In WinCrypt.h I see:
#define CERT_CHAIN_POLICY_SSL ((LPCSTR) 4)
WINCRYPT32API BOOL WINAPI CertVerifyCertificateChainPolicy(
IN LPCSTR pszPolicyOID,
IN PCCERT_CHAIN_CONTEXT pChainContext,
IN PCERT_CHAIN_POLICY_PARA pPolicyPara,
IN OUT PCERT_CHAIN_POLICY_STATUS pPolicyStatus
);
The first argument takes CERT_CHAIN_POLICY_SSL. This appears to be a pointer to a C string, yet it is an integer!?
The pointer is obviously a 32bit integer, but what is it pointing at?
If the number is < 255 it will take up a single byte, so is the C string in fact a single byte “string” (ie a byte)?
When conveting to another language that does support BYTE variables, I can just create a bVar (a BYTE variable) and assign it 4. Then I can pass a pointer to that BYTE variable?
Sometimes an API will take a parameter that can be a ‘cookie’ or ID for a well-known object or a pointer to a name (for example),which is what appears to be the case here.
4is a cookie/handle/ID for the well-knownCERT_CHAIN_POLICY_SSLpolicy. Some users of the API might specify a policy that’s not known to the library ahead of time, but is specified by a name that the it can look up somewhere (or like the registry, config file or something).In a somewhat similar vein,
GetProcAddress()can take a pointer to the name of the function you want the address for (which is how it’s used 99% of the time today), or the pointer-to-a-string parameter can be a number that specifies the ordinal of the function.Overloading pointer parameters like this is an unfortunate techniques that’s sometimes used to make an API more flexible. Fortunately it’s not particularly common.
Anyway, if you want to call this API from another language and specify the
CERT_CHAIN_POLICY_SSLpolicy, you need to pass a4for the pointer’s value (not a pointer pointing to the value 4).