Juan Lang : crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.
Alexandre Julliard
julliard at winehq.org
Thu Sep 30 11:23:35 CDT 2010
Module: wine
Branch: master
Commit: 54429016eb68e81062e3cf20a23d348c9989d72b
URL: http://source.winehq.org/git/wine.git/?a=commit;h=54429016eb68e81062e3cf20a23d348c9989d72b
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Sep 29 13:39:34 2010 -0700
crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.
---
dlls/crypt32/tests/chain.c | 25 +++++++++++++++++++++++++
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 707d62e..5d24ac7 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3788,11 +3788,21 @@ static const ChainPolicyCheck sslPolicyCheck[] = {
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 },
};
+static const ChainPolicyCheck ignoredUnknownCAPolicyCheck = {
+ { sizeof(chain0) / sizeof(chain0[0]), chain0 },
+ { 0, CERT_E_EXPIRED, 0, 0, NULL }, NULL, TODO_ERROR
+};
+
static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = {
{ sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
{ 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0
};
+static const ChainPolicyCheck googlePolicyCheckWithMatchingNameIgnoringExpired = {
+ { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
+ { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
+};
+
static const ChainPolicyCheck googlePolicyCheckWithMatchingName = {
{ sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
{ 0, 0, -1, -1, NULL}, NULL, 0
@@ -4131,10 +4141,25 @@ static void check_ssl_policy(void)
*/
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
+ /* And again, specifying a chain with an untrusted root, but ignoring
+ * unknown CAs.
+ */
+ sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
+ checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
+ &ignoredUnknownCAPolicyCheck, 0, &oct2007, &policyPara);
+ sslPolicyPara.fdwChecks = 0;
/* And again, but checking the Google chain at a bad date */
sslPolicyPara.pwszServerName = google_dot_com;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
&googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara);
+ /* Again checking the Google chain at a bad date, but ignoring date
+ * errors.
+ */
+ sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
+ checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
+ &googlePolicyCheckWithMatchingNameIgnoringExpired, 0, &oct2007,
+ &policyPara);
+ sslPolicyPara.fdwChecks = 0;
/* And again, but checking the Google chain at a good date */
sslPolicyPara.pwszServerName = google_dot_com;
checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
More information about the wine-cvs
mailing list