wine-commits November 2009

wine-commits@winehq.org

3 participants
910 discussions

Owen Rudge : comctl32: Add basic structure for IImageList interface.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: a4f2ab9d14bb4ed76958a5405aa463c4569fb9e4 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a4f2ab9d14bb4ed76958a5405… Author: Owen Rudge <orudge(a)codeweavers.com> Date: Thu Nov 12 10:27:40 2009 -0600 comctl32: Add basic structure for IImageList interface. --- dlls/comctl32/Makefile.in | 2 +- dlls/comctl32/imagelist.c | 329 +++++++++++++++++++++++++++++++++++++++++++-- dlls/comctl32/imagelist.h | 32 +++-- 3 files changed, 338 insertions(+), 25 deletions(-) Diff: http://source.winehq.org/git/wine.git/?a=commitdiff;h=a4f2ab9d14bb4ed76958a…

1 0

Huw Davies : msctf: Correctly initialize the description field.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: d775d6e31fa928efa2c9f8d3dca9736e77d243a2 URL: http://source.winehq.org/git/wine.git/?a=commit;h=d775d6e31fa928efa2c9f8d3d… Author: Huw Davies <huw(a)codeweavers.com> Date: Thu Nov 12 22:51:10 2009 +0000 msctf: Correctly initialize the description field. Found by Valgrind. --- dlls/msctf/threadmgr.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/dlls/msctf/threadmgr.c b/dlls/msctf/threadmgr.c index 56f1c36..5f3a90a 100644 --- a/dlls/msctf/threadmgr.c +++ b/dlls/msctf/threadmgr.c @@ -883,6 +883,7 @@ static HRESULT WINAPI KeystrokeMgr_PreserveKey(ITfKeystrokeMgr *iface, newkey->guid = *rguid; newkey->prekey = *prekey; newkey->tid = tid; + newkey->description = NULL; if (cchDesc) { newkey->description = HeapAlloc(GetProcessHeap(),0,cchDesc * sizeof(WCHAR));

1 0

Detlef Riekenberg : ntdll/tests: GetVolumePathnameW is not present before w2k.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: 447e224380410ea008cec0cd25da2d97344afb55 URL: http://source.winehq.org/git/wine.git/?a=commit;h=447e224380410ea008cec0cd2… Author: Detlef Riekenberg <wine.dev(a)web.de> Date: Thu Nov 12 23:42:53 2009 +0100 ntdll/tests: GetVolumePathnameW is not present before w2k. --- dlls/ntdll/tests/file.c | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/dlls/ntdll/tests/file.c b/dlls/ntdll/tests/file.c index ba6b07e..06e35b4 100644 --- a/dlls/ntdll/tests/file.c +++ b/dlls/ntdll/tests/file.c @@ -40,6 +40,8 @@ #define IO_COMPLETION_ALL_ACCESS 0x001F0003 #endif +static BOOL (WINAPI * pGetVolumePathNameW)(LPCWSTR, LPWSTR, DWORD); + static NTSTATUS (WINAPI *pRtlFreeUnicodeString)( PUNICODE_STRING ); static VOID (WINAPI *pRtlInitUnicodeString)( PUNICODE_STRING, LPCWSTR ); static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)( LPCWSTR, PUNICODE_STRING, PWSTR*, CURDIR* ); @@ -950,6 +952,12 @@ static void test_file_name_information(void) HANDLE h; UINT len; + /* GetVolumePathName is not present before w2k */ + if (!pGetVolumePathNameW) { + win_skip("GetVolumePathNameW not found\n"); + return; + } + file_name_size = GetSystemDirectoryW( NULL, 0 ); file_name = HeapAlloc( GetProcessHeap(), 0, file_name_size * sizeof(*file_name) ); volume_prefix = HeapAlloc( GetProcessHeap(), 0, file_name_size * sizeof(*volume_prefix) ); @@ -960,7 +968,7 @@ static void test_file_name_information(void) "GetSystemDirectoryW returned %u, expected %u.\n", len, file_name_size - 1); - len = GetVolumePathNameW( file_name, volume_prefix, file_name_size ); + len = pGetVolumePathNameW( file_name, volume_prefix, file_name_size ); ok(len, "GetVolumePathNameW failed.\n"); len = lstrlenW( volume_prefix ); @@ -1018,6 +1026,7 @@ static void test_file_name_information(void) START_TEST(file) { + HMODULE hkernel32 = GetModuleHandleA("kernel32.dll"); HMODULE hntdll = GetModuleHandleA("ntdll.dll"); if (!hntdll) { @@ -1025,6 +1034,8 @@ START_TEST(file) return; } + pGetVolumePathNameW = (void *)GetProcAddress(hkernel32, "GetVolumePathNameW"); + pRtlFreeUnicodeString = (void *)GetProcAddress(hntdll, "RtlFreeUnicodeString"); pRtlInitUnicodeString = (void *)GetProcAddress(hntdll, "RtlInitUnicodeString"); pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");

