Module: wine Branch: master Commit: a24b5588d23b61a6e769f53996610c75f0de6af4 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a24b5588d23b61a6e769f53996...
Author: Jacek Caban jacek@codeweavers.com Date: Mon May 28 13:55:00 2012 +0200
wininet: Fixed grouping security error flags.
---
dlls/wininet/internet.h | 4 ++-- dlls/wininet/netconnection.c | 34 ++++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/dlls/wininet/internet.h b/dlls/wininet/internet.h index 230e8d8..fd6b5f7 100644 --- a/dlls/wininet/internet.h +++ b/dlls/wininet/internet.h @@ -561,11 +561,11 @@ typedef struct } wininet_flag_info;
/* Undocumented security flags */ -#define _SECURITY_FLAG_CERT_INVALID_CA 0x00800000 +#define _SECURITY_FLAG_CERT_REV_FAILED 0x00800000 #define _SECURITY_FLAG_CERT_INVALID_CN 0x02000000
#define _SECURITY_ERROR_FLAGS_MASK \ - (_SECURITY_FLAG_CERT_INVALID_CA \ + (_SECURITY_FLAG_CERT_REV_FAILED \ |_SECURITY_FLAG_CERT_INVALID_CN)
#endif /* _WINE_INTERNET_H_ */ diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c index 8117884..ceed17a 100644 --- a/dlls/wininet/netconnection.c +++ b/dlls/wininet/netconnection.c @@ -249,7 +249,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR if (chain->TrustStatus.dwErrorStatus & ~supportedErrors) { if(conn->mask_errors) WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n"); - err = ERROR_INTERNET_SEC_INVALID_CERT; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT; errors &= supportedErrors; }
@@ -257,23 +257,31 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR if(conn->mask_errors) WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n"); if(!(conn->security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID)) - err = ERROR_INTERNET_SEC_CERT_DATE_INVALID; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_DATE_INVALID; errors &= ~CERT_TRUST_IS_NOT_TIME_VALID; }
- if(errors & (CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_PARTIAL_CHAIN)) { + if(errors & CERT_TRUST_IS_UNTRUSTED_ROOT) { if(conn->mask_errors) - conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA; + WARN("CERT_TRUST_IS_UNTRUSTED_ROOT, unknown flags\n"); if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) - err = ERROR_INTERNET_INVALID_CA; - errors &= ~(CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_PARTIAL_CHAIN); + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA; + errors &= ~CERT_TRUST_IS_UNTRUSTED_ROOT; + } + + if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) { + if(conn->mask_errors) + conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED; + if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED; + errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN; }
if(errors & (CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) { if(conn->mask_errors) WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n"); if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION)) - err = ERROR_INTERNET_SEC_CERT_NO_REV; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_NO_REV; errors &= ~(CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN); }
@@ -281,7 +289,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR if(conn->mask_errors) WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n"); if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION)) - err = ERROR_INTERNET_SEC_CERT_REVOKED; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REVOKED; errors &= ~CERT_TRUST_IS_REVOKED; }
@@ -289,7 +297,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR if(conn->mask_errors) WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE, unknown error flags\n"); if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE)) - err = ERROR_INTERNET_SEC_INVALID_CERT; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT; errors &= ~CERT_TRUST_IS_NOT_VALID_FOR_USAGE; }
@@ -321,11 +329,11 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR if(policyStatus.dwError == CERT_E_CN_NO_MATCH) { if(conn->mask_errors) conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CN; - err = ERROR_INTERNET_SEC_CERT_CN_INVALID; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_CN_INVALID; }else if(policyStatus.dwError) { if(conn->mask_errors) WARN("unknown error flags for policy status %x\n", policyStatus.dwError); - err = ERROR_INTERNET_SEC_INVALID_CERT; + err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT; } }else { err = GetLastError(); @@ -336,10 +344,8 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
if(err) { WARN("failed %u\n", err); - if(conn->mask_errors) { + if(conn->mask_errors) conn->server->security_flags |= conn->security_flags & _SECURITY_ERROR_FLAGS_MASK; - return err == ERROR_INTERNET_INVALID_CA ? ERROR_INTERNET_SEC_CERT_REV_FAILED : ERROR_INTERNET_SEC_CERT_ERRORS; - } return err; }