Commit Graph

1586 Commits

Author SHA1 Message Date
Juan Lang 8646c39bdb crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer. 2009-11-21 14:31:46 +01:00
Juan Lang 6bc8237c63 crypt32/tests: Test one more certificate against the Verisign CRL. 2009-11-21 14:31:46 +01:00
Juan Lang 22206b909a crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Ken Thomases 3921454398 crypt32: Read trusted root certificates from system keychain on Mac OS X. 2009-11-21 14:31:45 +01:00
Juan Lang eee179206e crypt32/tests: Fix tests on Win9x/ME. 2009-11-21 14:31:44 +01:00
Juan Lang 1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 30de103485 crypt32: Only trace a usage match if it's not empty. 2009-11-21 14:31:44 +01:00
Juan Lang e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang 9d9070ae3c crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate. 2009-11-20 11:15:11 +01:00
Juan Lang f378394acd crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension. 2009-11-20 11:15:06 +01:00
Juan Lang bcbfddd82a crypt32: Fix tests on older Windows versions. 2009-11-20 11:15:01 +01:00
Juan Lang a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang 9e1d31e5e5 crypt32: Fix a typo. 2009-11-20 11:14:47 +01:00
Juan Lang 8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang 27128bb2f8 crypt32: Add more tests for CertVerifyRevocation. 2009-11-20 11:14:00 +01:00
Juan Lang 8fcaa52d5d crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. 2009-11-19 11:49:59 +01:00
Juan Lang b278155616 crypt32: Add more tests for CertFindCRLInStore. 2009-11-19 11:49:53 +01:00
Juan Lang 4727212e01 crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore. 2009-11-19 11:49:46 +01:00
Juan Lang 8beed85a2c crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY. 2009-11-19 11:49:40 +01:00
Juan Lang c84c53b1a6 crypt32: More fully implement CertIsValidCRLForCertificate. 2009-11-19 11:49:33 +01:00
Juan Lang e5c56b1798 crypt32: Correct tests for CertIsValidCRLForCertificate. 2009-11-19 11:49:21 +01:00
Juan Lang b16a78baa7 crypt32: Remove a redundant test. 2009-11-19 11:49:14 +01:00
Juan Lang 4fa4f67c79 crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:09 +01:00
Juan Lang a3b462e3ea crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR. 2009-11-19 11:49:05 +01:00
Paul Vriens 7f5b24ed91 crypt32/tests: Fix a test failure on older crypt32. 2009-11-18 15:34:14 +01:00
Juan Lang 96073d5129 crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates. 2009-11-18 11:09:20 +01:00
Juan Lang d6958d7660 crypt32: Trace reasons for name constraint failure. 2009-11-18 11:09:08 +01:00
Juan Lang 1db8a6abda crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match. 2009-11-18 11:09:02 +01:00
Juan Lang a63affe5e0 crypt32: Don't apply directory name constraints to an empty subject name. 2009-11-18 11:08:55 +01:00
Juan Lang c464875a6d crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint. 2009-11-18 11:08:49 +01:00
Juan Lang d6f7d06cad crypt32: Check email address in subject name against rfc822 name constraints. 2009-11-18 11:08:44 +01:00
Juan Lang e4c03521ac crypt32: Apply name constraints to subject name. 2009-11-18 11:08:37 +01:00
Juan Lang 6f35ae25b8 crypt32: Use helper function to compare a subject alternate name with name constraints. 2009-11-18 11:08:32 +01:00
Juan Lang a98dad4f93 crypt32: Only apply a name constraint if the name form is present. 2009-11-18 11:08:25 +01:00
Juan Lang f6d3348b7c crypt32: Partially implement checking name constraints with directory names. 2009-11-18 11:08:20 +01:00
Juan Lang 7c44544a6d crypt32: Use helper functions to match excluded and permitted subtrees of name constraints. 2009-11-18 11:08:14 +01:00
Juan Lang 9a40de08de crypt32: Let caller set error codes when name constraints aren't met. 2009-11-18 11:08:08 +01:00
Juan Lang f8044948ba crypt32: Remove an unnecessary if. 2009-11-18 11:08:01 +01:00
Juan Lang 8585203103 crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree. 2009-11-18 11:07:53 +01:00