1 0

Rico Schüller : user32: Add argument check for PTITLEBARINFO in GetTitleBarInfo().
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: a679b4e3af0538d918968572f5e6f7a6b09e6956 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a679b4e3af0538d918968572f… Author: Rico Schüller <kgbricola(a)web.de> Date: Thu Nov 12 21:50:01 2009 +0100 user32: Add argument check for PTITLEBARINFO in GetTitleBarInfo(). --- dlls/user32/nonclient.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/dlls/user32/nonclient.c b/dlls/user32/nonclient.c index ccea517..e38e454 100644 --- a/dlls/user32/nonclient.c +++ b/dlls/user32/nonclient.c @@ -1630,6 +1630,11 @@ BOOL WINAPI GetTitleBarInfo(HWND hwnd, PTITLEBARINFO tbi) { TRACE("(%p %p)\n", hwnd, tbi); + if(!tbi) { + SetLastError(ERROR_NOACCESS); + return FALSE; + } + if(tbi->cbSize != sizeof(TITLEBARINFO)) { TRACE("Invalid TITLEBARINFO size: %d\n", tbi->cbSize); SetLastError(ERROR_INVALID_PARAMETER);

1 0

Juan Lang : crypt32: Fix test failures.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: 9aee8fd556ff8b32fe93970dd856ac780d8df4cd URL: http://source.winehq.org/git/wine.git/?a=commit;h=9aee8fd556ff8b32fe93970dd… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 12:48:05 2009 -0800 crypt32: Fix test failures. --- dlls/crypt32/tests/chain.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 1da1993..be3a0bd 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3032,7 +3032,8 @@ static const SimpleChainStatusCheck simpleStatus27[] = { static const CERT_TRUST_STATUS elementStatus27Broken[] = { { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, - CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER }, + CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER | + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, }; static const SimpleChainStatusCheck simpleStatus27Broken[] = { { sizeof(elementStatus27Broken) / sizeof(elementStatus27Broken[0]), @@ -3405,7 +3406,7 @@ static ChainCheck chainCheckEmbeddedNullBroken = { { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE | CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, CERT_TRUST_HAS_PREFERRED_ISSUER }, - { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, + { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS }, 1, simpleStatus27Broken }, 0 };

1 0

Juan Lang : crypt32: Accept any matching dNSName in a subject alternate name.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: 21ecc84620aa37fa005048a1b52a0890bb6e7fdc URL: http://source.winehq.org/git/wine.git/?a=commit;h=21ecc84620aa37fa005048a1b… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 12:26:05 2009 -0800 crypt32: Accept any matching dNSName in a subject alternate name. --- dlls/crypt32/chain.c | 11 ++++++++--- dlls/crypt32/tests/chain.c | 7 +------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 805447d..eb6d757 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -2373,16 +2373,21 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext, &subjectName, &size)) { DWORD i; - BOOL found = FALSE; - for (i = 0; !found && i < subjectName->cAltEntry; i++) + /* RFC 5280 states that multiple instances of each name type may exist, + * in section 4.2.1.6: + * "Multiple name forms, and multiple instances of each name form, + * MAY be included." + * It doesn't specify the behavior in such cases, but common usage is + * to accept a certificate if any name matches. + */ + for (i = 0; !matches && i < subjectName->cAltEntry; i++) { if (subjectName->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { TRACE_(chain)("dNSName: %s\n", debugstr_w( subjectName->rgAltEntry[i].u.pwszDNSName)); - found = TRUE; if (!strcmpiW(server_name, subjectName->rgAltEntry[i].u.pwszDNSName)) matches = TRUE; diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 323f062..1da1993 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3688,11 +3688,6 @@ static const ChainPolicyCheck stanfordPolicyCheckWithMatchingName = { { 0, 0, -1, -1, NULL}, NULL, 0 }; -static const ChainPolicyCheck stanfordPolicyCheckWithMatchingNameTodo = { - { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain }, - { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR -}; - static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = { { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain }, { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 @@ -4022,7 +4017,7 @@ static void check_ssl_policy(void) /* With "www.cs.stanford.edu": match */ sslPolicyPara.pwszServerName = www_dot_cs_dot_stanford_dot_edu; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, - &stanfordPolicyCheckWithMatchingNameTodo, 0, &oct2009, &policyPara); + &stanfordPolicyCheckWithMatchingName, 0, &oct2009, &policyPara); /* With "a.cs.stanford.edu": no match */ sslPolicyPara.pwszServerName = a_dot_cs_dot_stanford_dot_edu; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL,

