Commit 54429016 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.

parent 637fd373
...@@ -3788,11 +3788,21 @@ static const ChainPolicyCheck sslPolicyCheck[] = { ...@@ -3788,11 +3788,21 @@ static const ChainPolicyCheck sslPolicyCheck[] = {
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 }, { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 },
}; };
static const ChainPolicyCheck ignoredUnknownCAPolicyCheck = {
{ sizeof(chain0) / sizeof(chain0[0]), chain0 },
{ 0, CERT_E_EXPIRED, 0, 0, NULL }, NULL, TODO_ERROR
};
static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = { static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = {
{ sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
{ 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0 { 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0
}; };
static const ChainPolicyCheck googlePolicyCheckWithMatchingNameIgnoringExpired = {
{ sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
};
static const ChainPolicyCheck googlePolicyCheckWithMatchingName = { static const ChainPolicyCheck googlePolicyCheckWithMatchingName = {
{ sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
{ 0, 0, -1, -1, NULL}, NULL, 0 { 0, 0, -1, -1, NULL}, NULL, 0
...@@ -4131,10 +4141,25 @@ static void check_ssl_policy(void) ...@@ -4131,10 +4141,25 @@ static void check_ssl_policy(void)
*/ */
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); &iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
/* And again, specifying a chain with an untrusted root, but ignoring
* unknown CAs.
*/
sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&ignoredUnknownCAPolicyCheck, 0, &oct2007, &policyPara);
sslPolicyPara.fdwChecks = 0;
/* And again, but checking the Google chain at a bad date */ /* And again, but checking the Google chain at a bad date */
sslPolicyPara.pwszServerName = google_dot_com; sslPolicyPara.pwszServerName = google_dot_com;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara); &googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara);
/* Again checking the Google chain at a bad date, but ignoring date
* errors.
*/
sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&googlePolicyCheckWithMatchingNameIgnoringExpired, 0, &oct2007,
&policyPara);
sslPolicyPara.fdwChecks = 0;
/* And again, but checking the Google chain at a good date */ /* And again, but checking the Google chain at a good date */
sslPolicyPara.pwszServerName = google_dot_com; sslPolicyPara.pwszServerName = google_dot_com;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment