Hello Ilia, thanks for the patch.
On 1/22/20 9:45 AM, Ilia Mirkin wrote:
This is already tested by setting a flag in the ssl policy parameters, but apparently the flag in base policy parameters also needs to be respected. Tested on Win7.
Signed-off-by: Ilia Mirkin imirkin@alum.mit.edu
dlls/crypt32/tests/chain.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index e2a7633526..1bf78b084d 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -4743,6 +4743,11 @@ static void check_ssl_policy(void) CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, ignoredUnknownCAPolicyCheck, &oct2007, &policyPara); sslPolicyPara.fdwChecks = 0;
- /* And again, but specifying the ignore in dwFlags */
- policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG;
- CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,
ignoredUnknownCAPolicyCheck, &oct2007, &policyPara);- policyPara.dwFlags = 0; /* And again, but checking the Google chain at a bad date */ sslPolicyPara.pwszServerName = google_dot_com; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,
As the testbot has complained, we don't want the tests to fail even temporarily on Wine; that's what todo_wine is for. To resolve this, because crypt32 is a terrible mess, you could either duplicate "ignoredUnknownCAPolicyCheck" and add the TODO flag, or just reorder or combine the patches.