Juan Lang : winhttp: Verify SSL policy of chains whose errors were ignored.
Alexandre Julliard
julliard at winehq.org
Fri Oct 1 11:38:43 CDT 2010
Module: wine
Branch: master
Commit: ee2e9cc339784a9dfbed920cb692b811f7faad9b
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ee2e9cc339784a9dfbed920cb692b811f7faad9b
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Sep 29 08:24:07 2010 -0700
winhttp: Verify SSL policy of chains whose errors were ignored.
---
dlls/winhttp/net.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c
index 398c0b7..4812979 100644
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -308,12 +308,19 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
else if (chain->TrustStatus.dwErrorStatus & ~supportedErrors)
err = ERROR_WINHTTP_SECURE_INVALID_CERT;
}
- else
+ if (!err)
{
CERT_CHAIN_POLICY_PARA policyPara;
SSL_EXTRA_CERT_CHAIN_POLICY_PARA sslExtraPolicyPara;
CERT_CHAIN_POLICY_STATUS policyStatus;
+ CERT_CHAIN_CONTEXT chainCopy;
+ /* Clear chain->TrustStatus.dwErrorStatus so
+ * CertVerifyCertificateChainPolicy will verify additional checks
+ * rather than stopping with an existing, ignored error.
+ */
+ memcpy(&chainCopy, chain, sizeof(chainCopy));
+ chainCopy.TrustStatus.dwErrorStatus = 0;
sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
sslExtraPolicyPara.pwszServerName = server;
@@ -321,7 +328,7 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
policyPara.dwFlags = 0;
policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
ret = CertVerifyCertificateChainPolicy( CERT_CHAIN_POLICY_SSL,
- chain, &policyPara,
+ &chainCopy, &policyPara,
&policyStatus );
/* Any error in the policy status indicates that the
* policy couldn't be verified.
More information about the wine-cvs
mailing list