Commit Graph

1630 Commits

Author SHA1 Message Date
Juan Lang c232af490e crypt32: Add stub for CERT_STORE_CTRL_AUTO_RESYNC of registry stores. 2010-05-17 12:42:31 +02:00
Gerald Pfeifer 52ead99288 crypt32/tests: Remove variable entry which is not really used from test_decodeCRLToBeSigned. 2010-05-05 10:52:03 +02:00
Gerald Pfeifer abae415487 crypt32/tests: Tighten tests in testPortPublicKeyInfo. 2010-05-03 16:48:56 +02:00
Alexandre Julliard 87416f5a3b crypt32: Fix computation of structure sizes in CRYPT_AsnDecodeSequence. 2010-04-07 23:07:43 +02:00
Gerald Pfeifer ca41486b8a crypt32: Fix type of empty in encodeBase64W(). 2010-03-26 10:32:23 +01:00
Juan Lang 7eb61a6e5c crypt32: Use an empty string as a separator when no separator is desired to avoid special cases for NULL. 2010-03-24 21:15:31 +01:00
Juan Lang 67bf4dc62e crypt32: Fix overestimating size required for base64-encoded strings. 2010-03-22 10:42:41 +01:00
Alexandre Julliard bef5645eb1 makefiles: Remove the no longer needed explicit separators for dependencies. 2010-03-16 13:28:19 +01:00
Juan Lang 51ab77a90a crypt32: Add support for the anyPolicy certificate policy. 2010-03-16 11:30:12 +01:00
Juan Lang ffba84b161 crypt32: Switch to use the AES provider by default. 2010-03-16 11:29:53 +01:00
Juan Lang a729e10a18 crypt32: Add constants to support SHA-256, SHA-384, and SHA-512. 2010-03-16 11:29:48 +01:00
Reece Dunn a15dbfac22 crypt32: Fix CryptFreeTls when calling with a freed index. 2010-03-03 11:50:04 +01:00
Alexandre Julliard 6164ce2d82 makefiles: Use the standard C_SRCS variable as the list of test files.
This enables it to be auto-updated by make_makefiles.
2010-02-22 10:47:11 +01:00
Michael Stefaniuc 0a866d0e45 crypt32: Avoid using HIWORD() on a string pointer.
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
Igor Paliychuk 17f674c2e7 crypt32: Add Ukrainian translations. 2010-01-28 12:16:37 +01:00
Michael Stefaniuc b4448d9b77 crypt32/tests: Add a win_skip(). 2010-01-20 15:29:50 +01:00
Juan Lang 4e18ac601f crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain). 2009-12-21 15:01:22 +01:00
Juan Lang 048594854a crypt32: Check authority key identifer extension to determine if a certificate is self-signed. 2009-12-18 11:39:58 +01:00
Amine Khaldi e402260db4 crypt32: Remove an unneeded assignment. 2009-12-17 12:42:39 +01:00
Amine Khaldi 483d241559 crypt32: Remove unneeded assignments. 2009-12-16 12:21:12 +01:00
Juan Lang 01a7cbf843 crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested. 2009-12-11 17:47:30 +01:00
Juan Lang 7a610a9072 crypt32: Fix CertAddCTLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:12 +01:00
Juan Lang c7609f3c55 crypt32: Fix CertAddCRLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:09 +01:00
Juan Lang 0444cd93c4 crypt32: Don't dereference an output pointer which may be NULL. 2009-12-11 11:50:03 +01:00
Juan Lang 1740d9fe44 crypt32: Trace chain final error status. 2009-12-11 11:49:56 +01:00
Alexandre Julliard 4f83f9a120 crypt32/tests: Avoid size_t in traces. 2009-12-09 12:19:38 +01:00
Juan Lang 4df042b54b crypt32: Compare CRL's authority key identifier against the certificate's subject key identifier property, which also decodes the certificate's extension if necessary. 2009-12-09 12:02:43 +01:00
Francois Gouget d1e592ad20 crypt32/tests: Fix compilation on systems that don't support nameless unions. 2009-12-08 17:42:25 +01:00
Juan Lang bab1c652ae crypt32/tests: Fix memory leak in test. 2009-12-07 09:49:07 +01:00
Juan Lang cdbf6e8614 crypt32/tests: Don't pass as a parameter a variable that could be local. 2009-12-07 09:49:07 +01:00
Juan Lang 6acd82fa79 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-04 12:01:16 +01:00
Juan Lang 91fbdb561a crypt32: The KeyId member of an authority key identifier is an octet string, not an integer. 2009-12-03 10:16:53 +01:00
Juan Lang 865669eeb3 crypt32: Fix test failures on Win2k. 2009-12-03 10:11:54 +01:00
Juan Lang 63383baed4 crypt32: Fix test failure on Win7. 2009-12-03 10:11:46 +01:00
Juan Lang 596cd16fc4 crypt32: Only check revocation on a chain without other errors. 2009-12-03 10:11:33 +01:00
Alexandre Julliard b402b78780 rsaenh: Fix padding bytes check for 0-byte payload. 2009-12-02 14:59:56 +01:00
Juan Lang 9f5a554de0 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-02 12:18:02 +01:00
Juan Lang 9c56314e3d crypt32: Further fix test failures. 2009-12-02 12:12:50 +01:00
Juan Lang 6b8c053218 crypt32: Fix test failures. 2009-12-01 12:24:00 +01:00
Juan Lang 90c160c3d8 crypt32: Revert 8ed5a777de.
