winehq.org
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2025
January
2024
December
November
October
September
August
July
June
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
April
March
February
January
2021
December
November
October
September
August
July
June
May
April
March
February
January
2020
December
November
October
September
August
July
June
May
April
March
February
January
2019
December
November
October
September
August
July
June
May
April
March
February
January
2018
December
November
October
September
August
July
June
May
April
March
February
January
2017
December
November
October
September
August
July
June
May
April
March
February
January
2016
December
November
October
September
August
July
June
May
April
March
February
January
2015
December
November
October
September
August
July
June
May
April
March
February
January
2014
December
November
October
September
August
July
June
May
April
March
February
January
2013
December
November
October
September
August
July
June
May
April
March
February
January
2012
December
November
October
September
August
July
June
May
April
March
February
January
2011
December
November
October
September
August
July
June
May
April
March
February
January
2010
December
November
October
September
August
July
June
May
April
March
February
January
2009
December
November
October
September
August
July
June
May
April
March
February
January
2008
December
November
October
September
August
July
June
May
April
March
February
January
2007
December
November
October
September
August
July
June
May
April
March
February
January
2006
December
November
October
September
August
July
June
May
April
March
February
January
2005
December
November
October
September
August
July
June
May
April
March
February
January
2004
December
November
October
September
August
July
June
May
April
March
February
January
2003
December
November
October
September
August
July
June
May
April
March
February
January
2002
December
November
October
September
August
July
June
May
April
March
February
January
2001
December
November
October
September
August
July
June
May
April
March
February
List overview
wine-commits
August 2007
----- 2025 -----
January 2025
----- 2024 -----
December 2024
November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
----- 2021 -----
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
----- 2020 -----
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
----- 2019 -----
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
----- 2018 -----
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
----- 2017 -----
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
----- 2016 -----
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
----- 2015 -----
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
----- 2014 -----
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
----- 2013 -----
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
----- 2012 -----
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
----- 2011 -----
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
----- 2010 -----
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
----- 2009 -----
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
----- 2008 -----
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
----- 2007 -----
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
----- 2006 -----
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
----- 2005 -----
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
----- 2004 -----
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
----- 2003 -----
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
----- 2002 -----
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002
----- 2001 -----
December 2001
November 2001
October 2001
September 2001
August 2001
July 2001
June 2001
May 2001
April 2001
March 2001
February 2001
wine-commits@winehq.org
3 participants
1085 discussions
Start a n
N
ew thread
Stefan Dösinger : wined3d: Supply texture coords even if no texture is bound and pshaders are used.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 282696b4f62b7d36d243692065f1db0a901ed829 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=282696b4f62b7d36d24369206…
