Jacek Caban : wininet: Improved handling ERROR_INTERNET_INVALID_CA error. - wine-commits

7 Jun 2012

Module: wine
Branch: master
Commit: c3eec8dc57de430c3d6ca46a15f0ead2553505b1
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c3eec8dc57de430c3d6ca46a15...
Author: Jacek Caban jacek@codeweavers.com
Date:   Thu Jun  7 15:40:31 2012 +0200
wininet: Improved handling ERROR_INTERNET_INVALID_CA error.
---
dlls/wininet/dialogs.c       |    2 ++
 dlls/wininet/internet.h      |    2 ++
 dlls/wininet/netconnection.c |   17 +++++++++++++----
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/dlls/wininet/dialogs.c b/dlls/wininet/dialogs.c
index 68c668e..7bcfb15 100644
--- a/dlls/wininet/dialogs.c
+++ b/dlls/wininet/dialogs.c
@@ -540,6 +540,8 @@ static INT_PTR WINAPI WININET_InvalidCertificateDialog(
                     break;
                 case ERROR_INTERNET_SEC_CERT_ERRORS:
                     if(flags & _SECURITY_FLAG_CERT_REV_FAILED)
+                        flags |= SECURITY_FLAG_IGNORE_REVOCATION;
+                    if(flags & _SECURITY_FLAG_CERT_INVALID_CA)
                         flags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
                     if(flags & _SECURITY_FLAG_CERT_INVALID_CN)
                         flags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
diff --git a/dlls/wininet/internet.h b/dlls/wininet/internet.h
index a46e185..a25be32 100644
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@@ -560,11 +560,13 @@ typedef struct
/* Undocumented security flags */
 #define _SECURITY_FLAG_CERT_REV_FAILED    0x00800000
+#define _SECURITY_FLAG_CERT_INVALID_CA    0x01000000
 #define _SECURITY_FLAG_CERT_INVALID_CN    0x02000000
 #define _SECURITY_FLAG_CERT_INVALID_DATE  0x04000000
#define _SECURITY_ERROR_FLAGS_MASK              \
     (_SECURITY_FLAG_CERT_REV_FAILED             \
+    |_SECURITY_FLAG_CERT_INVALID_CA             \
     |_SECURITY_FLAG_CERT_INVALID_CN             \
     |_SECURITY_FLAG_CERT_INVALID_DATE)
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index 00c3513..47b8453 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -272,12 +272,21 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
         errors &= ~CERT_TRUST_IS_UNTRUSTED_ROOT;
     }
+    /* This seems strange, but that's what tests show */
     if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) {
         WARN("CERT_TRUST_IS_PARTIAL_CHAIN\n");
-        if(conn->mask_errors)
-            conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
-        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
-            err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED;
+        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) {
+            if(!(conn->security_flags & _SECURITY_FLAG_CERT_REV_FAILED))
+                err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_REV_FAILED;
+            else
+                err = conn->mask_errors ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_INVALID_CA;
+        }
+        if(conn->mask_errors) {
+            if(!(conn->security_flags & _SECURITY_FLAG_CERT_REV_FAILED))
+                conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
+            else
+                conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CA;
+        }
         errors &= ~CERT_TRUST_IS_PARTIAL_CHAIN;
     }

    