crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.

Original patch by Michael Müller. Root certificates don't have CRL Distribution Point or Authority Info Access field. Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain() because of this. Signed-off-by: Zhiyi Zhang <zzhang@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.
a1e2c7fd · Zhiyi Zhang · Alexandre Julliard · 01262515 · a1e2c7fd · a1e2c7fd
Commit a1e2c7fd authored Aug 22, 2018 by Zhiyi Zhang Committed by Alexandre Julliard Aug 23, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

chain.c dlls/crypt32/chain.c +5 -0

chain.c dlls/crypt32/tests/chain.c +3 -3

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2698,6 +2698,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
                ret = CertVerifyRevocation(X509_ASN_ENCODING,
                 CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
                 revocationFlags, &revocationPara, &revocationStatus);
+
+                if (!ret && chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN
+                    && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK && revocationPara.pIssuerCert == NULL)
+                    ret = TRUE;
+
                if (!ret)
                {
                    PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(

--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -4156,9 +4156,9 @@ static void testGetCertChain(void)

    ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain);
    ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
-    todo_wine ok(!chain->TrustStatus.dwErrorStatus
-                     || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
-                 "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
+    ok(!chain->TrustStatus.dwErrorStatus
+           || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
+       "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
    pCertFreeCertificateChain(chain);

    ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,