Juan Lang
|
8646c39bdb
|
crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer.
|
2009-11-21 14:31:46 +01:00 |
Juan Lang
|
6bc8237c63
|
crypt32/tests: Test one more certificate against the Verisign CRL.
|
2009-11-21 14:31:46 +01:00 |
Juan Lang
|
22206b909a
|
crypt32/tests: Fix a typo.
|
2009-11-21 14:31:46 +01:00 |
Ken Thomases
|
3921454398
|
crypt32: Read trusted root certificates from system keychain on Mac OS X.
|
2009-11-21 14:31:45 +01:00 |
Juan Lang
|
eee179206e
|
crypt32/tests: Fix tests on Win9x/ME.
|
2009-11-21 14:31:44 +01:00 |
Juan Lang
|
1a392e1a30
|
crypt32: Support checking the requested usage for a chain.
|
2009-11-21 14:31:44 +01:00 |
Juan Lang
|
30de103485
|
crypt32: Only trace a usage match if it's not empty.
|
2009-11-21 14:31:44 +01:00 |
Juan Lang
|
e611a83962
|
crypt32: Test verifying the enhanced key usage of a chain.
|
2009-11-21 14:31:44 +01:00 |
Juan Lang
|
9d9070ae3c
|
crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate.
|
2009-11-20 11:15:11 +01:00 |
Juan Lang
|
f378394acd
|
crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.
|
2009-11-20 11:15:06 +01:00 |
Juan Lang
|
bcbfddd82a
|
crypt32: Fix tests on older Windows versions.
|
2009-11-20 11:15:01 +01:00 |
Juan Lang
|
a3c6bc68c8
|
crypt32: Assume revocation server is offline if revocation status isn't known.
|
2009-11-20 11:14:52 +01:00 |
Juan Lang
|
9e1d31e5e5
|
crypt32: Fix a typo.
|
2009-11-20 11:14:47 +01:00 |
Juan Lang
|
8ed5a777de
|
crypt32: Test revocation checking with CertGetCertificateChain.
|
2009-11-20 11:14:41 +01:00 |
Juan Lang
|
27128bb2f8
|
crypt32: Add more tests for CertVerifyRevocation.
|
2009-11-20 11:14:00 +01:00 |
Juan Lang
|
8fcaa52d5d
|
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
|
2009-11-19 11:49:59 +01:00 |
Juan Lang
|
b278155616
|
crypt32: Add more tests for CertFindCRLInStore.
|
2009-11-19 11:49:53 +01:00 |
Juan Lang
|
4727212e01
|
crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore.
|
2009-11-19 11:49:46 +01:00 |
Juan Lang
|
8beed85a2c
|
crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY.
|
2009-11-19 11:49:40 +01:00 |
Juan Lang
|
c84c53b1a6
|
crypt32: More fully implement CertIsValidCRLForCertificate.
|
2009-11-19 11:49:33 +01:00 |
Juan Lang
|
e5c56b1798
|
crypt32: Correct tests for CertIsValidCRLForCertificate.
|
2009-11-19 11:49:21 +01:00 |
Juan Lang
|
b16a78baa7
|
crypt32: Remove a redundant test.
|
2009-11-19 11:49:14 +01:00 |
Juan Lang
|
4fa4f67c79
|
crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR.
|
2009-11-19 11:49:09 +01:00 |
Juan Lang
|
a3b462e3ea
|
crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR.
|
2009-11-19 11:49:05 +01:00 |
Paul Vriens
|
7f5b24ed91
|
crypt32/tests: Fix a test failure on older crypt32.
|
2009-11-18 15:34:14 +01:00 |
Juan Lang
|
96073d5129
|
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
|
2009-11-18 11:09:20 +01:00 |
Juan Lang
|
d6958d7660
|
crypt32: Trace reasons for name constraint failure.
|
2009-11-18 11:09:08 +01:00 |
Juan Lang
|
1db8a6abda
|
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
|
2009-11-18 11:09:02 +01:00 |
Juan Lang
|
a63affe5e0
|
crypt32: Don't apply directory name constraints to an empty subject name.
