From 552fec4002ad1760c4c4738e0d133e6268928739 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Wed, 28 Oct 2009 16:50:33 -0700 Subject: [PATCH] crypt32: Add basic constraints to chain quality selection algorithm. --- dlls/crypt32/chain.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 3b618fa2d49..7bb72fa5872 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -1704,14 +1704,16 @@ static PCertificateChain CRYPT_BuildAlternateContextFromChain( return alternate; } -#define CHAIN_QUALITY_SIGNATURE_VALID 8 -#define CHAIN_QUALITY_TIME_VALID 4 -#define CHAIN_QUALITY_COMPLETE_CHAIN 2 -#define CHAIN_QUALITY_TRUSTED_ROOT 1 +#define CHAIN_QUALITY_SIGNATURE_VALID 0x16 +#define CHAIN_QUALITY_TIME_VALID 8 +#define CHAIN_QUALITY_COMPLETE_CHAIN 4 +#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2 +#define CHAIN_QUALITY_TRUSTED_ROOT 1 #define CHAIN_QUALITY_HIGHEST \ CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \ - CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_TRUSTED_ROOT + CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \ + CHAIN_QUALITY_TRUSTED_ROOT #define IS_TRUST_ERROR_SET(TrustStatus, bits) \ (TrustStatus)->dwErrorStatus & (bits) @@ -1723,6 +1725,9 @@ static DWORD CRYPT_ChainQuality(const CertificateChain *chain) if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus, CERT_TRUST_IS_UNTRUSTED_ROOT)) quality &= ~CHAIN_QUALITY_TRUSTED_ROOT; + if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus, + CERT_TRUST_INVALID_BASIC_CONSTRAINTS)) + quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS; if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus, CERT_TRUST_IS_PARTIAL_CHAIN)) quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;