Juan Lang : winhttp: Honor security flags when verifying a certificate.

18 May 2010

Module: wine
Branch: master
Commit: b659dee9999e4db272ccdc5b5ab14dac9d47fc02
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=b659dee9999e4db272ccdc5b5a...
Author: Juan Lang juan.lang@gmail.com
Date:   Mon May 17 10:13:13 2010 -0700
winhttp: Honor security flags when verifying a certificate.
---
dlls/winhttp/net.c |   22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c
index da57f8c..ab7a4a7 100644
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -254,7 +254,7 @@ static PCCERT_CONTEXT X509_to_cert_context(X509 *cert)
 }
static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
-                                  WCHAR *server )
+                                  WCHAR *server, DWORD security_flags )
 {
     BOOL ret;
     CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
@@ -272,7 +272,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
         if (chain->TrustStatus.dwErrorStatus)
         {
             if (chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID)
-                err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID;
+            {
+                if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
+                    err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID;
+            }
             else if (chain->TrustStatus.dwErrorStatus &
                      CERT_TRUST_IS_UNTRUSTED_ROOT)
                 err = ERROR_WINHTTP_SECURE_INVALID_CA;
@@ -285,7 +288,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
                 err = ERROR_WINHTTP_SECURE_CERT_REVOKED;
             else if (chain->TrustStatus.dwErrorStatus &
                 CERT_TRUST_IS_NOT_VALID_FOR_USAGE)
-                err = ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE;
+            {
+                if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE))
+                    err = ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE;
+            }
             else
                 err = ERROR_WINHTTP_SECURE_INVALID_CERT;
         }
@@ -310,7 +316,10 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
             if (ret && policyStatus.dwError)
             {
                 if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
-                    err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
+                {
+                    if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
+                        err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
+                }
                 else
                     err = ERROR_WINHTTP_SECURE_INVALID_CERT;
             }
@@ -328,9 +337,11 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
     SSL *ssl;
     WCHAR *server;
     BOOL ret = FALSE;
+    netconn_t *conn;
ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() );
     server = pSSL_get_ex_data( ssl, hostname_idx );
+    conn = pSSL_get_ex_data( ssl, conn_idx );
     if (preverify_ok)
     {
         HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
@@ -362,7 +373,8 @@ static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
             if (!endCert) ret = FALSE;
             if (ret)
             {
-                DWORD_PTR err = netconn_verify_cert( endCert, store, server );
+                DWORD_PTR err = netconn_verify_cert( endCert, store, server,
+                                                     conn->security_flags );
if (err)
                 {

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Juan Lang : winhttp: Honor security flags when verifying a certificate.