Jacek Caban : wininet: Fixed grouping security error flags.
Alexandre Julliard
julliard at winehq.org
Tue May 29 13:58:02 CDT 2012
Module: wine
Branch: master
Commit: a24b5588d23b61a6e769f53996610c75f0de6af4
URL: http://source.winehq.org/git/wine.git/?a=commit;h=a24b5588d23b61a6e769f53996610c75f0de6af4
Author: Jacek Caban <jacek at codeweavers.com>
Date: Mon May 28 13:55:00 2012 +0200
wininet: Fixed grouping security error flags.
---
dlls/wininet/internet.h | 4 ++--
dlls/wininet/netconnection.c | 34 ++++++++++++++++++++--------------
2 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/dlls/wininet/internet.h b/dlls/wininet/internet.h
index 230e8d8..fd6b5f7 100644
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@@ -561,11 +561,11 @@ typedef struct
} wininet_flag_info;
/* Undocumented security flags */
-#define _SECURITY_FLAG_CERT_INVALID_CA 0x00800000
+#define _SECURITY_FLAG_CERT_REV_FAILED 0x00800000
#define _SECURITY_FLAG_CERT_INVALID_CN 0x02000000
#define _SECURITY_ERROR_FLAGS_MASK \
- (_SECURITY_FLAG_CERT_INVALID_CA \
+ (_SECURITY_FLAG_CERT_REV_FAILED \
|_SECURITY_FLAG_CERT_INVALID_CN)
#endif /* _WINE_INTERNET_H_ */
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 8117884..ceed17a 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -249,7 +249,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if (chain->TrustStatus.dwErrorStatus & ~supportedErrors) {
if(conn->mask_errors)
WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
- err = ERROR_INTERNET_SEC_INVALID_CERT;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;
errors &= supportedErrors;
}
@@ -257,23 +257,31 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(conn->mask_errors)
WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
- err = ERROR_INTERNET_SEC_CERT_DATE_INVALID;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_DATE_INVALID;
errors &= ~CERT_TRUST_IS_NOT_TIME_VALID;
}
- if(errors & (CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_PARTIAL_CHAIN)) {
+ if(errors & CERT_TRUST_IS_UNTRUSTED_ROOT) {
if(conn->mask_errors)
- conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA;
+ WARN("CERT_TRUST_IS_UNTRUSTED_ROOT, unknown flags\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
- err = ERROR_INTERNET_INVALID_CA;
- errors &= ~(CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_PARTIAL_CHAIN);
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA;
+ errors &= ~CERT_TRUST_IS_UNTRUSTED_ROOT;
+ }
+
+ if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) {
+ if(conn->mask_errors)
+ conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
+ if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED;
+ errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN;
}
if(errors & (CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) {
if(conn->mask_errors)
WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
- err = ERROR_INTERNET_SEC_CERT_NO_REV;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_NO_REV;
errors &= ~(CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN);
}
@@ -281,7 +289,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(conn->mask_errors)
WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
- err = ERROR_INTERNET_SEC_CERT_REVOKED;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REVOKED;
errors &= ~CERT_TRUST_IS_REVOKED;
}
@@ -289,7 +297,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(conn->mask_errors)
WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE, unknown error flags\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE))
- err = ERROR_INTERNET_SEC_INVALID_CERT;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;
errors &= ~CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
}
@@ -321,11 +329,11 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(policyStatus.dwError == CERT_E_CN_NO_MATCH) {
if(conn->mask_errors)
conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CN;
- err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_CN_INVALID;
}else if(policyStatus.dwError) {
if(conn->mask_errors)
WARN("unknown error flags for policy status %x\n", policyStatus.dwError);
- err = ERROR_INTERNET_SEC_INVALID_CERT;
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;
}
}else {
err = GetLastError();
@@ -336,10 +344,8 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(err) {
WARN("failed %u\n", err);
- if(conn->mask_errors) {
+ if(conn->mask_errors)
conn->server->security_flags |= conn->security_flags & _SECURITY_ERROR_FLAGS_MASK;
- return err == ERROR_INTERNET_INVALID_CA ? ERROR_INTERNET_SEC_CERT_REV_FAILED : ERROR_INTERNET_SEC_CERT_ERRORS;
- }
return err;
}
More information about the wine-cvs
mailing list