crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy.

2010-09-29 13:39:34 -07:00 · 2010-09-29 13:39:34 -07:00 · 54429016eb
parent 637fd3735a
commit 54429016eb
1 changed files with 25 additions and 0 deletions
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -3788,11 +3788,21 @@ static const ChainPolicyCheck sslPolicyCheck[] = {
   { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 },
 };

+static const ChainPolicyCheck ignoredUnknownCAPolicyCheck = {
+ { sizeof(chain0) / sizeof(chain0[0]), chain0 },
+ { 0, CERT_E_EXPIRED, 0, 0, NULL }, NULL, TODO_ERROR
+};
+
 static const ChainPolicyCheck googlePolicyCheckWithMatchingNameExpired = {
 { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
 { 0, CERT_E_EXPIRED, 0, 0, NULL}, NULL, 0
 };

+static const ChainPolicyCheck googlePolicyCheckWithMatchingNameIgnoringExpired = {
+ { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
+ { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
+};
+
 static const ChainPolicyCheck googlePolicyCheckWithMatchingName = {
 { sizeof(googleChain) / sizeof(googleChain[0]), googleChain },
 { 0, 0, -1, -1, NULL}, NULL, 0
@ -4131,10 +4141,25 @@ static void check_ssl_policy(void)
     */
    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
     &iTunesPolicyCheckWithoutMatchingName, 0, &oct2007, &policyPara);
+    /* And again, specifying a chain with an untrusted root, but ignoring
+     * unknown CAs.
+     */
+    sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
+     &ignoredUnknownCAPolicyCheck, 0, &oct2007, &policyPara);
+    sslPolicyPara.fdwChecks = 0;
    /* And again, but checking the Google chain at a bad date */
    sslPolicyPara.pwszServerName = google_dot_com;
    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
     &googlePolicyCheckWithMatchingNameExpired, 0, &oct2007, &policyPara);
+    /* Again checking the Google chain at a bad date, but ignoring date
+     * errors.
+     */
+    sslPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
+    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,
+     &googlePolicyCheckWithMatchingNameIgnoringExpired, 0, &oct2007,
+     &policyPara);
+    sslPolicyPara.fdwChecks = 0;
    /* And again, but checking the Google chain at a good date */
    sslPolicyPara.pwszServerName = google_dot_com;
    checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, NULL,