Commit Graph

1716 Commits

Author SHA1 Message Date
Igor Paliychuk 17f674c2e7 crypt32: Add Ukrainian translations. 2010-01-28 12:16:37 +01:00
Michael Stefaniuc b4448d9b77 crypt32/tests: Add a win_skip(). 2010-01-20 15:29:50 +01:00
Juan Lang 4e18ac601f crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain). 2009-12-21 15:01:22 +01:00
Juan Lang 048594854a crypt32: Check authority key identifer extension to determine if a certificate is self-signed. 2009-12-18 11:39:58 +01:00
Amine Khaldi e402260db4 crypt32: Remove an unneeded assignment. 2009-12-17 12:42:39 +01:00
Amine Khaldi 483d241559 crypt32: Remove unneeded assignments. 2009-12-16 12:21:12 +01:00
Juan Lang 01a7cbf843 crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested. 2009-12-11 17:47:30 +01:00
Juan Lang 7a610a9072 crypt32: Fix CertAddCTLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:12 +01:00
Juan Lang c7609f3c55 crypt32: Fix CertAddCRLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:09 +01:00
Juan Lang 0444cd93c4 crypt32: Don't dereference an output pointer which may be NULL. 2009-12-11 11:50:03 +01:00
Juan Lang 1740d9fe44 crypt32: Trace chain final error status. 2009-12-11 11:49:56 +01:00
Alexandre Julliard 4f83f9a120 crypt32/tests: Avoid size_t in traces. 2009-12-09 12:19:38 +01:00
Juan Lang 4df042b54b crypt32: Compare CRL's authority key identifier against the certificate's subject key identifier property, which also decodes the certificate's extension if necessary. 2009-12-09 12:02:43 +01:00
Francois Gouget d1e592ad20 crypt32/tests: Fix compilation on systems that don't support nameless unions. 2009-12-08 17:42:25 +01:00
Juan Lang bab1c652ae crypt32/tests: Fix memory leak in test. 2009-12-07 09:49:07 +01:00
Juan Lang cdbf6e8614 crypt32/tests: Don't pass as a parameter a variable that could be local. 2009-12-07 09:49:07 +01:00
Juan Lang 6acd82fa79 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-04 12:01:16 +01:00
Juan Lang 91fbdb561a crypt32: The KeyId member of an authority key identifier is an octet string, not an integer. 2009-12-03 10:16:53 +01:00
Juan Lang 865669eeb3 crypt32: Fix test failures on Win2k. 2009-12-03 10:11:54 +01:00
Juan Lang 63383baed4 crypt32: Fix test failure on Win7. 2009-12-03 10:11:46 +01:00
Juan Lang 596cd16fc4 crypt32: Only check revocation on a chain without other errors. 2009-12-03 10:11:33 +01:00
Alexandre Julliard b402b78780 rsaenh: Fix padding bytes check for 0-byte payload. 2009-12-02 14:59:56 +01:00
Juan Lang 9f5a554de0 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-02 12:18:02 +01:00
Juan Lang 9c56314e3d crypt32: Further fix test failures. 2009-12-02 12:12:50 +01:00
Juan Lang 6b8c053218 crypt32: Fix test failures. 2009-12-01 12:24:00 +01:00
Juan Lang 90c160c3d8 crypt32: Revert 8ed5a777de.
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce.  The tests check the state of three bits with a variety of
certificate and CRL combinations.  One of these bits is apparently not
set by any version of Windows for any of the tests.  Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second.  Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.