Juan Lang a299470622 crypt32/tests: Fix another test failure. 2009-11-17 15:14:53 +01:00
Juan Lang 440c702ce4 crypt32: Implement CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang ed74536f0c crypt32: Add tests for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 7d12294f08 crypt32: Add stub for CertIsRDNAttrsInCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 4a948fa929 crypt32: Add more tests for CertCompareCertificateName. 2009-11-17 15:14:53 +01:00
Juan Lang 1974e61b59 crypt32: Correctly match subdomains with dns name constraints. 2009-11-17 12:05:11 +01:00
Juan Lang b74ef17efc crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact. 2009-11-17 12:05:04 +01:00
Juan Lang e82005fe2d crypt32: Only compare the hostname portion of a URL when checking against a name constraint. 2009-11-17 12:04:58 +01:00
Juan Lang 3c8a04f12f crypt32: Include name constraints errors in the chain's error status. 2009-11-17 12:04:52 +01:00
Juan Lang f9ad32f0ad crypt32: Trace method used to find an issuer. 2009-11-17 12:04:46 +01:00
Juan Lang 8adc75b3ec crypt32: Fix more test failures. 2009-11-16 11:34:31 +01:00
Juan Lang f6c4824675 crypt32: Update a comment. 2009-11-16 11:34:04 +01:00
Juan Lang c4b997bab3 crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met. 2009-11-16 11:33:58 +01:00
Juan Lang 9aee8fd556 crypt32: Fix test failures. 2009-11-13 11:52:25 +01:00
Juan Lang 21ecc84620 crypt32: Accept any matching dNSName in a subject alternate name. 2009-11-13 11:52:25 +01:00
Juan Lang 95a14deff9 crypt32: Add tests for cs.stanford.edu's chain. 2009-11-13 11:52:25 +01:00
Juan Lang d311cc9bdb crypt32: Use broken() to mark an expected result from a broken version of crypt32. 2009-11-13 11:52:25 +01:00
Juan Lang b91d0c8bde crypt32: Implement matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang e740672647 crypt32: Test matching a certificate with a wildcard in its name. 2009-11-13 11:52:24 +01:00
Juan Lang a29789e0bf crypt32: Add openssl.org's cert to the tested chains. 2009-11-13 11:52:24 +01:00
Juan Lang 574de15f51 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:38 +01:00
Juan Lang ba3433fa02 crypt32: Fix more test failures on older crypt32 versions. 2009-11-12 13:11:32 +01:00
Juan Lang 4d2c9c3e87 crypt32/tests: Fix test failures. 2009-11-12 13:11:25 +01:00
Juan Lang d7c9bd13a2 crypt32: Fix test failures on multiple Windows versions. 2009-11-11 10:55:51 +01:00
Juan Lang 300d5fe5c4 crypt32: Correct error when a matching name constraint is found. 2009-11-11 10:55:44 +01:00
Juan Lang 0cf2e6fae6 crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID. 2009-11-11 10:55:36 +01:00
Juan Lang bdbee82c42 crypt32: Trace cert version. 2009-11-11 10:54:38 +01:00
Juan Lang 0695b0dc73 crypt32: Fix test failures across Windows versions. 2009-11-11 10:54:24 +01:00
Juan Lang 49c1a34721 crypt32: Fix some test failures on older crypt32 versions. 2009-11-11 10:54:12 +01:00
Juan Lang 7eb33b18da crypt32: Update a comment to reflect a fixed vulnerability. 2009-11-11 10:53:56 +01:00
Juan Lang ee02d43731 crypt32: Correct error when a constrained, permitted name type isn't found in the subject name. 2009-11-10 13:08:31 +01:00
Juan Lang 2503e9ec73 crypt32: Use helper function to find the subject alternate name extension wherever it's needed. 2009-11-10 13:08:26 +01:00
Juan Lang ae6e884142 crypt32: Correct error when the subject alternate name can't be decoded. 2009-11-10 13:08:20 +01:00
Juan Lang 865f3df35b crypt32: Check the issued certificate for name constraint violations, not the issuing certificate. 2009-11-10 13:08:14 +01:00
Juan Lang ef6ce9a590 crypt32: Add more tests of name constraints. 2009-11-10 13:08:06 +01:00
Juan Lang a5361e45de crypt32: Test more chains against different policies. 2009-11-10 13:07:35 +01:00
Juan Lang 25e8f27817 crypt32: Disallow embedded NULLs in alternate names. 2009-11-10 13:07:28 +01:00
Juan Lang ddf78bdb38 crypt32: Test decoding alternate names with embedded NULLs. 2009-11-10 13:07:21 +01:00
