Juan Lang : crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate' s name constraints are met. - wine-commits

16 Nov 2009

Module: wine
Branch: master
Commit: c4b997bab3d530339c89370cda337f8b3e415129
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c4b997bab3d530339c89370cda...
Author: Juan Lang juan.lang@gmail.com
Date:   Thu Nov 12 17:05:07 2009 -0800
crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.
---
dlls/crypt32/chain.c       |    8 ++++++--
 dlls/crypt32/tests/chain.c |   10 ++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index eb6d757..17471d5 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -815,8 +815,12 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
                         CRYPT_CheckNameConstraints(nameConstraints,
                          chain->rgpElement[j]->pCertContext->pCertInfo,
                          &errorStatus);
-                        chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
-                         errorStatus;
+                        if (errorStatus)
+                            chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+                             errorStatus;
+                        else
+                            chain->rgpElement[i]->TrustStatus.dwInfoStatus |=
+                             CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS;
                     }
                 }
             }
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index be3a0bd..e48dba3 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -2927,7 +2927,8 @@ static CONST_DATA_BLOB chain19[] = {
 static const CERT_TRUST_STATUS elementStatus19[] = {
  { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
  { CERT_TRUST_IS_UNTRUSTED_ROOT,
-   CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
+   CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER |
+   CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS },
 };
 static const SimpleChainStatusCheck simpleStatus19[] = {
  { sizeof(elementStatus19) / sizeof(elementStatus19[0]), elementStatus19 },
@@ -2951,7 +2952,8 @@ static CONST_DATA_BLOB chain21[] = {
 static const CERT_TRUST_STATUS elementStatus21[] = {
  { CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_NAME_MATCH_ISSUER },
  { CERT_TRUST_IS_UNTRUSTED_ROOT,
-   CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER },
+   CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER |
+   CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS },
 };
 static const SimpleChainStatusCheck simpleStatus21[] = {
  { sizeof(elementStatus21) / sizeof(elementStatus21[0]), elementStatus21 },
@@ -3257,7 +3259,7 @@ static ChainCheck chainCheck[] = {
        CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
        CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
      },
-     { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
+     { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS },
      1, simpleStatus19 },
    0 },
  /* Older versions of crypt32 do not set
@@ -3278,7 +3280,7 @@ static ChainCheck chainCheck[] = {
        CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
        CERT_TRUST_HAS_PREFERRED_ISSUER | CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
      },
-     { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 },
+     { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS },
      1, simpleStatus21 },
    0 },
  { { sizeof(chain22) / sizeof(chain22[0]), chain22 },

    