From 8fcaa52d5d6523d22f01d781c8b1149b20e36477 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Wed, 18 Nov 2009 16:54:49 -0800 Subject: [PATCH] crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. --- dlls/crypt32/crl.c | 25 +++++++++++++++++++++++++ dlls/crypt32/tests/crl.c | 2 -- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/dlls/crypt32/crl.c b/dlls/crypt32/crl.c index 4f69a9d8364..03f9b78fa84 100644 --- a/dlls/crypt32/crl.c +++ b/dlls/crypt32/crl.c @@ -121,6 +121,31 @@ static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType, issuer->dwCertEncodingType, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL); + if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG)) + { + PCERT_EXTENSION aki = CertFindExtension( + szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension, + pCrlContext->pCrlInfo->rgExtension); + + if (aki) + { + CERT_EXTENSION *ski; + + if ((ski = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, + issuer->pCertInfo->cExtension, + issuer->pCertInfo->rgExtension))) + { + if (aki->Value.cbData == ski->Value.cbData) + ret = !memcmp(aki->Value.pbData, ski->Value.pbData, + aki->Value.cbData); + else + ret = FALSE; + } + else + ret = FALSE; + } + /* else: a CRL without an AKI matches any cert */ + } } else ret = TRUE; diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c index d50d99638fa..b012db190c2 100644 --- a/dlls/crypt32/tests/crl.c +++ b/dlls/crypt32/tests/crl.c @@ -683,11 +683,9 @@ static void testFindCRL(void) revoked_count++; } } while (context); - todo_wine { ok(count == 0, "expected 0 matching CRLs, got %d\n", count); ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", revoked_count); - } count = revoked_count = 0; do { context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,