Juan Lang 6a3901f04b crypt32: Test encoding and decoding name values with embedded NULLs. 2009-11-10 13:07:15 +01:00
Juan Lang 216df7a714 crypt32: Reject certificates whose fields don't match their versions. 2009-11-10 13:07:07 +01:00
Juan Lang 9fe6be454f crypt32: Forbid minimum or maximum fields in name constraints. 2009-11-10 13:07:00 +01:00
Juan Lang e7404ba24f crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:40 +01:00
Juan Lang 6cefdef501 crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:35 +01:00
Marcus Meissner c25753ece2 crypt32: Pass the correct pointer into CertificateFindStore. 2009-11-09 20:21:23 +01:00
Juan Lang 267e890220 crypt32: Fix test failures on Win9x/NT4. 2009-11-09 19:58:40 +01:00
Juan Lang fbcce9f308 crypt32: Implement decoding cert policy constraints. 2009-11-09 19:58:34 +01:00
Juan Lang 32ad424972 crypt32: Implement encoding cert policy constraints. 2009-11-09 19:58:28 +01:00
Juan Lang ae32f7bffc crypt32: Add tests for encoding/decoding cert policy constraints. 2009-11-09 19:58:20 +01:00
Juan Lang 7e7e73d0da crypt32: Implement decoding cert policy mappings. 2009-11-09 19:58:13 +01:00
Juan Lang bf5e4d9bb7 crypt32: Implement encoding cert policy mappings. 2009-11-09 19:58:07 +01:00
Juan Lang fba863ddf0 crypt32: Add tests for encoding/decoding cert policy mappings. 2009-11-09 19:57:59 +01:00
Juan Lang ed9a4ffa0b crypt32: Fix decoding cert issuer/subject unique ids. 2009-11-09 19:57:51 +01:00
Juan Lang 4ccafdcb6f crypt32: Fix encoding cert issuer/subject unique ids. 2009-11-09 19:57:45 +01:00
Juan Lang acfa433f15 crypt32: Add more tests of cert encoding/decoding. 2009-11-09 19:57:37 +01:00
Paul Chitescu 7223d8b6d2 crypt32: Check the result of CryptAcquireContextW() when initializing default provider. 2009-11-09 19:37:00 +01:00
Juan Lang 5274777b1c crypt32: Permit lack of basic constraints extension on root certificates. 2009-11-09 19:34:36 +01:00
Juan Lang d94e4d315a crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011, although it
updates the comments to give a reason.  Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang c52d110de1 crypt32: Don't free a file store's mem store, it's already freed by the provider store. 2009-11-05 11:57:58 +01:00
Juan Lang a16ca1d039 crypt32: Add a warning if a store's ref count is invalid. 2009-11-05 11:57:47 +01:00
Juan Lang 88e599c4cf crypt32: Don't copy past end of buffer when removing the last string in a multistring. 2009-11-05 11:57:41 +01:00
Juan Lang e1b2eb3485 crypt32: Fix a test failure on NT 4. 2009-11-05 11:57:13 +01:00
Juan Lang 416cd484b2 crypt32: Implement CertStoreControl for collection stores. 2009-11-04 17:15:07 +01:00
Juan Lang 33c70d35dd crypt32: Add an implementation of CertControlStore for memory stores. 2009-11-04 17:15:02 +01:00
Juan Lang e6047ae52d crypt32: Add tests of committing a collection store. 2009-11-04 17:14:53 +01:00
Juan Lang f8376b91da crypt32: Eliminate a double free in the tests. 2009-11-04 16:45:18 +01:00
Juan Lang 108f30bb7d crypt32: Rename a function to reflect its behavior better, and return whether it succeeds. 2009-11-04 16:45:18 +01:00
Juan Lang 7e1cff1c18 crypt32: Release contexts when removing them from the mem store. 2009-11-04 16:45:18 +01:00
Juan Lang df39bbba4f crypt32: Don't delete a context when removing it from a list. 2009-11-04 16:45:18 +01:00
Juan Lang 787d0ab564 crypt32: Add an error if the ref count is invalid when releasing a context. 2009-11-04 16:45:18 +01:00
Juan Lang 1f363cd399 crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel. 2009-11-04 16:45:18 +01:00
Juan Lang 17894eb093 crypt32: Release a link context's linked context on every release, not just when it reaches 0. 2009-11-04 16:45:17 +01:00
Juan Lang 52820b9cf8 crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too. 2009-11-04 16:45:17 +01:00
Juan Lang 5f81ad6821 crypt32: When add-ref'ing a context, add-ref its linked contexts too. 2009-11-04 16:45:17 +01:00
