crypt32: Time validity nesting doesn't appear to be checked, so don't check it.

This commit is contained in:
Juan Lang 2007-08-30 17:57:48 -07:00 committed by Alexandre Julliard
parent 03d76d97ec
commit d06a24517f
1 changed files with 1 additions and 18 deletions

View File

@ -257,8 +257,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
PCCERT_CONTEXT cert, PDWORD pdwFlags) PCCERT_CONTEXT cert, PDWORD pdwFlags)
{ {
*pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG | *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
CERT_STORE_TIME_VALIDITY_FLAG;
return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
} }
@ -297,22 +296,6 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine,
if (dwFlags & CERT_STORE_SIGNATURE_FLAG) if (dwFlags & CERT_STORE_SIGNATURE_FLAG)
element->TrustStatus.dwErrorStatus |= element->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID; CERT_TRUST_IS_NOT_SIGNATURE_VALID;
if (dwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
element->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_TIME_VALID;
if (chain->cElement)
{
PCERT_CHAIN_ELEMENT prevElement =
chain->rgpElement[chain->cElement - 1];
/* This cert is the issuer of the previous one in the chain, so
* retroactively check the previous one's time validity nesting.
*/
if (!CertVerifyValidityNesting(
prevElement->pCertContext->pCertInfo, cert->pCertInfo))
prevElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_TIME_NESTED;
}
/* FIXME: check valid usages and name constraints */ /* FIXME: check valid usages and name constraints */
/* FIXME: initialize the rest of element */ /* FIXME: initialize the rest of element */
chain->rgpElement[chain->cElement++] = element; chain->rgpElement[chain->cElement++] = element;