Author: Stefan Dösinger <stefan(a)codeweavers.com> Date: Wed Aug 29 21:59:49 2007 +0200 wined3d: Supply texture coords even if no texture is bound and pshaders are used. --- dlls/wined3d/drawprim.c | 11 ++++++++--- 1 files changed, 8 insertions(+), 3 deletions(-) diff --git a/dlls/wined3d/drawprim.c b/dlls/wined3d/drawprim.c index 679d9d9..dcfe20c 100644 --- a/dlls/wined3d/drawprim.c +++ b/dlls/wined3d/drawprim.c @@ -301,6 +301,7 @@ static void drawStridedSlow(IWineD3DDevice *iface, WineDirect3DVertexStridedData IWineD3DDeviceImpl *This = (IWineD3DDeviceImpl *)iface; UINT *streamOffset = This->stateBlock->streamOffset; long SkipnStrides = startVertex + This->stateBlock->loadBaseVertexIndex; + BOOL pixelShader = use_ps(This); BYTE *texCoords[WINED3DDP_MAXTEXCOORD]; BYTE *diffuse = NULL, *specular = NULL, *normal = NULL, *position = NULL; @@ -397,9 +398,10 @@ static void drawStridedSlow(IWineD3DDevice *iface, WineDirect3DVertexStridedData } /* Query tex coords */ - if (This->stateBlock->textures[textureNo] != NULL) { + if (This->stateBlock->textures[textureNo] != NULL || pixelShader) { int coordIdx = This->stateBlock->textureState[textureNo][WINED3DTSS_TEXCOORDINDEX]; + int texture_idx = This->texUnitMap[textureNo]; float *ptrToCoords = NULL; float s = 0.0, t = 0.0, r = 0.0, q = 0.0; @@ -414,10 +416,13 @@ static void drawStridedSlow(IWineD3DDevice *iface, WineDirect3DVertexStridedData ptrToCoords = (float *)(texCoords[coordIdx] + (SkipnStrides * sd->u.s.texCoords[coordIdx].dwStride)); if (texCoords[coordIdx] == NULL) { TRACE("tex: %d - Skipping tex coords, as no data supplied\n", textureNo); - glTexCoord4f(0, 0, 0, 1); + if (GL_SUPPORT(ARB_MULTITEXTURE)) { + GL_EXTCALL(glMultiTexCoord4fARB(GL_TEXTURE0_ARB + texture_idx, 0, 0, 0, 1)); + } else { + glTexCoord4f(0, 0, 0, 1); + } continue; } else { - int texture_idx = This->texUnitMap[textureNo]; int coordsToUse = sd->u.s.texCoords[coordIdx].dwType + 1; /* 0 == WINED3DDECLTYPE_FLOAT1 etc */ if (texture_idx == -1) continue;
1
0
0
0
Rob Shearman : shell32: Don' t use the working directory passed into ShellExecute* functions if it isn' t valid.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 94074ad31eed9c5d8bcbc5155bea124d39f85f2f URL:
http://source.winehq.org/git/wine.git/?a=commit;h=94074ad31eed9c5d8bcbc5155…
Author: Rob Shearman <rob(a)codeweavers.com> Date: Fri Aug 31 15:41:36 2007 +0100 shell32: Don't use the working directory passed into ShellExecute* functions if it isn't valid. --- dlls/shell32/shlexec.c | 20 +++++++++++++++----- 1 files changed, 15 insertions(+), 5 deletions(-) diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c index 3e2f623..69608df 100644 --- a/dlls/shell32/shlexec.c +++ b/dlls/shell32/shlexec.c @@ -306,14 +306,25 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, UINT gcdret = 0; WCHAR curdir[MAX_PATH]; DWORD dwCreationFlags; + const WCHAR *lpDirectory = NULL; TRACE("Execute %s from directory %s\n", debugstr_w(lpCmd), debugstr_w(psei->lpDirectory)); + + /* make sure we don't fail the CreateProcess if the calling app passes in + * a bad working directory */ + if (psei->lpDirectory && psei->lpDirectory[0]) + { + DWORD attr = GetFileAttributesW(psei->lpDirectory); + if (attr != INVALID_FILE_ATTRIBUTES && attr & FILE_ATTRIBUTE_DIRECTORY) + lpDirectory = psei->lpDirectory; + } + /* ShellExecute specifies the command from psei->lpDirectory * if present. Not from the current dir as CreateProcess does */ - if( psei->lpDirectory && psei->lpDirectory[0] ) + if( lpDirectory ) if( ( gcdret = GetCurrentDirectoryW( MAX_PATH, curdir))) - if( !SetCurrentDirectoryW( psei->lpDirectory)) - ERR("cannot set directory %s\n", debugstr_w(psei->lpDirectory)); + if( !SetCurrentDirectoryW( lpDirectory)) + ERR("cannot set directory %s\n", debugstr_w(lpDirectory)); ZeroMemory(&startup,sizeof(STARTUPINFOW)); startup.cb = sizeof(STARTUPINFOW); startup.dwFlags = STARTF_USESHOWWINDOW; @@ -322,8 +333,7 @@ static UINT_PTR SHELL_ExecuteW(const WCHAR *lpCmd, WCHAR *env, BOOL shWait, if (psei->fMask & SEE_MASK_NO_CONSOLE) dwCreationFlags |= CREATE_NEW_CONSOLE; if (CreateProcessW(NULL, (LPWSTR)lpCmd, NULL, NULL, FALSE, dwCreationFlags, env, - psei->lpDirectory && *psei->lpDirectory ? psei->lpDirectory : NULL, - &startup, &info)) + lpDirectory, &startup, &info)) { /* Give 30 seconds to the app to come up, if desired. Probably only needed when starting app immediately before making a DDE connection. */
