Module: wine Branch: master Commit: a0dc2adf73b1d9aa967025490e0145b1c798effe URL: https://source.winehq.org/git/wine.git/?a=commit;h=a0dc2adf73b1d9aa967025490...
Author: Piotr Caban piotr@codeweavers.com Date: Thu Apr 15 17:25:06 2021 +0200
crypt32/tests: Fix tests on systems where google chain root is not trusted.
Signed-off-by: Piotr Caban piotr@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/crypt32/tests/chain.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 18f7eca6829..26a1a16dc82 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -5091,7 +5091,8 @@ static void check_base_policy(void) CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_BASE, NULL, ignoredBadDateNestingBasePolicyCheck, &oct2007, &policyPara); - policyPara.dwFlags = CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; + policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG | + CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_BASE, NULL, ignoredInvalidDateBasePolicyCheck, &oct2007, &policyPara); policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG | @@ -5134,7 +5135,7 @@ static void check_authenticode_policy(void) epochStart.wYear = 1601; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_AUTHENTICODE, NULL, ignoredUnknownCAPolicyCheck, &epochStart, &policyPara); - policyPara.dwFlags = CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; + policyPara.dwFlags |= CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_AUTHENTICODE, NULL, ignoredInvalidDateBasePolicyCheck, &oct2007, &policyPara); } @@ -5228,22 +5229,24 @@ static void check_ssl_policy(void) policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, ignoredUnknownCAPolicyCheck, &oct2007, &policyPara); - policyPara.dwFlags = 0; /* And again, but checking the Google chain at a bad date */ sslPolicyPara.pwszServerName = google_dot_com; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, googlePolicyCheckWithMatchingNameExpired, &oct2007, &policyPara); + policyPara.dwFlags = 0; /* Again checking the Google chain at a bad date, but ignoring date * errors. */ - sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_DATE_INVALID; + sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA | + SECURITY_FLAG_IGNORE_CERT_DATE_INVALID; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, googlePolicyCheckWithMatchingName, &oct2007, &policyPara); - sslPolicyPara.fdwChecks = 0; /* And again, but checking the Google chain at a good date */ + sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA; sslPolicyPara.pwszServerName = google_dot_com; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, googlePolicyCheckWithMatchingName, &nov2016, &policyPara); + sslPolicyPara.fdwChecks = 0;
/* Check again with the openssl cert, which has a wildcard in its name, * with various combinations of matching and non-matching names.