Commit 14b0df1f authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Set error status on issued certificate, not on issuer.

parent 1ce46d5e
......@@ -287,17 +287,25 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
(chain->cElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
if (chain->rgpElement)
{
chain->rgpElement[chain->cElement++] = element;
memset(element, 0, sizeof(CERT_CHAIN_ELEMENT));
element->cbSize = sizeof(CERT_CHAIN_ELEMENT);
element->pCertContext = CertDuplicateCertificateContext(cert);
/* Flags, if set, refer to the element this cert issued, so set
* the preceding element's error accordingly
*/
if (chain->cElement > 1)
{
if (dwFlags & CERT_STORE_REVOCATION_FLAG &&
!(dwFlags & CERT_STORE_NO_CRL_FLAG))
element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_REVOKED;
chain->rgpElement[chain->cElement - 2]->TrustStatus.
dwErrorStatus |= CERT_TRUST_IS_REVOKED;
if (dwFlags & CERT_STORE_SIGNATURE_FLAG)
element->TrustStatus.dwErrorStatus |=
chain->rgpElement[chain->cElement - 2]->TrustStatus.
dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
}
/* FIXME: initialize the rest of element */
chain->rgpElement[chain->cElement++] = element;
if (chain->cElement % engine->CycleDetectionModulus)
CRYPT_CheckSimpleChainForCycles(chain);
CRYPT_CombineTrustStatus(&chain->TrustStatus,
......
......@@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = {
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID |
CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, simpleStatus1 },
TODO_ERROR | TODO_INFO },
TODO_INFO },
{ { sizeof(chain2) / sizeof(chain2[0]), chain2 },
{ { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment