system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-10-04 20:37:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypt32: Handle CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG when verifying chain policy.

Browse source 
Signed-off-by: Piotr Caban <piotr@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Piotr Caban 2021-04-15 17:25:13 +02:00 committed by Alexandre Julliard
parent be3f6c87a0
commit 6ac02c0cac
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dlls/crypt32/chain.c
View file

@ -3027,7 +3027,8 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
&pPolicyStatus->lElementIndex); &pPolicyStatus->lElementIndex);
} }
if (!pPolicyStatus->dwError && if (!pPolicyStatus->dwError &&
pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID) pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID &&
!(checks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
{ {
pPolicyStatus->dwError = CERT_E_EXPIRED; pPolicyStatus->dwError = CERT_E_EXPIRED;
find_element_with_error(pChainContext, find_element_with_error(pChainContext,
@ -3492,7 +3493,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
} }
else if (pChainContext->TrustStatus.dwErrorStatus & else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_NOT_TIME_VALID && CERT_TRUST_IS_NOT_TIME_VALID &&
!(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID)) !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) &&
!(baseChecks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG))
{ {
pPolicyStatus->dwError = CERT_E_EXPIRED; pPolicyStatus->dwError = CERT_E_EXPIRED;
find_element_with_error(pChainContext, find_element_with_error(pChainContext,

4
dlls/crypt32/tests/chain.c
View file

@ -4741,12 +4741,12 @@ static const CERT_CHAIN_POLICY_STATUS badDateNestingStatus =
static const ChainPolicyCheck ignoredBadDateNestingBasePolicyCheck = { static const ChainPolicyCheck ignoredBadDateNestingBasePolicyCheck = {
{ ARRAY_SIZE(chain2), chain2 }, { ARRAY_SIZE(chain2), chain2 },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR { 0, 0, -1, -1, NULL}, NULL, 0
}; };
static const ChainPolicyCheck ignoredInvalidDateBasePolicyCheck = { static const ChainPolicyCheck ignoredInvalidDateBasePolicyCheck = {
{ ARRAY_SIZE(googleChain), googleChain }, { ARRAY_SIZE(googleChain), googleChain },
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR { 0, 0, -1, -1, NULL}, NULL, 0
}; };
static const ChainPolicyCheck ignoredInvalidUsageBasePolicyCheck = { static const ChainPolicyCheck ignoredInvalidUsageBasePolicyCheck = {