Hans Leidekker
1f27719007
crypt32: Microsoft root policy does not include the base policy.
...
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-05-15 17:33:37 +02:00
Hans Leidekker
403b83fdb1
crypt32: Recognize 'Microsoft Root Certificate Authority 2010' when verifying the Microsoft root policy.
...
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-05-15 17:33:34 +02:00
Ilia Mirkin
5011815d62
crypt32: Also check CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG.
...
It appears that the untrusted root check should be skipped if this flag
is set even if the ExtraPolicyPara one is not set.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48495
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-02-06 22:51:17 +01:00
Alexandre Julliard
9e9b28a179
crypt32: Fix comparison of domain name components.
...
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2019-05-01 22:46:52 +02:00
Zhiyi Zhang
a1e2c7fd2f
crypt32: Properly check root certificate in CERT_CHAIN_REVOCATION_CHECK_CHAIN.
...
Original patch by Michael Müller.
Root certificates don't have CRL Distribution Point or Authority Info Access field.
Don't report error with CERT_CHAIN_REVOCATION_CHECK_CHAIN in CertGetCertificateChain()
because of this.
Signed-off-by: Zhiyi Zhang <zzhang@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-08-23 13:39:53 +02:00
Nikolay Sivov
e353656804
crypt32: Correctly return how the issuer of a self signed certificate was matched.
...
Original patch by Michael Müller.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-06-25 16:06:13 +02:00
Michael Stefaniuc
f7c2fe87f5
crypt32: Use the available ARRAY_SIZE() macro.
...
Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-06-23 00:41:43 +02:00
Nikolay Sivov
6de2e83e00
crypt32: Use ARRAY_SIZE macro.
...
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2018-06-20 11:23:06 +02:00
Nikolay Sivov
9608c794c9
crypt32: Fix a leak on error path (Coverity).
...
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2016-01-11 19:54:15 +09:00
Bruno Jesus
7a40fdbf8c
crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.
2014-07-23 21:24:20 +02:00
Marcus Meissner
221fd39937
crypt32: Fixed copy and paste error in engine creation (Coverity).
2014-03-10 10:40:32 +01:00
Jacek Caban
ca2e1c164f
crypt32: Added support for HCCE_LOCAL_MACHINE.
2014-03-04 17:06:24 +01:00
Jacek Caban
786c0c2d58
crypt32: Moved chain engine handle handling to separated function and improved error handling.
2014-03-04 17:06:19 +01:00
Sebastian Lackner
2b1c8fed24
crypt32: Set correct return value if CryptMemAlloc fails.
2013-12-09 11:47:44 +01:00
Jacek Caban
ba4278a735
crypt32: Added support for retrieving certs by URL.
2013-09-06 17:25:08 +02:00
Jacek Caban
9dd32ba67d
crypt32: Added support for retrieving issuers from URL cache.
2013-09-06 17:25:08 +02:00
Jacek Caban
0e0d51ae85
crypt32: Search world collection when looking for issuer.
2013-09-06 17:25:08 +02:00
Jacek Caban
0a5cb15f94
crypt32: Get rid of remaining P* typedefs.
2013-09-04 14:38:41 +02:00
Jacek Caban
0e885e34dc
crypt32: Get rid of PCertificateChain typedef.
2013-09-04 14:38:04 +02:00
Jacek Caban
2584e49bf6
crypt32: Use CertificateChainEngine instead of HCERTCHAINENGINE in a few more places.
2013-09-02 18:08:08 +02:00
Jacek Caban
f4ef543f8a
crypt32: Get rid of PCertificateChainEngine typedef.
2013-09-02 18:08:01 +02:00
Juan Lang
ab7f8a160f
crypt32: Only accept trailing NULLs in a certificate common name.
2012-01-31 19:20:36 +01:00
Erich Hoover
bfa2c5ea98
crypt32: Fix domain component length check.
2012-01-30 20:44:48 +01:00
Francois Gouget
6efd90510b
crypt32: Fix printing NULL strings.
2011-09-20 16:21:38 +02:00
Francois Gouget
def2863d60
crypt32: Fix filetime_to_str() for the case where it is called twice for a single trace.
2011-09-19 17:56:06 +02:00
Frédéric Delanoy
f73733b8b0
crypt32: Remove dead code (Clang).
2011-07-05 14:42:40 +02:00
Juan Lang
7871a9f858
crypt32: Accept CA certificates without a key usage extension.
2011-04-05 11:14:10 +02:00
Juan Lang
bcd14a1822
crypt32: Fix return value in error cases (clang).
2011-02-16 14:26:26 +01:00
Juan Lang
667aeb3ede
crypt32: Accept any matching CN when checking a certificate's name.
2010-12-17 13:26:01 +01:00
Juan Lang
107a95d86b
crypt32: Add CertFindChainInStore stub.
2010-11-17 11:16:58 +01:00
Juan Lang
dd7a45be7c
crypt32: Check revocation status of chain element-by-element.
...
Due to a quirk in CertVerifyRevocation (see its tests), checking an
entire chain doesn't appear to be supported, even though the API would
appear to support doing so. Checking element by element allows
revocation to be checked for the entire chain.
2010-10-25 13:52:50 +02:00
Juan Lang
8714c11247
crypt32: Pass additional store to CertVerifyRevocation.
2010-10-25 13:52:50 +02:00
Juan Lang
ca7512d296
crypt32: Trace certificate chain verification parameters.
2010-10-19 10:19:17 +02:00
Juan Lang
63a05db41c
crypt32: Trace time value in addition to address of time value.
2010-10-15 11:33:21 +02:00
Juan Lang
b6cd08f436
crypt32: Use A functions for debug string that's only used as an ASCII string.
2010-10-15 11:33:12 +02:00
Juan Lang
25a8d301c1
crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.
2010-10-06 20:46:50 +02:00
Juan Lang
b1899c2066
crypt32: Set CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT when appropriate.
2010-10-06 20:46:49 +02:00
Juan Lang
966d722752
crypt32: Improve error checking for the base policy.
2010-10-06 14:41:04 +02:00
Juan Lang
be3a5e368f
crypt32: Check revocation failures when verifying the SSL policy.
2010-09-30 11:16:44 +02:00
Juan Lang
da11d66bff
crypt32: Check usage when verifying the SSL policy.
2010-09-30 11:16:40 +02:00
Juan Lang
d74c4f7c15
crypt32: Honor more SECURITY_FLAG_IGNORE flags when verifying the SSL policy.
2010-09-30 11:16:36 +02:00
Juan Lang
d6c9c7a08b
crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.
2010-08-16 17:28:55 +02:00
Andrew Talbot
761f5ca105
crypt32: Constify some variables.
2010-08-16 13:46:33 +02:00
Juan Lang
c79aad51cd
crypt32: Implement wildcard domain name matching in subject alternative names.
2010-05-21 14:37:52 +02:00
Juan Lang
d298e1e614
crypt32: Support hExclusiveRoot when creating a certificate chain engine.
2010-05-20 13:47:53 +02:00
Juan Lang
d3db308853
crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG.
2010-05-20 13:47:53 +02:00
Juan Lang
51ab77a90a
crypt32: Add support for the anyPolicy certificate policy.
2010-03-16 11:30:12 +01:00
Michael Stefaniuc
0a866d0e45
crypt32: Avoid using HIWORD() on a string pointer.
...
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
Juan Lang
4e18ac601f
crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).
2009-12-21 15:01:22 +01:00
Juan Lang
048594854a
crypt32: Check authority key identifer extension to determine if a certificate is self-signed.
2009-12-18 11:39:58 +01:00