wininet: Properly set security flags for ERROR_INTERNET_SEC_CERT_DATE_INVALID.

2012-06-01 16:41:44 +02:00 · 2012-06-01 16:41:44 +02:00 · f5cbc9f3f2
parent 19ba80e7c2
commit f5cbc9f3f2
2 changed files with 15 additions and 4 deletions
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@ -559,11 +559,13 @@ typedef struct
 } wininet_flag_info;

 /* Undocumented security flags */
-#define _SECURITY_FLAG_CERT_REV_FAILED  0x00800000
-#define _SECURITY_FLAG_CERT_INVALID_CN  0x02000000
+#define _SECURITY_FLAG_CERT_REV_FAILED    0x00800000
+#define _SECURITY_FLAG_CERT_INVALID_CN    0x02000000
+#define _SECURITY_FLAG_CERT_INVALID_DATE  0x04000000

 #define _SECURITY_ERROR_FLAGS_MASK              \
    (_SECURITY_FLAG_CERT_REV_FAILED             \
-    |_SECURITY_FLAG_CERT_INVALID_CN)
+    |_SECURITY_FLAG_CERT_INVALID_CN             \
+    |_SECURITY_FLAG_CERT_INVALID_DATE)

 #endif /* _WINE_INTERNET_H_ */
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@ -247,6 +247,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    errors = chain->TrustStatus.dwErrorStatus;

    if (chain->TrustStatus.dwErrorStatus & ~supportedErrors) {
+        WARN("error status %x\n", chain->TrustStatus.dwErrorStatus & ~supportedErrors);
        if(conn->mask_errors)
            WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
        err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;
@ -254,14 +255,16 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    }

    if(errors & CERT_TRUST_IS_NOT_TIME_VALID) {
+        WARN("CERT_TRUST_IS_NOT_TIME_VALID\n");
        if(conn->mask_errors)
-            WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
+            conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_DATE;
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
            err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_DATE_INVALID;
        errors &= ~CERT_TRUST_IS_NOT_TIME_VALID;
    }

    if(errors & CERT_TRUST_IS_UNTRUSTED_ROOT) {
+        WARN("CERT_TRUST_IS_UNTRUSTED_ROOT\n");
        if(conn->mask_errors)
            WARN("CERT_TRUST_IS_UNTRUSTED_ROOT, unknown flags\n");
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
@ -270,6 +273,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    }

    if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) {
+        WARN("CERT_TRUST_IS_PARTIAL_CHAIN\n");
        if(conn->mask_errors)
            conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
@ -278,6 +282,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    }

    if(errors & (CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) {
+        WARN("CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN\n");
        if(conn->mask_errors)
            WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
@ -286,6 +291,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    }

    if(errors & CERT_TRUST_IS_REVOKED) {
+        WARN("CERT_TRUST_IS_REVOKED\n");
        if(conn->mask_errors)
            WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
@ -294,6 +300,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
    }

    if(errors & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
+        WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
        if(conn->mask_errors)
            WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE, unknown error flags\n");
        if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE))
@ -327,10 +334,12 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
         */
        if(ret) {
            if(policyStatus.dwError == CERT_E_CN_NO_MATCH) {
+                WARN("CERT_E_CN_NO_MATCH\n");
                if(conn->mask_errors)
                    conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CN;
                err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_CN_INVALID;
            }else if(policyStatus.dwError) {
+                WARN("policyStatus.dwError %x\n", policyStatus.dwError);
                if(conn->mask_errors)
                    WARN("unknown error flags for policy status %x\n", policyStatus.dwError);
                err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;