Juan Lang fb5e0d8a4d crypt32: When removing contexts from a list, make sure the context no longer references the list. 2009-11-04 16:45:17 +01:00
Juan Lang 976c6ff3f8 crypt32: Correct reference counting when deleting contexts from collections. 2009-11-04 16:45:17 +01:00
Juan Lang 92324ab38e crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore. 2009-11-04 16:45:17 +01:00
Juan Lang 40855cae97 crypt32: Add return value to Context_Release to allow detecting reference counting errors. 2009-11-04 16:45:16 +01:00
Juan Lang d8094382a8 crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W. 2009-11-04 16:45:16 +01:00
Juan Lang 9364d7a928 crypt32: Add stub for CertAddCertificateLinkToStore. 2009-11-04 13:07:56 +01:00
Juan Lang f554669286 crypt32: Implement CryptGetIntendedKeyUsage. 2009-11-04 13:07:56 +01:00
Juan Lang 6ac162231b crypt32: Add tests for CertGetIntendedKeyUsage. 2009-11-04 13:07:55 +01:00
Juan Lang 1c7c406b86 crypt32: Correct spec entries for certificate stores. 2009-11-03 21:31:33 +01:00
Juan Lang ed701e0787 crypt32: Add stub for CryptGetIntendedKeyUsage. 2009-11-03 21:31:28 +01:00
Juan Lang af3afcf81d crypt32: Fix a memory leak in a test. 2009-11-03 21:29:29 +01:00
Juan Lang 7a73fd97ad crypt32: Fix a memory leak reading trusted root certs. 2009-11-03 21:29:24 +01:00
Juan Lang 7dd75d1181 crypt32: Fix a memory leak querying a message object. 2009-11-03 21:29:19 +01:00
Juan Lang 9928e2e1c5 crypt32: Support reading a serialized store object from memory in CryptQueryObject. 2009-11-03 21:29:13 +01:00
Juan Lang 51a1f5a642 crypt32: Abstract function used to read from reading a serialized store. 2009-11-03 21:29:03 +01:00
Juan Lang 16036dd27a crypt32: Allow errors in locally installed root certs. 2009-11-03 21:18:30 +01:00
Juan Lang d6795bd908 crypt32: Trace contents of CERT_CHAIN_PARA. 2009-11-03 21:17:34 +01:00
Juan Lang fc0aff0d2e crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W. 2009-11-03 21:16:12 +01:00
Juan Lang 2d5ac92d9a crypt32: Partially implement CryptBinaryToStringW. 2009-11-03 21:15:55 +01:00
Juan Lang 9750d0f7f5 crypt32: Trace policy error status in CertVerifyCertificateChainPolicy. 2009-10-30 11:32:09 +01:00
Juan Lang c4ce06293c crypt32: Create a V1 certificate if it doesn't have extensions. 2009-10-30 11:32:04 +01:00
Juan Lang 07b735682b crypt32: Check CA certificates for the enhanced key usage extension. 2009-10-30 11:26:39 +01:00
Juan Lang 60770fb011 crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally. 2009-10-30 11:26:30 +01:00
Juan Lang 7b0297769d crypt32: Use a helper function to find an existing cert by hash. 2009-10-30 11:26:21 +01:00
Juan Lang 77472187c9 crypt32: Add key usage extension to chain4_0. 2009-10-30 11:26:15 +01:00
Juan Lang 33a6235053 crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally. 2009-10-30 11:26:06 +01:00
Juan Lang 552fec4002 crypt32: Add basic constraints to chain quality selection algorithm. 2009-10-30 11:24:23 +01:00
Juan Lang c310637f4f crypt32: Remove redundant if clause. 2009-10-30 11:24:10 +01:00
Juan Lang 9a13e1c70b crypt32: Add basic constraints to chain15_0. 2009-10-30 11:23:58 +01:00
Juan Lang 118374c081 crypt32: Add basic constraints to chain14_0. 2009-10-30 11:23:53 +01:00
Juan Lang 0bd67b4c6f crypt32: Add basic constraints and key usage to chain12_0. 2009-10-30 11:23:47 +01:00
Juan Lang 002439e2f0 crypt32: Add basic constraints and key usage to chain8_0. 2009-10-30 11:23:41 +01:00
Juan Lang 4557a8705b crypt32: Add basic constraints and key usage to chain5_0. 2009-10-30 11:23:35 +01:00
Juan Lang 86d6177215 crypt32: Add basic constraints and key usage to chain2_0. 2009-10-30 11:23:27 +01:00
Juan Lang 6bf0e52011 crypt32: Add basic constraints and key usage to chain0_0. 2009-10-30 11:23:22 +01:00
Juan Lang 9059892ec1 crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL. 2009-10-29 13:07:53 +01:00
Juan Lang 2fbb736e01 crypt32: Add some tests of the SSL policy. 2009-10-29 13:07:47 +01:00
Juan Lang facd2e975a crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters. 2009-10-29 13:07:39 +01:00