The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked.  I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set.  It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog.  The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it.  I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang f2040b7725 crypt32: Don't copy past end of buffer when removing a string from a multi string. 2009-11-30 12:57:39 +01:00
Juan Lang b2ab45b78b crypt32: Only match RDN attributes whose lengths are identical. 2009-11-21 14:31:46 +01:00
Juan Lang 8e51a866b7 crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match. 2009-11-21 14:31:46 +01:00
Juan Lang 7dee971809 crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Juan Lang 8646c39bdb crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer. 2009-11-21 14:31:46 +01:00
Juan Lang 6bc8237c63 crypt32/tests: Test one more certificate against the Verisign CRL. 2009-11-21 14:31:46 +01:00
Juan Lang 22206b909a crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Ken Thomases 3921454398 crypt32: Read trusted root certificates from system keychain on Mac OS X. 2009-11-21 14:31:45 +01:00
Juan Lang eee179206e crypt32/tests: Fix tests on Win9x/ME. 2009-11-21 14:31:44 +01:00
Juan Lang 1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 30de103485 crypt32: Only trace a usage match if it's not empty. 2009-11-21 14:31:44 +01:00
Juan Lang e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 9d9070ae3c crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate. 2009-11-20 11:15:11 +01:00
Juan Lang f378394acd crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension. 2009-11-20 11:15:06 +01:00
Juan Lang bcbfddd82a crypt32: Fix tests on older Windows versions. 2009-11-20 11:15:01 +01:00
Juan Lang a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang 9e1d31e5e5 crypt32: Fix a typo. 2009-11-20 11:14:47 +01:00
Juan Lang 8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang 27128bb2f8 crypt32: Add more tests for CertVerifyRevocation. 2009-11-20 11:14:00 +01:00
Juan Lang 8fcaa52d5d crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. 2009-11-19 11:49:59 +01:00
Juan Lang b278155616 crypt32: Add more tests for CertFindCRLInStore. 2009-11-19 11:49:53 +01:00
Juan Lang 4727212e01 crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore. 2009-11-19 11:49:46 +01:00
Juan Lang 8beed85a2c crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY. 2009-11-19 11:49:40 +01:00
Juan Lang c84c53b1a6 crypt32: More fully implement CertIsValidCRLForCertificate. 2009-11-19 11:49:33 +01:00
Juan Lang e5c56b1798 crypt32: Correct tests for CertIsValidCRLForCertificate. 2009-11-19 11:49:21 +01:00
Juan Lang b16a78baa7 crypt32: Remove a redundant test. 2009-11-19 11:49:14 +01:00
Juan Lang 4fa4f67c79 crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:09 +01:00
Juan Lang a3b462e3ea crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:05 +01:00
Paul Vriens 7f5b24ed91 crypt32/tests: Fix a test failure on older crypt32. 2009-11-18 15:34:14 +01:00
Juan Lang 96073d5129 crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates. 2009-11-18 11:09:20 +01:00
Juan Lang d6958d7660 crypt32: Trace reasons for name constraint failure. 2009-11-18 11:09:08 +01:00
Juan Lang 1db8a6abda crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match. 2009-11-18 11:09:02 +01:00
Juan Lang a63affe5e0 crypt32: Don't apply directory name constraints to an empty subject name. 2009-11-18 11:08:55 +01:00
Juan Lang c464875a6d crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint. 2009-11-18 11:08:49 +01:00
Juan Lang d6f7d06cad crypt32: Check email address in subject name against rfc822 name constraints. 2009-11-18 11:08:44 +01:00
Juan Lang e4c03521ac crypt32: Apply name constraints to subject name. 2009-11-18 11:08:37 +01:00
Juan Lang 6f35ae25b8 crypt32: Use helper function to compare a subject alternate name with name constraints. 2009-11-18 11:08:32 +01:00
Juan Lang a98dad4f93 crypt32: Only apply a name constraint if the name form is present. 2009-11-18 11:08:25 +01:00
Juan Lang f6d3348b7c crypt32: Partially implement checking name constraints with directory names. 2009-11-18 11:08:20 +01:00
