From f5cbc9f3f267dcbd9d60dd78695c31448363d400 Mon Sep 17 00:00:00 2001
From: Jacek Caban <jacek@codeweavers.com>
Date: Fri, 1 Jun 2012 16:41:44 +0200
Subject: [PATCH] wininet: Properly set security flags for
 ERROR_INTERNET_SEC_CERT_DATE_INVALID.

---
 dlls/wininet/internet.h      |  8 +++++---
 dlls/wininet/netconnection.c | 11 ++++++++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/dlls/wininet/internet.h b/dlls/wininet/internet.h
index 2e597209929..a46e185843c 100644
--- a/dlls/wininet/internet.h
+++ b/dlls/wininet/internet.h
@@ -559,11 +559,13 @@ typedef struct
 } wininet_flag_info;
 
 /* Undocumented security flags */
-#define _SECURITY_FLAG_CERT_REV_FAILED  0x00800000
-#define _SECURITY_FLAG_CERT_INVALID_CN  0x02000000
+#define _SECURITY_FLAG_CERT_REV_FAILED    0x00800000
+#define _SECURITY_FLAG_CERT_INVALID_CN    0x02000000
+#define _SECURITY_FLAG_CERT_INVALID_DATE  0x04000000
 
 #define _SECURITY_ERROR_FLAGS_MASK              \
     (_SECURITY_FLAG_CERT_REV_FAILED             \
-    |_SECURITY_FLAG_CERT_INVALID_CN)
+    |_SECURITY_FLAG_CERT_INVALID_CN             \
+    |_SECURITY_FLAG_CERT_INVALID_DATE)
 
 #endif /* _WINE_INTERNET_H_ */
diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index ceed17ab72b..00c3513350f 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -247,6 +247,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     errors = chain->TrustStatus.dwErrorStatus;
 
     if (chain->TrustStatus.dwErrorStatus & ~supportedErrors) {
+        WARN("error status %x\n", chain->TrustStatus.dwErrorStatus & ~supportedErrors);
         if(conn->mask_errors)
             WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
         err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;
@@ -254,14 +255,16 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     }
 
     if(errors & CERT_TRUST_IS_NOT_TIME_VALID) {
+        WARN("CERT_TRUST_IS_NOT_TIME_VALID\n");
         if(conn->mask_errors)
-            WARN("CERT_TRUST_IS_NOT_TIME_VALID, unknown error flags\n");
+            conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_DATE;
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_CERT_DATE_INVALID))
             err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_DATE_INVALID;
         errors &= ~CERT_TRUST_IS_NOT_TIME_VALID;
     }
 
     if(errors & CERT_TRUST_IS_UNTRUSTED_ROOT) {
+        WARN("CERT_TRUST_IS_UNTRUSTED_ROOT\n");
         if(conn->mask_errors)
             WARN("CERT_TRUST_IS_UNTRUSTED_ROOT, unknown flags\n");
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
@@ -270,6 +273,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     }
 
     if(errors & CERT_TRUST_IS_PARTIAL_CHAIN) {
+        WARN("CERT_TRUST_IS_PARTIAL_CHAIN\n");
         if(conn->mask_errors)
             conn->security_flags |= _SECURITY_FLAG_CERT_REV_FAILED;
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_UNKNOWN_CA))
@@ -278,6 +282,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     }
 
     if(errors & (CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) {
+        WARN("CERT_TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN\n");
         if(conn->mask_errors)
             WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
@@ -286,6 +291,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     }
 
     if(errors & CERT_TRUST_IS_REVOKED) {
+        WARN("CERT_TRUST_IS_REVOKED\n");
         if(conn->mask_errors)
             WARN("TRUST_IS_OFFLINE_REVOCATION | CERT_TRUST_REVOCATION_STATUS_UNKNOWN, unknown error flags\n");
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_REVOCATION))
@@ -294,6 +300,7 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
     }
 
     if(errors & CERT_TRUST_IS_NOT_VALID_FOR_USAGE) {
+        WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE\n");
         if(conn->mask_errors)
             WARN("CERT_TRUST_IS_NOT_VALID_FOR_USAGE, unknown error flags\n");
         if(!(conn->security_flags & SECURITY_FLAG_IGNORE_WRONG_USAGE))
@@ -327,10 +334,12 @@ static DWORD netconn_verify_cert(netconn_t *conn, PCCERT_CONTEXT cert, HCERTSTOR
          */
         if(ret) {
             if(policyStatus.dwError == CERT_E_CN_NO_MATCH) {
+                WARN("CERT_E_CN_NO_MATCH\n");
                 if(conn->mask_errors)
                     conn->security_flags |= _SECURITY_FLAG_CERT_INVALID_CN;
                 err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_CERT_CN_INVALID;
             }else if(policyStatus.dwError) {
+                WARN("policyStatus.dwError %x\n", policyStatus.dwError);
                 if(conn->mask_errors)
                     WARN("unknown error flags for policy status %x\n", policyStatus.dwError);
                 err = conn->mask_errors && err ? ERROR_INTERNET_SEC_CERT_ERRORS : ERROR_INTERNET_SEC_INVALID_CERT;