157 commits

Author	SHA1	Message	Date
Juan Lang	ca7512d296	crypt32: Trace certificate chain verification parameters.	2010-10-19 10:19:17 +02:00
Juan Lang	63a05db41c	crypt32: Trace time value in addition to address of time value.	2010-10-15 11:33:21 +02:00
Juan Lang	b6cd08f436	crypt32: Use A functions for debug string that's only used as an ASCII string.	2010-10-15 11:33:12 +02:00
Juan Lang	25a8d301c1	crypt32: Set correct error when encountering unsupported critical extensions in the base and SSL policy.	2010-10-06 20:46:50 +02:00
Juan Lang	b1899c2066	crypt32: Set CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT when appropriate.	2010-10-06 20:46:49 +02:00
Juan Lang	966d722752	crypt32: Improve error checking for the base policy.	2010-10-06 14:41:04 +02:00
Juan Lang	be3a5e368f	crypt32: Check revocation failures when verifying the SSL policy.	2010-09-30 11:16:44 +02:00
Juan Lang	da11d66bff	crypt32: Check usage when verifying the SSL policy.	2010-09-30 11:16:40 +02:00
Juan Lang	d74c4f7c15	crypt32: Honor more SECURITY_FLAG_IGNORE flags when verifying the SSL policy.	2010-09-30 11:16:36 +02:00
Juan Lang	d6c9c7a08b	crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.	2010-08-16 17:28:55 +02:00
Andrew Talbot	761f5ca105	crypt32: Constify some variables.	2010-08-16 13:46:33 +02:00
Juan Lang	c79aad51cd	crypt32: Implement wildcard domain name matching in subject alternative names.	2010-05-21 14:37:52 +02:00
Juan Lang	d298e1e614	crypt32: Support hExclusiveRoot when creating a certificate chain engine.	2010-05-20 13:47:53 +02:00
Juan Lang	d3db308853	crypt32: Update definition of CERT_CHAIN_ENGINE_CONFIG.	2010-05-20 13:47:53 +02:00
Juan Lang	51ab77a90a	crypt32: Add support for the anyPolicy certificate policy.	2010-03-16 11:30:12 +01:00
Michael Stefaniuc	0a866d0e45	crypt32: Avoid using HIWORD() on a string pointer. ... The stray IS_INTRESOURCE() is applied to a true resource. The other strings are OIDs and not resources.	2010-01-29 14:59:02 +01:00
Juan Lang	4e18ac601f	crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).	2009-12-21 15:01:22 +01:00
Juan Lang	048594854a	crypt32: Check authority key identifer extension to determine if a certificate is self-signed.	2009-12-18 11:39:58 +01:00
Amine Khaldi	e402260db4	crypt32: Remove an unneeded assignment.	2009-12-17 12:42:39 +01:00
Juan Lang	01a7cbf843	crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.	2009-12-11 17:47:30 +01:00
Juan Lang	1740d9fe44	crypt32: Trace chain final error status.	2009-12-11 11:49:56 +01:00
Juan Lang	596cd16fc4	crypt32: Only check revocation on a chain without other errors.	2009-12-03 10:11:33 +01:00
Juan Lang	1a392e1a30	crypt32: Support checking the requested usage for a chain.	2009-11-21 14:31:44 +01:00
Juan Lang	30de103485	crypt32: Only trace a usage match if it's not empty.	2009-11-21 14:31:44 +01:00
Juan Lang	a3c6bc68c8	crypt32: Assume revocation server is offline if revocation status isn't known.	2009-11-20 11:14:52 +01:00
Juan Lang	9e1d31e5e5	crypt32: Fix a typo.	2009-11-20 11:14:47 +01:00
Juan Lang	96073d5129	crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.	2009-11-18 11:09:20 +01:00
Juan Lang	d6958d7660	crypt32: Trace reasons for name constraint failure.	2009-11-18 11:09:08 +01:00
Juan Lang	1db8a6abda	crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.	2009-11-18 11:09:02 +01:00
Juan Lang	a63affe5e0	crypt32: Don't apply directory name constraints to an empty subject name.	2009-11-18 11:08:55 +01:00
Juan Lang	c464875a6d	crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.	2009-11-18 11:08:49 +01:00
Juan Lang	d6f7d06cad	crypt32: Check email address in subject name against rfc822 name constraints.	2009-11-18 11:08:44 +01:00
Juan Lang	e4c03521ac	crypt32: Apply name constraints to subject name.	2009-11-18 11:08:37 +01:00
Juan Lang	6f35ae25b8	crypt32: Use helper function to compare a subject alternate name with name constraints.	2009-11-18 11:08:32 +01:00
Juan Lang	a98dad4f93	crypt32: Only apply a name constraint if the name form is present.	2009-11-18 11:08:25 +01:00
Juan Lang	f6d3348b7c	crypt32: Partially implement checking name constraints with directory names.	2009-11-18 11:08:20 +01:00
Juan Lang	7c44544a6d	crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.	2009-11-18 11:08:14 +01:00
Juan Lang	9a40de08de	crypt32: Let caller set error codes when name constraints aren't met.	2009-11-18 11:08:08 +01:00
Juan Lang	f8044948ba	crypt32: Remove an unnecessary if.	2009-11-18 11:08:01 +01:00
Juan Lang	8585203103	crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.	2009-11-18 11:07:53 +01:00
Juan Lang	1974e61b59	crypt32: Correctly match subdomains with dns name constraints.	2009-11-17 12:05:11 +01:00
Juan Lang	b74ef17efc	crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.	2009-11-17 12:05:04 +01:00
Juan Lang	e82005fe2d	crypt32: Only compare the hostname portion of a URL when checking against a name constraint.	2009-11-17 12:04:58 +01:00
Juan Lang	3c8a04f12f	crypt32: Include name constraints errors in the chain's error status.	2009-11-17 12:04:52 +01:00
Juan Lang	f9ad32f0ad	crypt32: Trace method used to find an issuer.	2009-11-17 12:04:46 +01:00
Juan Lang	f6c4824675	crypt32: Update a comment.	2009-11-16 11:34:04 +01:00
Juan Lang	c4b997bab3	crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.	2009-11-16 11:33:58 +01:00
Juan Lang	21ecc84620	crypt32: Accept any matching dNSName in a subject alternate name.	2009-11-13 11:52:25 +01:00
Juan Lang	b91d0c8bde	crypt32: Implement matching a certificate with a wildcard in its name.	2009-11-13 11:52:24 +01:00
Juan Lang	300d5fe5c4	crypt32: Correct error when a matching name constraint is found.	2009-11-11 10:55:44 +01:00