1
0
0
0
Juan Lang : crypt32: Check path length constraint on a chain.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 6c9b788fb89e4b4b41b357981e169397b8216266 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=6c9b788fb89e4b4b41b357981…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 18:00:19 2007 -0700 crypt32: Check path length constraint on a chain. --- dlls/crypt32/chain.c | 106 ++++++++++++++++++++++++++++++++++++-------- dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 88 insertions(+), 20 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index d15f551..7efe0c7 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -366,12 +366,20 @@ static BOOL CRYPT_CheckRootCert(HCERTCHAINENGINE hRoot, return ret; } -static BOOL CRYPT_CanCertBeCA(PCCERT_CONTEXT cert, BOOL defaultIfNotSpecified) +/* Decodes a cert's basic constraints extension (either szOID_BASIC_CONSTRAINTS + * or szOID_BASIC_CONSTRAINTS2, whichever is present) into a + * CERT_BASIC_CONSTRAINTS2_INFO. If it neither extension is present, sets + * constraints->fCA to defaultIfNotSpecified. + * Returns FALSE if the extension is present but couldn't be decoded. + */ +static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert, + CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified) { - BOOL ret; + BOOL ret = TRUE; PCERT_EXTENSION ext = CertFindExtension(szOID_BASIC_CONSTRAINTS, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + constraints->fPathLenConstraint = FALSE; if (ext) { CERT_BASIC_CONSTRAINTS_INFO *info; @@ -383,7 +391,8 @@ static BOOL CRYPT_CanCertBeCA(PCCERT_CONTEXT cert, BOOL defaultIfNotSpecified) if (ret) { if (info->SubjectType.cbData == 1) - ret = info->SubjectType.pbData[0] & CERT_CA_SUBJECT_FLAG; + constraints->fCA = + info->SubjectType.pbData[0] & CERT_CA_SUBJECT_FLAG; LocalFree(info); } } @@ -393,32 +402,80 @@ static BOOL CRYPT_CanCertBeCA(PCCERT_CONTEXT cert, BOOL defaultIfNotSpecified) cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); if (ext) { - CERT_BASIC_CONSTRAINTS2_INFO *info; - DWORD size = 0; + DWORD size = sizeof(CERT_BASIC_CONSTRAINTS2_INFO); ret = CryptDecodeObjectEx(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, ext->Value.pbData, ext->Value.cbData, - CRYPT_DECODE_ALLOC_FLAG, NULL, (LPBYTE)&info, &size); - if (ret) - { - ret = info->fCA; - LocalFree(info); - } + 0, NULL, constraints, &size); } else - ret = defaultIfNotSpecified; + constraints->fCA = defaultIfNotSpecified; } return ret; } +/* Checks element's basic constraints to see if it can act as a CA, with + * remainingCAs CAs left in this chain. Updates chainConstraints with the + * element's constraints, if: + * 1. chainConstraints doesn't have a path length constraint, or + * 2. element's path length constraint is smaller than chainConstraints's + * Sets *pathLengthConstraintViolated to TRUE if a path length violation + * occurs. + * Returns TRUE if the element can be a CA, and the length of the remaining + * chain is valid. + */ +static BOOL CRYPT_CheckBasicConstraintsForCA(PCCERT_CONTEXT cert, + CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, + BOOL *pathLengthConstraintViolated) +{ + BOOL validBasicConstraints; + CERT_BASIC_CONSTRAINTS2_INFO constraints; + + if ((validBasicConstraints = CRYPT_DecodeBasicConstraints(cert, + &constraints, TRUE))) + { + if (!constraints.fCA) + { + TRACE("chain element %d can't be a CA\n", remainingCAs + 1); + validBasicConstraints = FALSE; + } + else if (constraints.fPathLenConstraint) + { + /* If the element has path length constraints, they apply to the + * entire remaining chain. + */ + if (!chainConstraints->fPathLenConstraint || + constraints.dwPathLenConstraint < + chainConstraints->dwPathLenConstraint) + { + TRACE("setting path length constraint to %d\n", + chainConstraints->dwPathLenConstraint); + chainConstraints->fPathLenConstraint = TRUE; + chainConstraints->dwPathLenConstraint = + constraints.dwPathLenConstraint; + } + } + } + if (chainConstraints->fPathLenConstraint && + remainingCAs > chainConstraints->dwPathLenConstraint) + { + TRACE("remaining CAs %d exceed max path length %d\n", remainingCAs, + chainConstraints->dwPathLenConstraint); + validBasicConstraints = FALSE; + *pathLengthConstraintViolated = TRUE; + } + return validBasicConstraints; +} + static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time) { PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1]; - DWORD i; - BOOL ret = TRUE; + int i; + BOOL ret = TRUE, pathLengthConstraintViolated = FALSE; + CERT_BASIC_CONSTRAINTS2_INFO constraints = { TRUE, FALSE, 0 }; - for (i = 0; i < chain->cElement; i++) + for (i = chain->cElement - 1; i >= 0; i--) { if (CertVerifyTimeValidity(time, chain->rgpElement[i]->pCertContext->pCertInfo) != 0) @@ -426,12 +483,23 @@ static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine, CERT_TRUST_IS_NOT_TIME_VALID; if (i != 0) { - BOOL ca; - - ca = CRYPT_CanCertBeCA(chain->rgpElement[i]->pCertContext, TRUE); - if (!ca) + /* Once a path length constraint has been violated, every remaining + * CA cert's basic constraints is considered invalid. + */ + if (pathLengthConstraintViolated) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_INVALID_BASIC_CONSTRAINTS; + else if (!CRYPT_CheckBasicConstraintsForCA( + chain->rgpElement[i]->pCertContext, &constraints, i - 1, + &pathLengthConstraintViolated)) + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + CERT_TRUST_INVALID_BASIC_CONSTRAINTS; + else if (constraints.fPathLenConstraint && + constraints.dwPathLenConstraint) + { + /* This one's valid - decrement max length */ + constraints.dwPathLenConstraint--; + } } /* FIXME: check valid usages and name constraints */ CRYPT_CombineTrustStatus(&chain->TrustStatus, diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 849310e..818491f 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1508,7 +1508,7 @@ static ChainCheck chainCheck[] = { { CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus4 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain5) / sizeof(chain5[0]), chain5 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
1
0
0
0
Juan Lang : crypt32: Set error status on issued certificate, not on issuer.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 14b0df1fef5258ab6bb84acde166389cdc7947e5 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=14b0df1fef5258ab6bb84acde…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:59:43 2007 -0700 crypt32: Set error status on issued certificate, not on issuer. --- dlls/crypt32/chain.c | 22 +++++++++++++++------- dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 5a2b8ef..d15f551 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -287,17 +287,25 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, (chain->cElement + 1) * sizeof(PCERT_CHAIN_ELEMENT)); if (chain->rgpElement) { + chain->rgpElement[chain->cElement++] = element; memset(element, 0, sizeof(CERT_CHAIN_ELEMENT)); element->cbSize = sizeof(CERT_CHAIN_ELEMENT); element->pCertContext = CertDuplicateCertificateContext(cert); - if (dwFlags & CERT_STORE_REVOCATION_FLAG && - !(dwFlags & CERT_STORE_NO_CRL_FLAG)) - element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_REVOKED; - if (dwFlags & CERT_STORE_SIGNATURE_FLAG) - element->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_SIGNATURE_VALID; + /* Flags, if set, refer to the element this cert issued, so set + * the preceding element's error accordingly + */ + if (chain->cElement > 1) + { + if (dwFlags & CERT_STORE_REVOCATION_FLAG && + !(dwFlags & CERT_STORE_NO_CRL_FLAG)) + chain->rgpElement[chain->cElement - 2]->TrustStatus. + dwErrorStatus |= CERT_TRUST_IS_REVOKED; + if (dwFlags & CERT_STORE_SIGNATURE_FLAG) + chain->rgpElement[chain->cElement - 2]->TrustStatus. + dwErrorStatus |= + CERT_TRUST_IS_NOT_SIGNATURE_VALID; + } /* FIXME: initialize the rest of element */ - chain->rgpElement[chain->cElement++] = element; if (chain->cElement % engine->CycleDetectionModulus) CRYPT_CheckSimpleChainForCycles(chain); CRYPT_CombineTrustStatus(&chain->TrustStatus, diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index a7e1928..849310e 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = { { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus1 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain2) / sizeof(chain2[0]), chain2 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1
