6b8c053218
crypt32: Fix test failures.
2009-12-01 12:24:00 +01:00
90c160c3d8
crypt32: Revert 8ed5a777de.
...
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce. The tests check the state of three bits with a variety of
certificate and CRL combinations. One of these bits is apparently not
set by any version of Windows for any of the tests. Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second. Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.
The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked. I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set. It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog. The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it. I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
f2040b7725
crypt32: Don't copy past end of buffer when removing a string from a multi string.
2009-11-30 12:57:39 +01:00
b2ab45b78b
crypt32: Only match RDN attributes whose lengths are identical.
2009-11-21 14:31:46 +01:00
8e51a866b7
crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match.
2009-11-21 14:31:46 +01:00
7dee971809
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
8646c39bdb
crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer.
2009-11-21 14:31:46 +01:00
6bc8237c63
crypt32/tests: Test one more certificate against the Verisign CRL.
2009-11-21 14:31:46 +01:00
22206b909a
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
3921454398
crypt32: Read trusted root certificates from system keychain on Mac OS X.
2009-11-21 14:31:45 +01:00
eee179206e
crypt32/tests: Fix tests on Win9x/ME.
2009-11-21 14:31:44 +01:00
1a392e1a30
crypt32: Support checking the requested usage for a chain.
2009-11-21 14:31:44 +01:00
30de103485
crypt32: Only trace a usage match if it's not empty.
2009-11-21 14:31:44 +01:00
e611a83962
crypt32: Test verifying the enhanced key usage of a chain.
2009-11-21 14:31:44 +01:00
9d9070ae3c
crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate.
2009-11-20 11:15:11 +01:00
f378394acd
crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.
2009-11-20 11:15:06 +01:00
bcbfddd82a
crypt32: Fix tests on older Windows versions.
2009-11-20 11:15:01 +01:00
a3c6bc68c8
crypt32: Assume revocation server is offline if revocation status isn't known.
2009-11-20 11:14:52 +01:00
9e1d31e5e5
crypt32: Fix a typo.
2009-11-20 11:14:47 +01:00
8ed5a777de
crypt32: Test revocation checking with CertGetCertificateChain.
2009-11-20 11:14:41 +01:00
27128bb2f8
crypt32: Add more tests for CertVerifyRevocation.
2009-11-20 11:14:00 +01:00
8fcaa52d5d
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
2009-11-19 11:49:59 +01:00
b278155616
crypt32: Add more tests for CertFindCRLInStore.
2009-11-19 11:49:53 +01:00
4727212e01
crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore.
2009-11-19 11:49:46 +01:00
8beed85a2c
crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY.
2009-11-19 11:49:40 +01:00
c84c53b1a6
crypt32: More fully implement CertIsValidCRLForCertificate.
2009-11-19 11:49:33 +01:00
e5c56b1798
crypt32: Correct tests for CertIsValidCRLForCertificate.
2009-11-19 11:49:21 +01:00
b16a78baa7
crypt32: Remove a redundant test.
2009-11-19 11:49:14 +01:00
4fa4f67c79
crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:09 +01:00
a3b462e3ea
crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:05 +01:00
7f5b24ed91
crypt32/tests: Fix a test failure on older crypt32.
2009-11-18 15:34:14 +01:00
96073d5129
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
2009-11-18 11:09:20 +01:00
d6958d7660
crypt32: Trace reasons for name constraint failure.
2009-11-18 11:09:08 +01:00
1db8a6abda
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
2009-11-18 11:09:02 +01:00
a63affe5e0
crypt32: Don't apply directory name constraints to an empty subject name.
2009-11-18 11:08:55 +01:00
c464875a6d
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
2009-11-18 11:08:49 +01:00
d6f7d06cad
crypt32: Check email address in subject name against rfc822 name constraints.
2009-11-18 11:08:44 +01:00
e4c03521ac
crypt32: Apply name constraints to subject name.
2009-11-18 11:08:37 +01:00
6f35ae25b8
crypt32: Use helper function to compare a subject alternate name with name constraints.
2009-11-18 11:08:32 +01:00
a98dad4f93
crypt32: Only apply a name constraint if the name form is present.
2009-11-18 11:08:25 +01:00
f6d3348b7c
crypt32: Partially implement checking name constraints with directory names.
2009-11-18 11:08:20 +01:00
7c44544a6d
crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.
2009-11-18 11:08:14 +01:00
9a40de08de
crypt32: Let caller set error codes when name constraints aren't met.
2009-11-18 11:08:08 +01:00
f8044948ba
crypt32: Remove an unnecessary if.
2009-11-18 11:08:01 +01:00
8585203103
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
2009-11-18 11:07:53 +01:00
a299470622
crypt32/tests: Fix another test failure.
2009-11-17 15:14:53 +01:00
440c702ce4
crypt32: Implement CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
ed74536f0c
crypt32: Add tests for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
7d12294f08
crypt32: Add stub for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
4a948fa929
crypt32: Add more tests for CertCompareCertificateName.
2009-11-17 15:14:53 +01:00
Juan Lang