[Bug 47785] New: CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG not taken into account
WineHQ Bugzilla
wine-bugs at winehq.org
Fri Sep 20 00:01:50 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=47785
Bug ID: 47785
Summary: CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG not taken
into account
Product: Wine
Version: 4.16
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: crypt32
Assignee: wine-bugs at winehq.org
Reporter: lois.diqual at gmail.com
Distribution: ---
Created attachment 65274
--> https://bugs.winehq.org/attachment.cgi?id=65274
c# program that verifies an expired certificate using IgnoreNotTimeValid
I am debugging a C# program that validates a certificate chain using
X509VerificationFlags.IgnoreNotTimeValid. The provided certificate is expired,
but it shouldn't matter because of this flag.
The chain validates properly on MacOS with Mono.
However on Wine with dotnet472, the policy fails with error NotTimeValid.
I believe there is a bug in `chain.c verify_base_policy`:
https://github.com/wine-mirror/wine/blob/e6138a52a907fe4b9b03abe0b6cf6cfb9fbc886b/dlls/crypt32/chain.c#L3033-L3040.
In this if statement, the policy verification routine determines that the
certificate has expired, but it should ignore the error if `checks` contains
`CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG`, and this logic is missing.
To reproduce:
- Create a wine prefix with dotnet472 using winetricks
- Go to drive_c/windows/Microsoft.NET/Framework/v4.0.30319 and copy verify.cs
in there
- Compile verify.cs: wine csc.exe
/reference:"C:\windows/Microsoft.NET/Framework/v4.0.30319/WPF/WindowsBase.dll"
verify.cs
- Run: wine verify.exe
- It should print "Valid cert" but instead prints "Invalid cert" with
NotTimeValid.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list