From 14b0df1fef5258ab6bb84acde166389cdc7947e5 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Thu, 30 Aug 2007 17:59:43 -0700
Subject: [PATCH] crypt32: Set error status on issued certificate, not on
 issuer.

---
 dlls/crypt32/chain.c       | 22 +++++++++++++++-------
 dlls/crypt32/tests/chain.c |  2 +-
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 5a2b8ef1d11..d15f551edd5 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -287,17 +287,25 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
              (chain->cElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
         if (chain->rgpElement)
         {
+            chain->rgpElement[chain->cElement++] = element;
             memset(element, 0, sizeof(CERT_CHAIN_ELEMENT));
             element->cbSize = sizeof(CERT_CHAIN_ELEMENT);
             element->pCertContext = CertDuplicateCertificateContext(cert);
-            if (dwFlags & CERT_STORE_REVOCATION_FLAG &&
-             !(dwFlags & CERT_STORE_NO_CRL_FLAG))
-                element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_REVOKED;
-            if (dwFlags & CERT_STORE_SIGNATURE_FLAG)
-                element->TrustStatus.dwErrorStatus |=
-                 CERT_TRUST_IS_NOT_SIGNATURE_VALID;
+            /* Flags, if set, refer to the element this cert issued, so set
+             * the preceding element's error accordingly
+             */
+            if (chain->cElement > 1)
+            {
+                if (dwFlags & CERT_STORE_REVOCATION_FLAG &&
+                 !(dwFlags & CERT_STORE_NO_CRL_FLAG))
+                    chain->rgpElement[chain->cElement - 2]->TrustStatus.
+                     dwErrorStatus |= CERT_TRUST_IS_REVOKED;
+                if (dwFlags & CERT_STORE_SIGNATURE_FLAG)
+                    chain->rgpElement[chain->cElement - 2]->TrustStatus.
+                     dwErrorStatus |=
+                     CERT_TRUST_IS_NOT_SIGNATURE_VALID;
+            }
             /* FIXME: initialize the rest of element */
-            chain->rgpElement[chain->cElement++] = element;
             if (chain->cElement % engine->CycleDetectionModulus)
                 CRYPT_CheckSimpleChainForCycles(chain);
             CRYPT_CombineTrustStatus(&chain->TrustStatus,
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index a7e1928d32b..849310e5c06 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = {
      { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID |
        CERT_TRUST_IS_NOT_TIME_VALID, 0 },
      1, simpleStatus1 },
-   TODO_ERROR | TODO_INFO },
+   TODO_INFO },
  { { sizeof(chain2) / sizeof(chain2[0]), chain2 },
    { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
      { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },
-- 
2.11.4.GIT