Juan Lang : crypt32/tests: Test OpenSSL chain separately to address test failures on Win98.
Alexandre Julliard
julliard at winehq.org
Wed Oct 6 14:04:21 CDT 2010
Module: wine
Branch: master
Commit: 6e89a61446088dbe029913896dfae467bb8d37a1
URL: http://source.winehq.org/git/wine.git/?a=commit;h=6e89a61446088dbe029913896dfae467bb8d37a1
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Oct 6 11:19:04 2010 -0700
crypt32/tests: Test OpenSSL chain separately to address test failures on Win98.
---
dlls/crypt32/tests/chain.c | 57 +++++++++++++++++++++++++++++++++++++++----
1 files changed, 51 insertions(+), 6 deletions(-)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 2c62ec0..2e453e1 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3257,6 +3257,21 @@ static const SimpleChainStatusCheck opensslSimpleStatus[] = {
{ sizeof(opensslElementStatus) / sizeof(opensslElementStatus[0]),
opensslElementStatus },
};
+/* The OpenSSL chain may not have its root trusted, in which case the chain
+ * is truncated (on Win98).
+ */
+static CONST_DATA_BLOB incompleteOpensslChain[] = {
+ { sizeof(global_sign_ca), global_sign_ca },
+ { sizeof(openssl_org), openssl_org },
+};
+static const CERT_TRUST_STATUS incompleteOpensslElementStatus[] = {
+ { CERT_TRUST_IS_NOT_TIME_VALID, CERT_TRUST_HAS_KEY_MATCH_ISSUER },
+ { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_KEY_MATCH_ISSUER },
+};
+static const SimpleChainStatusCheck incompleteOpensslSimpleStatus[] = {
+ { sizeof(incompleteOpensslElementStatus) / sizeof(incompleteOpensslElementStatus[0]),
+ incompleteOpensslElementStatus },
+};
/* entrust_ca -> aaa_certificate_services -> cs_stanford_edu */
/* cs.stanford.edu's cert is only valid from 7/16/2009 to 7/16/2012, so with
* the date tested (October 2007) it's not time valid.
@@ -3515,12 +3530,6 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, googleSimpleStatus }, 0 },
- /* The openssl chain may or may not have its root trusted, so ignore the error
- */
- { { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain },
- { { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
- { CERT_TRUST_IS_NOT_TIME_VALID, 0 },
- 1, opensslSimpleStatus }, 0 },
/* The stanford chain may or may not have its root trusted, so ignore the error
*/
{ { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain },
@@ -3549,6 +3558,20 @@ static ChainCheck chainCheckNoStore[] = {
0 },
};
+ /* The openssl chain may or may not have its root trusted, so ignore the error
+ */
+static ChainCheck opensslChainCheck =
+ { { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain },
+ { { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
+ { CERT_TRUST_IS_NOT_TIME_VALID, 0 },
+ 1, opensslSimpleStatus }, 0 };
+static ChainCheck incompleteOpensslChainCheck =
+ { { sizeof(incompleteOpensslChain) / sizeof(incompleteOpensslChain[0]),
+ incompleteOpensslChain },
+ { { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
+ { CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_PARTIAL_CHAIN, 0 },
+ 1, incompleteOpensslSimpleStatus }, 0 };
+
/* Chain27 checks a certificate with a subject alternate name containing an
* embedded NULL. Newer crypt32 versions fail to decode such alternate names,
* correctly prohibiting them. Older crypt32 versions do not. Rather than
@@ -3722,6 +3745,28 @@ static void testGetCertChain(void)
pCertFreeCertificateChain(chain);
}
}
+ chain = getChain(NULL, &opensslChainCheck.certs, 0, TRUE, &oct2007,
+ opensslChainCheck.todo, 0);
+ if (chain)
+ {
+ ok(chain->TrustStatus.dwErrorStatus ==
+ opensslChainCheck.status.status.dwErrorStatus ||
+ broken((chain->TrustStatus.dwErrorStatus &
+ ~incompleteOpensslChainCheck.status.statusToIgnore.dwErrorStatus) ==
+ (incompleteOpensslChainCheck.status.status.dwErrorStatus &
+ ~incompleteOpensslChainCheck.status.statusToIgnore.dwErrorStatus)),
+ "unexpected chain error status %08x\n",
+ chain->TrustStatus.dwErrorStatus);
+ if (opensslChainCheck.status.status.dwErrorStatus ==
+ chain->TrustStatus.dwErrorStatus)
+ checkChainStatus(chain, &opensslChainCheck.status,
+ opensslChainCheck.todo, "opensslChainCheck", 0);
+ else
+ checkChainStatus(chain, &incompleteOpensslChainCheck.status,
+ incompleteOpensslChainCheck.todo, "incompleteOpensslChainCheck",
+ 0);
+ pCertFreeCertificateChain(chain);
+ }
for (i = 0; i < sizeof(chainCheckNoStore) / sizeof(chainCheckNoStore[0]);
i++)
{
More information about the wine-cvs
mailing list