crypt32: Assume revocation server is offline if revocation status isn't known.

2024-11-05 18:01:34 +00:00 · 2009-11-19 10:49:31 -08:00 · 2009-11-19 10:49:31 -08:00 · a3c6bc68c8
commit a3c6bc68c8
parent 9e1d31e5e5
2 changed files with 5 additions and 7 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -2426,7 +2426,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
                case CRYPT_E_NO_REVOCATION_CHECK:
                case CRYPT_E_NO_REVOCATION_DLL:
                case CRYPT_E_NOT_IN_REVOCATION_DATABASE:
-                    error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN;
+                    /* If the revocation status is unknown, it's assumed to be
+                     * offline too.
+                     */
+                    error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
+                     CERT_TRUST_IS_OFFLINE_REVOCATION;
                    break;
                case CRYPT_E_REVOCATION_OFFLINE:
                    error = CERT_TRUST_IS_OFFLINE_REVOCATION;
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -3688,7 +3688,6 @@ static void testGetCertChain(void)
        /* The cert is rather old, so its revocation list can't be retrieved,
         * and its revocation status should be both offline and unknown.
         */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@ -3709,7 +3708,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@ -3744,7 +3742,6 @@ static void testGetCertChain(void)
        /* The cert doesn't have a way to retrieve its CRL, so its revocation
         * status should be both offline and unknown.
         */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@ -3765,7 +3762,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@ -3795,7 +3791,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@ -3824,7 +3819,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),