crypt32: Add basic constraints to chain quality selection algorithm.

This commit is contained in:
Juan Lang 2009-10-28 16:50:33 -07:00 committed by Alexandre Julliard
parent c310637f4f
commit 552fec4002
1 changed files with 10 additions and 5 deletions

View File

@ -1704,14 +1704,16 @@ static PCertificateChain CRYPT_BuildAlternateContextFromChain(
return alternate;
}
#define CHAIN_QUALITY_SIGNATURE_VALID 8
#define CHAIN_QUALITY_TIME_VALID 4
#define CHAIN_QUALITY_COMPLETE_CHAIN 2
#define CHAIN_QUALITY_TRUSTED_ROOT 1
#define CHAIN_QUALITY_SIGNATURE_VALID 0x16
#define CHAIN_QUALITY_TIME_VALID 8
#define CHAIN_QUALITY_COMPLETE_CHAIN 4
#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
#define CHAIN_QUALITY_TRUSTED_ROOT 1
#define CHAIN_QUALITY_HIGHEST \
CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_TRUSTED_ROOT
CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
CHAIN_QUALITY_TRUSTED_ROOT
#define IS_TRUST_ERROR_SET(TrustStatus, bits) \
(TrustStatus)->dwErrorStatus & (bits)
@ -1723,6 +1725,9 @@ static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
CERT_TRUST_IS_UNTRUSTED_ROOT))
quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
CERT_TRUST_INVALID_BASIC_CONSTRAINTS))
quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
CERT_TRUST_IS_PARTIAL_CHAIN))
quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;