[PATCH 1/2] crypt32/test: additional test for skipping unknown CAs
Zebediah Figura
z.figura12 at gmail.com
Thu Jan 23 09:09:38 CST 2020
Hello Ilia, thanks for the patch.
On 1/22/20 9:45 AM, Ilia Mirkin wrote:
> This is already tested by setting a flag in the ssl policy parameters,
> but apparently the flag in base policy parameters also needs to be
> respected. Tested on Win7.
>
> Signed-off-by: Ilia Mirkin <imirkin at alum.mit.edu>
> ---
> dlls/crypt32/tests/chain.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
> index e2a7633526..1bf78b084d 100644
> --- a/dlls/crypt32/tests/chain.c
> +++ b/dlls/crypt32/tests/chain.c
> @@ -4743,6 +4743,11 @@ static void check_ssl_policy(void)
> CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,
> ignoredUnknownCAPolicyCheck, &oct2007, &policyPara);
> sslPolicyPara.fdwChecks = 0;
> + /* And again, but specifying the ignore in dwFlags */
> + policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG;
> + CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,
> + ignoredUnknownCAPolicyCheck, &oct2007, &policyPara);
> + policyPara.dwFlags = 0;
> /* And again, but checking the Google chain at a bad date */
> sslPolicyPara.pwszServerName = google_dot_com;
> CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,
>
As the testbot has complained, we don't want the tests to fail even
temporarily on Wine; that's what todo_wine is for. To resolve this,
because crypt32 is a terrible mess, you could either duplicate
"ignoredUnknownCAPolicyCheck" and add the TODO flag, or just reorder or
combine the patches.
More information about the wine-devel
mailing list