wininet: Handle CERT_TRUST_IS_NOT_SIGNATURE_VALID in netconn_verify_cert()

Bruno Jesus 00cpxxx at gmail.com
Tue Dec 30 23:47:00 CST 2014


The application hits a CERT_TRUST_IS_NOT_SIGNATURE_VALID, and only
passes the flag SECURITY_FLAG_IGNORE_UNKNOWN_CA. Currently wine is not
able to ignore this error and aborts.

This is an extension to the work added by commit
http://source.winehq.org/git/wine.git/commitdiff/e2a9511b30e5b68eb328c08ffecf56dcc91bce0b

Fixes https://bugs.winehq.org/show_bug.cgi?id=36785
-------------- next part --------------
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 483dba4..debc271 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -112,6 +112,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
         CERT_TRUST_IS_NOT_TIME_VALID |
         CERT_TRUST_IS_UNTRUSTED_ROOT |
         CERT_TRUST_IS_PARTIAL_CHAIN |
+        CERT_TRUST_IS_NOT_SIGNATURE_VALID |
         CERT_TRUST_IS_NOT_VALID_FOR_USAGE;
 
     TRACE("verifying %s\n", debugstr_w(conn->server->name));
@@ -178,6 +179,17 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
             errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN;
         }
 
+        if(errors & CERT_TRUST_IS_NOT_SIGNATURE_VALID) {
+            WARN("CERT_TRUST_IS_NOT_SIGNATURE_VALID\n");
+            if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) {
+                err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA;
+                if(!conn->mask_errors)
+                    break;
+                conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA;
+            }
+            errors &= ~CERT_TRUST_IS_NOT_SIGNATURE_VALID;
+        }
+
         if(errors & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
             WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
             if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE)) {


More information about the wine-patches mailing list