Juan Lang 7c44544a6d crypt32: Use helper functions to match excluded and permitted subtrees of name constraints. 2009-11-18 11:08:14 +01:00
Juan Lang 9a40de08de crypt32: Let caller set error codes when name constraints aren't met. 2009-11-18 11:08:08 +01:00
Juan Lang f8044948ba crypt32: Remove an unnecessary if. 2009-11-18 11:08:01 +01:00
Juan Lang 8585203103 crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree. 2009-11-18 11:07:53 +01:00
Juan Lang a299470622 crypt32/tests: Fix another test failure. 2009-11-17 15:14:53 +01:00
Juan Lang 440c702ce4 crypt32: Implement CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang ed74536f0c crypt32: Add tests for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 7d12294f08 crypt32: Add stub for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 4a948fa929 crypt32: Add more tests for CertCompareCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 1974e61b59 crypt32: Correctly match subdomains with dns name constraints. 2009-11-17 12:05:11 +01:00
Juan Lang b74ef17efc crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact. 2009-11-17 12:05:04 +01:00
Juan Lang e82005fe2d crypt32: Only compare the hostname portion of a URL when checking against a name constraint. 2009-11-17 12:04:58 +01:00
Juan Lang 3c8a04f12f crypt32: Include name constraints errors in the chain's error status. 2009-11-17 12:04:52 +01:00
Juan Lang f9ad32f0ad crypt32: Trace method used to find an issuer. 2009-11-17 12:04:46 +01:00
Juan Lang 8adc75b3ec crypt32: Fix more test failures. 2009-11-16 11:34:31 +01:00
Juan Lang f6c4824675 crypt32: Update a comment. 2009-11-16 11:34:04 +01:00
Juan Lang c4b997bab3 crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met. 2009-11-16 11:33:58 +01:00
Juan Lang 9aee8fd556 crypt32: Fix test failures. 2009-11-13 11:52:25 +01:00
Juan Lang 21ecc84620 crypt32: Accept any matching dNSName in a subject alternate name. 2009-11-13 11:52:25 +01:00
Juan Lang 95a14deff9 crypt32: Add tests for cs.stanford.edu's chain. 2009-11-13 11:52:25 +01:00
Juan Lang d311cc9bdb crypt32: Use broken() to mark an expected result from a broken version of crypt32. 2009-11-13 11:52:25 +01:00
Juan Lang b91d0c8bde crypt32: Implement matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang e740672647 crypt32: Test matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang a29789e0bf crypt32: Add openssl.org's cert to the tested chains. 2009-11-13 11:52:24 +01:00
Juan Lang 574de15f51 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:38 +01:00
Juan Lang ba3433fa02 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:32 +01:00
Juan Lang 4d2c9c3e87 crypt32/tests: Fix test failures. 2009-11-12 13:11:25 +01:00
Juan Lang d7c9bd13a2 crypt32: Fix test failures on multiple Windows versions. 2009-11-11 10:55:51 +01:00
Juan Lang 300d5fe5c4 crypt32: Correct error when a matching name constraint is found. 2009-11-11 10:55:44 +01:00
Juan Lang 0cf2e6fae6 crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID. 2009-11-11 10:55:36 +01:00
Juan Lang bdbee82c42 crypt32: Trace cert version. 2009-11-11 10:54:38 +01:00
Juan Lang 0695b0dc73 crypt32: Fix test failures across Windows versions. 2009-11-11 10:54:24 +01:00
Juan Lang 49c1a34721 crypt32: Fix some test failures on older crypt32 versions. 2009-11-11 10:54:12 +01:00
Juan Lang 7eb33b18da crypt32: Update a comment to reflect a fixed vulnerability. 2009-11-11 10:53:56 +01:00
Juan Lang ee02d43731 crypt32: Correct error when a constrained, permitted name type isn't found in the subject name. 2009-11-10 13:08:31 +01:00
Juan Lang 2503e9ec73 crypt32: Use helper function to find the subject alternate name extension wherever it's needed. 2009-11-10 13:08:26 +01:00
Juan Lang ae6e884142 crypt32: Correct error when the subject alternate name can't be decoded. 2009-11-10 13:08:20 +01:00
Juan Lang 865f3df35b crypt32: Check the issued certificate for name constraint violations, not the issuing certificate. 2009-11-10 13:08:14 +01:00
Juan Lang ef6ce9a590 crypt32: Add more tests of name constraints. 2009-11-10 13:08:06 +01:00
Juan Lang a5361e45de crypt32: Test more chains against different policies. 2009-11-10 13:07:35 +01:00
