crypt32: Remove a test because of a Windows 2003 SP1 bug

Reece Dunn msclrhd at
Thu Oct 25 17:00:13 CDT 2007

On 25/10/2007, Juan Lang <juan.lang at> wrote:
> > The test being removed is correct and valid.
> Are you certain?  Remember that I wrote it ;)


> > While a 100% pass rate is ideal, on Windows 2003 SP1 that test *is*
> > failing due to a bug.
> Again, are you sure?  Or are you just saying that because I said it is
> in the commit?

I was basing it on what you said in the commit - both the heading and
the comment in the patch.

> The definition of "bug" is sort of fluid here.  I
> wrote the test to check a fairly strange phenomenon:    a cert that is
> time valid is asked for its issuer, which happens *not* to be time
> valid.  The time valid flag is cleared in the process.  It's not
> entirely clear which cert the flag is supposed to apply to, and the
> result surprised me when I wrote the test.

Going on what you say here would make XP have the bug, and Windows
2003 SP1 containing a fix for the behaviour.

> I call it a bug because the behavior is one way on Windows 2003 SP1,
> but different on XP.  It could be that it was in fact a bug in Windows
> XP, which was fixed in Windows 2003, but reverted because some app
> depended on the behavior.

I agree that the differing behaviour is due to a bug. It also makes
sense that the bug is in XP, and the fix was reverted because of
application compatibility.

> Furthermore, this function (CertGetIssuerFromStore) has been
> deprecated in favor of CertGetCertificateChain, which I have
> implemented and tested rather extensively.  There appears to be no
> disagreement over which cert the time valid flag applies to with
> CertGetCertificateChain.

That is good :). Based on what you are saying above, it looks as if MS
created CertGetCertificationChain in part to address this bug, and are
moving applications over to the corrected behaviour API, while
retaining the old behaviour.

> So I'm not sure that I share your reservation about removing the test.

I know nothing of the API you are implementing, apart from what you
mentioned here and in the patch. You clearly have a solid
understanding of what is involved here.

That said, imagine the following scenario:
  1.  This patch is applied to remove the test for this feature^Wbug
in CertGetCertificateChain;
  2.  Someone in the future submits a patch to fix the 'bug' in
CertGetCertificateChain for Wine;
  3.  A user attempts to run an application that is dependent on
CertGetCertificateChain an d its broken behaviour, which fails to work
and they start complaining.

Based on what you said above, it looks as if something like this
happened with Windows 2003. Thus, if the results from this test
highlight a bug in Windows, surely the test should remain so that Wine
can be bug-for-bug compatible.

Even if this is a deprecated API, there will still be applications
that are dependent on it.

That is my rationale for keeping the test.

Keep up the great work,
- Reece

More information about the wine-devel mailing list