Juan Lang : crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension .

[Alexandre Julliard]

Module: wine
Branch: master
Commit: f378394acda10cb7b9daa9889cf4774940c944ac
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=f378394acda10cb7b9daa9889cf4774940c944ac

Author: Juan Lang <juan.lang at gmail.com>
Date:   Thu Nov 19 11:48:53 2009 -0800

crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.

---

 dlls/crypt32/crl.c       |   12 ++++--------
 dlls/crypt32/tests/crl.c |    4 ++--
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/dlls/crypt32/crl.c b/dlls/crypt32/crl.c
index 03f9b78..5b93d3a 100644
--- a/dlls/crypt32/crl.c
+++ b/dlls/crypt32/crl.c
@@ -649,15 +649,11 @@ BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
             }
             else
             {
-                /* no CRL dist points extension in cert, compare CRL's issuer
-                 * to cert's issuer.
+                /* no CRL dist points extension in cert, can't match the CRL
+                 * (which has an issuing dist point extension)
                  */
-                if (!CertCompareCertificateName(pCrl->dwCertEncodingType,
-                 &pCrl->pCrlInfo->Issuer, &pCert->pCertInfo->Issuer))
-                {
-                    ret = FALSE;
-                    SetLastError(CRYPT_E_NO_MATCH);
-                }
+                ret = FALSE;
+                SetLastError(CRYPT_E_NO_MATCH);
             }
             LocalFree(idp);
         }
diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c
index bd70d32..dfb9356 100644
--- a/dlls/crypt32/tests/crl.c
+++ b/dlls/crypt32/tests/crl.c
@@ -530,6 +530,7 @@ static void testFindCRL(void)
      * match cert's issuer, but verisignCRL does not, so the expected count
      * is 0.
      */
+    todo_wine {
     ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
      "expected 3 matching CRLs, got %d\n", count);
     /* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
@@ -537,6 +538,7 @@ static void testFindCRL(void)
      */
     ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
      "expected 2 matching CRL entries, got %d\n", revoked_count);
+    }
 
     CertFreeCertificateContext(cert);
 
@@ -1000,11 +1002,9 @@ static void testIsValidCRLForCert(void)
      sizeof(v2CRLWithIssuingDistPoint));
     ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
 
-    todo_wine {
     ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
     ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
      "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
-    }
     ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
     ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
      "expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());