Juan Lang 25e8f27817 crypt32: Disallow embedded NULLs in alternate names. 2009-11-10 13:07:28 +01:00
Juan Lang ddf78bdb38 crypt32: Test decoding alternate names with embedded NULLs. 2009-11-10 13:07:21 +01:00
Juan Lang 6a3901f04b crypt32: Test encoding and decoding name values with embedded NULLs. 2009-11-10 13:07:15 +01:00
Juan Lang 216df7a714 crypt32: Reject certificates whose fields don't match their versions. 2009-11-10 13:07:07 +01:00
Juan Lang 9fe6be454f crypt32: Forbid minimum or maximum fields in name constraints. 2009-11-10 13:07:00 +01:00
Juan Lang e7404ba24f crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:40 +01:00
Juan Lang 6cefdef501 crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:35 +01:00
Marcus Meissner c25753ece2 crypt32: Pass the correct pointer into CertificateFindStore. 2009-11-09 20:21:23 +01:00
Juan Lang 267e890220 crypt32: Fix test failures on Win9x/NT4. 2009-11-09 19:58:40 +01:00
Juan Lang fbcce9f308 crypt32: Implement decoding cert policy constraints. 2009-11-09 19:58:34 +01:00
Juan Lang 32ad424972 crypt32: Implement encoding cert policy constraints. 2009-11-09 19:58:28 +01:00
Juan Lang ae32f7bffc crypt32: Add tests for encoding/decoding cert policy constraints. 2009-11-09 19:58:20 +01:00
Juan Lang 7e7e73d0da crypt32: Implement decoding cert policy mappings. 2009-11-09 19:58:13 +01:00
Juan Lang bf5e4d9bb7 crypt32: Implement encoding cert policy mappings. 2009-11-09 19:58:07 +01:00
Juan Lang fba863ddf0 crypt32: Add tests for encoding/decoding cert policy mappings. 2009-11-09 19:57:59 +01:00
Juan Lang ed9a4ffa0b crypt32: Fix decoding cert issuer/subject unique ids. 2009-11-09 19:57:51 +01:00
Juan Lang 4ccafdcb6f crypt32: Fix encoding cert issuer/subject unique ids. 2009-11-09 19:57:45 +01:00
Juan Lang acfa433f15 crypt32: Add more tests of cert encoding/decoding. 2009-11-09 19:57:37 +01:00
Paul Chitescu 7223d8b6d2 crypt32: Check the result of CryptAcquireContextW() when initializing default provider. 2009-11-09 19:37:00 +01:00
Juan Lang 5274777b1c crypt32: Permit lack of basic constraints extension on root certificates. 2009-11-09 19:34:36 +01:00
Juan Lang d94e4d315a crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011, although it
updates the comments to give a reason.  Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang c52d110de1 crypt32: Don't free a file store's mem store, it's already freed by the provider store. 2009-11-05 11:57:58 +01:00
Juan Lang a16ca1d039 crypt32: Add a warning if a store's ref count is invalid. 2009-11-05 11:57:47 +01:00
Juan Lang 88e599c4cf crypt32: Don't copy past end of buffer when removing the last string in a multistring. 2009-11-05 11:57:41 +01:00
Juan Lang e1b2eb3485 crypt32: Fix a test failure on NT 4. 2009-11-05 11:57:13 +01:00
Juan Lang 416cd484b2 crypt32: Implement CertStoreControl for collection stores. 2009-11-04 17:15:07 +01:00
Juan Lang 33c70d35dd crypt32: Add an implementation of CertControlStore for memory stores. 2009-11-04 17:15:02 +01:00
Juan Lang e6047ae52d crypt32: Add tests of committing a collection store. 2009-11-04 17:14:53 +01:00
Juan Lang f8376b91da crypt32: Eliminate a double free in the tests. 2009-11-04 16:45:18 +01:00
Juan Lang 108f30bb7d crypt32: Rename a function to reflect its behavior better, and return whether it succeeds. 2009-11-04 16:45:18 +01:00
Juan Lang 7e1cff1c18 crypt32: Release contexts when removing them from the mem store. 2009-11-04 16:45:18 +01:00
Juan Lang df39bbba4f crypt32: Don't delete a context when removing it from a list. 2009-11-04 16:45:18 +01:00
Juan Lang 787d0ab564 crypt32: Add an error if the ref count is invalid when releasing a context. 2009-11-04 16:45:18 +01:00
Juan Lang 1f363cd399 crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel. 2009-11-04 16:45:18 +01:00
Juan Lang 17894eb093 crypt32: Release a link context's linked context on every release, not just when it reaches 0. 2009-11-04 16:45:17 +01:00
Juan Lang 52820b9cf8 crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too. 2009-11-04 16:45:17 +01:00
Juan Lang 5f81ad6821 crypt32: When add-ref'ing a context, add-ref its linked contexts too. 2009-11-04 16:45:17 +01:00