|
2009-11-18 11:08:55 +01:00 |
Juan Lang
|
c464875a6d
|
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
|
2009-11-18 11:08:49 +01:00 |
Juan Lang
|
d6f7d06cad
|
crypt32: Check email address in subject name against rfc822 name constraints.
|
2009-11-18 11:08:44 +01:00 |
Juan Lang
|
e4c03521ac
|
crypt32: Apply name constraints to subject name.
|
2009-11-18 11:08:37 +01:00 |
Juan Lang
|
6f35ae25b8
|
crypt32: Use helper function to compare a subject alternate name with name constraints.
|
2009-11-18 11:08:32 +01:00 |
Juan Lang
|
a98dad4f93
|
crypt32: Only apply a name constraint if the name form is present.
|
2009-11-18 11:08:25 +01:00 |
Juan Lang
|
f6d3348b7c
|
crypt32: Partially implement checking name constraints with directory names.
|
2009-11-18 11:08:20 +01:00 |
Juan Lang
|
7c44544a6d
|
crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.
|
2009-11-18 11:08:14 +01:00 |
Juan Lang
|
9a40de08de
|
crypt32: Let caller set error codes when name constraints aren't met.
|
2009-11-18 11:08:08 +01:00 |
Juan Lang
|
f8044948ba
|
crypt32: Remove an unnecessary if.
|
2009-11-18 11:08:01 +01:00 |
Juan Lang
|
8585203103
|
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
|
2009-11-18 11:07:53 +01:00 |
Juan Lang
|
a299470622
|
crypt32/tests: Fix another test failure.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
440c702ce4
|
crypt32: Implement CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
ed74536f0c
|
crypt32: Add tests for CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
7d12294f08
|
crypt32: Add stub for CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
4a948fa929
|
crypt32: Add more tests for CertCompareCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
1974e61b59
|
crypt32: Correctly match subdomains with dns name constraints.
|
2009-11-17 12:05:11 +01:00 |
Juan Lang
|
b74ef17efc
|
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.
|
2009-11-17 12:05:04 +01:00 |
Juan Lang
|
e82005fe2d
|
crypt32: Only compare the hostname portion of a URL when checking against a name constraint.
|
2009-11-17 12:04:58 +01:00 |
Juan Lang
|
3c8a04f12f
|
crypt32: Include name constraints errors in the chain's error status.
|
2009-11-17 12:04:52 +01:00 |
Juan Lang
|
f9ad32f0ad
|
crypt32: Trace method used to find an issuer.
|
2009-11-17 12:04:46 +01:00 |
Juan Lang
|
8adc75b3ec
|
crypt32: Fix more test failures.
|
2009-11-16 11:34:31 +01:00 |
Juan Lang
|
f6c4824675
|
crypt32: Update a comment.
|
2009-11-16 11:34:04 +01:00 |
Juan Lang
|
c4b997bab3
|
crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.
|
2009-11-16 11:33:58 +01:00 |
Juan Lang
|
9aee8fd556
|
crypt32: Fix test failures.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
21ecc84620
|
crypt32: Accept any matching dNSName in a subject alternate name.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
95a14deff9
|
crypt32: Add tests for cs.stanford.edu's chain.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
d311cc9bdb
|
crypt32: Use broken() to mark an expected result from a broken version of crypt32.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
b91d0c8bde
|
crypt32: Implement matching a certificate with a wildcard in its name.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
e740672647
|
crypt32: Test matching a certificate with a wildcard in its name.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
a29789e0bf
|
crypt32: Add openssl.org's cert to the tested chains.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
574de15f51
|
crypt32: Fix more test failures on older crypt32 versions.
|
2009-11-12 13:11:38 +01:00 |
Juan Lang
|
ba3433fa02
|
crypt32: Fix more test failures on older crypt32 versions.
|
2009-11-12 13:11:32 +01:00 |
Juan Lang
|
4d2c9c3e87
|
crypt32/tests: Fix test failures.
|
2009-11-12 13:11:25 +01:00 |
Juan Lang
|
d7c9bd13a2
|
crypt32: Fix test failures on multiple Windows versions.
|
2009-11-11 10:55:51 +01:00 |
Juan Lang
|
300d5fe5c4
|
crypt32: Correct error when a matching name constraint is found.
