From d06a24517f63caab722a180bedf920d1602cff29 Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Thu, 30 Aug 2007 17:57:48 -0700 Subject: [PATCH] crypt32: Time validity nesting doesn't appear to be checked, so don't check it. --- dlls/crypt32/chain.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index f0f3e568b54..58f3806f16f 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -257,8 +257,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain) static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, PCCERT_CONTEXT cert, PDWORD pdwFlags) { - *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG | - CERT_STORE_TIME_VALIDITY_FLAG; + *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); } @@ -297,22 +296,6 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, if (dwFlags & CERT_STORE_SIGNATURE_FLAG) element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_SIGNATURE_VALID; - if (dwFlags & CERT_STORE_TIME_VALIDITY_FLAG) - element->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_TIME_VALID; - if (chain->cElement) - { - PCERT_CHAIN_ELEMENT prevElement = - chain->rgpElement[chain->cElement - 1]; - - /* This cert is the issuer of the previous one in the chain, so - * retroactively check the previous one's time validity nesting. - */ - if (!CertVerifyValidityNesting( - prevElement->pCertContext->pCertInfo, cert->pCertInfo)) - prevElement->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_TIME_NESTED; - } /* FIXME: check valid usages and name constraints */ /* FIXME: initialize the rest of element */ chain->rgpElement[chain->cElement++] = element;