Commit graph

99 commits

Author SHA1 Message Date
Juan Lang
5274777b1c crypt32: Permit lack of basic constraints extension on root certificates. 2009-11-09 19:34:36 +01:00
Juan Lang
d94e4d315a crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011, although it
updates the comments to give a reason.  Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang
d6795bd908 crypt32: Trace contents of CERT_CHAIN_PARA. 2009-11-03 21:17:34 +01:00
Juan Lang
9750d0f7f5 crypt32: Trace policy error status in CertVerifyCertificateChainPolicy. 2009-10-30 11:32:09 +01:00
Juan Lang
07b735682b crypt32: Check CA certificates for the enhanced key usage extension. 2009-10-30 11:26:39 +01:00
Juan Lang
60770fb011 crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally. 2009-10-30 11:26:30 +01:00
Juan Lang
7b0297769d crypt32: Use a helper function to find an existing cert by hash. 2009-10-30 11:26:21 +01:00
Juan Lang
33a6235053 crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally. 2009-10-30 11:26:06 +01:00
Juan Lang
552fec4002 crypt32: Add basic constraints to chain quality selection algorithm. 2009-10-30 11:24:23 +01:00
Juan Lang
c310637f4f crypt32: Remove redundant if clause. 2009-10-30 11:24:10 +01:00
Juan Lang
9059892ec1 crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL. 2009-10-29 13:07:53 +01:00
Juan Lang
24399bd359 crypt32: Support IPv6 addresses in name constraint comparison. 2009-10-29 13:07:20 +01:00
Juan Lang
bcb4bc6be3 crypt32: Trace netscape cert type extension. 2009-10-29 13:07:14 +01:00
Juan Lang
d664edb322 crypt32: Trace directory name of alt name entries. 2009-10-29 13:07:08 +01:00
Juan Lang
6a575d697e crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present. 2009-10-29 13:06:56 +01:00
Juan Lang
1e953ef12e crypt32: Trace the alt name extensions. 2009-10-29 13:06:49 +01:00
Juan Lang
bf42ce9c90 crypt32: Trace name constraints extension. 2009-10-29 13:06:42 +01:00
Juan Lang
777ea81c48 crypt32: Trace cert policies extension. 2009-10-29 13:06:35 +01:00
Juan Lang
994d7ed40d crypt32: Trace enhanced key usage extension. 2009-10-29 13:06:25 +01:00
Juan Lang
cf9491a5a3 crypt32: Move tracing of key usage extension to common extension tracing location. 2009-10-26 11:16:54 +01:00
Juan Lang
7fa618aa8e crypt32: Check key usage during chain validation. 2009-10-21 16:21:53 +02:00
Juan Lang
cbabc9d689 crypt32: Get CA flag from basic constraints extension of every cert in the chain. 2009-10-21 16:21:40 +02:00
Juan Lang
f348e3feb7 crypt32: Check basic constraints extension for end certs too. 2009-10-21 16:21:36 +02:00
Juan Lang
87405ade02 crypt32: Add a safe default for unsupported critical extensions. 2009-10-20 13:46:55 +02:00
Hans Leidekker
2f112cf5ee crypt32: CertGetCertificateChain does not validate the size of the CERT_CHAIN_PARA structure. 2009-09-22 16:20:58 +02:00
Andrew Talbot
5a981c3a64 crypt32: Constify some variables. 2009-06-12 17:33:14 +02:00
Juan Lang
4817fbc362 crypt32: Avoid reading freed memory when encountering a cyclic chain. 2009-02-25 12:37:06 +01:00
Francois Gouget
443fdf2731 crypt32: Merge two traces. 2009-02-18 12:17:29 +01:00
Juan Lang
b5d1bfe5ba crypt32: Set the info status on the last element of a chain even if its issuer can't be found. 2009-02-12 11:53:22 +01:00
Juan Lang
913affe4ef crypt32: Don't assume intermediate certificates are allowed to be CAs. 2009-02-12 11:53:18 +01:00
Juan Lang
ad2ea9d9cf crypt32: Change some traces to the chain channel. 2009-02-12 11:53:10 +01:00
Juan Lang
e7dd46b807 crypt32: Add chain debugging channel for debugging certificate chaining errors. 2009-02-12 11:53:01 +01:00
Michael Stefaniuc
4eaaa913f8 crypt32: Remove some more superfluous pointer casts. 2009-01-26 14:31:08 +01:00
Juan Lang
558057b4b2 crypt32: Fix chain error status when a cert's issuer can't be found. 2008-10-31 12:57:25 +01:00
Juan Lang
39a7d40413 crypt32: Fix frequency with which chains are checked for cycles. 2008-10-30 11:29:37 +01:00
Juan Lang
0556e9d966 crypt32: Correct trust error status for cyclic chains. 2008-10-23 12:13:25 +02:00
Juan Lang
eeec9bf349 crypt32: Correct another chain status discrepancy with Windows. 2008-10-17 20:17:11 +02:00
Juan Lang
25698f8938 crypt32: Microsoft fixed a bug with name constraints, so make Wine's behavior match. 2008-10-17 20:17:08 +02:00
Juan Lang
cb341f3717 crypt32: Fix error handling for cyclic chains. 2008-10-09 12:29:44 +02:00
Juan Lang
71e394fb89 crypt32: Fix typo. Fixes Coverity item 605. 2008-09-10 10:40:43 +02:00
Michael Karcher
0ed076ab5c crypt32: Remove duplicate MS test root key. 2008-06-30 15:11:12 +02:00
Erik de Castro Lopo
0ef69ef9dd crypt32: Use LOWORD on LPCSTR type instead of casting to int. 2008-04-25 11:34:53 +02:00
Andrew Talbot
70c4b66781 crypt32: Assign to structs instead of using memcpy. 2008-02-15 12:05:47 +01:00
Michael Stefaniuc
3e005ce915 crypt32: Do not use an empty body in an else-statement as documentation. 2007-12-10 12:35:56 +01:00
Juan Lang
329761e7e1 crypt32: Fix a leak building an alternate chain. 2007-11-02 12:21:58 +01:00
Juan Lang
fc14728efc crypt32: Fix a leak during chain creation. 2007-11-02 12:21:47 +01:00
Juan Lang
912c3e609b crypt32: Implement cert chain revocation checking. 2007-10-24 12:33:39 +02:00
Juan Lang
9ae5ef6641 crypt32: Set lower quality chain count and pointer to 0 when freeing them. 2007-10-19 14:21:46 +02:00
Juan Lang
5d6feab0e2 crypt32: Don't keep a pointer to the lower quality chains when choosing a higher quality one, otherwise they'll get double-freed. 2007-10-19 14:21:42 +02:00
Juan Lang
7a0905128d crypt32: Always set pPolicyStatus->dwError. 2007-10-17 13:40:41 +02:00