winhttp: Treat a partial certificate chain as having an unknown/invalid CA.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=46726Signed-off-by: Brendan Shanks <bshanks@codeweavers.com> Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

winhttp: Treat a partial certificate chain as having an unknown/invalid CA.
aa80ef20 · Brendan Shanks · Alexandre Julliard · da915074 · aa80ef20
Commit aa80ef20 authored Jun 16, 2020 by Brendan Shanks Committed by Alexandre Julliard Jun 17, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

net.c dlls/winhttp/net.c +4 -2

No files found.
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -84,8 +84,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, WCHAR *server, DWORD secu
                if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
                    err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID;
            }
-            else if (chain->TrustStatus.dwErrorStatus &
-                     CERT_TRUST_IS_UNTRUSTED_ROOT)
+            else if ((chain->TrustStatus.dwErrorStatus &
+                      CERT_TRUST_IS_UNTRUSTED_ROOT) ||
+                     (chain->TrustStatus.dwErrorStatus &
+                      CERT_TRUST_IS_PARTIAL_CHAIN))
            {
                if (!(security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
                    err = ERROR_WINHTTP_SECURE_INVALID_CA;