Commit Graph

192 Commits

Author SHA1 Message Date
Juan Lang 33a6235053 crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally. 2009-10-30 11:26:06 +01:00
Juan Lang 552fec4002 crypt32: Add basic constraints to chain quality selection algorithm. 2009-10-30 11:24:23 +01:00
Juan Lang c310637f4f crypt32: Remove redundant if clause. 2009-10-30 11:24:10 +01:00
Juan Lang 9059892ec1 crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL. 2009-10-29 13:07:53 +01:00
Juan Lang 24399bd359 crypt32: Support IPv6 addresses in name constraint comparison. 2009-10-29 13:07:20 +01:00
Juan Lang bcb4bc6be3 crypt32: Trace netscape cert type extension. 2009-10-29 13:07:14 +01:00
Juan Lang d664edb322 crypt32: Trace directory name of alt name entries. 2009-10-29 13:07:08 +01:00
Juan Lang 6a575d697e crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present. 2009-10-29 13:06:56 +01:00
Juan Lang 1e953ef12e crypt32: Trace the alt name extensions. 2009-10-29 13:06:49 +01:00
Juan Lang bf42ce9c90 crypt32: Trace name constraints extension. 2009-10-29 13:06:42 +01:00
Juan Lang 777ea81c48 crypt32: Trace cert policies extension. 2009-10-29 13:06:35 +01:00
Juan Lang 994d7ed40d crypt32: Trace enhanced key usage extension. 2009-10-29 13:06:25 +01:00
Juan Lang cf9491a5a3 crypt32: Move tracing of key usage extension to common extension tracing location. 2009-10-26 11:16:54 +01:00
Juan Lang 7fa618aa8e crypt32: Check key usage during chain validation. 2009-10-21 16:21:53 +02:00
Juan Lang cbabc9d689 crypt32: Get CA flag from basic constraints extension of every cert in the chain. 2009-10-21 16:21:40 +02:00
Juan Lang f348e3feb7 crypt32: Check basic constraints extension for end certs too. 2009-10-21 16:21:36 +02:00
Juan Lang 87405ade02 crypt32: Add a safe default for unsupported critical extensions. 2009-10-20 13:46:55 +02:00
Hans Leidekker 2f112cf5ee crypt32: CertGetCertificateChain does not validate the size of the CERT_CHAIN_PARA structure. 2009-09-22 16:20:58 +02:00
Andrew Talbot 5a981c3a64 crypt32: Constify some variables. 2009-06-12 17:33:14 +02:00
Juan Lang 4817fbc362 crypt32: Avoid reading freed memory when encountering a cyclic chain. 2009-02-25 12:37:06 +01:00
Francois Gouget 443fdf2731 crypt32: Merge two traces. 2009-02-18 12:17:29 +01:00
Juan Lang b5d1bfe5ba crypt32: Set the info status on the last element of a chain even if its issuer can't be found. 2009-02-12 11:53:22 +01:00
Juan Lang 913affe4ef crypt32: Don't assume intermediate certificates are allowed to be CAs. 2009-02-12 11:53:18 +01:00
Juan Lang ad2ea9d9cf crypt32: Change some traces to the chain channel. 2009-02-12 11:53:10 +01:00
Juan Lang e7dd46b807 crypt32: Add chain debugging channel for debugging certificate chaining errors. 2009-02-12 11:53:01 +01:00
Michael Stefaniuc 4eaaa913f8 crypt32: Remove some more superfluous pointer casts. 2009-01-26 14:31:08 +01:00
Juan Lang 558057b4b2 crypt32: Fix chain error status when a cert's issuer can't be found. 2008-10-31 12:57:25 +01:00
Juan Lang 39a7d40413 crypt32: Fix frequency with which chains are checked for cycles. 2008-10-30 11:29:37 +01:00
Juan Lang 0556e9d966 crypt32: Correct trust error status for cyclic chains. 2008-10-23 12:13:25 +02:00
Juan Lang eeec9bf349 crypt32: Correct another chain status discrepancy with Windows. 2008-10-17 20:17:11 +02:00
Juan Lang 25698f8938 crypt32: Microsoft fixed a bug with name constraints, so make Wine's behavior match. 2008-10-17 20:17:08 +02:00
