7a40fdbf8c
crypt32: CertGetIssuerCertificateFromStore must return error for self-signed certificates.
2014-07-23 21:24:20 +02:00
221fd39937
crypt32: Fixed copy and paste error in engine creation (Coverity).
2014-03-10 10:40:32 +01:00
ca2e1c164f
crypt32: Added support for HCCE_LOCAL_MACHINE.
2014-03-04 17:06:24 +01:00
786c0c2d58
crypt32: Moved chain engine handle handling to separated function and improved error handling.
2014-03-04 17:06:19 +01:00
2b1c8fed24
crypt32: Set correct return value if CryptMemAlloc fails.
2013-12-09 11:47:44 +01:00
ba4278a735
crypt32: Added support for retrieving certs by URL.
2013-09-06 17:25:08 +02:00
9dd32ba67d
crypt32: Added support for retrieving issuers from URL cache.
2013-09-06 17:25:08 +02:00
0e0d51ae85
crypt32: Search world collection when looking for issuer.
2013-09-06 17:25:08 +02:00
0a5cb15f94
crypt32: Get rid of remaining P* typedefs.
2013-09-04 14:38:41 +02:00
0e885e34dc
crypt32: Get rid of PCertificateChain typedef.
2013-09-04 14:38:04 +02:00
2584e49bf6
crypt32: Use CertificateChainEngine instead of HCERTCHAINENGINE in a few more places.
2013-09-02 18:08:08 +02:00
f4ef543f8a
crypt32: Get rid of PCertificateChainEngine typedef.
2013-09-02 18:08:01 +02:00
ab7f8a160f
crypt32: Only accept trailing NULLs in a certificate common name.
2012-01-31 19:20:36 +01:00
bfa2c5ea98
crypt32: Fix domain component length check.
2012-01-30 20:44:48 +01:00
6efd90510b
crypt32: Fix printing NULL strings.
2011-09-20 16:21:38 +02:00
def2863d60
crypt32: Fix filetime_to_str() for the case where it is called twice for a single trace.
2011-09-19 17:56:06 +02:00
f73733b8b0
crypt32: Remove dead code (Clang).
2011-07-05 14:42:40 +02:00
7871a9f858
crypt32: Accept CA certificates without a key usage extension.
2011-04-05 11:14:10 +02:00
bcd14a1822
crypt32: Fix return value in error cases (clang).
2011-02-16 14:26:26 +01:00
667aeb3ede
crypt32: Accept any matching CN when checking a certificate's name.
2010-12-17 13:26:01 +01:00
107a95d86b
crypt32: Add CertFindChainInStore stub.
2010-11-17 11:16:58 +01:00
dd7a45be7c
crypt32: Check revocation status of chain element-by-element.
...
Due to a quirk in CertVerifyRevocation (see its tests), checking an
entire chain doesn't appear to be supported, even though the API would
appear to support doing so. Checking element by element allows
revocation to be checked for the entire chain.
2010-10-25 13:52:50 +02:00
8714c11247
crypt32: Pass additional store to CertVerifyRevocation.
2010-10-25 13:52:50 +02:00
ca7512d296
crypt32: Trace certificate chain verification parameters.
2010-10-19 10:19:17 +02:00
63a05db41c
crypt32: Trace time value in addition to address of time value.
2010-10-15 11:33:21 +02:00
b6cd08f436
crypt32: Use A functions for debug string that's only used as an ASCII string.
2010-10-15 11:33:12 +02:00
25a8d301c1
crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.
2010-10-06 20:46:50 +02:00
b1899c2066
crypt32: Set CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT when appropriate.
2010-10-06 20:46:49 +02:00
966d722752
crypt32: Improve error checking for the base policy.
2010-10-06 14:41:04 +02:00
be3a5e368f
crypt32: Check revocation failures when verifying the SSL policy.
2010-09-30 11:16:44 +02:00
da11d66bff
crypt32: Check usage when verifying the SSL policy.
2010-09-30 11:16:40 +02:00
d74c4f7c15
crypt32: Honor more SECURITY_FLAG_IGNORE flags when verifying the SSL policy.
2010-09-30 11:16:36 +02:00
d6c9c7a08b
crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.
2010-08-16 17:28:55 +02:00
761f5ca105
crypt32: Constify some variables.
2010-08-16 13:46:33 +02:00
c79aad51cd
crypt32: Implement wildcard domain name matching in subject alternative names.
2010-05-21 14:37:52 +02:00
d298e1e614
crypt32: Support hExclusiveRoot when creating a certificate chain engine.
2010-05-20 13:47:53 +02:00
d3db308853
crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG.
2010-05-20 13:47:53 +02:00
51ab77a90a
crypt32: Add support for the anyPolicy certificate policy.
2010-03-16 11:30:12 +01:00
0a866d0e45
crypt32: Avoid using HIWORD() on a string pointer.
...
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
4e18ac601f
crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).
2009-12-21 15:01:22 +01:00
048594854a
crypt32: Check authority key identifer extension to determine if a certificate is self-signed.
2009-12-18 11:39:58 +01:00
e402260db4
crypt32: Remove an unneeded assignment.
2009-12-17 12:42:39 +01:00
01a7cbf843
crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.
2009-12-11 17:47:30 +01:00
1740d9fe44
crypt32: Trace chain final error status.
2009-12-11 11:49:56 +01:00
596cd16fc4
crypt32: Only check revocation on a chain without other errors.
2009-12-03 10:11:33 +01:00
1a392e1a30
crypt32: Support checking the requested usage for a chain.
2009-11-21 14:31:44 +01:00
30de103485
crypt32: Only trace a usage match if it's not empty.
2009-11-21 14:31:44 +01:00
a3c6bc68c8
crypt32: Assume revocation server is offline if revocation status isn't known.
2009-11-20 11:14:52 +01:00
9e1d31e5e5
crypt32: Fix a typo.
2009-11-20 11:14:47 +01:00
96073d5129
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
2009-11-18 11:09:20 +01:00
Bruno Jesus