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce.  The tests check the state of three bits with a variety of
certificate and CRL combinations.  One of these bits is apparently not
set by any version of Windows for any of the tests.  Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second.  Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.

The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked.  I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set.  It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog.  The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it.  I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang f2040b7725 crypt32: Don't copy past end of buffer when removing a string from a multi string. 2009-11-30 12:57:39 +01:00
Juan Lang b2ab45b78b crypt32: Only match RDN attributes whose lengths are identical. 2009-11-21 14:31:46 +01:00
Juan Lang 8e51a866b7 crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match. 2009-11-21 14:31:46 +01:00
Juan Lang 7dee971809 crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Juan Lang 8646c39bdb crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer. 2009-11-21 14:31:46 +01:00
Juan Lang 6bc8237c63 crypt32/tests: Test one more certificate against the Verisign CRL. 2009-11-21 14:31:46 +01:00
Juan Lang 22206b909a crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Ken Thomases 3921454398 crypt32: Read trusted root certificates from system keychain on Mac OS X. 2009-11-21 14:31:45 +01:00
Juan Lang eee179206e crypt32/tests: Fix tests on Win9x/ME. 2009-11-21 14:31:44 +01:00
Juan Lang 1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 30de103485 crypt32: Only trace a usage match if it's not empty. 2009-11-21 14:31:44 +01:00
Juan Lang e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 9d9070ae3c crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate. 2009-11-20 11:15:11 +01:00
Juan Lang f378394acd crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension. 2009-11-20 11:15:06 +01:00
Juan Lang bcbfddd82a crypt32: Fix tests on older Windows versions. 2009-11-20 11:15:01 +01:00
Juan Lang a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang 9e1d31e5e5 crypt32: Fix a typo. 2009-11-20 11:14:47 +01:00
Juan Lang 8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang 27128bb2f8 crypt32: Add more tests for CertVerifyRevocation. 2009-11-20 11:14:00 +01:00
Juan Lang 8fcaa52d5d crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. 2009-11-19 11:49:59 +01:00
Juan Lang b278155616 crypt32: Add more tests for CertFindCRLInStore. 2009-11-19 11:49:53 +01:00
Juan Lang 4727212e01 crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore. 2009-11-19 11:49:46 +01:00
Juan Lang 8beed85a2c crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY. 2009-11-19 11:49:40 +01:00
Juan Lang c84c53b1a6 crypt32: More fully implement CertIsValidCRLForCertificate. 2009-11-19 11:49:33 +01:00
Juan Lang e5c56b1798 crypt32: Correct tests for CertIsValidCRLForCertificate. 2009-11-19 11:49:21 +01:00
Juan Lang b16a78baa7 crypt32: Remove a redundant test. 2009-11-19 11:49:14 +01:00
Juan Lang 4fa4f67c79 crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:09 +01:00
Juan Lang a3b462e3ea crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:05 +01:00
Paul Vriens 7f5b24ed91 crypt32/tests: Fix a test failure on older crypt32. 2009-11-18 15:34:14 +01:00
Juan Lang 96073d5129 crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates. 2009-11-18 11:09:20 +01:00
Juan Lang d6958d7660 crypt32: Trace reasons for name constraint failure. 2009-11-18 11:09:08 +01:00
Juan Lang 1db8a6abda crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match. 2009-11-18 11:09:02 +01:00
Juan Lang a63affe5e0 crypt32: Don't apply directory name constraints to an empty subject name. 2009-11-18 11:08:55 +01:00
Juan Lang c464875a6d crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint. 2009-11-18 11:08:49 +01:00
Juan Lang d6f7d06cad crypt32: Check email address in subject name against rfc822 name constraints. 2009-11-18 11:08:44 +01:00
