[PATCH v2 2/2] crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.
Original patch by Michael Müller. Root certificates don't have CRL Distribution Point or Authority Info Access field. Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain() because of this. Signed-off-by: Zhiyi Zhang <zzhang(a)codeweavers.com> --- v2: ignore CRYPT_E_NO_REVOCATION_CHECK only with CERT_CHAIN_REVOCATION_CHECK_CHAIN. dlls/crypt32/chain.c | 5 +++++ dlls/crypt32/tests/chain.c | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index d7015d797d..41c87b7ae7 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -2698,6 +2698,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain, ret = CertVerifyRevocation(X509_ASN_ENCODING, CERT_CONTEXT_REVOCATION_TYPE, 1, (void **)&certToCheck, revocationFlags, &revocationPara, &revocationStatus); + + if (!ret && chainFlags & + && revocationStatus.dwError == CRYPT_E_NO_REVOCATION_CHECK && revocationPara.pIssuerCert == NULL) + ret = TRUE; + if (!ret) { PCERT_CHAIN_ELEMENT element = CRYPT_FindIthElementInChain( diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index a995c81239..e2a7633526 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -4156,9 +4156,9 @@ static void testGetCertChain(void) ret = CertGetCertificateChain(NULL, cert, &fileTime, store, ¶, CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &chain); ok(ret, "CertGetCertificateChain failed: %u\n", GetLastError()); - todo_wine ok(!chain->TrustStatus.dwErrorStatus - || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */ - "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus); + ok(!chain->TrustStatus.dwErrorStatus + || broken(chain->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN), /* XP */ + "chain->TrustStatus.dwErrorStatus = %x\n", chain->TrustStatus.dwErrorStatus); pCertFreeCertificateChain(chain); ret = CertGetCertificateChain(NULL, cert, &fileTime, store, ¶, CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, -- 2.18.0
Hi, While running your changed tests on Windows, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check? Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=41017 Your paranoid android. === debian9 (build) === ../../../wine/dlls/crypt32/chain.c:2702:40: error: invalid operands to binary & (have ‘DWORD {aka unsigned int}’ and ‘void *’) ../../../wine/dlls/crypt32/chain.c:2703:40: error: expected ‘)’ before ‘.’ token ../../../wine/dlls/crypt32/chain.c:2703:21: error: label ‘revocationStatus’ used but not defined Makefile:253: recipe for target 'chain.o' failed Makefile:8556: recipe for target 'dlls/crypt32' failed Task: The win32 build failed
participants (2)
-
Marvin -
Zhiyi Zhang