Commit Graph

682 Commits

Author SHA1 Message Date
Juan Lang 6acd82fa79 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-04 12:01:16 +01:00
Juan Lang 865669eeb3 crypt32: Fix test failures on Win2k. 2009-12-03 10:11:54 +01:00
Juan Lang 63383baed4 crypt32: Fix test failure on Win7. 2009-12-03 10:11:46 +01:00
Alexandre Julliard b402b78780 rsaenh: Fix padding bytes check for 0-byte payload. 2009-12-02 14:59:56 +01:00
Juan Lang 9f5a554de0 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-02 12:18:02 +01:00
Juan Lang 9c56314e3d crypt32: Further fix test failures. 2009-12-02 12:12:50 +01:00
Juan Lang 6b8c053218 crypt32: Fix test failures. 2009-12-01 12:24:00 +01:00
Juan Lang 90c160c3d8 crypt32: Revert 8ed5a777de.
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce.  The tests check the state of three bits with a variety of
certificate and CRL combinations.  One of these bits is apparently not
set by any version of Windows for any of the tests.  Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second.  Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.

The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked.  I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set.  It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog.  The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it.  I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang 8e51a866b7 crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match. 2009-11-21 14:31:46 +01:00
Juan Lang 7dee971809 crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Juan Lang 8646c39bdb crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer. 2009-11-21 14:31:46 +01:00
Juan Lang 6bc8237c63 crypt32/tests: Test one more certificate against the Verisign CRL. 2009-11-21 14:31:46 +01:00
Juan Lang 22206b909a crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Juan Lang eee179206e crypt32/tests: Fix tests on Win9x/ME. 2009-11-21 14:31:44 +01:00
Juan Lang 1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 9d9070ae3c crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate. 2009-11-20 11:15:11 +01:00
Juan Lang f378394acd crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension. 2009-11-20 11:15:06 +01:00
Juan Lang bcbfddd82a crypt32: Fix tests on older Windows versions. 2009-11-20 11:15:01 +01:00
Juan Lang a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang 8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang 27128bb2f8 crypt32: Add more tests for CertVerifyRevocation. 2009-11-20 11:14:00 +01:00
Juan Lang 8fcaa52d5d crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. 2009-11-19 11:49:59 +01:00
Juan Lang b278155616 crypt32: Add more tests for CertFindCRLInStore. 2009-11-19 11:49:53 +01:00
Juan Lang 4727212e01 crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore. 2009-11-19 11:49:46 +01:00
Juan Lang 8beed85a2c crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY. 2009-11-19 11:49:40 +01:00
Juan Lang c84c53b1a6 crypt32: More fully implement CertIsValidCRLForCertificate. 2009-11-19 11:49:33 +01:00
Juan Lang e5c56b1798 crypt32: Correct tests for CertIsValidCRLForCertificate. 2009-11-19 11:49:21 +01:00
Juan Lang b16a78baa7 crypt32: Remove a redundant test. 2009-11-19 11:49:14 +01:00
Juan Lang 4fa4f67c79 crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:09 +01:00
Juan Lang a3b462e3ea crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:05 +01:00
Paul Vriens 7f5b24ed91 crypt32/tests: Fix a test failure on older crypt32. 2009-11-18 15:34:14 +01:00
Juan Lang a299470622 crypt32/tests: Fix another test failure. 2009-11-17 15:14:53 +01:00
Juan Lang 440c702ce4 crypt32: Implement CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang ed74536f0c crypt32: Add tests for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 4a948fa929 crypt32: Add more tests for CertCompareCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 8adc75b3ec crypt32: Fix more test failures. 2009-11-16 11:34:31 +01:00
Juan Lang c4b997bab3 crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met. 2009-11-16 11:33:58 +01:00
Juan Lang 9aee8fd556 crypt32: Fix test failures. 2009-11-13 11:52:25 +01:00
Juan Lang 21ecc84620 crypt32: Accept any matching dNSName in a subject alternate name. 2009-11-13 11:52:25 +01:00
Juan Lang 95a14deff9 crypt32: Add tests for cs.stanford.edu's chain. 2009-11-13 11:52:25 +01:00
Juan Lang d311cc9bdb crypt32: Use broken() to mark an expected result from a broken version of crypt32. 2009-11-13 11:52:25 +01:00
Juan Lang b91d0c8bde crypt32: Implement matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang e740672647 crypt32: Test matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang a29789e0bf crypt32: Add openssl.org's cert to the tested chains. 2009-11-13 11:52:24 +01:00
Juan Lang 574de15f51 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:38 +01:00
Juan Lang ba3433fa02 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:32 +01:00
Juan Lang 4d2c9c3e87 crypt32/tests: Fix test failures. 2009-11-12 13:11:25 +01:00
Juan Lang d7c9bd13a2 crypt32: Fix test failures on multiple Windows versions. 2009-11-11 10:55:51 +01:00
Juan Lang 300d5fe5c4 crypt32: Correct error when a matching name constraint is found. 2009-11-11 10:55:44 +01:00