diff --git a/reactos/dll/win32/crypt32/cert.c b/reactos/dll/win32/crypt32/cert.c
index c1728d5fe1c..8df27f8ec0d 100644
--- a/reactos/dll/win32/crypt32/cert.c
+++ b/reactos/dll/win32/crypt32/cert.c
@@ -1874,6 +1874,12 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
             CertFreeCertificateContext(ret);
             ret = NULL;
         }
+        if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+        {
+            CertFreeCertificateContext(ret);
+            ret = NULL;
+            SetLastError(CRYPT_E_SELF_SIGNED);
+        }
     }
     TRACE("returning %p\n", ret);
     return ret;
diff --git a/reactos/dll/win32/crypt32/chain.c b/reactos/dll/win32/crypt32/chain.c
index 0aa359fedbb..fdaf2fbe4c1 100644
--- a/reactos/dll/win32/crypt32/chain.c
+++ b/reactos/dll/win32/crypt32/chain.c
@@ -258,7 +258,7 @@ typedef struct _CertificateChain
     LONG ref;
 } CertificateChain;
 
-static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
 {
     PCERT_EXTENSION ext;
     DWORD size;
diff --git a/reactos/dll/win32/crypt32/crypt32_private.h b/reactos/dll/win32/crypt32/crypt32_private.h
index aa20cc8b654..769a9686ac5 100644
--- a/reactos/dll/win32/crypt32/crypt32_private.h
+++ b/reactos/dll/win32/crypt32/crypt32_private.h
@@ -366,6 +366,7 @@ WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreA(HCRYPTPROV hCryptProv,
 WINECRYPT_CERTSTORE *CRYPT_FileNameOpenStoreW(HCRYPTPROV hCryptProv,
  DWORD dwFlags, const void *pvPara) DECLSPEC_HIDDEN;
 WINECRYPT_CERTSTORE *CRYPT_RootOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
 
 /* Allocates and initializes a certificate chain engine, but without creating
  * the root store.  Instead, it uses root, and assumes the caller has done any
diff --git a/reactos/dll/win32/crypt32/sip.c b/reactos/dll/win32/crypt32/sip.c
index f13daa1f6a6..9d195e0e402 100644
--- a/reactos/dll/win32/crypt32/sip.c
+++ b/reactos/dll/win32/crypt32/sip.c
@@ -198,7 +198,7 @@ BOOL WINAPI CryptSIPAddProvider(SIP_ADD_NEWPROVIDER *psNewProv)
     TRACE("%p\n", psNewProv);
 
     if (!psNewProv ||
-        psNewProv->cbStruct != sizeof(SIP_ADD_NEWPROVIDER) ||
+        psNewProv->cbStruct < FIELD_OFFSET(SIP_ADD_NEWPROVIDER, pwszGetCapFuncName) ||
         !psNewProv->pwszGetFuncName ||
         !psNewProv->pwszPutFuncName ||
         !psNewProv->pwszCreateFuncName ||
diff --git a/reactos/dll/win32/crypt32/str.c b/reactos/dll/win32/crypt32/str.c
index f58927aff1a..eff10eac6ac 100644
--- a/reactos/dll/win32/crypt32/str.c
+++ b/reactos/dll/win32/crypt32/str.c
@@ -831,13 +831,14 @@ static BOOL CRYPT_GetNextKeyW(LPCWSTR str, struct X500TokenW *token,
 
 /* Assumes separators are characters in the 0-255 range */
 static BOOL CRYPT_GetNextValueW(LPCWSTR str, DWORD dwFlags, LPCWSTR separators,
- struct X500TokenW *token, LPCWSTR *ppszError)
+ WCHAR *separator_used, struct X500TokenW *token, LPCWSTR *ppszError)
 {
     BOOL ret = TRUE;
 
     TRACE("(%s, %s, %p, %p)\n", debugstr_w(str), debugstr_w(separators), token,
      ppszError);
 
+    *separator_used = 0;
     while (*str && isspaceW(*str))
         str++;
     if (*str)
@@ -877,6 +878,7 @@ static BOOL CRYPT_GetNextValueW(LPCWSTR str, DWORD dwFlags, LPCWSTR separators,
             while (*str && (*str >= 0xff || !map[*str]))
                 str++;
             token->end = str;
+            if (map[*str]) *separator_used = *str;
         }
     }
     else
@@ -1068,6 +1070,7 @@ BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, LPCWSTR pszX500,
                     static const WCHAR allSepsWithoutPlus[] = { ',',';','\r','\n',0 };
                     static const WCHAR allSeps[] = { '+',',',';','\r','\n',0 };
                     LPCWSTR sep;
+                    WCHAR sep_used;
 
                     str++;
                     if (dwStrType & CERT_NAME_STR_COMMA_FLAG)
@@ -1080,11 +1083,14 @@ BOOL WINAPI CertStrToNameW(DWORD dwCertEncodingType, LPCWSTR pszX500,
                         sep = allSepsWithoutPlus;
                     else
                         sep = allSeps;
-                    ret = CRYPT_GetNextValueW(str, dwStrType, sep, &token,
+                    ret = CRYPT_GetNextValueW(str, dwStrType, sep, &sep_used, &token,
                      ppszError);
                     if (ret)
                     {
                         str = token.end;
+                        /* if token.end points to the separator, skip it */
+                        if (str && sep_used && *str == sep_used) str++;
+
                         ret = CRYPT_ValueToRDN(dwCertEncodingType, &info,
                          keyOID, &token, dwStrType, ppszError);
                     }
diff --git a/reactos/media/doc/README.WINE b/reactos/media/doc/README.WINE
index cceb09678e0..bed73660917 100644
--- a/reactos/media/doc/README.WINE
+++ b/reactos/media/doc/README.WINE
@@ -64,7 +64,7 @@ reactos/dll/win32/comctl32            # Synced to Wine-1.7.27
 reactos/dll/win32/comdlg32            # Synced to Wine-1.7.27
 reactos/dll/win32/compstui            # Synced to Wine-1.7.17
 reactos/dll/win32/credui              # Synced to Wine-1.7.17
-reactos/dll/win32/crypt32             # Synced to Wine-1.7.17
+reactos/dll/win32/crypt32             # Synced to Wine-1.7.27
 reactos/dll/win32/cryptdlg            # Synced to Wine-1.7.17
 reactos/dll/win32/cryptdll            # Synced to Wine-1.7.17
 reactos/dll/win32/cryptnet            # Synced to Wine-1.7.17