|
2009-11-11 10:55:44 +01:00 |
Juan Lang
|
0cf2e6fae6
|
crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID.
|
2009-11-11 10:55:36 +01:00 |
Juan Lang
|
bdbee82c42
|
crypt32: Trace cert version.
|
2009-11-11 10:54:38 +01:00 |
Juan Lang
|
0695b0dc73
|
crypt32: Fix test failures across Windows versions.
|
2009-11-11 10:54:24 +01:00 |
Juan Lang
|
49c1a34721
|
crypt32: Fix some test failures on older crypt32 versions.
|
2009-11-11 10:54:12 +01:00 |
Juan Lang
|
7eb33b18da
|
crypt32: Update a comment to reflect a fixed vulnerability.
|
2009-11-11 10:53:56 +01:00 |
Juan Lang
|
ee02d43731
|
crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.
|
2009-11-10 13:08:31 +01:00 |
Juan Lang
|
2503e9ec73
|
crypt32: Use helper function to find the subject alternate name extension wherever it's needed.
|
2009-11-10 13:08:26 +01:00 |
Juan Lang
|
ae6e884142
|
crypt32: Correct error when the subject alternate name can't be decoded.
|
2009-11-10 13:08:20 +01:00 |
Juan Lang
|
865f3df35b
|
crypt32: Check the issued certificate for name constraint violations, not the issuing certificate.
|
2009-11-10 13:08:14 +01:00 |
Juan Lang
|
ef6ce9a590
|
crypt32: Add more tests of name constraints.
|
2009-11-10 13:08:06 +01:00 |
Juan Lang
|
a5361e45de
|
crypt32: Test more chains against different policies.
|
2009-11-10 13:07:35 +01:00 |
Juan Lang
|
25e8f27817
|
crypt32: Disallow embedded NULLs in alternate names.
|
2009-11-10 13:07:28 +01:00 |
Juan Lang
|
ddf78bdb38
|
crypt32: Test decoding alternate names with embedded NULLs.
|
2009-11-10 13:07:21 +01:00 |
Juan Lang
|
6a3901f04b
|
crypt32: Test encoding and decoding name values with embedded NULLs.
|
2009-11-10 13:07:15 +01:00 |
Juan Lang
|
216df7a714
|
crypt32: Reject certificates whose fields don't match their versions.
|
2009-11-10 13:07:07 +01:00 |
Juan Lang
|
9fe6be454f
|
crypt32: Forbid minimum or maximum fields in name constraints.
|
2009-11-10 13:07:00 +01:00 |
Juan Lang
|
e7404ba24f
|
crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified.
|
2009-11-10 13:05:40 +01:00 |
Juan Lang
|
6cefdef501
|
crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified.
|
2009-11-10 13:05:35 +01:00 |
Marcus Meissner
|
c25753ece2
|
crypt32: Pass the correct pointer into CertificateFindStore.
|
2009-11-09 20:21:23 +01:00 |
Juan Lang
|
267e890220
|
crypt32: Fix test failures on Win9x/NT4.
|
2009-11-09 19:58:40 +01:00 |
Juan Lang
|
fbcce9f308
|
crypt32: Implement decoding cert policy constraints.
|
2009-11-09 19:58:34 +01:00 |
Juan Lang
|
32ad424972
|
crypt32: Implement encoding cert policy constraints.
|
2009-11-09 19:58:28 +01:00 |
Juan Lang
|
ae32f7bffc
|
crypt32: Add tests for encoding/decoding cert policy constraints.
|
2009-11-09 19:58:20 +01:00 |
Juan Lang
|
7e7e73d0da
|
crypt32: Implement decoding cert policy mappings.
|
2009-11-09 19:58:13 +01:00 |
Juan Lang
|
bf5e4d9bb7
|
crypt32: Implement encoding cert policy mappings.
|
2009-11-09 19:58:07 +01:00 |
Juan Lang
|
fba863ddf0
|
crypt32: Add tests for encoding/decoding cert policy mappings.
|
2009-11-09 19:57:59 +01:00 |
Juan Lang
|
ed9a4ffa0b
|
crypt32: Fix decoding cert issuer/subject unique ids.
|
2009-11-09 19:57:51 +01:00 |
Juan Lang
|
4ccafdcb6f
|
crypt32: Fix encoding cert issuer/subject unique ids.
