Juan Lang
d298e1e614
crypt32: Support hExclusiveRoot when creating a certificate chain engine.
2010-05-20 13:47:53 +02:00
Juan Lang
d3db308853
crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG.
2010-05-20 13:47:53 +02:00
Juan Lang
d728169d97
crypt32: Implement CertAddCertificateLinkToStore on top of CertAddCertificateContextToStore.
2010-05-17 12:42:31 +02:00
Juan Lang
99b9e1ae36
crypt32: Prohibit adding links to collection stores.
2010-05-17 12:42:31 +02:00
Juan Lang
76fc5c8bc5
crypt32: Validate add disposition before checking source certificate's properties.
2010-05-17 12:42:31 +02:00
Juan Lang
0dfb0299f6
crypt32/tests: Test CertAddCertificateLinkToStore.
2010-05-17 12:42:31 +02:00
Juan Lang
c232af490e
crypt32: Add stub for CERT_STORE_CTRL_AUTO_RESYNC of registry stores.
2010-05-17 12:42:31 +02:00
Gerald Pfeifer
52ead99288
crypt32/tests: Remove variable entry which is not really used from test_decodeCRLToBeSigned.
2010-05-05 10:52:03 +02:00
Gerald Pfeifer
abae415487
crypt32/tests: Tighten tests in testPortPublicKeyInfo.
2010-05-03 16:48:56 +02:00
Alexandre Julliard
87416f5a3b
crypt32: Fix computation of structure sizes in CRYPT_AsnDecodeSequence.
2010-04-07 23:07:43 +02:00
Gerald Pfeifer
ca41486b8a
crypt32: Fix type of empty in encodeBase64W().
2010-03-26 10:32:23 +01:00
Juan Lang
7eb61a6e5c
crypt32: Use an empty string as a separator when no separator is desired to avoid special cases for NULL.
2010-03-24 21:15:31 +01:00
Juan Lang
67bf4dc62e
crypt32: Fix overestimating size required for base64-encoded strings.
2010-03-22 10:42:41 +01:00
Alexandre Julliard
bef5645eb1
makefiles: Remove the no longer needed explicit separators for dependencies.
2010-03-16 13:28:19 +01:00
Juan Lang
51ab77a90a
crypt32: Add support for the anyPolicy certificate policy.
2010-03-16 11:30:12 +01:00
Juan Lang
ffba84b161
crypt32: Switch to use the AES provider by default.
2010-03-16 11:29:53 +01:00
Juan Lang
a729e10a18
crypt32: Add constants to support SHA-256, SHA-384, and SHA-512.
2010-03-16 11:29:48 +01:00
Reece Dunn
a15dbfac22
crypt32: Fix CryptFreeTls when calling with a freed index.
2010-03-03 11:50:04 +01:00
Alexandre Julliard
6164ce2d82
makefiles: Use the standard C_SRCS variable as the list of test files.
...
This enables it to be auto-updated by make_makefiles.
2010-02-22 10:47:11 +01:00
Michael Stefaniuc
0a866d0e45
crypt32: Avoid using HIWORD() on a string pointer.
...
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
Igor Paliychuk
17f674c2e7
crypt32: Add Ukrainian translations.
2010-01-28 12:16:37 +01:00
Michael Stefaniuc
b4448d9b77
crypt32/tests: Add a win_skip().
2010-01-20 15:29:50 +01:00
Juan Lang
4e18ac601f
crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).
2009-12-21 15:01:22 +01:00
Juan Lang
048594854a
crypt32: Check authority key identifer extension to determine if a certificate is self-signed.
2009-12-18 11:39:58 +01:00
Amine Khaldi
e402260db4
crypt32: Remove an unneeded assignment.
2009-12-17 12:42:39 +01:00
Amine Khaldi
483d241559
crypt32: Remove unneeded assignments.
2009-12-16 12:21:12 +01:00
Juan Lang
01a7cbf843
crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.
2009-12-11 17:47:30 +01:00
Juan Lang
7a610a9072
crypt32: Fix CertAddCTLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition.
2009-12-11 11:50:12 +01:00
Juan Lang
c7609f3c55
crypt32: Fix CertAddCRLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition.
2009-12-11 11:50:09 +01:00
Juan Lang
0444cd93c4
crypt32: Don't dereference an output pointer which may be NULL.
