system/wine - HydraGit

mirror of git://source.winehq.org/git/wine.git synced 2024-11-05 18:01:34 +00:00

Author	SHA1	Message	Date
Juan Lang	f6d3348b7c	crypt32: Partially implement checking name constraints with directory names.	2009-11-18 11:08:20 +01:00
Juan Lang	7c44544a6d	crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.	2009-11-18 11:08:14 +01:00
Juan Lang	9a40de08de	crypt32: Let caller set error codes when name constraints aren't met.	2009-11-18 11:08:08 +01:00
Juan Lang	f8044948ba	crypt32: Remove an unnecessary if.	2009-11-18 11:08:01 +01:00
Juan Lang	8585203103	crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.	2009-11-18 11:07:53 +01:00
Juan Lang	1974e61b59	crypt32: Correctly match subdomains with dns name constraints.	2009-11-17 12:05:11 +01:00
Juan Lang	b74ef17efc	crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.	2009-11-17 12:05:04 +01:00
Juan Lang	e82005fe2d	crypt32: Only compare the hostname portion of a URL when checking against a name constraint.	2009-11-17 12:04:58 +01:00
Juan Lang	3c8a04f12f	crypt32: Include name constraints errors in the chain's error status.	2009-11-17 12:04:52 +01:00
Juan Lang	f9ad32f0ad	crypt32: Trace method used to find an issuer.	2009-11-17 12:04:46 +01:00
Juan Lang	f6c4824675	crypt32: Update a comment.	2009-11-16 11:34:04 +01:00
Juan Lang	c4b997bab3	crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.	2009-11-16 11:33:58 +01:00
Juan Lang	21ecc84620	crypt32: Accept any matching dNSName in a subject alternate name.	2009-11-13 11:52:25 +01:00
Juan Lang	b91d0c8bde	crypt32: Implement matching a certificate with a wildcard in its name.	2009-11-13 11:52:24 +01:00
Juan Lang	300d5fe5c4	crypt32: Correct error when a matching name constraint is found.	2009-11-11 10:55:44 +01:00
Juan Lang	bdbee82c42	crypt32: Trace cert version.	2009-11-11 10:54:38 +01:00
Juan Lang	7eb33b18da	crypt32: Update a comment to reflect a fixed vulnerability.	2009-11-11 10:53:56 +01:00
Juan Lang	ee02d43731	crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.	2009-11-10 13:08:31 +01:00
Juan Lang	2503e9ec73	crypt32: Use helper function to find the subject alternate name extension wherever it's needed.	2009-11-10 13:08:26 +01:00
Juan Lang	ae6e884142	crypt32: Correct error when the subject alternate name can't be decoded.	2009-11-10 13:08:20 +01:00
Juan Lang	865f3df35b	crypt32: Check the issued certificate for name constraint violations, not the issuing certificate.	2009-11-10 13:08:14 +01:00
Juan Lang	216df7a714	crypt32: Reject certificates whose fields don't match their versions.	2009-11-10 13:07:07 +01:00
Juan Lang	9fe6be454f	crypt32: Forbid minimum or maximum fields in name constraints.	2009-11-10 13:07:00 +01:00
Juan Lang	5274777b1c	crypt32: Permit lack of basic constraints extension on root certificates.	2009-11-09 19:34:36 +01:00
Juan Lang	d94e4d315a	crypt32: Permit lack of key usage extension on root certificates. This reverts `60770fb011`, although it updates the comments to give a reason. Thanks to Matt Van Gundy for pointing it out to me.	2009-11-09 19:34:32 +01:00
Juan Lang	d6795bd908	crypt32: Trace contents of CERT_CHAIN_PARA.	2009-11-03 21:17:34 +01:00
Juan Lang	9750d0f7f5	crypt32: Trace policy error status in CertVerifyCertificateChainPolicy.	2009-10-30 11:32:09 +01:00
Juan Lang	07b735682b	crypt32: Check CA certificates for the enhanced key usage extension.	2009-10-30 11:26:39 +01:00
Juan Lang	60770fb011	crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally.	2009-10-30 11:26:30 +01:00
Juan Lang	7b0297769d	crypt32: Use a helper function to find an existing cert by hash.	2009-10-30 11:26:21 +01:00
Juan Lang	33a6235053	crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally.	2009-10-30 11:26:06 +01:00
Juan Lang	552fec4002	crypt32: Add basic constraints to chain quality selection algorithm.	2009-10-30 11:24:23 +01:00
Juan Lang	c310637f4f	crypt32: Remove redundant if clause.	2009-10-30 11:24:10 +01:00
Juan Lang	9059892ec1	crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL.	2009-10-29 13:07:53 +01:00
Juan Lang	24399bd359	crypt32: Support IPv6 addresses in name constraint comparison.	2009-10-29 13:07:20 +01:00
Juan Lang	bcb4bc6be3	crypt32: Trace netscape cert type extension.	2009-10-29 13:07:14 +01:00
Juan Lang	d664edb322	crypt32: Trace directory name of alt name entries.	2009-10-29 13:07:08 +01:00
Juan Lang	6a575d697e	crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present.	2009-10-29 13:06:56 +01:00
Juan Lang	1e953ef12e	crypt32: Trace the alt name extensions.	2009-10-29 13:06:49 +01:00
Juan Lang	bf42ce9c90	crypt32: Trace name constraints extension.	2009-10-29 13:06:42 +01:00
Juan Lang	777ea81c48	crypt32: Trace cert policies extension.	2009-10-29 13:06:35 +01:00
Juan Lang	994d7ed40d	crypt32: Trace enhanced key usage extension.	2009-10-29 13:06:25 +01:00
Juan Lang	cf9491a5a3	crypt32: Move tracing of key usage extension to common extension tracing location.	2009-10-26 11:16:54 +01:00
Juan Lang	7fa618aa8e	crypt32: Check key usage during chain validation.	2009-10-21 16:21:53 +02:00
Juan Lang	cbabc9d689	crypt32: Get CA flag from basic constraints extension of every cert in the chain.	2009-10-21 16:21:40 +02:00
Juan Lang	f348e3feb7	crypt32: Check basic constraints extension for end certs too.	2009-10-21 16:21:36 +02:00
Juan Lang	87405ade02	crypt32: Add a safe default for unsupported critical extensions.	2009-10-20 13:46:55 +02:00
Hans Leidekker	2f112cf5ee	crypt32: CertGetCertificateChain does not validate the size of the CERT_CHAIN_PARA structure.	2009-09-22 16:20:58 +02:00
Andrew Talbot	5a981c3a64	crypt32: Constify some variables.	2009-06-12 17:33:14 +02:00
Juan Lang	4817fbc362	crypt32: Avoid reading freed memory when encountering a cyclic chain.	2009-02-25 12:37:06 +01:00

1 2 3

122 commits