This is already tested by setting a flag in the ssl policy parameters, but apparently the flag in base policy parameters also needs to be respected. Tested on Win7.
Signed-off-by: Ilia Mirkin imirkin@alum.mit.edu ---
v2: reorder to be after the wine change so that the test doesn't fail
dlls/crypt32/tests/chain.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index e2a7633526..1bf78b084d 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -4743,6 +4743,11 @@ static void check_ssl_policy(void) CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, ignoredUnknownCAPolicyCheck, &oct2007, &policyPara); sslPolicyPara.fdwChecks = 0; + /* And again, but specifying the ignore in dwFlags */ + policyPara.dwFlags = CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG; + CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL, + ignoredUnknownCAPolicyCheck, &oct2007, &policyPara); + policyPara.dwFlags = 0; /* And again, but checking the Google chain at a bad date */ sslPolicyPara.pwszServerName = google_dot_com; CHECK_CHAIN_POLICY_STATUS(CERT_CHAIN_POLICY_SSL, NULL,