Juan Lang
|
f8044948ba
|
crypt32: Remove an unnecessary if.
|
2009-11-18 11:08:01 +01:00 |
Juan Lang
|
8585203103
|
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
|
2009-11-18 11:07:53 +01:00 |
Juan Lang
|
a299470622
|
crypt32/tests: Fix another test failure.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
440c702ce4
|
crypt32: Implement CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
ed74536f0c
|
crypt32: Add tests for CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
7d12294f08
|
crypt32: Add stub for CertIsRDNAttrsInCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
4a948fa929
|
crypt32: Add more tests for CertCompareCertificateName.
|
2009-11-17 15:14:53 +01:00 |
Juan Lang
|
1974e61b59
|
crypt32: Correctly match subdomains with dns name constraints.
|
2009-11-17 12:05:11 +01:00 |
Juan Lang
|
b74ef17efc
|
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.
|
2009-11-17 12:05:04 +01:00 |
Juan Lang
|
e82005fe2d
|
crypt32: Only compare the hostname portion of a URL when checking against a name constraint.
|
2009-11-17 12:04:58 +01:00 |
Juan Lang
|
3c8a04f12f
|
crypt32: Include name constraints errors in the chain's error status.
|
2009-11-17 12:04:52 +01:00 |
Juan Lang
|
f9ad32f0ad
|
crypt32: Trace method used to find an issuer.
|
2009-11-17 12:04:46 +01:00 |
Juan Lang
|
8adc75b3ec
|
crypt32: Fix more test failures.
|
2009-11-16 11:34:31 +01:00 |
Juan Lang
|
f6c4824675
|
crypt32: Update a comment.
|
2009-11-16 11:34:04 +01:00 |
Juan Lang
|
c4b997bab3
|
crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.
|
2009-11-16 11:33:58 +01:00 |
Juan Lang
|
9aee8fd556
|
crypt32: Fix test failures.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
21ecc84620
|
crypt32: Accept any matching dNSName in a subject alternate name.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
95a14deff9
|
crypt32: Add tests for cs.stanford.edu's chain.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
d311cc9bdb
|
crypt32: Use broken() to mark an expected result from a broken version of crypt32.
|
2009-11-13 11:52:25 +01:00 |
Juan Lang
|
b91d0c8bde
|
crypt32: Implement matching a certificate with a wildcard in its name.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
e740672647
|
crypt32: Test matching a certificate with a wildcard in its name.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
a29789e0bf
|
crypt32: Add openssl.org's cert to the tested chains.
|
2009-11-13 11:52:24 +01:00 |
Juan Lang
|
574de15f51
|
crypt32: Fix more test failures on older crypt32 versions.
|
2009-11-12 13:11:38 +01:00 |
Juan Lang
|
ba3433fa02
|
crypt32: Fix more test failures on older crypt32 versions.
|
2009-11-12 13:11:32 +01:00 |
Juan Lang
|
4d2c9c3e87
|
crypt32/tests: Fix test failures.
|
2009-11-12 13:11:25 +01:00 |
Juan Lang
|
d7c9bd13a2
|
crypt32: Fix test failures on multiple Windows versions.
|
2009-11-11 10:55:51 +01:00 |
Juan Lang
|
300d5fe5c4
|
crypt32: Correct error when a matching name constraint is found.
|
2009-11-11 10:55:44 +01:00 |
Juan Lang
|
0cf2e6fae6
|
crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID.
|
2009-11-11 10:55:36 +01:00 |
Juan Lang
|
bdbee82c42
|
crypt32: Trace cert version.
|
2009-11-11 10:54:38 +01:00 |
Juan Lang
|
0695b0dc73
|
crypt32: Fix test failures across Windows versions.
|
2009-11-11 10:54:24 +01:00 |
Juan Lang
|
49c1a34721
|
crypt32: Fix some test failures on older crypt32 versions.
|
2009-11-11 10:54:12 +01:00 |
Juan Lang
|
7eb33b18da
|
crypt32: Update a comment to reflect a fixed vulnerability.
|
2009-11-11 10:53:56 +01:00 |
Juan Lang
|
ee02d43731
|
crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.
|
2009-11-10 13:08:31 +01:00 |
Juan Lang
|
2503e9ec73
|
crypt32: Use helper function to find the subject alternate name extension wherever it's needed.
|
2009-11-10 13:08:26 +01:00 |
Juan Lang
|
ae6e884142
|
crypt32: Correct error when the subject alternate name can't be decoded.
|
2009-11-10 13:08:20 +01:00 |
Juan Lang
|
865f3df35b
|
crypt32: Check the issued certificate for name constraint violations, not the issuing certificate.
|
2009-11-10 13:08:14 +01:00 |
Juan Lang
|
ef6ce9a590
|
crypt32: Add more tests of name constraints.
|
2009-11-10 13:08:06 +01:00 |
Juan Lang
|
a5361e45de
|
crypt32: Test more chains against different policies.
|
2009-11-10 13:07:35 +01:00 |
Juan Lang
|
25e8f27817
|
crypt32: Disallow embedded NULLs in alternate names.
|
2009-11-10 13:07:28 +01:00 |
Juan Lang
|
ddf78bdb38
|
crypt32: Test decoding alternate names with embedded NULLs.
|
2009-11-10 13:07:21 +01:00 |
Juan Lang
|
6a3901f04b
|
crypt32: Test encoding and decoding name values with embedded NULLs.
|
2009-11-10 13:07:15 +01:00 |
Juan Lang
|
216df7a714
|
crypt32: Reject certificates whose fields don't match their versions.
|
2009-11-10 13:07:07 +01:00 |
Juan Lang
|
9fe6be454f
|
crypt32: Forbid minimum or maximum fields in name constraints.
|
2009-11-10 13:07:00 +01:00 |
Juan Lang
|
e7404ba24f
|
crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified.
|
2009-11-10 13:05:40 +01:00 |
Juan Lang
|
6cefdef501
|
crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified.
|
2009-11-10 13:05:35 +01:00 |
Marcus Meissner
|
c25753ece2
|
crypt32: Pass the correct pointer into CertificateFindStore.
|
2009-11-09 20:21:23 +01:00 |
Juan Lang
|
267e890220
|
crypt32: Fix test failures on Win9x/NT4.
|
2009-11-09 19:58:40 +01:00 |
Juan Lang
|
fbcce9f308
|
crypt32: Implement decoding cert policy constraints.
|
2009-11-09 19:58:34 +01:00 |
Juan Lang
|
32ad424972
|
crypt32: Implement encoding cert policy constraints.
|
2009-11-09 19:58:28 +01:00 |
Juan Lang
|
ae32f7bffc
|
crypt32: Add tests for encoding/decoding cert policy constraints.
|
2009-11-09 19:58:20 +01:00 |