Juan Lang cb341f3717 crypt32: Fix error handling for cyclic chains. 2008-10-09 12:29:44 +02:00
Juan Lang 71e394fb89 crypt32: Fix typo. Fixes Coverity item 605. 2008-09-10 10:40:43 +02:00
Michael Karcher 0ed076ab5c crypt32: Remove duplicate MS test root key. 2008-06-30 15:11:12 +02:00
Erik de Castro Lopo 0ef69ef9dd crypt32: Use LOWORD on LPCSTR type instead of casting to int. 2008-04-25 11:34:53 +02:00
Andrew Talbot 70c4b66781 crypt32: Assign to structs instead of using memcpy. 2008-02-15 12:05:47 +01:00
Michael Stefaniuc 3e005ce915 crypt32: Do not use an empty body in an else-statement as documentation. 2007-12-10 12:35:56 +01:00
Juan Lang 329761e7e1 crypt32: Fix a leak building an alternate chain. 2007-11-02 12:21:58 +01:00
Juan Lang fc14728efc crypt32: Fix a leak during chain creation. 2007-11-02 12:21:47 +01:00
Juan Lang 912c3e609b crypt32: Implement cert chain revocation checking. 2007-10-24 12:33:39 +02:00
Juan Lang 9ae5ef6641 crypt32: Set lower quality chain count and pointer to 0 when freeing them. 2007-10-19 14:21:46 +02:00
Juan Lang 5d6feab0e2 crypt32: Don't keep a pointer to the lower quality chains when choosing a higher quality one, otherwise they'll get double-freed. 2007-10-19 14:21:42 +02:00
Juan Lang 7a0905128d crypt32: Always set pPolicyStatus->dwError. 2007-10-17 13:40:41 +02:00
Juan Lang 136f033158 crypt32: Implement CertVerifyCertificateChain for the Microsoft root policy. 2007-10-16 09:35:53 +02:00
Juan Lang 9908fe9ac6 crypt32: Implement name constraint checking. 2007-10-11 22:23:58 +02:00
Juan Lang a5833ac9f4 crypt32: Set subject's info status from method used to find issuer. 2007-09-12 11:33:11 +02:00
Juan Lang 54428bfb99 crypt32: Pass subject's info status when adding an issuer to a chain. 2007-09-12 11:33:11 +02:00
Juan Lang 5c8254886f crypt32: Only decode authority key ID in subject cert once when looking for issuer. 2007-09-12 11:33:11 +02:00
Juan Lang 05492ae907 crypt32: (Re)introduce helper function to get issuer certificate. 2007-09-12 11:33:11 +02:00
Francois Gouget b7bf91f5e8 crypt32: Fix the I_Crypt*Asn1*() prototypes. Add the i_cryptasn1tls.h header and use it. 2007-09-12 11:33:10 +02:00
Juan Lang 039beff441 crypt32: Implement CertVerifyCertificateChainPolicy for the basic constraints policy. 2007-09-11 12:36:41 +02:00
Juan Lang 5f06293eb1 crypt32: Implement CertVerifyCertificateChainPolicy for the authenticode policy. 2007-09-11 12:36:34 +02:00
Juan Lang b56f0c5b68 crypt32: Implement CertVerifyCertificateChainPolicy for the base policy. 2007-09-11 12:36:27 +02:00
Juan Lang 91c76955e7 crypt32: Add a stub for CertVerifyCertificateChainPolicy. 2007-09-11 12:36:10 +02:00
Juan Lang 391f826d49 crypt32: Add a function to create a certificate chain engine potentially before the root store is created. 2007-09-11 11:50:23 +02:00
Juan Lang 5e674f3580 crypt32: Consider alternate issuers when building chains. 2007-09-10 15:50:01 +02:00
Juan Lang 1fc8c60788 crypt32: Flags weren't set, so don't bother passing them. 2007-09-10 15:49:55 +02:00
Juan Lang a040dd22e7 crypt32: Defer checking signatures until chain is complete. 2007-09-10 15:49:50 +02:00
Juan Lang 56d4a3c392 crypt32: Don't ask CertGetIssuerCertificateFromStore to verify revocation status, it almost certainly doesn't do what we want. 2007-09-10 15:49:44 +02:00
Juan Lang dfd2d3d9bc crypt32: Don't abort chain creation if the root signature isn't valid. 2007-09-10 15:49:38 +02:00
Juan Lang 5b02947937 crypt32: Add special case for certificates with no signature algorithm. 2007-09-10 15:49:31 +02:00