|
2009-11-09 19:57:45 +01:00 |
Juan Lang
|
acfa433f15
|
crypt32: Add more tests of cert encoding/decoding.
|
2009-11-09 19:57:37 +01:00 |
Paul Chitescu
|
7223d8b6d2
|
crypt32: Check the result of CryptAcquireContextW() when initializing default provider.
|
2009-11-09 19:37:00 +01:00 |
Juan Lang
|
5274777b1c
|
crypt32: Permit lack of basic constraints extension on root certificates.
|
2009-11-09 19:34:36 +01:00 |
Juan Lang
|
d94e4d315a
|
crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011 , although it
updates the comments to give a reason. Thanks to Matt Van Gundy for
pointing it out to me.
|
2009-11-09 19:34:32 +01:00 |
Juan Lang
|
c52d110de1
|
crypt32: Don't free a file store's mem store, it's already freed by the provider store.
|
2009-11-05 11:57:58 +01:00 |
Juan Lang
|
a16ca1d039
|
crypt32: Add a warning if a store's ref count is invalid.
|
2009-11-05 11:57:47 +01:00 |
Juan Lang
|
88e599c4cf
|
crypt32: Don't copy past end of buffer when removing the last string in a multistring.
|
2009-11-05 11:57:41 +01:00 |
Juan Lang
|
e1b2eb3485
|
crypt32: Fix a test failure on NT 4.
|
2009-11-05 11:57:13 +01:00 |
Juan Lang
|
416cd484b2
|
crypt32: Implement CertStoreControl for collection stores.
|
2009-11-04 17:15:07 +01:00 |
Juan Lang
|
33c70d35dd
|
crypt32: Add an implementation of CertControlStore for memory stores.
|
2009-11-04 17:15:02 +01:00 |
Juan Lang
|
e6047ae52d
|
crypt32: Add tests of committing a collection store.
|
2009-11-04 17:14:53 +01:00 |
Juan Lang
|
f8376b91da
|
crypt32: Eliminate a double free in the tests.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
108f30bb7d
|
crypt32: Rename a function to reflect its behavior better, and return whether it succeeds.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
7e1cff1c18
|
crypt32: Release contexts when removing them from the mem store.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
df39bbba4f
|
crypt32: Don't delete a context when removing it from a list.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
787d0ab564
|
crypt32: Add an error if the ref count is invalid when releasing a context.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
1f363cd399
|
crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel.
|
2009-11-04 16:45:18 +01:00 |
Juan Lang
|
17894eb093
|
crypt32: Release a link context's linked context on every release, not just when it reaches 0.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
52820b9cf8
|
crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
5f81ad6821
|
crypt32: When add-ref'ing a context, add-ref its linked contexts too.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
fb5e0d8a4d
|
crypt32: When removing contexts from a list, make sure the context no longer references the list.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
976c6ff3f8
|
crypt32: Correct reference counting when deleting contexts from collections.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
92324ab38e
|
crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore.
|
2009-11-04 16:45:17 +01:00 |
Juan Lang
|
40855cae97
|
crypt32: Add return value to Context_Release to allow detecting reference counting errors.
|
2009-11-04 16:45:16 +01:00 |
Juan Lang
|
d8094382a8
|
crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W.
|
2009-11-04 16:45:16 +01:00 |
Juan Lang
|
9364d7a928
|
crypt32: Add stub for CertAddCertificateLinkToStore.
|
2009-11-04 13:07:56 +01:00 |
Juan Lang
|
f554669286
|
crypt32: Implement CryptGetIntendedKeyUsage.
|
2009-11-04 13:07:56 +01:00 |
Juan Lang
|
6ac162231b
|
crypt32: Add tests for CertGetIntendedKeyUsage.
|
2009-11-04 13:07:55 +01:00 |
Juan Lang
|
1c7c406b86
|
crypt32: Correct spec entries for certificate stores.
|
2009-11-03 21:31:33 +01:00 |
Juan Lang
|
ed701e0787
|
crypt32: Add stub for CryptGetIntendedKeyUsage.
|
2009-11-03 21:31:28 +01:00 |
Juan Lang
|
af3afcf81d
|
crypt32: Fix a memory leak in a test.