2009-12-11 11:50:03 +01:00
Juan Lang
1740d9fe44
crypt32: Trace chain final error status.
2009-12-11 11:49:56 +01:00
Alexandre Julliard
4f83f9a120
crypt32/tests: Avoid size_t in traces.
2009-12-09 12:19:38 +01:00
Juan Lang
4df042b54b
crypt32: Compare CRL's authority key identifier against the certificate's subject key identifier property, which also decodes the certificate's extension if necessary.
2009-12-09 12:02:43 +01:00
Francois Gouget
d1e592ad20
crypt32/tests: Fix compilation on systems that don't support nameless unions.
2009-12-08 17:42:25 +01:00
Juan Lang
bab1c652ae
crypt32/tests: Fix memory leak in test.
2009-12-07 09:49:07 +01:00
Juan Lang
cdbf6e8614
crypt32/tests: Don't pass as a parameter a variable that could be local.
2009-12-07 09:49:07 +01:00
Juan Lang
6acd82fa79
crypt32: Correct AKI extension used in end certificate and CRL when checking revocation.
2009-12-04 12:01:16 +01:00
Juan Lang
91fbdb561a
crypt32: The KeyId member of an authority key identifier is an octet string, not an integer.
2009-12-03 10:16:53 +01:00
Juan Lang
865669eeb3
crypt32: Fix test failures on Win2k.
2009-12-03 10:11:54 +01:00
Juan Lang
63383baed4
crypt32: Fix test failure on Win7.
2009-12-03 10:11:46 +01:00
Juan Lang
596cd16fc4
crypt32: Only check revocation on a chain without other errors.
2009-12-03 10:11:33 +01:00
Alexandre Julliard
b402b78780
rsaenh: Fix padding bytes check for 0-byte payload.
2009-12-02 14:59:56 +01:00
Juan Lang
9f5a554de0
crypt32: Correct AKI extension used in end certificate and CRL when checking revocation.
2009-12-02 12:18:02 +01:00
Juan Lang
9c56314e3d
crypt32: Further fix test failures.
2009-12-02 12:12:50 +01:00
Juan Lang
6b8c053218
crypt32: Fix test failures.
2009-12-01 12:24:00 +01:00
Juan Lang
90c160c3d8
crypt32: Revert 8ed5a777de
.
...
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce. The tests check the state of three bits with a variety of
certificate and CRL combinations. One of these bits is apparently not
set by any version of Windows for any of the tests. Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second. Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.
The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked. I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set. It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog. The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it. I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang
f2040b7725
crypt32: Don't copy past end of buffer when removing a string from a multi string.
2009-11-30 12:57:39 +01:00
Juan Lang
b2ab45b78b
crypt32: Only match RDN attributes whose lengths are identical.
2009-11-21 14:31:46 +01:00
Juan Lang
8e51a866b7
crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match.
2009-11-21 14:31:46 +01:00
Juan Lang
7dee971809
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
Juan Lang
8646c39bdb
crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer.
2009-11-21 14:31:46 +01:00
Juan Lang
6bc8237c63
crypt32/tests: Test one more certificate against the Verisign CRL.
2009-11-21 14:31:46 +01:00
Juan Lang
22206b909a
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
Ken Thomases
3921454398
crypt32: Read trusted root certificates from system keychain on Mac OS X.
2009-11-21 14:31:45 +01:00
Juan Lang
eee179206e
crypt32/tests: Fix tests on Win9x/ME.
2009-11-21 14:31:44 +01:00
Juan Lang
1a392e1a30
crypt32: Support checking the requested usage for a chain.
2009-11-21 14:31:44 +01:00
Juan Lang
30de103485
crypt32: Only trace a usage match if it's not empty.
2009-11-21 14:31:44 +01:00
Juan Lang
e611a83962
crypt32: Test verifying the enhanced key usage of a chain.
2009-11-21 14:31:44 +01:00
Juan Lang
9d9070ae3c
crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate.
2009-11-20 11:15:11 +01:00
Juan Lang
f378394acd
crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.
2009-11-20 11:15:06 +01:00
Juan Lang
bcbfddd82a
crypt32: Fix tests on older Windows versions.
2009-11-20 11:15:01 +01:00
Juan Lang
a3c6bc68c8
crypt32: Assume revocation server is offline if revocation status isn't known.
2009-11-20 11:14:52 +01:00
Juan Lang
9e1d31e5e5
crypt32: Fix a typo.