Juan Lang fb5e0d8a4d crypt32: When removing contexts from a list, make sure the context no longer references the list. 2009-11-04 16:45:17 +01:00
Juan Lang 976c6ff3f8 crypt32: Correct reference counting when deleting contexts from collections. 2009-11-04 16:45:17 +01:00
Juan Lang 92324ab38e crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore. 2009-11-04 16:45:17 +01:00
Juan Lang 40855cae97 crypt32: Add return value to Context_Release to allow detecting reference counting errors. 2009-11-04 16:45:16 +01:00
Juan Lang d8094382a8 crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W. 2009-11-04 16:45:16 +01:00
Juan Lang 9364d7a928 crypt32: Add stub for CertAddCertificateLinkToStore. 2009-11-04 13:07:56 +01:00
Juan Lang f554669286 crypt32: Implement CryptGetIntendedKeyUsage. 2009-11-04 13:07:56 +01:00
Juan Lang 6ac162231b crypt32: Add tests for CertGetIntendedKeyUsage. 2009-11-04 13:07:55 +01:00
Juan Lang 1c7c406b86 crypt32: Correct spec entries for certificate stores. 2009-11-03 21:31:33 +01:00
Juan Lang ed701e0787 crypt32: Add stub for CryptGetIntendedKeyUsage. 2009-11-03 21:31:28 +01:00
Juan Lang af3afcf81d crypt32: Fix a memory leak in a test. 2009-11-03 21:29:29 +01:00
Juan Lang 7a73fd97ad crypt32: Fix a memory leak reading trusted root certs. 2009-11-03 21:29:24 +01:00
Juan Lang 7dd75d1181 crypt32: Fix a memory leak querying a message object. 2009-11-03 21:29:19 +01:00
Juan Lang 9928e2e1c5 crypt32: Support reading a serialized store object from memory in CryptQueryObject. 2009-11-03 21:29:13 +01:00
Juan Lang 51a1f5a642 crypt32: Abstract function used to read from reading a serialized store. 2009-11-03 21:29:03 +01:00
Juan Lang 16036dd27a crypt32: Allow errors in locally installed root certs. 2009-11-03 21:18:30 +01:00
Juan Lang d6795bd908 crypt32: Trace contents of CERT_CHAIN_PARA. 2009-11-03 21:17:34 +01:00
Juan Lang fc0aff0d2e crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W. 2009-11-03 21:16:12 +01:00
Juan Lang 2d5ac92d9a crypt32: Partially implement CryptBinaryToStringW. 2009-11-03 21:15:55 +01:00
Juan Lang 9750d0f7f5 crypt32: Trace policy error status in CertVerifyCertificateChainPolicy. 2009-10-30 11:32:09 +01:00
Juan Lang c4ce06293c crypt32: Create a V1 certificate if it doesn't have extensions. 2009-10-30 11:32:04 +01:00
Juan Lang 07b735682b crypt32: Check CA certificates for the enhanced key usage extension. 2009-10-30 11:26:39 +01:00
Juan Lang 60770fb011 crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally. 2009-10-30 11:26:30 +01:00
Juan Lang 7b0297769d crypt32: Use a helper function to find an existing cert by hash. 2009-10-30 11:26:21 +01:00
Juan Lang 77472187c9 crypt32: Add key usage extension to chain4_0. 2009-10-30 11:26:15 +01:00
Juan Lang 33a6235053 crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally. 2009-10-30 11:26:06 +01:00
Juan Lang 552fec4002 crypt32: Add basic constraints to chain quality selection algorithm. 2009-10-30 11:24:23 +01:00
Juan Lang c310637f4f crypt32: Remove redundant if clause. 2009-10-30 11:24:10 +01:00
Juan Lang 9a13e1c70b crypt32: Add basic constraints to chain15_0. 2009-10-30 11:23:58 +01:00
Juan Lang 118374c081 crypt32: Add basic constraints to chain14_0. 2009-10-30 11:23:53 +01:00
Juan Lang 0bd67b4c6f crypt32: Add basic constraints and key usage to chain12_0. 2009-10-30 11:23:47 +01:00
Juan Lang 002439e2f0 crypt32: Add basic constraints and key usage to chain8_0. 2009-10-30 11:23:41 +01:00
Juan Lang 4557a8705b crypt32: Add basic constraints and key usage to chain5_0. 2009-10-30 11:23:35 +01:00
Juan Lang 86d6177215 crypt32: Add basic constraints and key usage to chain2_0. 2009-10-30 11:23:27 +01:00
Juan Lang 6bf0e52011 crypt32: Add basic constraints and key usage to chain0_0. 2009-10-30 11:23:22 +01:00
Juan Lang 9059892ec1 crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL. 2009-10-29 13:07:53 +01:00
Juan Lang 2fbb736e01 crypt32: Add some tests of the SSL policy. 2009-10-29 13:07:47 +01:00
Juan Lang facd2e975a crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters. 2009-10-29 13:07:39 +01:00
Juan Lang 3669be9550 crypt32: Add the Google website's cert to tests. 2009-10-29 13:07:33 +01:00
Juan Lang 24399bd359 crypt32: Support IPv6 addresses in name constraint comparison. 2009-10-29 13:07:20 +01:00
Juan Lang bcb4bc6be3 crypt32: Trace netscape cert type extension. 2009-10-29 13:07:14 +01:00
Juan Lang d664edb322 crypt32: Trace directory name of alt name entries. 2009-10-29 13:07:08 +01:00
Juan Lang 1a194449cc crypt32: Correct a prototype. 2009-10-29 13:07:03 +01:00
Juan Lang 6a575d697e crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present. 2009-10-29 13:06:56 +01:00
Juan Lang 1e953ef12e crypt32: Trace the alt name extensions. 2009-10-29 13:06:49 +01:00
Juan Lang bf42ce9c90 crypt32: Trace name constraints extension. 2009-10-29 13:06:42 +01:00
Juan Lang 777ea81c48 crypt32: Trace cert policies extension. 2009-10-29 13:06:35 +01:00
Juan Lang 994d7ed40d crypt32: Trace enhanced key usage extension. 2009-10-29 13:06:25 +01:00
Dan Kegel 5e25a23409 crypt32/tests: CryptUnprotectData: test zero-length payload. 2009-10-28 11:13:59 +01:00
Juan Lang 89c009a063 crypt32: Fix a test failure on systems with no c: drive. 2009-10-26 11:17:00 +01:00
Juan Lang cf9491a5a3 crypt32: Move tracing of key usage extension to common extension tracing location. 2009-10-26 11:16:54 +01:00
Juan Lang c593173d15 crypt32: Make sure item size is at least the min size, and only align sizes that are greater. 2009-10-23 12:00:23 +02:00
Juan Lang eea0d75ed5 crypt32: Fix test failures on older versions of crypt32. 2009-10-22 17:24:52 +02:00
Juan Lang 7fa618aa8e crypt32: Check key usage during chain validation. 2009-10-21 16:21:53 +02:00
Juan Lang f2057592bf crypt32: Add tests for key usage in the base policy. 2009-10-21 16:21:49 +02:00
Juan Lang a700e0556f crypt32: Add key usage extension to non-root CA certs. 2009-10-21 16:21:44 +02:00
Juan Lang cbabc9d689 crypt32: Get CA flag from basic constraints extension of every cert in the chain. 2009-10-21 16:21:40 +02:00
Juan Lang f348e3feb7 crypt32: Check basic constraints extension for end certs too. 2009-10-21 16:21:36 +02:00
Juan Lang e1903dc6e0 crypt32: Encode public keys with NULL parameters if they're empty (and make tests more restrictive). 2009-10-21 16:05:56 +02:00
Juan Lang d8ca5bc348 crypt32: Use helper function to encode public keys for hashing.
This is necessary because the publicly callable form embeds the asn.1
NULL value when the parameters are empty, whereas the hash value
expects that it's missing.
2009-10-21 16:05:56 +02:00
Juan Lang c97e442a28 crypt32: Add a helper function to encode a cert's public key. 2009-10-21 16:05:55 +02:00
Juan Lang 43182842cd crypt32: Set an output parameter on the success path. 2009-10-21 16:05:55 +02:00
Juan Lang dd26bee14c crypt32: Fix duplicating a NULL CTL context. 2009-10-21 16:05:55 +02:00
Juan Lang acc9d81f26 crypt32: Fix duplicating a NULL CRL context. 2009-10-21 16:05:54 +02:00
Juan Lang 1e424138fe crypt32: Implement CryptFindCertificateInStore for unicode strings. 2009-10-20 14:00:35 +02:00
Juan Lang af4b5303ba crypt32: Test CertFindCertificateStore for finding Unicode strings. 2009-10-20 14:00:35 +02:00
Juan Lang c0872b218c crypt32/tests: Get rid of a couple of certs unneeded by a test. 2009-10-20 14:00:35 +02:00
Juan Lang 87405ade02 crypt32: Add a safe default for unsupported critical extensions. 2009-10-20 13:46:55 +02:00
Francois Gouget d2cc5380db crypt32: Fix compilation on systems that don't support nameless unions. 2009-10-19 14:45:10 +02:00
Juan Lang 60140610e3 crypt32: Compare certificates in a consistent order. 2009-10-19 11:35:55 +02:00
Juan Lang 3740e4150b crypt32: Avoid repeatedly decoding authority key id extensions when searching for a cert's issuer. 2009-10-19 11:35:46 +02:00
Juan Lang b2d27097b5 crypt32: Introduce a helper function to search for certificates that doesn't require recreating the search key for every certificate. 2009-10-19 11:35:38 +02:00
Juan Lang e0a4404831 crypt32: Use helper function to search for certs. 2009-10-19 11:35:32 +02:00
Juan Lang 1437d7ccc2 crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption. 2009-10-19 11:35:23 +02:00
Juan Lang 3000bc200a crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption. 2009-10-19 11:35:14 +02:00
