Commit Graph

1514 Commits

Author SHA1 Message Date
Juan Lang
4e18ac601f crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain). 2009-12-21 15:01:22 +01:00
Juan Lang
048594854a crypt32: Check authority key identifer extension to determine if a certificate is self-signed. 2009-12-18 11:39:58 +01:00
Amine Khaldi
e402260db4 crypt32: Remove an unneeded assignment. 2009-12-17 12:42:39 +01:00
Amine Khaldi
483d241559 crypt32: Remove unneeded assignments. 2009-12-16 12:21:12 +01:00
Juan Lang
01a7cbf843 crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested. 2009-12-11 17:47:30 +01:00
Juan Lang
7a610a9072 crypt32: Fix CertAddCTLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:12 +01:00
Juan Lang
c7609f3c55 crypt32: Fix CertAddCRLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition. 2009-12-11 11:50:09 +01:00
Juan Lang
0444cd93c4 crypt32: Don't dereference an output pointer which may be NULL. 2009-12-11 11:50:03 +01:00
Juan Lang
1740d9fe44 crypt32: Trace chain final error status. 2009-12-11 11:49:56 +01:00
Alexandre Julliard
4f83f9a120 crypt32/tests: Avoid size_t in traces. 2009-12-09 12:19:38 +01:00
Juan Lang
4df042b54b crypt32: Compare CRL's authority key identifier against the certificate's subject key identifier property, which also decodes the certificate's extension if necessary. 2009-12-09 12:02:43 +01:00
Francois Gouget
d1e592ad20 crypt32/tests: Fix compilation on systems that don't support nameless unions. 2009-12-08 17:42:25 +01:00
Juan Lang
bab1c652ae crypt32/tests: Fix memory leak in test. 2009-12-07 09:49:07 +01:00
Juan Lang
cdbf6e8614 crypt32/tests: Don't pass as a parameter a variable that could be local. 2009-12-07 09:49:07 +01:00
Juan Lang
6acd82fa79 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-04 12:01:16 +01:00
Juan Lang
91fbdb561a crypt32: The KeyId member of an authority key identifier is an octet string, not an integer. 2009-12-03 10:16:53 +01:00
Juan Lang
865669eeb3 crypt32: Fix test failures on Win2k. 2009-12-03 10:11:54 +01:00
Juan Lang
63383baed4 crypt32: Fix test failure on Win7. 2009-12-03 10:11:46 +01:00
Juan Lang
596cd16fc4 crypt32: Only check revocation on a chain without other errors. 2009-12-03 10:11:33 +01:00
Alexandre Julliard
b402b78780 rsaenh: Fix padding bytes check for 0-byte payload. 2009-12-02 14:59:56 +01:00
Juan Lang
9f5a554de0 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. 2009-12-02 12:18:02 +01:00
Juan Lang
9c56314e3d crypt32: Further fix test failures. 2009-12-02 12:12:50 +01:00
Juan Lang
6b8c053218 crypt32: Fix test failures. 2009-12-01 12:24:00 +01:00
Juan Lang
90c160c3d8 crypt32: Revert 8ed5a777de.
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce.  The tests check the state of three bits with a variety of
certificate and CRL combinations.  One of these bits is apparently not
set by any version of Windows for any of the tests.  Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second.  Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.

The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked.  I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set.  It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog.  The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it.  I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
Juan Lang
f2040b7725 crypt32: Don't copy past end of buffer when removing a string from a multi string. 2009-11-30 12:57:39 +01:00
Juan Lang
b2ab45b78b crypt32: Only match RDN attributes whose lengths are identical. 2009-11-21 14:31:46 +01:00
Juan Lang
8e51a866b7 crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match. 2009-11-21 14:31:46 +01:00
Juan Lang
7dee971809 crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Juan Lang
8646c39bdb crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer. 2009-11-21 14:31:46 +01:00
Juan Lang
6bc8237c63 crypt32/tests: Test one more certificate against the Verisign CRL. 2009-11-21 14:31:46 +01:00
Juan Lang
22206b909a crypt32/tests: Fix a typo. 2009-11-21 14:31:46 +01:00
Ken Thomases
3921454398 crypt32: Read trusted root certificates from system keychain on Mac OS X. 2009-11-21 14:31:45 +01:00
Juan Lang
eee179206e crypt32/tests: Fix tests on Win9x/ME. 2009-11-21 14:31:44 +01:00
Juan Lang
1a392e1a30 crypt32: Support checking the requested usage for a chain. 2009-11-21 14:31:44 +01:00
Juan Lang
30de103485 crypt32: Only trace a usage match if it's not empty. 2009-11-21 14:31:44 +01:00
Juan Lang
e611a83962 crypt32: Test verifying the enhanced key usage of a chain. 2009-11-21 14:31:44 +01:00
Juan Lang
9d9070ae3c crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate. 2009-11-20 11:15:11 +01:00
Juan Lang
f378394acd crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension. 2009-11-20 11:15:06 +01:00
Juan Lang
bcbfddd82a crypt32: Fix tests on older Windows versions. 2009-11-20 11:15:01 +01:00
Juan Lang
a3c6bc68c8 crypt32: Assume revocation server is offline if revocation status isn't known. 2009-11-20 11:14:52 +01:00
Juan Lang
9e1d31e5e5 crypt32: Fix a typo. 2009-11-20 11:14:47 +01:00
Juan Lang
8ed5a777de crypt32: Test revocation checking with CertGetCertificateChain. 2009-11-20 11:14:41 +01:00
Juan Lang
27128bb2f8 crypt32: Add more tests for CertVerifyRevocation. 2009-11-20 11:14:00 +01:00
Juan Lang
8fcaa52d5d crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore. 2009-11-19 11:49:59 +01:00
Juan Lang
b278155616 crypt32: Add more tests for CertFindCRLInStore. 2009-11-19 11:49:53 +01:00
Juan Lang
4727212e01 crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore. 2009-11-19 11:49:46 +01:00
Juan Lang
8beed85a2c crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY. 2009-11-19 11:49:40 +01:00
Juan Lang
c84c53b1a6 crypt32: More fully implement CertIsValidCRLForCertificate. 2009-11-19 11:49:33 +01:00
Juan Lang
e5c56b1798 crypt32: Correct tests for CertIsValidCRLForCertificate. 2009-11-19 11:49:21 +01:00
Juan Lang
b16a78baa7 crypt32: Remove a redundant test. 2009-11-19 11:49:14 +01:00