Commit d5bcf21c authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32/tests: Test the base and SSL policies against a certificate with an…

crypt32/tests: Test the base and SSL policies against a certificate with an invalid critical extension.
parent ab1a3cce
...@@ -3962,6 +3962,11 @@ static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = { ...@@ -3962,6 +3962,11 @@ static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = {
{ 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
}; };
static const ChainPolicyCheck invalidExtensionPolicyCheck = {
{ sizeof(chain30) / sizeof(chain30[0]), chain30 },
{ 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, TODO_ERROR
};
static const ChainPolicyCheck authenticodePolicyCheck[] = { static const ChainPolicyCheck authenticodePolicyCheck[] = {
{ { sizeof(chain0) / sizeof(chain0[0]), chain0 }, { { sizeof(chain0) / sizeof(chain0[0]), chain0 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, NULL, 0 }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, NULL, 0 },
...@@ -4190,6 +4195,12 @@ static void check_base_policy(void) ...@@ -4190,6 +4195,12 @@ static void check_base_policy(void)
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG;
checkChainPolicyStatus(CERT_CHAIN_POLICY_BASE, NULL, checkChainPolicyStatus(CERT_CHAIN_POLICY_BASE, NULL,
&invalidUsageBasePolicyCheck, 0, &oct2007, &policyPara); &invalidUsageBasePolicyCheck, 0, &oct2007, &policyPara);
/* Test chain30, which has an invalid critical extension in an intermediate
* cert, against the base policy.
*/
policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG;
checkChainPolicyStatus(CERT_CHAIN_POLICY_BASE, NULL,
&invalidExtensionPolicyCheck, 0, &oct2007, &policyPara);
} }
static void check_ssl_policy(void) static void check_ssl_policy(void)
...@@ -4377,6 +4388,13 @@ static void check_ssl_policy(void) ...@@ -4377,6 +4388,13 @@ static void check_ssl_policy(void)
&winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara); &winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara);
CertFreeCertificateChainEngine(engine); CertFreeCertificateChainEngine(engine);
CertCloseStore(testRoot, 0); CertCloseStore(testRoot, 0);
/* Test chain30, which has an invalid critical extension in an intermediate
* cert, against the SSL policy.
*/
sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
sslPolicyPara.pwszServerName = NULL;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&invalidExtensionPolicyCheck, 0, &oct2007, &policyPara);
} }
static void testVerifyCertChainPolicy(void) static void testVerifyCertChainPolicy(void)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment