Module: wine Branch: master Commit: 6ac02c0cacb036059bbd6089e3d96fdc435ba67a URL: https://source.winehq.org/git/wine.git/?a=commit;h=6ac02c0cacb036059bbd6089e...

Author: Piotr Caban piotr@codeweavers.com Date: Thu Apr 15 17:25:13 2021 +0200

crypt32: Handle CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG when verifying chain policy.

Signed-off-by: Piotr Caban piotr@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org

---

dlls/crypt32/chain.c | 6 ++++-- dlls/crypt32/tests/chain.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index c7d387ebc59..63bcfebec38 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -3027,7 +3027,8 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, &pPolicyStatus->lElementIndex); } if (!pPolicyStatus->dwError && - pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID) + pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID && + !(checks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG)) { pPolicyStatus->dwError = CERT_E_EXPIRED; find_element_with_error(pChainContext, @@ -3492,7 +3493,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, } else if (pChainContext->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID && - !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID)) + !(checks & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) && + !(baseChecks & CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG)) { pPolicyStatus->dwError = CERT_E_EXPIRED; find_element_with_error(pChainContext, diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index e8c8843a321..68817b98dda 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -4741,12 +4741,12 @@ static const CERT_CHAIN_POLICY_STATUS badDateNestingStatus =

static const ChainPolicyCheck ignoredBadDateNestingBasePolicyCheck = { { ARRAY_SIZE(chain2), chain2 }, - { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR + { 0, 0, -1, -1, NULL}, NULL, 0 };

static const ChainPolicyCheck ignoredInvalidDateBasePolicyCheck = { { ARRAY_SIZE(googleChain), googleChain }, - { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR + { 0, 0, -1, -1, NULL}, NULL, 0 };

static const ChainPolicyCheck ignoredInvalidUsageBasePolicyCheck = {