2009-11-20 11:14:47 +01:00
Juan Lang
8ed5a777de
crypt32: Test revocation checking with CertGetCertificateChain.
2009-11-20 11:14:41 +01:00
Juan Lang
27128bb2f8
crypt32: Add more tests for CertVerifyRevocation.
2009-11-20 11:14:00 +01:00
Juan Lang
8fcaa52d5d
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
2009-11-19 11:49:59 +01:00
Juan Lang
b278155616
crypt32: Add more tests for CertFindCRLInStore.
2009-11-19 11:49:53 +01:00
Juan Lang
4727212e01
crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore.
2009-11-19 11:49:46 +01:00
Juan Lang
8beed85a2c
crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY.
2009-11-19 11:49:40 +01:00
Juan Lang
c84c53b1a6
crypt32: More fully implement CertIsValidCRLForCertificate.
2009-11-19 11:49:33 +01:00
Juan Lang
e5c56b1798
crypt32: Correct tests for CertIsValidCRLForCertificate.
2009-11-19 11:49:21 +01:00
Juan Lang
b16a78baa7
crypt32: Remove a redundant test.
2009-11-19 11:49:14 +01:00
Juan Lang
4fa4f67c79
crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:09 +01:00
Juan Lang
a3b462e3ea
crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:05 +01:00
Paul Vriens
7f5b24ed91
crypt32/tests: Fix a test failure on older crypt32.
2009-11-18 15:34:14 +01:00
Juan Lang
96073d5129
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
2009-11-18 11:09:20 +01:00
Juan Lang
d6958d7660
crypt32: Trace reasons for name constraint failure.
2009-11-18 11:09:08 +01:00
Juan Lang
1db8a6abda
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
2009-11-18 11:09:02 +01:00
Juan Lang
a63affe5e0
crypt32: Don't apply directory name constraints to an empty subject name.
2009-11-18 11:08:55 +01:00
Juan Lang
c464875a6d
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
2009-11-18 11:08:49 +01:00
Juan Lang
d6f7d06cad
crypt32: Check email address in subject name against rfc822 name constraints.
2009-11-18 11:08:44 +01:00
Juan Lang
e4c03521ac
crypt32: Apply name constraints to subject name.
2009-11-18 11:08:37 +01:00
Juan Lang
6f35ae25b8
crypt32: Use helper function to compare a subject alternate name with name constraints.
2009-11-18 11:08:32 +01:00
Juan Lang
a98dad4f93
crypt32: Only apply a name constraint if the name form is present.
2009-11-18 11:08:25 +01:00
Juan Lang
f6d3348b7c
crypt32: Partially implement checking name constraints with directory names.
2009-11-18 11:08:20 +01:00
Juan Lang
7c44544a6d
crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.
2009-11-18 11:08:14 +01:00
Juan Lang
9a40de08de
crypt32: Let caller set error codes when name constraints aren't met.
2009-11-18 11:08:08 +01:00
Juan Lang
f8044948ba
crypt32: Remove an unnecessary if.
2009-11-18 11:08:01 +01:00
Juan Lang
8585203103
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
2009-11-18 11:07:53 +01:00
Juan Lang
a299470622
crypt32/tests: Fix another test failure.
2009-11-17 15:14:53 +01:00
Juan Lang
440c702ce4
crypt32: Implement CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
Juan Lang
ed74536f0c
crypt32: Add tests for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
Juan Lang
7d12294f08
crypt32: Add stub for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
Juan Lang
4a948fa929
crypt32: Add more tests for CertCompareCertificateName.
2009-11-17 15:14:53 +01:00
Juan Lang
1974e61b59
crypt32: Correctly match subdomains with dns name constraints.
2009-11-17 12:05:11 +01:00
Juan Lang
b74ef17efc
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.
2009-11-17 12:05:04 +01:00
Juan Lang
e82005fe2d
crypt32: Only compare the hostname portion of a URL when checking against a name constraint.
2009-11-17 12:04:58 +01:00
Juan Lang
3c8a04f12f
crypt32: Include name constraints errors in the chain's error status.
2009-11-17 12:04:52 +01:00
Juan Lang
f9ad32f0ad
crypt32: Trace method used to find an issuer.
2009-11-17 12:04:46 +01:00
Juan Lang
8adc75b3ec
crypt32: Fix more test failures.
2009-11-16 11:34:31 +01:00