Commit 6ac02c0c authored by Piotr Caban's avatar Piotr Caban Committed by Alexandre Julliard

crypt32: Handle CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG when verifying chain policy.

parent be3f6c87
......@@ -3027,7 +3027,8 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
&pPolicyStatus->lElementIndex);
}
if (!pPolicyStatus->dwError &&
pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID)
pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID &&
!(checks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
{
pPolicyStatus->dwError = CERT_E_EXPIRED;
find_element_with_error(pChainContext,
......@@ -3492,7 +3493,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
}
else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_NOT_TIME_VALID &&
!(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
!(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) &&
!(baseChecks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
{
pPolicyStatus->dwError = CERT_E_EXPIRED;
find_element_with_error(pChainContext,
......
......@@ -4741,12 +4741,12 @@ static const CERT_CHAIN_POLICY_STATUS badDateNestingStatus =
static const ChainPolicyCheck ignoredBadDateNestingBasePolicyCheck = {
{ ARRAY_SIZE(chain2), chain2 },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
{ 0, 0, -1, -1, NULL}, NULL, 0
};
static const ChainPolicyCheck ignoredInvalidDateBasePolicyCheck = {
{ ARRAY_SIZE(googleChain), googleChain },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
{ 0, 0, -1, -1, NULL}, NULL, 0
};
static const ChainPolicyCheck ignoredInvalidUsageBasePolicyCheck = {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment