6efd90510b
crypt32: Fix printing NULL strings.
2011-09-20 16:21:38 +02:00
def2863d60
crypt32: Fix filetime_to_str() for the case where it is called twice for a single trace.
2011-09-19 17:56:06 +02:00
f73733b8b0
crypt32: Remove dead code (Clang).
2011-07-05 14:42:40 +02:00
7871a9f858
crypt32: Accept CA certificates without a key usage extension.
2011-04-05 11:14:10 +02:00
bcd14a1822
crypt32: Fix return value in error cases (clang).
2011-02-16 14:26:26 +01:00
667aeb3ede
crypt32: Accept any matching CN when checking a certificate's name.
2010-12-17 13:26:01 +01:00
107a95d86b
crypt32: Add CertFindChainInStore stub.
2010-11-17 11:16:58 +01:00
dd7a45be7c
crypt32: Check revocation status of chain element-by-element.
...
Due to a quirk in CertVerifyRevocation (see its tests), checking an
entire chain doesn't appear to be supported, even though the API would
appear to support doing so. Checking element by element allows
revocation to be checked for the entire chain.
2010-10-25 13:52:50 +02:00
8714c11247
crypt32: Pass additional store to CertVerifyRevocation.
2010-10-25 13:52:50 +02:00
ca7512d296
crypt32: Trace certificate chain verification parameters.
2010-10-19 10:19:17 +02:00
63a05db41c
crypt32: Trace time value in addition to address of time value.
2010-10-15 11:33:21 +02:00
b6cd08f436
crypt32: Use A functions for debug string that's only used as an ASCII string.
2010-10-15 11:33:12 +02:00
25a8d301c1
crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.
2010-10-06 20:46:50 +02:00
b1899c2066
crypt32: Set CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT when appropriate.
2010-10-06 20:46:49 +02:00
966d722752
crypt32: Improve error checking for the base policy.
2010-10-06 14:41:04 +02:00
be3a5e368f
crypt32: Check revocation failures when verifying the SSL policy.
2010-09-30 11:16:44 +02:00
da11d66bff
crypt32: Check usage when verifying the SSL policy.
2010-09-30 11:16:40 +02:00
d74c4f7c15
crypt32: Honor more SECURITY_FLAG_IGNORE flags when verifying the SSL policy.
2010-09-30 11:16:36 +02:00
d6c9c7a08b
crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.
2010-08-16 17:28:55 +02:00
761f5ca105
crypt32: Constify some variables.
2010-08-16 13:46:33 +02:00
c79aad51cd
crypt32: Implement wildcard domain name matching in subject alternative names.
2010-05-21 14:37:52 +02:00
d298e1e614
crypt32: Support hExclusiveRoot when creating a certificate chain engine.
2010-05-20 13:47:53 +02:00
d3db308853
crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG.
2010-05-20 13:47:53 +02:00
51ab77a90a
crypt32: Add support for the anyPolicy certificate policy.
2010-03-16 11:30:12 +01:00
0a866d0e45
crypt32: Avoid using HIWORD() on a string pointer.
...
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
4e18ac601f
crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).
2009-12-21 15:01:22 +01:00
048594854a
crypt32: Check authority key identifer extension to determine if a certificate is self-signed.
2009-12-18 11:39:58 +01:00
e402260db4
crypt32: Remove an unneeded assignment.
2009-12-17 12:42:39 +01:00
01a7cbf843
crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.
2009-12-11 17:47:30 +01:00
1740d9fe44
crypt32: Trace chain final error status.
2009-12-11 11:49:56 +01:00
596cd16fc4
crypt32: Only check revocation on a chain without other errors.
2009-12-03 10:11:33 +01:00
1a392e1a30
crypt32: Support checking the requested usage for a chain.
2009-11-21 14:31:44 +01:00
30de103485
crypt32: Only trace a usage match if it's not empty.
2009-11-21 14:31:44 +01:00
a3c6bc68c8
crypt32: Assume revocation server is offline if revocation status isn't known.
2009-11-20 11:14:52 +01:00
9e1d31e5e5
crypt32: Fix a typo.
2009-11-20 11:14:47 +01:00
96073d5129
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
2009-11-18 11:09:20 +01:00
d6958d7660
crypt32: Trace reasons for name constraint failure.
2009-11-18 11:09:08 +01:00
1db8a6abda
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
2009-11-18 11:09:02 +01:00
a63affe5e0
crypt32: Don't apply directory name constraints to an empty subject name.
2009-11-18 11:08:55 +01:00
c464875a6d
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
2009-11-18 11:08:49 +01:00
d6f7d06cad
crypt32: Check email address in subject name against rfc822 name constraints.
2009-11-18 11:08:44 +01:00
e4c03521ac
crypt32: Apply name constraints to subject name.
2009-11-18 11:08:37 +01:00
6f35ae25b8
crypt32: Use helper function to compare a subject alternate name with name constraints.
2009-11-18 11:08:32 +01:00
a98dad4f93
crypt32: Only apply a name constraint if the name form is present.
2009-11-18 11:08:25 +01:00
f6d3348b7c
crypt32: Partially implement checking name constraints with directory names.
2009-11-18 11:08:20 +01:00
7c44544a6d
crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.
2009-11-18 11:08:14 +01:00
9a40de08de
crypt32: Let caller set error codes when name constraints aren't met.
2009-11-18 11:08:08 +01:00
f8044948ba
crypt32: Remove an unnecessary if.
2009-11-18 11:08:01 +01:00
8585203103
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
2009-11-18 11:07:53 +01:00
1974e61b59
crypt32: Correctly match subdomains with dns name constraints.
2009-11-17 12:05:11 +01:00
Francois Gouget