Bruno Jesus : wininet: Handle CERT_TRUST_IS_NOT_SIGNATURE_VALID in netconn_verify_cert().
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Dec 31 15:59:34 CST 2014
Module: wine
Branch: master
Commit: d654ff6dfcabdfbe3fe8edd196a6578cb9c4c1c3
URL: http://source.winehq.org/git/wine.git/?a=commit;h=d654ff6dfcabdfbe3fe8edd196a6578cb9c4c1c3
Author: Bruno Jesus <00cpxxx at gmail.com>
Date: Wed Dec 31 03:47:00 2014 -0200
wininet: Handle CERT_TRUST_IS_NOT_SIGNATURE_VALID in netconn_verify_cert().
---
dlls/wininet/netconnection.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 483dba4..debc271 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -112,6 +112,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
CERT_TRUST_IS_NOT_TIME_VALID |
CERT_TRUST_IS_UNTRUSTED_ROOT |
CERT_TRUST_IS_PARTIAL_CHAIN |
+ CERT_TRUST_IS_NOT_SIGNATURE_VALID |
CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
TRACE("verifying %s\n", debugstr_w(conn->server->name));
@@ -178,6 +179,17 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN;
}
+ if(errors & CERT_TRUST_IS_NOT_SIGNATURE_VALID) {
+ WARN("CERT_TRUST_IS_NOT_SIGNATURE_VALID\n");
+ if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) {
+ err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA;
+ if(!conn->mask_errors)
+ break;
+ conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA;
+ }
+ errors &= ~CERT_TRUST_IS_NOT_SIGNATURE_VALID;
+ }
+
if(errors & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE)) {
More information about the wine-cvs
mailing list