crypt32: Assume revocation server is offline if revocation status isn't known.

a3c6bc68 · Juan Lang · Alexandre Julliard · 9e1d31e5 · a3c6bc68 · a3c6bc68
Commit a3c6bc68 authored Nov 19, 2009 by Juan Lang Committed by Alexandre Julliard Nov 20, 2009
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 7 deletions

chain.c dlls/crypt32/chain.c +5 -1

chain.c dlls/crypt32/tests/chain.c +0 -6

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2426,7 +2426,11 @@ static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain,
                case CRYPT_E_NO_REVOCATION_CHECK:
                case CRYPT_E_NO_REVOCATION_DLL:
                case CRYPT_E_NOT_IN_REVOCATION_DATABASE:
-                    error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN;
+                    /* If the revocation status is unknown, it's assumed to be
+                     * offline too.
+                     */
+                    error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
+                     CERT_TRUST_IS_OFFLINE_REVOCATION;
                    break;
                case CRYPT_E_REVOCATION_OFFLINE:
                    error = CERT_TRUST_IS_OFFLINE_REVOCATION;

--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3688,7 +3688,6 @@ static void testGetCertChain(void)
        /* The cert is rather old, so its revocation list can't be retrieved,
         * and its revocation status should be both offline and unknown.
         */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@@ -3709,7 +3708,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@@ -3744,7 +3742,6 @@ static void testGetCertChain(void)
        /* The cert doesn't have a way to retrieve its CRL, so its revocation
         * status should be both offline and unknown.
         */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@@ -3765,7 +3762,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@@ -3795,7 +3791,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),
@@ -3824,7 +3819,6 @@ static void testGetCertChain(void)
    if (ret)
    {
        /* Even with a CRL in the store, the revocation status doesn't change */
-        todo_wine
        ok((chain->TrustStatus.dwErrorStatus & revocationFlags) ==
         (CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
         CERT_TRUST_IS_OFFLINE_REVOCATION),