1 0

Juan Lang : crypt32: Add tests for cs.stanford.edu's chain.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: 95a14deff997c7b3b19bb71ebbb69a187dc8c4fd URL: http://source.winehq.org/git/wine.git/?a=commit;h=95a14deff997c7b3b19bb71eb… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 10:47:04 2009 -0800 crypt32: Add tests for cs.stanford.edu's chain. --- dlls/crypt32/tests/chain.c | 312 ++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 312 insertions(+), 0 deletions(-) Diff: http://source.winehq.org/git/wine.git/?a=commitdiff;h=95a14deff997c7b3b19bb…

1 0

Juan Lang : crypt32: Use broken() to mark an expected result from a broken version of crypt32.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: d311cc9bdb71b21d339336668b11825fd6723ac0 URL: http://source.winehq.org/git/wine.git/?a=commit;h=d311cc9bdb71b21d339336668… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 10:35:12 2009 -0800 crypt32: Use broken() to mark an expected result from a broken version of crypt32. --- dlls/crypt32/tests/chain.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 57fe2b0..b9ffec9 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3230,6 +3230,12 @@ static void testGetCertChain(void) chainCheckEmbeddedNull.todo, 0); if (chain) { + ok(chain->TrustStatus.dwErrorStatus == + chainCheckEmbeddedNull.status.status.dwErrorStatus || + broken(chain->TrustStatus.dwErrorStatus == + chainCheckEmbeddedNullBroken.status.status.dwErrorStatus), + "unexpected chain error status %08x\n", + chain->TrustStatus.dwErrorStatus); if (chainCheckEmbeddedNull.status.status.dwErrorStatus == chain->TrustStatus.dwErrorStatus) checkChainStatus(chain, &chainCheckEmbeddedNull.status,