0
0
0
Juan Lang : crypt32: Check whether each signing certificate can be a CA.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 1ce46d5e4a38b9be67b442747ab6952a0bf44a88 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=1ce46d5e4a38b9be67b442747…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:59:13 2007 -0700 crypt32: Check whether each signing certificate can be a CA. --- dlls/crypt32/chain.c | 54 ++++++++++++++++++++++++++++++++++++++++++++ dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 55 insertions(+), 1 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 4372a8d..5a2b8ef 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -358,6 +358,51 @@ static BOOL CRYPT_CheckRootCert(HCERTCHAINENGINE hRoot, return ret; } +static BOOL CRYPT_CanCertBeCA(PCCERT_CONTEXT cert, BOOL defaultIfNotSpecified) +{ + BOOL ret; + PCERT_EXTENSION ext = CertFindExtension(szOID_BASIC_CONSTRAINTS, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + + if (ext) + { + CERT_BASIC_CONSTRAINTS_INFO *info; + DWORD size = 0; + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS, + ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, + NULL, (LPBYTE)&info, &size); + if (ret) + { + if (info->SubjectType.cbData == 1) + ret = info->SubjectType.pbData[0] & CERT_CA_SUBJECT_FLAG; + LocalFree(info); + } + } + else + { + ext = CertFindExtension(szOID_BASIC_CONSTRAINTS2, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (ext) + { + CERT_BASIC_CONSTRAINTS2_INFO *info; + DWORD size = 0; + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING, + szOID_BASIC_CONSTRAINTS2, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, (LPBYTE)&info, &size); + if (ret) + { + ret = info->fCA; + LocalFree(info); + } + } + else + ret = defaultIfNotSpecified; + } + return ret; +} + static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time) { @@ -371,6 +416,15 @@ static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine, chain->rgpElement[i]->pCertContext->pCertInfo) != 0) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_TIME_VALID; + if (i != 0) + { + BOOL ca; + + ca = CRYPT_CanCertBeCA(chain->rgpElement[i]->pCertContext, TRUE); + if (!ca) + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + CERT_TRUST_INVALID_BASIC_CONSTRAINTS; + } /* FIXME: check valid usages and name constraints */ CRYPT_CombineTrustStatus(&chain->TrustStatus, &chain->rgpElement[i]->TrustStatus); diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 507ab24..a7e1928 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1502,7 +1502,7 @@ static ChainCheck chainCheck[] = { { CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus3 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain4) / sizeof(chain4[0]), chain4 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT |
1
0
0
0
Juan Lang : crypt32: Check time of each element in chain against requested time.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 51948b0c980e6f7a9e2725958c16f8c712bfcc69 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=51948b0c980e6f7a9e2725958…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:58:36 2007 -0700 crypt32: Check time of each element in chain against requested time. --- dlls/crypt32/chain.c | 69 ++++++++++++++++++++++++++++--------------- dlls/crypt32/tests/chain.c | 10 +++--- 2 files changed, 50 insertions(+), 29 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 58f3806..4372a8d 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -296,7 +296,6 