|
2009-11-03 21:29:29 +01:00 |
Juan Lang
|
7a73fd97ad
|
crypt32: Fix a memory leak reading trusted root certs.
|
2009-11-03 21:29:24 +01:00 |
Juan Lang
|
7dd75d1181
|
crypt32: Fix a memory leak querying a message object.
|
2009-11-03 21:29:19 +01:00 |
Juan Lang
|
9928e2e1c5
|
crypt32: Support reading a serialized store object from memory in CryptQueryObject.
|
2009-11-03 21:29:13 +01:00 |
Juan Lang
|
51a1f5a642
|
crypt32: Abstract function used to read from reading a serialized store.
|
2009-11-03 21:29:03 +01:00 |
Juan Lang
|
16036dd27a
|
crypt32: Allow errors in locally installed root certs.
|
2009-11-03 21:18:30 +01:00 |
Juan Lang
|
d6795bd908
|
crypt32: Trace contents of CERT_CHAIN_PARA.
|
2009-11-03 21:17:34 +01:00 |
Juan Lang
|
fc0aff0d2e
|
crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W.
|
2009-11-03 21:16:12 +01:00 |
Juan Lang
|
2d5ac92d9a
|
crypt32: Partially implement CryptBinaryToStringW.
|
2009-11-03 21:15:55 +01:00 |
Juan Lang
|
9750d0f7f5
|
crypt32: Trace policy error status in CertVerifyCertificateChainPolicy.
|
2009-10-30 11:32:09 +01:00 |
Juan Lang
|
c4ce06293c
|
crypt32: Create a V1 certificate if it doesn't have extensions.
|
2009-10-30 11:32:04 +01:00 |
Juan Lang
|
07b735682b
|
crypt32: Check CA certificates for the enhanced key usage extension.
|
2009-10-30 11:26:39 +01:00 |
Juan Lang
|
60770fb011
|
crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally.
|
2009-10-30 11:26:30 +01:00 |
Juan Lang
|
7b0297769d
|
crypt32: Use a helper function to find an existing cert by hash.
|
2009-10-30 11:26:21 +01:00 |
Juan Lang
|
77472187c9
|
crypt32: Add key usage extension to chain4_0.
|
2009-10-30 11:26:15 +01:00 |
Juan Lang
|
33a6235053
|
crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally.
|
2009-10-30 11:26:06 +01:00 |
Juan Lang
|
552fec4002
|
crypt32: Add basic constraints to chain quality selection algorithm.
|
2009-10-30 11:24:23 +01:00 |
Juan Lang
|
c310637f4f
|
crypt32: Remove redundant if clause.
|
2009-10-30 11:24:10 +01:00 |
Juan Lang
|
9a13e1c70b
|
crypt32: Add basic constraints to chain15_0.
|
2009-10-30 11:23:58 +01:00 |
Juan Lang
|
118374c081
|
crypt32: Add basic constraints to chain14_0.
|
2009-10-30 11:23:53 +01:00 |
Juan Lang
|
0bd67b4c6f
|
crypt32: Add basic constraints and key usage to chain12_0.
|
2009-10-30 11:23:47 +01:00 |
Juan Lang
|
002439e2f0
|
crypt32: Add basic constraints and key usage to chain8_0.
|
2009-10-30 11:23:41 +01:00 |
Juan Lang
|
4557a8705b
|
crypt32: Add basic constraints and key usage to chain5_0.
|
2009-10-30 11:23:35 +01:00 |
Juan Lang
|
86d6177215
|
crypt32: Add basic constraints and key usage to chain2_0.
|
2009-10-30 11:23:27 +01:00 |
Juan Lang
|
6bf0e52011
|
crypt32: Add basic constraints and key usage to chain0_0.
|
2009-10-30 11:23:22 +01:00 |
Juan Lang
|
9059892ec1
|
crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL.
|
2009-10-29 13:07:53 +01:00 |
Juan Lang
|
2fbb736e01
|
crypt32: Add some tests of the SSL policy.
|
2009-10-29 13:07:47 +01:00 |
Juan Lang
|
facd2e975a
|
crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters.
|
2009-10-29 13:07:39 +01:00 |