Juan Lang : crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy .

Module: wine Branch: master Commit: 25a8d301c10bd1c4cc80af04cd2abbd79f4d11a3 URL: http://source.winehq.org/git/wine.git/?a=commit;h=25a8d301c10bd1c4cc80af04cd...

Author: Juan Lang juan.lang@gmail.com Date: Tue Oct 5 21:25:33 2010 -0700

crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.

---

dlls/crypt32/chain.c | 18 ++++++++++++++++++ dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index ffb5fb4..056838b 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -2954,6 +2954,16 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex, &pPolicyStatus->lElementIndex); } + if (!pPolicyStatus->dwError && + pChainContext->TrustStatus.dwErrorStatus & + CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT && + !(checks & CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG)) + { + pPolicyStatus->dwError = CERT_E_CRITICAL; + find_element_with_error(pChainContext, + CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex, + &pPolicyStatus->lElementIndex); + } return TRUE; }

@@ -3377,6 +3387,14 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, CERT_TRUST_IS_OFFLINE_REVOCATION, &pPolicyStatus->lChainIndex, &pPolicyStatus->lElementIndex); } + else if (pChainContext->TrustStatus.dwErrorStatus & + CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT) + { + pPolicyStatus->dwError = CERT_E_CRITICAL; + find_element_with_error(pChainContext, + CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT, &pPolicyStatus->lChainIndex, + &pPolicyStatus->lElementIndex); + } else pPolicyStatus->dwError = NO_ERROR; /* We only need bother checking whether the name in the end certificate diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 5a2b17e..b6a01bf 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -3964,7 +3964,7 @@ static const ChainPolicyCheck stanfordPolicyCheckWithoutMatchingName = {

static const ChainPolicyCheck invalidExtensionPolicyCheck = { { sizeof(chain30) / sizeof(chain30[0]), chain30 }, - { 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, TODO_ERROR + { 0, CERT_E_CRITICAL, 0, 1, NULL}, NULL, 0 };

static const ChainPolicyCheck authenticodePolicyCheck[] = {