Commit Graph

136 Commits

Author SHA1 Message Date
Juan Lang c4ae9e9c5a crypt32/tests: Add more tests of the authenticode policy. 2010-10-19 10:19:21 +02:00
Juan Lang 6e89a61446 crypt32/tests: Test OpenSSL chain separately to address test failures on Win98. 2010-10-06 20:46:51 +02:00
Juan Lang 251ccfc848 crypt32/tests: Fix another test failure on Win98. 2010-10-06 20:46:51 +02:00
Juan Lang 8fbcad75ba crypt32/tests: Add name to test to help identify test failures. 2010-10-06 20:46:50 +02:00
Juan Lang d8fcffc7e7 crypt32/tests: Fix more Win9x failures. 2010-10-06 20:46:50 +02:00
Juan Lang 3e437ec537 crypt32/tests: Fix test failures on NT4/Win9x. 2010-10-06 20:46:50 +02:00
Juan Lang 25a8d301c1 crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy. 2010-10-06 20:46:50 +02:00
Juan Lang 5b79eb977b crypt32/tests: Add macros to declare tests. 2010-10-06 20:46:50 +02:00
Juan Lang 6ff8184e15 crypt32/tests: Add name to test to help identify test failures. 2010-10-06 20:46:50 +02:00
Juan Lang b1899c2066 crypt32: Set CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT when appropriate. 2010-10-06 20:46:49 +02:00
Juan Lang d5bcf21c91 crypt32/tests: Test the base and SSL policies against a certificate with an invalid critical extension. 2010-10-06 20:46:49 +02:00
Juan Lang ab1a3ccede crypt32/tests: Test invalid critical extension in intermediate cert. 2010-10-06 20:46:49 +02:00
Juan Lang 966d722752 crypt32: Improve error checking for the base policy. 2010-10-06 14:41:04 +02:00
Juan Lang c4c70b608c crypt32/tests: Add more tests of verifying the base policy, including flags to ignore certain errors. 2010-10-06 14:41:04 +02:00
Juan Lang d74c4f7c15 crypt32: Honor more SECURITY_FLAG_IGNORE flags when verifying the SSL policy. 2010-09-30 11:16:36 +02:00
Juan Lang 54429016eb crypt32/tests: Test more SECURITY_FLAG_IGNORE flags for the SSL policy. 2010-09-30 11:16:28 +02:00
Juan Lang d6c9c7a08b crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID. 2010-08-16 17:28:55 +02:00
Juan Lang e922faec4a crypt32/tests: Add a test of SSL_EXTRA_CERT_CHAIN_POLICY_PARA's fdwChecks field. 2010-08-16 17:28:55 +02:00
Juan Lang c79aad51cd crypt32: Implement wildcard domain name matching in subject alternative names. 2010-05-21 14:37:52 +02:00
Juan Lang 1d79e5de9a crypt32/tests: Test wildcards in subject alternative name. 2010-05-20 13:47:53 +02:00
Juan Lang fbd3a1dd7b crypt32/tests: Allow specifying a chain engine when verifying a chain policy. 2010-05-20 13:47:53 +02:00
Juan Lang 742b4f37c8 crypt32/tests: Allow specifying a chain engine when creating a certificate chain. 2010-05-20 13:47:53 +02:00
Juan Lang d3db308853 crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG. 2010-05-20 13:47:53 +02:00
Michael Stefaniuc 0a866d0e45 crypt32: Avoid using HIWORD() on a string pointer.
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
Francois Gouget d1e592ad20 crypt32/tests: Fix compilation on systems that don't support nameless unions. 2009-12-08 17:42:25 +01:00
Juan Lang 9c56314e3d crypt32: Further fix test failures. 2009-12-02 12:12:50 +01:00
Juan Lang 6b8c053218 crypt32: Fix test failures. 2009-12-01 12:24:00 +01:00
Juan Lang 90c160c3d8 crypt32: Revert 8ed5a777de.
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce.  The tests check the state of three bits with a variety of
certificate and CRL combinations.  One of these bits is apparently not
set by any version of Windows for any of the tests.  Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second.  Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.

The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked.  I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set.  It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog.  The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it.  I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang 1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang 8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang a299470622 crypt32/tests: Fix another test failure. 2009-11-17 15:14:53 +01:00
Juan Lang 8adc75b3ec crypt32: Fix more test failures. 2009-11-16 11:34:31 +01:00
Juan Lang c4b997bab3 crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met. 2009-11-16 11:33:58 +01:00
Juan Lang 9aee8fd556 crypt32: Fix test failures. 2009-11-13 11:52:25 +01:00
Juan Lang 21ecc84620 crypt32: Accept any matching dNSName in a subject alternate name. 2009-11-13 11:52:25 +01:00
Juan Lang 95a14deff9 crypt32: Add tests for cs.stanford.edu's chain. 2009-11-13 11:52:25 +01:00
Juan Lang d311cc9bdb crypt32: Use broken() to mark an expected result from a broken version of crypt32. 2009-11-13 11:52:25 +01:00
Juan Lang b91d0c8bde crypt32: Implement matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang e740672647 crypt32: Test matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang a29789e0bf crypt32: Add openssl.org's cert to the tested chains. 2009-11-13 11:52:24 +01:00
Juan Lang 574de15f51 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:38 +01:00
Juan Lang ba3433fa02 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:32 +01:00
Juan Lang d7c9bd13a2 crypt32: Fix test failures on multiple Windows versions. 2009-11-11 10:55:51 +01:00
Juan Lang 300d5fe5c4 crypt32: Correct error when a matching name constraint is found. 2009-11-11 10:55:44 +01:00
Juan Lang ee02d43731 crypt32: Correct error when a constrained, permitted name type isn't found in the subject name. 2009-11-10 13:08:31 +01:00
Juan Lang ae6e884142 crypt32: Correct error when the subject alternate name can't be decoded. 2009-11-10 13:08:20 +01:00
Juan Lang ef6ce9a590 crypt32: Add more tests of name constraints. 2009-11-10 13:08:06 +01:00
Juan Lang a5361e45de crypt32: Test more chains against different policies. 2009-11-10 13:07:35 +01:00