crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
This commit is contained in:
parent
b278155616
commit
8fcaa52d5d
|
@ -121,6 +121,31 @@ static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
|
||||||
issuer->dwCertEncodingType,
|
issuer->dwCertEncodingType,
|
||||||
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
|
||||||
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
|
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
|
||||||
|
if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
|
||||||
|
{
|
||||||
|
PCERT_EXTENSION aki = CertFindExtension(
|
||||||
|
szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
|
||||||
|
pCrlContext->pCrlInfo->rgExtension);
|
||||||
|
|
||||||
|
if (aki)
|
||||||
|
{
|
||||||
|
CERT_EXTENSION *ski;
|
||||||
|
|
||||||
|
if ((ski = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER,
|
||||||
|
issuer->pCertInfo->cExtension,
|
||||||
|
issuer->pCertInfo->rgExtension)))
|
||||||
|
{
|
||||||
|
if (aki->Value.cbData == ski->Value.cbData)
|
||||||
|
ret = !memcmp(aki->Value.pbData, ski->Value.pbData,
|
||||||
|
aki->Value.cbData);
|
||||||
|
else
|
||||||
|
ret = FALSE;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ret = FALSE;
|
||||||
|
}
|
||||||
|
/* else: a CRL without an AKI matches any cert */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
ret = TRUE;
|
ret = TRUE;
|
||||||
|
|
|
@ -683,11 +683,9 @@ static void testFindCRL(void)
|
||||||
revoked_count++;
|
revoked_count++;
|
||||||
}
|
}
|
||||||
} while (context);
|
} while (context);
|
||||||
todo_wine {
|
|
||||||
ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
|
ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
|
||||||
ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
|
ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
|
||||||
revoked_count);
|
revoked_count);
|
||||||
}
|
|
||||||
count = revoked_count = 0;
|
count = revoked_count = 0;
|
||||||
do {
|
do {
|
||||||
context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
|
context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
|
||||||
|
|
Loading…
Reference in New Issue