Zhiyi Zhang : crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.

Alexandre Julliard julliard at winehq.org
Thu Nov 29 15:09:38 CST 2018 

Module: wine
Branch: stable
Commit: 41e0338f59d09f4f7a21450c3083dcbc3d152527
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=41e0338f59d09f4f7a21450c3083dcbc3d152527

Author: Zhiyi Zhang <zzhang at codeweavers.com>
Date:   Wed Aug 22 14:54:00 2018 +0800

crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.

Original patch by Michael Müller.

Root certificates don't have CRL Distribution Point or Authority Info Access field.
Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain()
because of this.

Signed-off-by: Zhiyi Zhang <zzhang at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit a1e2c7fd2f7c4fb5377a0528bfcb03b3813747aa)
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>

---

 dlls/crypt32/chain.c       | 5 +++++
 dlls/crypt32/tests/chain.c | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index aab2e91..e98e542 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2708,6 +2708,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
                 ret = CertVerifyRevocation(X509_ASN_ENCODING,
                  CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck,
                  revocationFlags, &revocationPara, &revocationStatus);
+
+                if (!ret && chainFlags & CERT_CHAIN_REVOCATION_CHECK_CHAIN
+                    && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK && revocationPara.pIssuerCert == NULL)
+                    ret = TRUE;
+
                 if (!ret)
                 {
                     PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain(
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 5a6ca54..d4d18a5 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -4157,9 +4157,9 @@ static void testGetCertChain(void)
 
     ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain);
     ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError());
-    todo_wine ok(!chain->TrustStatus.dwErrorStatus
-                     || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
-                 "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
+    ok(!chain->TrustStatus.dwErrorStatus
+           || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */
+       "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus);
     pCertFreeCertificateChain(chain);
 
     ret = CertGetCertificateChain(NULL, cert, &fileTime, store, &para, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,

More information about the wine-cvs mailing list