Juan Lang 5f317d702a crypt32: Fix an invalid alignment assumption decoding a subtree's maximum. 2009-10-19 11:35:04 +02:00
Juan Lang 4e300b6def crypt32: Simplify CRYPT_AsnDecodeIntInternal. 2009-10-19 11:34:51 +02:00
Juan Lang 7a33b61f34 crypt32: Don't pass CRYPT_DECODE_ALLOC_FLAG to array item decoders. 2009-10-16 13:40:08 +02:00
Juan Lang faa451628a crypt32: Let CRYPT_AsnDecodeArray allocate memory for its callers. 2009-10-15 12:06:21 +02:00
Juan Lang c5699e736f crypt32: Allocate memory if requested in CRYPT_AsnDecodeArray. 2009-10-15 12:06:21 +02:00
Juan Lang 3c25d7540f crypt32: Rename CRYPT_AsnDecodeArrayNoAlloc to CRYPT_AsnDecodeArray, and pass a CRYPT_DECODE_PARA * to it so that it can allocate memory if requested. 2009-10-15 12:06:21 +02:00
Juan Lang b1a1b32b59 crypt32: Decode enhanced key usages using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 36fc7b06b1 crypt32: Decode CRL dist points using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 155aa41d7c crypt32: Decode cert policies info using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang bba695cc3f crypt32: Decode authority info access with CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 1b1626ac81 crypt32: Decode unicode names using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 67ee87664e crypt32: Decode names using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang fd2a4c4330 crypt32: Correct a sequence item size. 2009-10-15 12:06:21 +02:00
Juan Lang 4f815c7d03 crypt32: Convert internal callers of CRYPT_AsnDecodeArray to call CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang a8f5934f44 crypt32: Pass decode flags to CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 136eedb9af crypt32: Further simplify calling CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:20 +02:00
Juan Lang 271b477171 crypt32: Let CRYPT_AsnDecodeArrayNoAlloc calculate array size rather than requiring every caller to do so. 2009-10-15 12:06:20 +02:00
Juan Lang c64f31087f crypt32: Simplify calling CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:20 +02:00
Juan Lang 3c14587e18 crypt32: Add array descriptor members describing offsets of outer structure. 2009-10-15 12:06:20 +02:00
Juan Lang 77cfb32360 crypt32: Simplify CRYPT_AsnDecodePKCSAttributes. 2009-10-15 12:06:20 +02:00
Juan Lang c7e3ea1484 crypt32: Explicitly pass array pointer when decoding CTL entry attributes rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang f5946e4acb crypt32: Explicitly pass array pointer when decoding cert policy qualifiers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 117ea9ee91 crypt32: Explicitly pass array pointer when decoding basic constraints' subtrees rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 6d74aac002 crypt32: Explicitly pass array pointer when decoding policy qualifier notice numbers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 362abb6fa9 crypt32: Remove a redundant trace. 2009-10-15 12:06:20 +02:00
Juan Lang 3270451ec0 crypt32: Explicitly pass array pointer when decoding CTL extensions rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 8aefb32523 crypt32: Explicitly pass array pointer when decoding CTL entries rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 030cd8f594 crypt32: Explicitly pass array pointer when decoding CMS message signers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang e87dc9c530 crypt32: Simplify CRYPT_AsnDecodeDistPointName. 2009-10-15 12:06:19 +02:00
Juan Lang 26bfd0281c crypt32: Explicitly pass array pointer when decoding name constraints' excluded subtrees rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00
Juan Lang ab1376ad6c crypt32: Explicitly pass array pointer when decoding name constraints' permitted subtrees rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00
Juan Lang 07a1750af7 crypt32: Explicitly pass array pointer when decoding CMS message CRLs rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00
Juan Lang 8c52850102 crypt32: Explicitly pass array pointer when decoding CMS message certs rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00