Module: wine Branch: master Commit: aa80ef20504660fa55914d40fb4bb296eef94c59 URL: https://source.winehq.org/git/wine.git/?a=commit;h=aa80ef20504660fa55914d40f... Author: Brendan Shanks <bshanks(a)codeweavers.com> Date: Tue Jun 16 13:48:22 2020 -0700 winhttp: Treat a partial certificate chain as having an unknown/invalid CA. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=46726 Signed-off-by: Brendan Shanks <bshanks(a)codeweavers.com> Signed-off-by: Hans Leidekker <hans(a)codeweavers.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> --- dlls/winhttp/net.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index 2905d5c535..0cc2bb2bef 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -84,8 +84,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, WCHAR *server, DWORD secu if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID)) err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID; } - else if (chain->TrustStatus.dwErrorStatus & - CERT_TRUST_IS_UNTRUSTED_ROOT) + else if ((chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_UNTRUSTED_ROOT) || + (chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_PARTIAL_CHAIN)) { if (!(security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) err = ERROR_WINHTTP_SECURE_INVALID_CA;