https://bugs.winehq.org/show_bug.cgi?id=54353
--- Comment #1 from Paul Gofman pgofman@codeweavers.com --- I've looked into this. The core issue is pre-existing before the blamed commit, although that one made it in seen in repeated test by extending the scope of caching (before the blamed commit it was only affecting CRL revocation checking and we just don't have a test which would hit the issue).
The reason is that there are two checks performed by the test for the same certificate: one without issuer certificate provided in check parameters and another one with that one. Caching uses serial number of the cert being checked as id in cache, so once second check succeeded the cached result is matched for the first check (which should fail).
I see two issues here:
1. Using cert's serial is wrong, we need to hash full certificate contents to identify the cert for the purpose of cache ID (this part does not relate to test failure though);
2. We also need to hash all the request parameters which may influence the check result (I think currently that is only issuer certificate in request parameters).
I will send patches soon.