx++;
   }
   return args->result == CURLE_OK;
 }
@@ -1326,6 +1329,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
       struct Adder_args args;
       args.conn = conn;
       args.idx = 0;
+      args.certs_count = certs_count;
       traverse_cert_store(ccert_context, add_cert_to_certinfo, &args);
       result = args.result;
     }