Piotr Caban : crypt32: Handle CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG when verifying chain policy.

Thu Apr 15 16:57:45 CDT 2021

Module: wine
Branch: master
Commit: 6ac02c0cacb036059bbd6089e3d96fdc435ba67a
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=6ac02c0cacb036059bbd6089e3d96fdc435ba67a

Author: Piotr Caban <piotr at codeweavers.com>
Date:   Thu Apr 15 17:25:13 2021 +0200

crypt32: Handle CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG when verifying chain policy.

Signed-off-by: Piotr Caban <piotr at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/crypt32/chain.c       | 6 ++++--
 dlls/crypt32/tests/chain.c | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index c7d387ebc59..63bcfebec38 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3027,7 +3027,8 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
          &pPolicyStatus->lElementIndex);
     }
     if (!pPolicyStatus->dwError &&
-     pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID)
+     pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID &&
+     !(checks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
     {
         pPolicyStatus->dwError = CERT_E_EXPIRED;
         find_element_with_error(pChainContext,
@@ -3492,7 +3493,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
     }
     else if (pChainContext->TrustStatus.dwErrorStatus &
      CERT_TRUST_IS_NOT_TIME_VALID &&
-     !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
+     !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) &&
+     !(baseChecks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
     {
         pPolicyStatus->dwError = CERT_E_EXPIRED;
         find_element_with_error(pChainContext,
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index e8c8843a321..68817b98dda 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -4741,12 +4741,12 @@ static const CERT_CHAIN_POLICY_STATUS badDateNestingStatus =
 
 static const ChainPolicyCheck ignoredBadDateNestingBasePolicyCheck = {
  { ARRAY_SIZE(chain2), chain2 },
- { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
+ { 0, 0, -1, -1, NULL}, NULL, 0
 };
 
 static const ChainPolicyCheck ignoredInvalidDateBasePolicyCheck = {
  { ARRAY_SIZE(googleChain), googleChain },
- { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
+ { 0, 0, -1, -1, NULL}, NULL, 0
 };
 
 static const ChainPolicyCheck ignoredInvalidUsageBasePolicyCheck = {