Juan Lang 69834b16ac crypt32: Set *ppChainContext even on error. 2007-09-10 15:49:13 +02:00
Juan Lang c4e07a5bfc crypt32: Separate allocating a simple chain and checking it from building it. 2007-09-10 15:49:01 +02:00
Juan Lang a82b36ac98 crypt32: Store world store in chain. 2007-09-10 15:48:55 +02:00
Juan Lang 818634d69a crypt32: Not finding an issuer shouldn't cause chain creation to fail. 2007-09-10 15:48:49 +02:00
Juan Lang 8698a598fc crypt32: Don't add end cert's store to world. 2007-09-10 15:48:43 +02:00
Juan Lang e9ee8c8717 crypt32: Open world store when creating chain, not when building a simple chain. 2007-09-10 15:48:35 +02:00
Juan Lang 1a059879bf crypt32: Make a helper function to create initial candidate chain. 2007-09-10 15:48:27 +02:00
Juan Lang 6c9b788fb8 crypt32: Check path length constraint on a chain. 2007-08-31 19:12:38 +02:00
Juan Lang 14b0df1fef crypt32: Set error status on issued certificate, not on issuer. 2007-08-31 19:12:33 +02:00
Juan Lang 1ce46d5e4a crypt32: Check whether each signing certificate can be a CA. 2007-08-31 19:12:28 +02:00
Juan Lang 51948b0c98 crypt32: Check time of each element in chain against requested time. 2007-08-31 19:12:23 +02:00
Juan Lang d06a24517f crypt32: Time validity nesting doesn't appear to be checked, so don't check it. 2007-08-31 19:12:18 +02:00
Juan Lang 03d76d97ec crypt32: Correct combining trust status of a chain's elements into the chain's trust status. 2007-08-31 19:12:12 +02:00
Juan Lang c39696eb14 crypt32: Don't fail chain creation if signature doesn't match. 2007-08-31 19:12:04 +02:00
Juan Lang 1540f24e92 crypt32: Don't fail chain creation if root isn't self-signed. 2007-08-31 19:11:53 +02:00
Juan Lang b8b787a810 crypt32: Halt chain creation when a cycle is detected. 2007-08-31 19:11:46 +02:00
Juan Lang 51a9d208ee crypt32: Implement CertDuplicateCertificateChain. 2007-08-31 19:11:41 +02:00
Juan Lang 3ef4c7e1cc crypt32: Remove unneeded WINAPI from internal function. 2007-08-31 19:11:35 +02:00
Juan Lang 0dc82780ca crypt32: Free lower quality chain contexts. 2007-08-31 19:11:30 +02:00
Juan Lang a4e88cb644 crypt32: Check chain root's trusted status regardless of whether its signature is valid. 2007-08-31 19:11:25 +02:00
Juan Lang 8cd7abf1be crypt32: Properly reference count certificate contexts referenced by a chain. 2007-08-31 19:11:19 +02:00
Juan Lang 45eef63a35 crypt32: Add a default cycle detection modulus. 2007-08-31 19:11:11 +02:00
Juan Lang cf2047fd72 crypt32: The preferred issuer flag appears to be a bug in XP, so don't set it. 2007-08-31 19:11:06 +02:00
Juan Lang eda48d8868 crypt32: Set trust status on root element in chain. 2007-08-29 11:59:34 +02:00
Juan Lang 9a58b30819 crypt32: Initial implementation of CertGetCertificateChain and CertFreeCertificateChain. 2007-08-15 10:43:32 +02:00
Juan Lang 0b2b1f8881 crypt32: Set output chain to NULL. 2007-08-15 10:42:53 +02:00
Juan Lang 466d8a01a5 crypt32: Add stub for CertFreeCertificateChain. 2007-08-15 10:42:48 +02:00
Juan Lang 1547f39800 crypt32: Move CertGetCertificateChain to chain.c. 2007-08-15 10:42:42 +02:00
James Hawkins d813d8db1b crypt32: Make an internal function static. 2006-10-12 11:35:11 +02:00
Juan Lang 0624ba1b2e crypt32: Don't crash on freeing null chain engine. 2006-09-21 11:16:10 +02:00
Juan Lang b633d6a382 crypt32: Implement CertCreateCertificateChainEngine and CertFreeCertificateChainEngine. 2006-08-15 12:57:37 +02:00