Juan Lang : crypt32: Correct error when a matching name constraint is found .
Alexandre Julliard
julliard at winehq.org
Wed Nov 11 08:33:23 CST 2009
Module: wine
Branch: master
Commit: 300d5fe5c4500f9fdd579ebdab7b3a7a8db1d65d
URL: http://source.winehq.org/git/wine.git/?a=commit;h=300d5fe5c4500f9fdd579ebdab7b3a7a8db1d65d
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Nov 10 14:40:01 2009 -0800
crypt32: Correct error when a matching name constraint is found.
---
dlls/crypt32/chain.c | 3 +--
dlls/crypt32/tests/chain.c | 27 +++++++++++++++++----------
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index a6fc9ff..54bff75 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -698,8 +698,7 @@ static void CRYPT_CheckNameConstraints(
for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
CRYPT_FindMatchingNameEntry(
&nameConstraints->rgPermittedSubtree[i].Base, subjectName,
- trustErrorStatus,
- CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+ trustErrorStatus, 0,
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
LocalFree(subjectName);
}
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 2209e1f..00adab6 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -2444,7 +2444,7 @@ static CONST_DATA_BLOB chain19[] = {
};
static const CERT_TRUST_STATUS elementStatus19[] = {
{ CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
- { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+ { CERT_TRUST_IS_UNTRUSTED_ROOT,
CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
};
static const SimpleChainStatusCheck simpleStatus19[] = {
@@ -2469,7 +2469,7 @@ static CONST_DATA_BLOB chain21[] = {
};
static const CERT_TRUST_STATUS elementStatus21[] = {
{ CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
- { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+ { CERT_TRUST_IS_UNTRUSTED_ROOT,
CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
};
static const SimpleChainStatusCheck simpleStatus21[] = {
@@ -2725,11 +2725,17 @@ static ChainCheck chainCheck[] = {
{ CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_VALID_FOR_USAGE, 0 },
1, simpleStatus18 },
0 },
+ /* Older versions of crypt32 set CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
+ * even though the constraint and alt name match.
+ * They also do not set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS, since they
+ * incorrectly find a name constraint error.
+ */
{ { sizeof(chain19) / sizeof(chain19[0]), chain19 },
- { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
- CERT_TRUST_HAS_PREFERRED_ISSUER },
- { CERT_TRUST_IS_UNTRUSTED_ROOT |
- CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, 0 },
+ { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
+ CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+ CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
+ },
+ { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
1, simpleStatus19 },
0 },
{ { sizeof(chain20) / sizeof(chain20[0]), chain20 },
@@ -2741,10 +2747,11 @@ static ChainCheck chainCheck[] = {
1, simpleStatus20 },
TODO_ERROR },
{ { sizeof(chain21) / sizeof(chain21[0]), chain21 },
- { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
- CERT_TRUST_HAS_PREFERRED_ISSUER },
- { CERT_TRUST_IS_UNTRUSTED_ROOT |
- CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, 0 },
+ { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
+ CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+ CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
+ },
+ { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
1, simpleStatus21 },
0 },
{ { sizeof(chain22) / sizeof(chain22[0]), chain22 },
More information about the wine-cvs
mailing list