Juan Lang : crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.

Module: wine Branch: master Commit: 54429016eb68e81062e3cf20a23d348c9989d72b URL: http://source.winehq.org/git/wine.git/?a=commit;h=54429016eb68e81062e3cf20a2...

Author: Juan Lang juan.lang@gmail.com Date: Wed Sep 29 13:39:34 2010 -0700

crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.

---

dlls/crypt32/tests/chain.c | 25 +++++++++++++++++++++++++ 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 707d62e..5d24ac7 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3788,11 +3788,21 @@ static const ChainPolicyCheck sslPolicyCheck[] = { { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 }, };

+static const ChainPolicyCheck ignoredUnknownCAPolicyCheck = { + { sizeof(chain0) / sizeof(chain0[0]), chain0 }, + { 0, CERT_E_EXPIRED, 0, 0, NULL }, NULL, TODO_ERROR +}; + static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = { { sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0 };

+static const ChainPolicyCheck googlePolicyCheckWithMatchingNameIgnoringExpired = { + { sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, + { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR +}; + static const ChainPolicyCheck googlePolicyCheckWithMatchingName = { { sizeof(googleChain) / sizeof(googleChain[0]), googleChain }, { 0, 0, -1, -1, NULL}, NULL, 0 @@ -4131,10 +4141,25 @@ static void check_ssl_policy(void) */ checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, &iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara); + /* And again, specifying a chain with an untrusted root, but ignoring + * unknown CAs. + */ + sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, + &ignoredUnknownCAPolicyCheck, 0, &oct2007, &policyPara); + sslPolicyPara.fdwChecks = 0; /* And again, but checking the Google chain at a bad date */ sslPolicyPara.pwszServerName = google_dot_com; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, &googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara); + /* Again checking the Google chain at a bad date, but ignoring date + * errors. + */ + sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_DATE_INVALID; + checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL, + &googlePolicyCheckWithMatchingNameIgnoringExpired, 0, &oct2007, + &policyPara); + sslPolicyPara.fdwChecks = 0; /* And again, but checking the Google chain at a good date */ sslPolicyPara.pwszServerName = google_dot_com; checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,