Zhiyi Zhang : crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.
Alexandre Julliard
julliard at winehq.org
Thu Aug 23 16:37:03 CDT 2018
Module: wine
Branch: master
Commit: a1e2c7fd2f7c4fb5377a0528bfcb03b3813747aa
URL: https://source.winehq.org/git/wine.git/?a=commit;h=a1e2c7fd2f7c4fb5377a0528bfcb03b3813747aa
Author: Zhiyi Zhang <zzhang at codeweavers.com>
Date: Wed Aug 22 14:54:00 2018 +0800
crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.
Original patch by Michael Müller.
Root certificates don't have CRL Distribution Point or Authority Info Access field.
Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain()
because of this.
Signed-off-by: Zhiyi Zhang <zzhang at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/crypt32/chain.c | 5 +++++
dlls/crypt32/tests/chain.c | 6 +++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index d7015d7..41c87b7 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2698,6 +2698,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
ret = CertVerifyRevocation(X509_ASN_ENCODING,
CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
revocationFlags, &revocationPara, &revocationStatus);
+
+ if (!ret && chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN
+ && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK && revocationPara.pIssuerCert == NULL)
+ ret = TRUE;
+
if (!ret)
{
PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index a995c81..e2a7633 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -4156,9 +4156,9 @@ static void testGetCertChain(void)
ret = CertGetCertificateChain(NULL, cert, &fileTime, store, ¶, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain);
ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
- todo_wine ok(!chain->TrustStatus.dwErrorStatus
- || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
- "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
+ ok(!chain->TrustStatus.dwErrorStatus
+ || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
+ "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
pCertFreeCertificateChain(chain);
ret = CertGetCertificateChain(NULL, cert, &fileTime, store, ¶, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
More information about the wine-cvs
mailing list