Juan Lang e4c03521ac crypt32: Apply name constraints to subject name. 2009-11-18 11:08:37 +01:00
Juan Lang 6f35ae25b8 crypt32: Use helper function to compare a subject alternate name with name constraints. 2009-11-18 11:08:32 +01:00
Juan Lang a98dad4f93 crypt32: Only apply a name constraint if the name form is present. 2009-11-18 11:08:25 +01:00
Juan Lang f6d3348b7c crypt32: Partially implement checking name constraints with directory names. 2009-11-18 11:08:20 +01:00
Juan Lang 7c44544a6d crypt32: Use helper functions to match excluded and permitted subtrees of name constraints. 2009-11-18 11:08:14 +01:00
Juan Lang 9a40de08de crypt32: Let caller set error codes when name constraints aren't met. 2009-11-18 11:08:08 +01:00
Juan Lang f8044948ba crypt32: Remove an unnecessary if. 2009-11-18 11:08:01 +01:00
Juan Lang 8585203103 crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree. 2009-11-18 11:07:53 +01:00
Juan Lang a299470622 crypt32/tests: Fix another test failure. 2009-11-17 15:14:53 +01:00
Juan Lang 440c702ce4 crypt32: Implement CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang ed74536f0c crypt32: Add tests for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 7d12294f08 crypt32: Add stub for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 4a948fa929 crypt32: Add more tests for CertCompareCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 1974e61b59 crypt32: Correctly match subdomains with dns name constraints. 2009-11-17 12:05:11 +01:00
Juan Lang b74ef17efc crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact. 2009-11-17 12:05:04 +01:00
Juan Lang e82005fe2d crypt32: Only compare the hostname portion of a URL when checking against a name constraint. 2009-11-17 12:04:58 +01:00
Juan Lang 3c8a04f12f crypt32: Include name constraints errors in the chain's error status. 2009-11-17 12:04:52 +01:00
Juan Lang f9ad32f0ad crypt32: Trace method used to find an issuer. 2009-11-17 12:04:46 +01:00
Juan Lang 8adc75b3ec crypt32: Fix more test failures. 2009-11-16 11:34:31 +01:00
Juan Lang f6c4824675 crypt32: Update a comment. 2009-11-16 11:34:04 +01:00
Juan Lang c4b997bab3 crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met. 2009-11-16 11:33:58 +01:00
Juan Lang 9aee8fd556 crypt32: Fix test failures. 2009-11-13 11:52:25 +01:00
Juan Lang 21ecc84620 crypt32: Accept any matching dNSName in a subject alternate name. 2009-11-13 11:52:25 +01:00
Juan Lang 95a14deff9 crypt32: Add tests for cs.stanford.edu's chain. 2009-11-13 11:52:25 +01:00
Juan Lang d311cc9bdb crypt32: Use broken() to mark an expected result from a broken version of crypt32. 2009-11-13 11:52:25 +01:00
Juan Lang b91d0c8bde crypt32: Implement matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang e740672647 crypt32: Test matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang a29789e0bf crypt32: Add openssl.org's cert to the tested chains. 2009-11-13 11:52:24 +01:00
Juan Lang 574de15f51 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:38 +01:00
Juan Lang ba3433fa02 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:32 +01:00
Juan Lang 4d2c9c3e87 crypt32/tests: Fix test failures. 2009-11-12 13:11:25 +01:00
Juan Lang d7c9bd13a2 crypt32: Fix test failures on multiple Windows versions. 2009-11-11 10:55:51 +01:00
Juan Lang 300d5fe5c4 crypt32: Correct error when a matching name constraint is found. 2009-11-11 10:55:44 +01:00
Juan Lang 0cf2e6fae6 crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID. 2009-11-11 10:55:36 +01:00
Juan Lang bdbee82c42 crypt32: Trace cert version. 2009-11-11 10:54:38 +01:00
Juan Lang 0695b0dc73 crypt32: Fix test failures across Windows versions. 2009-11-11 10:54:24 +01:00
Juan Lang 49c1a34721 crypt32: Fix some test failures on older crypt32 versions. 2009-11-11 10:54:12 +01:00
Juan Lang 7eb33b18da crypt32: Update a comment to reflect a fixed vulnerability. 2009-11-11 10:53:56 +01:00
Juan Lang ee02d43731 crypt32: Correct error when a constrained, permitted name type isn't found in the subject name. 2009-11-10 13:08:31 +01:00
