Juan Lang : crypt32/tests: Test the base and SSL policies against a certificate with an invalid critical extension .

6 Oct 2010

Module: wine
Branch: master
Commit: d5bcf21c9100898c30e77ece81a27d3f70db77d1
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=d5bcf21c9100898c30e77ece81...
Author: Juan Lang juan.lang@gmail.com
Date:   Tue Oct  5 21:12:50 2010 -0700
crypt32/tests: Test the base and SSL policies against a certificate with an invalid critical extension.
---
dlls/crypt32/tests/chain.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 9d90ba3..c31fb30 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3962,6 +3962,11 @@ static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = {
  { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
 };
+static const ChainPolicyCheck invalidExtensionPolicyCheck = {
+ { sizeof(chain30) / sizeof(chain30[0]), chain30 },
+ { 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, TODO_ERROR
+};
+
 static const ChainPolicyCheck authenticodePolicyCheck[] = {
  { { sizeof(chain0) / sizeof(chain0[0]), chain0 },
    { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, NULL, 0 },
@@ -4190,6 +4195,12 @@ static void check_base_policy(void)
      CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG;
     checkChainPolicyStatus(CERT_CHAIN_POLICY_BASE, NULL,
      &invalidUsageBasePolicyCheck, 0, &oct2007, &policyPara);
+    /* Test chain30, which has an invalid critical extension in an intermediate
+     * cert, against the base policy.
+     */
+    policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_BASE, NULL,
+     &invalidExtensionPolicyCheck, 0, &oct2007, &policyPara);
 }
static void check_ssl_policy(void)
@@ -4377,6 +4388,13 @@ static void check_ssl_policy(void)
      &winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara);
     CertFreeCertificateChainEngine(engine);
     CertCloseStore(testRoot, 0);
+    /* Test chain30, which has an invalid critical extension in an intermediate
+     * cert, against the SSL policy.
+     */
+    sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
+    sslPolicyPara.pwszServerName = NULL;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
+     &invalidExtensionPolicyCheck, 0, &oct2007, &policyPara);
 }
static void testVerifyCertChainPolicy(void)

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Juan Lang : crypt32/tests: Test the base and SSL policies against a certificate with an invalid critical extension .