crypt32/tests: Test OpenSSL chain separately to address test failures on Win98.

This commit is contained in:
Juan Lang 2010-10-06 11:19:04 -07:00 committed by Alexandre Julliard
parent 251ccfc848
commit 6e89a61446
1 changed files with 51 additions and 6 deletions

View File

@ -3257,6 +3257,21 @@ static const SimpleChainStatusCheck opensslSimpleStatus[] = {
{ sizeof(opensslElementStatus) / sizeof(opensslElementStatus[0]), { sizeof(opensslElementStatus) / sizeof(opensslElementStatus[0]),
opensslElementStatus }, opensslElementStatus },
}; };
/* The OpenSSL chain may not have its root trusted, in which case the chain
* is truncated (on Win98).
*/
static CONST_DATA_BLOB incompleteOpensslChain[] = {
{ sizeof(global_sign_ca), global_sign_ca },
{ sizeof(openssl_org), openssl_org },
};
static const CERT_TRUST_STATUS incompleteOpensslElementStatus[] = {
{ CERT_TRUST_IS_NOT_TIME_VALID, CERT_TRUST_HAS_KEY_MATCH_ISSUER },
{ CERT_TRUST_NO_ERROR, CERT_TRUST_HAS_KEY_MATCH_ISSUER },
};
static const SimpleChainStatusCheck incompleteOpensslSimpleStatus[] = {
{ sizeof(incompleteOpensslElementStatus) / sizeof(incompleteOpensslElementStatus[0]),
incompleteOpensslElementStatus },
};
/* entrust_ca -> aaa_certificate_services -> cs_stanford_edu */ /* entrust_ca -> aaa_certificate_services -> cs_stanford_edu */
/* cs.stanford.edu's cert is only valid from 7/16/2009 to 7/16/2012, so with /* cs.stanford.edu's cert is only valid from 7/16/2009 to 7/16/2012, so with
* the date tested (October 2007) it's not time valid. * the date tested (October 2007) it's not time valid.
@ -3515,12 +3530,6 @@ static ChainCheck chainCheck[] = {
CERT_TRUST_HAS_PREFERRED_ISSUER }, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID, 0 }, { CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, googleSimpleStatus }, 0 }, 1, googleSimpleStatus }, 0 },
/* The openssl chain may or may not have its root trusted, so ignore the error
*/
{ { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain },
{ { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, opensslSimpleStatus }, 0 },
/* The stanford chain may or may not have its root trusted, so ignore the error /* The stanford chain may or may not have its root trusted, so ignore the error
*/ */
{ { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain }, { { sizeof(stanfordChain) / sizeof(stanfordChain[0]), stanfordChain },
@ -3549,6 +3558,20 @@ static ChainCheck chainCheckNoStore[] = {
0 }, 0 },
}; };
/* The openssl chain may or may not have its root trusted, so ignore the error
*/
static ChainCheck opensslChainCheck =
{ { sizeof(opensslChain) / sizeof(opensslChain[0]), opensslChain },
{ { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1, opensslSimpleStatus }, 0 };
static ChainCheck incompleteOpensslChainCheck =
{ { sizeof(incompleteOpensslChain) / sizeof(incompleteOpensslChain[0]),
incompleteOpensslChain },
{ { CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER },
{ CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_PARTIAL_CHAIN, 0 },
1, incompleteOpensslSimpleStatus }, 0 };
/* Chain27 checks a certificate with a subject alternate name containing an /* Chain27 checks a certificate with a subject alternate name containing an
* embedded NULL. Newer crypt32 versions fail to decode such alternate names, * embedded NULL. Newer crypt32 versions fail to decode such alternate names,
* correctly prohibiting them. Older crypt32 versions do not. Rather than * correctly prohibiting them. Older crypt32 versions do not. Rather than
@ -3722,6 +3745,28 @@ static void testGetCertChain(void)
pCertFreeCertificateChain(chain); pCertFreeCertificateChain(chain);
} }
} }
chain = getChain(NULL, &opensslChainCheck.certs, 0, TRUE, &oct2007,
opensslChainCheck.todo, 0);
if (chain)
{
ok(chain->TrustStatus.dwErrorStatus ==
opensslChainCheck.status.status.dwErrorStatus ||
broken((chain->TrustStatus.dwErrorStatus &
~incompleteOpensslChainCheck.status.statusToIgnore.dwErrorStatus) ==
(incompleteOpensslChainCheck.status.status.dwErrorStatus &
~incompleteOpensslChainCheck.status.statusToIgnore.dwErrorStatus)),
"unexpected chain error status %08x\n",
chain->TrustStatus.dwErrorStatus);
if (opensslChainCheck.status.status.dwErrorStatus ==
chain->TrustStatus.dwErrorStatus)
checkChainStatus(chain, &opensslChainCheck.status,
opensslChainCheck.todo, "opensslChainCheck", 0);
else
checkChainStatus(chain, &incompleteOpensslChainCheck.status,
incompleteOpensslChainCheck.todo, "incompleteOpensslChainCheck",
0);
pCertFreeCertificateChain(chain);
}
for (i = 0; i < sizeof(chainCheckNoStore) / sizeof(chainCheckNoStore[0]); for (i = 0; i < sizeof(chainCheckNoStore) / sizeof(chainCheckNoStore[0]);
i++) i++)
{ {