Jacek Caban : wininet: Improved handling ERROR_INTERNET_INVALID_CA error.
Alexandre Julliard
julliard at winehq.org
Thu Jun 7 13:39:17 CDT 2012
Module: wine
Branch: master
Commit: c3eec8dc57de430c3d6ca46a15f0ead2553505b1
URL: http://source.winehq.org/git/wine.git/?a=commit;h=c3eec8dc57de430c3d6ca46a15f0ead2553505b1
Author: Jacek Caban <jacek at codeweavers.com>
Date: Thu Jun 7 15:40:31 2012 +0200
wininet: Improved handling ERROR_INTERNET_INVALID_CA error.
---
dlls/wininet/dialogs.c | 2 ++
dlls/wininet/internet.h | 2 ++
dlls/wininet/netconnection.c | 17 +++++++++++++----
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/dlls/wininet/dialogs.c b/dlls/wininet/dialogs.c
index 68c668e..7bcfb15 100644
--- a/dlls/wininet/dialogs.c
+++ b/dlls/wininet/dialogs.c
@@ -540,6 +540,8 @@ static INT_PTR WINAPI WININET_InvalidCertificateDialog(
break;
case ERROR_INTERNET_SEC_CERT_ERRORS:
if(flags & _SECURITY_FLAG_CERT_REV_FAILED)
+ flags |= SECURITY_FLAG_IGNORE_REVOCATION;
+ if(flags & _SECURITY_FLAG_CERT_INVALID_CA)
flags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
if(flags & _SECURITY_FLAG_CERT_INVALID_CN)
flags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
diff --git a/dlls/wininet/internet.h b/dlls/wininet/internet.h
index a46e185..a25be32 100644
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@@ -560,11 +560,13 @@ typedef struct
/* Undocumented security flags */
#define _SECURITY_FLAG_CERT_REV_FAILED 0x00800000
+#define _SECURITY_FLAG_CERT_INVALID_CA 0x01000000
#define _SECURITY_FLAG_CERT_INVALID_CN 0x02000000
#define _SECURITY_FLAG_CERT_INVALID_DATE 0x04000000
#define _SECURITY_ERROR_FLAGS_MASK \
(_SECURITY_FLAG_CERT_REV_FAILED \
+ |_SECURITY_FLAG_CERT_INVALID_CA \
|_SECURITY_FLAG_CERT_INVALID_CN \
|_SECURITY_FLAG_CERT_INVALID_DATE)
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 00c3513..47b8453 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -272,12 +272,21 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
errors &= ~CERT_TRUST_IS_UNTRUSTED_ROOT;
}
+ /* This seems strange, but that's what tests show */
if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) {
WARN("CERT_TRUST_IS_PARTIAL_CHAIN\n");
- if(conn->mask_errors)
- conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
- if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
- err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED;
+ if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) {
+ if(!(conn->security_flags & _SECURITY_FLAG_CERT_REV_FAILED))
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED;
+ else
+ err = conn->mask_errors ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA;
+ }
+ if(conn->mask_errors) {
+ if(!(conn->security_flags & _SECURITY_FLAG_CERT_REV_FAILED))
+ conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
+ else
+ conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA;
+ }
errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN;
}
More information about the wine-cvs
mailing list