Brendan Shanks : winhttp: Treat a partial certificate chain as having an unknown/invalid CA.
Alexandre Julliard
julliard at winehq.org
Tue Nov 10 13:46:22 CST 2020
Module: wine
Branch: stable
Commit: f01f67c9bd2b7a04c63120ee35599ee1f29094d3
URL: https://source.winehq.org/git/wine.git/?a=commit;h=f01f67c9bd2b7a04c63120ee35599ee1f29094d3
Author: Brendan Shanks <bshanks at codeweavers.com>
Date: Tue Jun 16 13:48:22 2020 -0700
winhttp: Treat a partial certificate chain as having an unknown/invalid CA.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=46726
Signed-off-by: Brendan Shanks <bshanks at codeweavers.com>
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit aa80ef20504660fa55914d40fb4bb296eef94c59)
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>
---
dlls/winhttp/net.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c
index c9da098f52d..f10aa255e2f 100644
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -84,8 +84,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, WCHAR *server, DWORD secu
if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID;
}
- else if (chain->TrustStatus.dwErrorStatus &
- CERT_TRUST_IS_UNTRUSTED_ROOT)
+ else if ((chain->TrustStatus.dwErrorStatus &
+ CERT_TRUST_IS_UNTRUSTED_ROOT) ||
+ (chain->TrustStatus.dwErrorStatus &
+ CERT_TRUST_IS_PARTIAL_CHAIN))
{
if (!(security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
err = ERROR_WINHTTP_SECURE_INVALID_CA;
More information about the wine-cvs
mailing list