crypt32/tests: Print a better error if no Verisign root certificates available.
juan.lang at gmail.com
Mon May 4 10:58:22 CDT 2009
Hi, I just noticed commit efa555596b30134261920ea12d8c324f9bef34b4.
This change is misleading:
- "Chain %d, element [%d,%d]: expected error %08x, got %08x\n",
+ "Chain %d, element [%d,%d]: expected error %08x, got %08x. %08x is "
+ "expected if no valid Verisign root certificate is available.\n",
testIndex, chainIndex, elementIndex, expected->dwErrorStatus,
+ got->dwErrorStatus, CERT_TRUST_IS_UNTRUSTED_ROOT);
The only difference is to add CERT_TRUST_IS_UNTRUSTED_ROOT if any
chain doesn't match, whatever the reason. On the other hand, only one
chain out of 14 or so that are tested would ever unexpectedly have
CERT_TRUST_IS_UNTRUSTED_ROOT set. The remainder of the chains are not
rooted in any trusted CA, but are rooted in some untrusted cert. So I
don't think this change is really all that beneficial.
Personally, I'd rather have the change reverted. Comments?
More information about the wine-devel