ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Also check CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG. 

It appears that the untrusted root check should be skipped if this flag
is set even if the ExtraPolicyPara one is not set.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48495
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Ilia Mirkin 2020-01-23 20:01:24 -05:00 committed by Alexandre Julliard
parent cdec2413e2
commit 5011815d62
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dlls/crypt32/chain.c
View File

@ -3455,10 +3455,13 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
PCERT_CHAIN_POLICY_STATUS pPolicyStatus) PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
{ {
HTTPSPolicyCallbackData *sslPara = NULL; HTTPSPolicyCallbackData *sslPara = NULL;
DWORD checks = 0; DWORD checks = 0, baseChecks = 0;
if (pPolicyPara) if (pPolicyPara)
{
baseChecks = pPolicyPara->dwFlags;
sslPara = pPolicyPara->pvExtraPolicyPara; sslPara = pPolicyPara->pvExtraPolicyPara;
}
if (TRACE_ON(chain)) if (TRACE_ON(chain))
dump_ssl_extra_chain_policy_para(sslPara); dump_ssl_extra_chain_policy_para(sslPara);
if (sslPara && sslPara->u.cbSize >= sizeof(HTTPSPolicyCallbackData)) if (sslPara && sslPara->u.cbSize >= sizeof(HTTPSPolicyCallbackData))
@ -3474,7 +3477,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
} }
else if (pChainContext->TrustStatus.dwErrorStatus & else if (pChainContext->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_UNTRUSTED_ROOT && CERT_TRUST_IS_UNTRUSTED_ROOT &&
!(checks & SECURITY_FLAG_IGNORE_UNKNOWN_CA)) !(checks & SECURITY_FLAG_IGNORE_UNKNOWN_CA) &&
!(baseChecks & CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG))
{ {
pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT; pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT;
find_element_with_error(pChainContext, find_element_with_error(pChainContext,