Juan Lang : crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy .
Alexandre Julliard
julliard at winehq.org
Wed Oct 6 14:04:19 CDT 2010
Module: wine
Branch: master
Commit: 25a8d301c10bd1c4cc80af04cd2abbd79f4d11a3
URL: http://source.winehq.org/git/wine.git/?a=commit;h=25a8d301c10bd1c4cc80af04cd2abbd79f4d11a3
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Oct 5 21:25:33 2010 -0700
crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.
---
dlls/crypt32/chain.c | 18 ++++++++++++++++++
dlls/crypt32/tests/chain.c | 2 +-
2 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index ffb5fb4..056838b 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2954,6 +2954,16 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
+ if (!pPolicyStatus->dwError &&
+ pChainContext->TrustStatus.dwErrorStatus &
+ CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT &&
+ !(checks & CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG))
+ {
+ pPolicyStatus->dwError = CERT_E_CRITICAL;
+ find_element_with_error(pChainContext,
+ CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex,
+ &pPolicyStatus->lElementIndex);
+ }
return TRUE;
}
@@ -3377,6 +3387,14 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex,
&pPolicyStatus->lElementIndex);
}
+ else if (pChainContext->TrustStatus.dwErrorStatus &
+ CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT)
+ {
+ pPolicyStatus->dwError = CERT_E_CRITICAL;
+ find_element_with_error(pChainContext,
+ CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex,
+ &pPolicyStatus->lElementIndex);
+ }
else
pPolicyStatus->dwError = NO_ERROR;
/* We only need bother checking whether the name in the end certificate
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 5a2b17e..b6a01bf 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3964,7 +3964,7 @@ static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = {
static const ChainPolicyCheck invalidExtensionPolicyCheck = {
{ sizeof(chain30) / sizeof(chain30[0]), chain30 },
- { 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, TODO_ERROR
+ { 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, 0
};
static const ChainPolicyCheck authenticodePolicyCheck[] = {
More information about the wine-cvs
mailing list