1 0

Juan Lang : crypt32: Implement matching a certificate with a wildcard in its name.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: b91d0c8bde9e27ea9c647c6ba9913487d60b3d2e URL: http://source.winehq.org/git/wine.git/?a=commit;h=b91d0c8bde9e27ea9c647c6ba… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Nov 11 17:45:49 2009 -0800 crypt32: Implement matching a certificate with a wildcard in its name. --- dlls/crypt32/chain.c | 138 +++++++++++++++++++++++++++++++++++++++++--- dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 131 insertions(+), 9 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 54bff75..805447d 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -2418,6 +2418,134 @@ static BOOL find_matching_domain_component(CERT_NAME_INFO *name, return matches; } +static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len, + LPCWSTR server_component, DWORD server_len, BOOL allow_wildcards, + BOOL *see_wildcard) +{ + LPCWSTR allowed_ptr, server_ptr; + BOOL matches = TRUE; + + *see_wildcard = FALSE; + if (server_len < allowed_len) + { + WARN_(chain)("domain component %s too short for %s\n", + debugstr_wn(server_component, server_len), + debugstr_wn(allowed_component, allowed_len)); + /* A domain component can't contain a wildcard character, so a domain + * component shorter than the allowed string can't produce a match. + */ + return FALSE; + } + for (allowed_ptr = allowed_component, server_ptr = server_component; + matches && allowed_ptr - allowed_component < allowed_len; + allowed_ptr++, server_ptr++) + { + if (*allowed_ptr == '*') + { + if (allowed_ptr - allowed_component < allowed_len - 1) + { + WARN_(chain)("non-wildcard characters after wildcard not supported\n"); + matches = FALSE; + } + else if (!allow_wildcards) + { + WARN_(chain)("wildcard after non-wildcard component\n"); + matches = FALSE; + } + else + { + /* the preceding characters must have matched, so the rest of + * the component also matches. + */ + *see_wildcard = TRUE; + break; + } + } + matches = tolowerW(*allowed_ptr) == tolowerW(*server_ptr); + } + if (matches && server_ptr - server_component < server_len) + { + /* If there are unmatched characters in the server domain component, + * the server domain only matches if the allowed string ended in a '*'. + */ + matches = *allowed_ptr == '*'; + } + return matches; +} + +static BOOL match_common_name(LPCWSTR server_name, PCERT_RDN_ATTR nameAttr) +{ + LPCWSTR allowed = (LPCWSTR)nameAttr->Value.pbData; + LPCWSTR allowed_component = allowed; + DWORD allowed_len = nameAttr->Value.cbData / sizeof(WCHAR); + LPCWSTR server_component = server_name; + DWORD server_len = strlenW(server_name); + BOOL matches = TRUE, allow_wildcards = TRUE; + + TRACE_(chain)("CN = %s\n", debugstr_wn(allowed_component, allowed_len)); + + /* From RFC 2818 (HTTP over TLS), section 3.1: + * "Names may contain the wildcard character * which is considered to match + * any single domain name component or component fragment. E.g., + * *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com + * but not bar.com." + * + * And from RFC 2595 (Using TLS with IMAP, POP3 and ACAP), section 2.4: + * "A "*" wildcard character MAY be used as the left-most name component in + * the certificate. For example, *.example.com would match a.example.com, + * foo.example.com, etc. but would not match example.com." + * + * There are other protocols which use TLS, and none of them is + * authoritative. This accepts certificates in common usage, e.g. + * *.domain.com matches www.domain.com but not domain.com, and + * www*.domain.com matches www1.domain.com but not mail.domain.com. + */ + do { + LPCWSTR allowed_dot, server_dot; + + allowed_dot = memchrW(allowed_component, '.', + allowed_len - (allowed_component - allowed)); + server_dot = memchrW(server_component, '.', + server_len - (server_component - server_name)); + /* The number of components must match */ + if ((!allowed_dot && server_dot) || (allowed_dot && !server_dot)) + { + if (!allowed_dot) + WARN_(chain)("%s: too many components for CN=%s\n", + debugstr_w(server_name), debugstr_wn(allowed, allowed_len)); + else + WARN_(chain)("%s: not enough components for CN=%s\n", + debugstr_w(server_name), debugstr_wn(allowed, allowed_len)); + matches = FALSE; + } + else + { + LPCWSTR allowed_end, server_end; + BOOL has_wildcard; + + allowed_end = allowed_dot ? allowed_dot : allowed + allowed_len; + server_end = server_dot ? server_dot : server_name + server_len; + matches = match_domain_component(allowed_component, + allowed_end - allowed_component, server_component, + server_end - server_component, allow_wildcards, &has_wildcard); + /* Once a non-wildcard component is seen, no wildcard components + * may follow + */ + if (!has_wildcard) + allow_wildcards = FALSE; + if (matches) + { + allowed_component = allowed_dot ? allowed_dot + 1 : allowed_end; + server_component = server_dot ? server_dot + 1 : server_end; + } + } + } while (matches && allowed_component && + allowed_component - allowed < allowed_len && + server_component && server_component - server_name < server_len); + TRACE_(chain)("returning %d\n", matches); + return matches; +} + static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name) { BOOL matches = FALSE; @@ -2466,16 +2594,10 @@ static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name) PCERT_RDN_ATTR attr; /* If the certificate isn't using a DN attribute in the name, make - * make sure the common name matches. Again, use memicmpW rather - * than strcmpiW in order to avoid being fooled by an embedded NULL. + * make sure the common name matches. */ if ((attr = CertFindRDNAttr(szOID_COMMON_NAME, name))) - { - TRACE_(chain)("CN = %s\n", debugstr_w( - (LPWSTR)attr->Value.pbData)); - matches = !memicmpW(server_name, (LPWSTR)attr->Value.pbData, - attr->Value.cbData / sizeof(WCHAR)); - } + matches = match_common_name(server_name, attr); } LocalFree(name); } diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 8092c8c..57fe2b0 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3392,7 +3392,7 @@ static const ChainPolicyCheck iTunesPolicyCheckWithoutMatchingName = { static const ChainPolicyCheck opensslPolicyCheckWithMatchingName = { { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain }, - { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR + { 0, 0, -1, -1, NULL}, NULL, 0 }; static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {

1 0

Juan Lang : crypt32: Test matching a certificate with a wildcard in its name.
by Alexandre Julliard 13 Nov '09

13 Nov '09

Module: wine Branch: master Commit: e7406726477e0dc1403554a03a40e7763e686a82 URL: http://source.winehq.org/git/wine.git/?a=commit;h=e7406726477e0dc1403554a03… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Nov 11 16:28:23 2009 -0800 crypt32: Test matching a certificate with a wildcard in its name. --- dlls/crypt32/tests/chain.c | 49 ++++++++++++++++++++++++++++++++++++++----- 1 files changed, 43 insertions(+), 6 deletions(-) diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 0f04604..8092c8c 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3371,12 +3371,12 @@ static const ChainPolicyCheck sslPolicyCheck[] = { { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 }, }; -static const ChainPolicyCheck sslPolicyCheckWithMatchingNameExpired = { +static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = { { sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0 }; -static const ChainPolicyCheck sslPolicyCheckWithMatchingName = { +static const ChainPolicyCheck googlePolicyCheckWithMatchingName = { { sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { 0, 0, -1, -1, NULL}, NULL, 0 }; @@ -3385,11 +3385,22 @@ static const ChainPolicyCheck sslPolicyCheckWithMatchingName = { static const CERT_CHAIN_POLICY_STATUS noMatchingNameBrokenStatus = { 0, CERT_E_ROLE, 0, 0, NULL }; -static const ChainPolicyCheck sslPolicyCheckWithoutMatchingName = { +static const ChainPolicyCheck iTunesPolicyCheckWithoutMatchingName = { { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain }, { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, &noMatchingNameBrokenStatus, 0 }; +static const ChainPolicyCheck opensslPolicyCheckWithMatchingName = { + { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain }, + { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR +}; + +static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = { + { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain }, + { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0 +}; + + static const ChainPolicyCheck authenticodePolicyCheck[] = { { { sizeof(chain0) / sizeof(chain0[0]), chain0 }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, NULL, 0 }, @@ -3595,6 +3606,13 @@ static void check_ssl_policy(void) WCHAR winehq[] = { 'w','i','n','e','h','q','.','o','r','g',0 }; WCHAR google_dot_com[] = { 'w','w','w','.','g','o','o','g','l','e','.', 'c','o','m',0 }; + WCHAR a_dot_openssl_dot_org[] = { 'a','.','o','p','e','n','s','s','l','.', + 'o','r','g',0 }; + WCHAR openssl_dot_org[] = { 'o','p','e','n','s','s','l','.','o','r','g',0 }; + WCHAR fopenssl_dot_org[] = { 'f','o','p','e','n','s','s','l','.', + 'o','r','g',0 }; + WCHAR a_dot_b_dot_openssl_dot_org[] = { 'a','.','b','.', + 'o','p','e','n','s','s','l','.','o','r','g',0 }; /* Check ssl policy with no parameter */ for (i = 0; @@ -3663,15 +3681,34 @@ static void check_ssl_policy(void) * extension. */ checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, - &sslPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); + &iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); /* And again, but checking the Google chain at a bad date */ sslPolicyPara.pwszServerName = google_dot_com; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, - &sslPolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara); + &googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara); /* And again, but checking the Google chain at a good date */ sslPolicyPara.pwszServerName = google_dot_com; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, - &sslPolicyCheckWithMatchingName, 0, &oct2009, &policyPara); + &googlePolicyCheckWithMatchingName, 0, &oct2009, &policyPara); + /* Check again with the openssl cert, which has a wildcard in its name, + * with various combinations of matching and non-matching names. + * With "a.openssl.org": match + */ + sslPolicyPara.pwszServerName = a_dot_openssl_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, + &opensslPolicyCheckWithMatchingName, 0, &oct2009, &policyPara); + /* With "openssl.org": no match */ + sslPolicyPara.pwszServerName = openssl_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, + &opensslPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara); + /* With "fopenssl.org": no match */ + sslPolicyPara.pwszServerName = fopenssl_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, + &opensslPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara); + /* with "a.b.openssl.org": no match */ + sslPolicyPara.pwszServerName = a_dot_b_dot_openssl_dot_org; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, + &opensslPolicyCheckWithoutMatchingName, 0, &oct2009, &policyPara); } static void testVerifyCertChainPolicy(void)

1 0

← Newer
1
...
50
51
52
53
54
55
56
...
91
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-commits November 2009