Skip to content

W
wine-winehq
Commit a1e2c7fd authored by Zhiyi Zhang's avatar Zhiyi Zhang Committed by Alexandre Julliard
Browse files
Options

crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.

Original patch by Michael Müller. Root certificates don't have CRL Distribution Point or Authority Info Access field. Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain() because of this. Signed-off-by: 's avatarZhiyi Zhang <zzhang@codeweavers.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 01262515
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 3 deletions
dlls/crypt32/chain.c
View file @ a1e2c7fd
...@@ -2698,6 +2698,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain, ...@@ -2698,6 +2698,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
ret = CertVerifyRevocation(X509_ASN_ENCODING, ret = CertVerifyRevocation(X509_ASN_ENCODING,
CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
revocationFlags, &revocationPara, &revocationStatus); revocationFlags, &revocationPara, &revocationStatus);
if (!ret && chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN
&& revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK && revocationPara.pIssuerCert == NULL)
ret = TRUE;
if (!ret) if (!ret)
{ {
PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain( PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
......
dlls/crypt32/tests/chain.c
View file @ a1e2c7fd
...@@ -4156,9 +4156,9 @@ static void testGetCertChain(void) ...@@ -4156,9 +4156,9 @@ static void testGetCertChain(void)
ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain); ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError()); ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
todo_wine ok(!chain->TrustStatus.dwErrorStatus ok(!chain->TrustStatus.dwErrorStatus
|| broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */ || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
"chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus); "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
pCertFreeCertificateChain(chain); pCertFreeCertificateChain(chain);
ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment