crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.
diff --git a/dlls/crypt32/crl.c b/dlls/crypt32/crl.c
index 03f9b78..5b93d3a 100644
--- a/dlls/crypt32/crl.c
+++ b/dlls/crypt32/crl.c
@@ -649,15 +649,11 @@
}
else
{
- /* no CRL dist points extension in cert, compare CRL's issuer
- * to cert's issuer.
+ /* no CRL dist points extension in cert, can't match the CRL
+ * (which has an issuing dist point extension)
*/
- if (!CertCompareCertificateName(pCrl->dwCertEncodingType,
- &pCrl->pCrlInfo->Issuer, &pCert->pCertInfo->Issuer))
- {
- ret = FALSE;
- SetLastError(CRYPT_E_NO_MATCH);
- }
+ ret = FALSE;
+ SetLastError(CRYPT_E_NO_MATCH);
}
LocalFree(idp);
}
diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c
index bd70d32..dfb9356 100644
--- a/dlls/crypt32/tests/crl.c
+++ b/dlls/crypt32/tests/crl.c
@@ -530,6 +530,7 @@
* match cert's issuer, but verisignCRL does not, so the expected count
* is 0.
*/
+ todo_wine {
ok(count == 3 || broken(count == 0 /* NT4, Win9x */),
"expected 3 matching CRLs, got %d\n", count);
/* Only v1CRLWithIssuerAndEntry and v2CRLWithIssuingDistPoint contain
@@ -537,6 +538,7 @@
*/
ok(revoked_count == 2 || broken(revoked_count == 0 /* NT4, Win9x */),
"expected 2 matching CRL entries, got %d\n", revoked_count);
+ }
CertFreeCertificateContext(cert);
@@ -1000,11 +1002,9 @@
sizeof(v2CRLWithIssuingDistPoint));
ok(crl != NULL, "CertCreateCRLContext failed: %08x\n", GetLastError());
- todo_wine {
ret = pCertIsValidCRLForCertificate(cert1, crl, 0, NULL);
ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
"expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
- }
ret = pCertIsValidCRLForCertificate(cert2, crl, 0, NULL);
ok(!ret && GetLastError() == CRYPT_E_NO_MATCH,
"expected CRYPT_E_NO_MATCH, got %08x\n", GetLastError());
