crypt32: Add basic constraints to chain quality selection algorithm.
This commit is contained in:
parent
c310637f4f
commit
552fec4002
|
@ -1704,14 +1704,16 @@ static PCertificateChain CRYPT_BuildAlternateContextFromChain(
|
|||
return alternate;
|
||||
}
|
||||
|
||||
#define CHAIN_QUALITY_SIGNATURE_VALID 8
|
||||
#define CHAIN_QUALITY_TIME_VALID 4
|
||||
#define CHAIN_QUALITY_COMPLETE_CHAIN 2
|
||||
#define CHAIN_QUALITY_TRUSTED_ROOT 1
|
||||
#define CHAIN_QUALITY_SIGNATURE_VALID 0x16
|
||||
#define CHAIN_QUALITY_TIME_VALID 8
|
||||
#define CHAIN_QUALITY_COMPLETE_CHAIN 4
|
||||
#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
|
||||
#define CHAIN_QUALITY_TRUSTED_ROOT 1
|
||||
|
||||
#define CHAIN_QUALITY_HIGHEST \
|
||||
CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
|
||||
CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_TRUSTED_ROOT
|
||||
CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
|
||||
CHAIN_QUALITY_TRUSTED_ROOT
|
||||
|
||||
#define IS_TRUST_ERROR_SET(TrustStatus, bits) \
|
||||
(TrustStatus)->dwErrorStatus & (bits)
|
||||
|
@ -1723,6 +1725,9 @@ static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
|
|||
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
|
||||
CERT_TRUST_IS_UNTRUSTED_ROOT))
|
||||
quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
|
||||
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
|
||||
CERT_TRUST_INVALID_BASIC_CONSTRAINTS))
|
||||
quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
|
||||
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
|
||||
CERT_TRUST_IS_PARTIAL_CHAIN))
|
||||
quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;
|
||||
|
|
Loading…
Reference in New Issue