commit cb341f37175b4a79d3a2f3fc5709a43d11d08d07
author Juan Lang <juan.lang@gmail.com> Wed Oct 08 14:18:55 2008 -0700
committer Alexandre Julliard <julliard@winehq.org> Thu Oct 09 12:29:44 2008 +0200
tree b63f9c9ed86ba6937f26c5c6199727b24ee851d9
parent 742c1a37f30d0e14b81f0d5834333f703345d84d

crypt32: Fix error handling for cyclic chains.

dlls/crypt32/chain.c

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 534d6ae..d086fe6 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -251,7 +251,7 @@
     if (cyclicCertIndex)
     {
         chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
-         |= CERT_TRUST_IS_CYCLIC;
+         |= CERT_TRUST_IS_CYCLIC | CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
         /* Release remaining certs */
         for (i = cyclicCertIndex + 1; i < chain->cElement; i++)
             CRYPT_FreeChainElement(chain->rgpElement[i]);
@@ -766,6 +766,15 @@
                 constraints.dwPathLenConstraint--;
             }
         }
+        if (CRYPT_IsSimpleChainCyclic(chain))
+        {
+            /* If the chain is cyclic, then the path length constraints
+             * are violated, because the chain is infinitely long.
+             */
+            pathLengthConstraintViolated = TRUE;
+            chain->TrustStatus.dwErrorStatus |=
+             CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
+        }
         /* FIXME: check valid usages */
         CRYPT_CombineTrustStatus(&chain->TrustStatus,
          &chain->rgpElement[i]->TrustStatus);

dlls/crypt32/tests/chain.c

diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 1a10702..eb8db2c 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1521,7 +1521,7 @@
      { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
        CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
      1, simpleStatus9 },
-   TODO_ERROR | TODO_INFO },
+   TODO_INFO },
  { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
    { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
      { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },
@@ -1743,8 +1743,7 @@
    { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
    TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
  { { sizeof(chain9) / sizeof(chain9[0]), chain9 },
-   { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL },
-   TODO_ERROR | TODO_CHAINS | TODO_ELEMENTS },
+   { 0, TRUST_E_BASIC_CONSTRAINTS, 0, 1, NULL }, 0 },
  { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
    { 0, 0, -1, -1, NULL }, 0 },
  { { sizeof(chain11) / sizeof(chain11[0]), chain11 },