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, if (dwFlags & CERT_STORE_SIGNATURE_FLAG) element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_SIGNATURE_VALID; - /* FIXME: check valid usages and name constraints */ /* FIXME: initialize the rest of element */ chain->rgpElement[chain->cElement++] = element; if (chain->cElement % engine->CycleDetectionModulus) @@ -341,6 +340,50 @@ static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, CertFreeCertificateContext(trustedRoot); } +static BOOL CRYPT_CheckRootCert(HCERTCHAINENGINE hRoot, + PCERT_CHAIN_ELEMENT rootElement) +{ + PCCERT_CONTEXT root = rootElement->pCertContext; + BOOL ret; + + if (!(ret = CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType, + CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)root, + CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, 0, NULL))) + { + TRACE("Last certificate's signature is invalid\n"); + rootElement->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_SIGNATURE_VALID; + } + CRYPT_CheckTrustedStatus(hRoot, rootElement); + return ret; +} + +static BOOL CRYPT_CheckSimpleChain(PCertificateChainEngine engine, + PCERT_SIMPLE_CHAIN chain, LPFILETIME time) +{ + PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1]; + DWORD i; + BOOL ret = TRUE; + + for (i = 0; i < chain->cElement; i++) + { + if (CertVerifyTimeValidity(time, + chain->rgpElement[i]->pCertContext->pCertInfo) != 0) + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_TIME_VALID; + /* FIXME: check valid usages and name constraints */ + CRYPT_CombineTrustStatus(&chain->TrustStatus, + &chain->rgpElement[i]->TrustStatus); + } + if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)) + { + rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED; + ret = CRYPT_CheckRootCert(engine->hRoot, rootElement); + } + CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus); + return ret; +} + static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_SIMPLE_CHAIN *ppChain) @@ -384,29 +427,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, } } if (ret) - { - PCERT_CHAIN_ELEMENT rootElement = - chain->rgpElement[chain->cElement - 1]; - PCCERT_CONTEXT root = rootElement->pCertContext; - - if (CRYPT_IsCertificateSelfSigned(root)) - { - rootElement->TrustStatus.dwInfoStatus |= - CERT_TRUST_IS_SELF_SIGNED; - if (!(ret = CryptVerifyCertificateSignatureEx(0, - root->dwCertEncodingType, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, - (void *)root, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)root, - 0, NULL))) - { - TRACE("Last certificate's signature is invalid\n"); - rootElement->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_SIGNATURE_VALID; - } - CRYPT_CheckTrustedStatus(engine->hRoot, rootElement); - } - CRYPT_CombineTrustStatus(&chain->TrustStatus, - &rootElement->TrustStatus); - } + ret = CRYPT_CheckSimpleChain(engine, chain, pTime); if (!ret) { CRYPT_FreeSimpleChain(chain); diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 565cf50..507ab24 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1485,7 +1485,7 @@ static ChainCheck chainCheck[] = { { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus0 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain1) / sizeof(chain1[0]), chain1 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID | @@ -1496,7 +1496,7 @@ static ChainCheck chainCheck[] = { { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus2 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain3) / sizeof(chain3[0]), chain3 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT | @@ -1518,11 +1518,11 @@ static ChainCheck chainCheck[] = { { { sizeof(chain6) / sizeof(chain6[0]), chain6 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus6 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain7) / sizeof(chain7[0]), chain7 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus7 }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, { { sizeof(chain8) / sizeof(chain8[0]), chain8 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_UNTRUSTED_ROOT | @@ -1547,7 +1547,7 @@ static ChainCheck chainCheck[] = { { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_NOT_TIME_VALID | CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, selfSignedSimpleStatus }, - TODO_ERROR | TODO_INFO }, + TODO_INFO }, /* The iTunes chain may or may not have its root trusted, so ignore the * error */
