[PATCH 4/6] crypt32: Favour CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG in verify_ssl_policy().

9 Jan 2025

From: Paul Gofman pgofman@codeweavers.com
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=56559
---
 dlls/crypt32/chain.c       | 2 +-
 dlls/crypt32/tests/chain.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index fb2f391ff6e..61f9e66f30c 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3518,7 +3518,7 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
     }
     else if (pChainContext->TrustStatus.dwErrorStatus &
      CERT_TRUST_REVOCATION_STATUS_UNKNOWN &&
-     !(checks & SECURITY_FLAG_IGNORE_REVOCATION))
+     !(checks & SECURITY_FLAG_IGNORE_REVOCATION) && !(baseChecks & CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG))
     {
         pPolicyStatus->dwError = CRYPT_E_REVOCATION_OFFLINE;
         find_element_with_error(pChainContext,
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index f4f5a69698f..9bf5f890167 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -5393,7 +5393,7 @@ static void test_VerifyCertChainPolicy_flags(void)
         /* CERT_TRUST_REVOCATION_STATUS_UNKNOWN is only cheked on the end certificate. */
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 1, 0, 0, ERROR_SUCCESS, TRUE },
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 2, 0, 0, ERROR_SUCCESS, TRUE },
-        { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 0, CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG, 0, 0, TRUE },
+        { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 0, CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG, 0, 0 },
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 0, CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG, 0, CRYPT_E_REVOCATION_OFFLINE },
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 0, CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG, 0, CRYPT_E_REVOCATION_OFFLINE },
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN | CERT_TRUST_IS_OFFLINE_REVOCATION, 0, CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG, 0, CRYPT_E_REVOCATION_OFFLINE },
@@ -5405,7 +5405,7 @@ static void test_VerifyCertChainPolicy_flags(void)
         /* CERT_TRUST_REVOCATION_STATUS_UNKNOWN is only cheked on the end certificate. */
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN, 1, 0, 0, ERROR_SUCCESS, TRUE },
         { CERT_TRUST_REVOCATION_STATUS_UNKNOWN, 2, 0, 0, ERROR_SUCCESS, TRUE },
-        { CERT_TRUST_REVOCATION_STATUS_UNKNOWN, 0, CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG, 0, 0, TRUE },
+        { CERT_TRUST_REVOCATION_STATUS_UNKNOWN, 0, CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG, 0, 0 },
{ CERT_TRUST_IS_REVOKED, 0, 0, 0, CRYPT_E_REVOKED },
         { CERT_TRUST_IS_REVOKED, 1, 0, 0, CRYPT_E_REVOKED },
-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/7117

    

2025

2024

2023

2022

[PATCH 4/6] crypt32: Favour CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG in verify_ssl_policy().