[PATCH] winhttp: Fix handling of WINHTTP_OPTION_SECURITY_FLAGS.
Hans Leidekker
hans at codeweavers.com
Mon Dec 17 05:26:35 CST 2018
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/winhttp/session.c | 15 +++++++--------
dlls/winhttp/tests/winhttp.c | 29 ++++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c
index 39e8d8233f..82615ad12f 100644
--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -695,7 +695,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
{
case WINHTTP_OPTION_SECURITY_FLAGS:
{
- DWORD flags = 0;
+ DWORD flags;
int bits;
if (!buffer || *buflen < sizeof(flags))
@@ -705,9 +705,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
return FALSE;
}
- flags = 0;
- if (hdr->flags & WINHTTP_FLAG_SECURE) flags |= SECURITY_FLAG_SECURE;
- flags |= request->security_flags;
+ flags = request->security_flags;
if (request->netconn)
{
bits = netconn_get_cipher_strength( request->netconn );
@@ -929,6 +927,10 @@ static BOOL request_set_option( struct object_header *hdr, DWORD option, void *b
case WINHTTP_OPTION_SECURITY_FLAGS:
{
DWORD flags;
+ static const DWORD accepted = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
+ SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+ SECURITY_FLAG_IGNORE_UNKNOWN_CA |
+ SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
if (buflen < sizeof(DWORD))
{
@@ -937,10 +939,7 @@ static BOOL request_set_option( struct object_header *hdr, DWORD option, void *b
}
flags = *(DWORD *)buffer;
TRACE("0x%x\n", flags);
- if (!(flags & (SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
- SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
- SECURITY_FLAG_IGNORE_UNKNOWN_CA |
- SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE)))
+ if (flags && (flags & ~accepted))
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c
index 3f9125154f..91a9d539aa 100644
--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -1033,7 +1033,7 @@ static void test_secure_connection(void)
{
static const char data_start[] = "<!DOCTYPE html PUBLIC";
HINTERNET ses, con, req;
- DWORD size, status, policy, bitness, read_size, err, available_size, protocols;
+ DWORD size, status, policy, bitness, read_size, err, available_size, protocols, flags;
BOOL ret;
CERT_CONTEXT *cert;
WINHTTP_CERTIFICATE_INFO info;
@@ -1087,6 +1087,33 @@ static void test_secure_connection(void)
req = WinHttpOpenRequest(con, NULL, NULL, NULL, NULL, NULL, WINHTTP_FLAG_SECURE);
ok(req != NULL, "failed to open a request %u\n", GetLastError());
+ flags = 0xdeadbeef;
+ size = sizeof(flags);
+ ret = WinHttpQueryOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, &size);
+ ok(ret, "failed to query security flags %u\n", GetLastError());
+ ok(!flags, "got %08x\n", flags);
+
+ flags = SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
+ ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+ ok(ret, "failed to set security flags %u\n", GetLastError());
+
+ flags = SECURITY_FLAG_SECURE;
+ ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+ ok(!ret, "success\n");
+
+ flags = SECURITY_FLAG_STRENGTH_STRONG;
+ ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+ ok(!ret, "success\n");
+
+ flags = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+ SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
+ ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+ ok(ret, "failed to set security flags %u\n", GetLastError());
+
+ flags = 0;
+ ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+ ok(ret, "failed to set security flags %u\n", GetLastError());
+
ret = WinHttpSetOption(req, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0);
err = GetLastError();
ok(ret || broken(!ret && err == ERROR_INVALID_PARAMETER) /* winxp */, "failed to set client cert context %u\n", err);
--
2.11.0
More information about the wine-devel
mailing list