TLS credentials are considered empty regardless the state of custom identity setting now

lib/TLS/src/Credentials.cpp

@@ -84,7 +84,7 @@ void eap::credentials_tls::clear()
 
 bool eap::credentials_tls::empty() const
 {
-    return credentials::empty() && !m_cert;
+    return !m_cert;
 }
 
 
@@ -174,12 +174,14 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
 {
     assert(pszTargetName);
 
+    data_blob cred_enc;
+    if (m_cert) {
         // Encrypt the certificate using user's key.
         DATA_BLOB cred_blob    = { m_cert->cbCertEncoded,         m_cert->pbCertEncoded };
         DATA_BLOB entropy_blob = { sizeof(s_entropy)    , (LPBYTE)s_entropy             };
-    data_blob cred_enc;
         if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
             throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
+    }
 
     tstring target(target_name(pszTargetName));
 
@@ -214,6 +216,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
     if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
         throw win_runtime_error(__FUNCTION__ " CredRead failed.");
 
+    if (cred->CredentialBlobSize) {
         // Decrypt the certificate using user's key.
         DATA_BLOB cred_enc     = { cred->CredentialBlobSize, cred->CredentialBlob };
         DATA_BLOB entropy_blob = { sizeof(s_entropy)       , (LPBYTE)s_entropy    };
@@ -225,6 +228,8 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
         SecureZeroMemory(cred_int.pbData, cred_int.cbData);
         if (!bResult)
             throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
+    } else
+        m_cert.free();
 
     if (cred->UserName)
         m_identity = cred->UserName;