Juan Lang 2503e9ec73 crypt32: Use helper function to find the subject alternate name extension wherever it's needed. 2009-11-10 13:08:26 +01:00
Juan Lang ae6e884142 crypt32: Correct error when the subject alternate name can't be decoded. 2009-11-10 13:08:20 +01:00
Juan Lang 865f3df35b crypt32: Check the issued certificate for name constraint violations, not the issuing certificate. 2009-11-10 13:08:14 +01:00
Juan Lang ef6ce9a590 crypt32: Add more tests of name constraints. 2009-11-10 13:08:06 +01:00
Juan Lang a5361e45de crypt32: Test more chains against different policies. 2009-11-10 13:07:35 +01:00
Juan Lang 25e8f27817 crypt32: Disallow embedded NULLs in alternate names. 2009-11-10 13:07:28 +01:00
Juan Lang ddf78bdb38 crypt32: Test decoding alternate names with embedded NULLs. 2009-11-10 13:07:21 +01:00
Juan Lang 6a3901f04b crypt32: Test encoding and decoding name values with embedded NULLs. 2009-11-10 13:07:15 +01:00
Juan Lang 216df7a714 crypt32: Reject certificates whose fields don't match their versions. 2009-11-10 13:07:07 +01:00
Juan Lang 9fe6be454f crypt32: Forbid minimum or maximum fields in name constraints. 2009-11-10 13:07:00 +01:00
Juan Lang e7404ba24f crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:40 +01:00
Juan Lang 6cefdef501 crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:35 +01:00
Marcus Meissner c25753ece2 crypt32: Pass the correct pointer into CertificateFindStore. 2009-11-09 20:21:23 +01:00
Juan Lang 267e890220 crypt32: Fix test failures on Win9x/NT4. 2009-11-09 19:58:40 +01:00
Juan Lang fbcce9f308 crypt32: Implement decoding cert policy constraints. 2009-11-09 19:58:34 +01:00
Juan Lang 32ad424972 crypt32: Implement encoding cert policy constraints. 2009-11-09 19:58:28 +01:00
Juan Lang ae32f7bffc crypt32: Add tests for encoding/decoding cert policy constraints. 2009-11-09 19:58:20 +01:00
Juan Lang 7e7e73d0da crypt32: Implement decoding cert policy mappings. 2009-11-09 19:58:13 +01:00
Juan Lang bf5e4d9bb7 crypt32: Implement encoding cert policy mappings. 2009-11-09 19:58:07 +01:00
Juan Lang fba863ddf0 crypt32: Add tests for encoding/decoding cert policy mappings. 2009-11-09 19:57:59 +01:00
Juan Lang ed9a4ffa0b crypt32: Fix decoding cert issuer/subject unique ids. 2009-11-09 19:57:51 +01:00
Juan Lang 4ccafdcb6f crypt32: Fix encoding cert issuer/subject unique ids. 2009-11-09 19:57:45 +01:00
Juan Lang acfa433f15 crypt32: Add more tests of cert encoding/decoding. 2009-11-09 19:57:37 +01:00
Paul Chitescu 7223d8b6d2 crypt32: Check the result of CryptAcquireContextW() when initializing default provider. 2009-11-09 19:37:00 +01:00
Juan Lang 5274777b1c crypt32: Permit lack of basic constraints extension on root certificates. 2009-11-09 19:34:36 +01:00
Juan Lang d94e4d315a crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011, although it
updates the comments to give a reason.  Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang c52d110de1 crypt32: Don't free a file store's mem store, it's already freed by the provider store. 2009-11-05 11:57:58 +01:00
Juan Lang a16ca1d039 crypt32: Add a warning if a store's ref count is invalid. 2009-11-05 11:57:47 +01:00
Juan Lang 88e599c4cf crypt32: Don't copy past end of buffer when removing the last string in a multistring. 2009-11-05 11:57:41 +01:00
Juan Lang e1b2eb3485 crypt32: Fix a test failure on NT 4. 2009-11-05 11:57:13 +01:00
Juan Lang 416cd484b2 crypt32: Implement CertStoreControl for collection stores. 2009-11-04 17:15:07 +01:00
Juan Lang 33c70d35dd crypt32: Add an implementation of CertControlStore for memory stores. 2009-11-04 17:15:02 +01:00
Juan Lang e6047ae52d crypt32: Add tests of committing a collection store. 2009-11-04 17:14:53 +01:00
Juan Lang f8376b91da crypt32: Eliminate a double free in the tests. 2009-11-04 16:45:18 +01:00
Juan Lang 108f30bb7d crypt32: Rename a function to reflect its behavior better, and return whether it succeeds. 2009-11-04 16:45:18 +01:00
Juan Lang 7e1cff1c18 crypt32: Release contexts when removing them from the mem store. 2009-11-04 16:45:18 +01:00