Hans Leidekker : winhttp: Fix handling of WINHTTP_OPTION_SECURITY_FLAGS. - wine-commits

17 Dec 2018

Module: wine
Branch: master
Commit: 51f7680dccd4698fbceb7520f3e7fdccc293b7f7
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=51f7680dccd4698fbceb7520f...
Author: Hans Leidekker hans@codeweavers.com
Date:   Mon Dec 17 12:26:35 2018 +0100
winhttp: Fix handling of WINHTTP_OPTION_SECURITY_FLAGS.
Signed-off-by: Hans Leidekker hans@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/winhttp/session.c       | 15 +++++++--------
 dlls/winhttp/tests/winhttp.c | 29 ++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c
index 39e8d82..82615ad 100644
--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -695,7 +695,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
     {
     case WINHTTP_OPTION_SECURITY_FLAGS:
     {
-        DWORD flags = 0;
+        DWORD flags;
         int bits;
if (!buffer || *buflen < sizeof(flags))
@@ -705,9 +705,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
             return FALSE;
         }
-        flags = 0;
-        if (hdr->flags & WINHTTP_FLAG_SECURE) flags |= SECURITY_FLAG_SECURE;
-        flags |= request->security_flags;
+        flags = request->security_flags;
         if (request->netconn)
         {
             bits = netconn_get_cipher_strength( request->netconn );
@@ -929,6 +927,10 @@ static BOOL request_set_option( struct object_header *hdr, DWORD option, void *b
     case WINHTTP_OPTION_SECURITY_FLAGS:
     {
         DWORD flags;
+        static const DWORD accepted = SECURITY_FLAG_IGNORE_CERT_CN_INVALID   |
+                                      SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+                                      SECURITY_FLAG_IGNORE_UNKNOWN_CA        |
+                                      SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
if (buflen < sizeof(DWORD))
         {
@@ -937,10 +939,7 @@ static BOOL request_set_option( struct object_header *hdr, DWORD option, void *b
         }
         flags = *(DWORD *)buffer;
         TRACE("0x%x\n", flags);
-        if (!(flags & (SECURITY_FLAG_IGNORE_CERT_CN_INVALID   |
-                       SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
-                       SECURITY_FLAG_IGNORE_UNKNOWN_CA        |
-                       SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE)))
+        if (flags && (flags & ~accepted))
         {
             SetLastError( ERROR_INVALID_PARAMETER );
             return FALSE;
diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c
index 3f91251..91a9d53 100644
--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -1033,7 +1033,7 @@ static void test_secure_connection(void)
 {
     static const char data_start[] = "<!DOCTYPE html PUBLIC";
     HINTERNET ses, con, req;
-    DWORD size, status, policy, bitness, read_size, err, available_size, protocols;
+    DWORD size, status, policy, bitness, read_size, err, available_size, protocols, flags;
     BOOL ret;
     CERT_CONTEXT *cert;
     WINHTTP_CERTIFICATE_INFO info;
@@ -1087,6 +1087,33 @@ static void test_secure_connection(void)
     req = WinHttpOpenRequest(con, NULL, NULL, NULL, NULL, NULL, WINHTTP_FLAG_SECURE);
     ok(req != NULL, "failed to open a request %u\n", GetLastError());
+    flags = 0xdeadbeef;
+    size = sizeof(flags);
+    ret = WinHttpQueryOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, &size);
+    ok(ret, "failed to query security flags %u\n", GetLastError());
+    ok(!flags, "got %08x\n", flags);
+
+    flags = SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+    ok(ret, "failed to set security flags %u\n", GetLastError());
+
+    flags = SECURITY_FLAG_SECURE;
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+    ok(!ret, "success\n");
+
+    flags = SECURITY_FLAG_STRENGTH_STRONG;
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+    ok(!ret, "success\n");
+
+    flags = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
+            SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+    ok(ret, "failed to set security flags %u\n", GetLastError());
+
+    flags = 0;
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags));
+    ok(ret, "failed to set security flags %u\n", GetLastError());
+
     ret = WinHttpSetOption(req, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0);
     err = GetLastError();
     ok(ret || broken(!ret && err == ERROR_INVALID_PARAMETER) /* winxp */, "failed to set client cert context %u\n", err);

    