1
0
0
0
Juan Lang : crypt32: Time validity nesting doesn't appear to be checked, so don't check it.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: d06a24517f63caab722a180bedf920d1602cff29 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=d06a24517f63caab722a180be…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:57:48 2007 -0700 crypt32: Time validity nesting doesn't appear to be checked, so don't check it. --- dlls/crypt32/chain.c | 19 +------------------ 1 files changed, 1 insertions(+), 18 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index f0f3e56..58f3806 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -257,8 +257,7 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain) static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, PCCERT_CONTEXT cert, PDWORD pdwFlags) { - *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG | - CERT_STORE_TIME_VALIDITY_FLAG; + *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); } @@ -297,22 +296,6 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, if (dwFlags & CERT_STORE_SIGNATURE_FLAG) element->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_SIGNATURE_VALID; - if (dwFlags & CERT_STORE_TIME_VALIDITY_FLAG) - element->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_TIME_VALID; - if (chain->cElement) - { - PCERT_CHAIN_ELEMENT prevElement = - chain->rgpElement[chain->cElement - 1]; - - /* This cert is the issuer of the previous one in the chain, so - * retroactively check the previous one's time validity nesting. - */ - if (!CertVerifyValidityNesting( - prevElement->pCertContext->pCertInfo, cert->pCertInfo)) - prevElement->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_TIME_NESTED; - } /* FIXME: check valid usages and name constraints */ /* FIXME: initialize the rest of element */ chain->rgpElement[chain->cElement++] = element;
1
0
0
0
Juan Lang : crypt32: Correct combining trust status of a chain' s elements into the chain's trust status.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 03d76d97ecc427d534069c5e0194ca0eadacfcca URL:
http://source.winehq.org/git/wine.git/?a=commit;h=03d76d97ecc427d534069c5e0…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:57:15 2007 -0700 crypt32: Correct combining trust status of a chain's elements into the chain's trust status. --- dlls/crypt32/chain.c | 23 +++++++++++++++-------- 1 files changed, 15 insertions(+), 8 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index e6a0df8..f0f3e56 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -262,6 +262,17 @@ static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); } +static inline void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, + CERT_TRUST_STATUS *elementStatus) +{ + /* Any error that applies to an element also applies to a chain.. */ + chainStatus->dwErrorStatus |= elementStatus->dwErrorStatus; + /* but the bottom nibble of an element's info status doesn't apply to the + * chain. + */ + chainStatus->dwInfoStatus |= (elementStatus->dwInfoStatus & 0xfffffff0); +} + static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD dwFlags) { @@ -307,10 +318,8 @@ static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, chain->rgpElement[chain->cElement++] = element; if (chain->cElement % engine->CycleDetectionModulus) CRYPT_CheckSimpleChainForCycles(chain); - chain->TrustStatus.dwErrorStatus |= - element->TrustStatus.dwErrorStatus; - chain->TrustStatus.dwInfoStatus |= - element->TrustStatus.dwInfoStatus; + CRYPT_CombineTrustStatus(&chain->TrustStatus, + &element->TrustStatus); ret = TRUE; } else @@ -412,10 +421,8 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, } CRYPT_CheckTrustedStatus(engine->hRoot, rootElement); } - chain->TrustStatus.dwErrorStatus |= - rootElement->TrustStatus.dwErrorStatus; - chain->TrustStatus.dwInfoStatus |= - rootElement->TrustStatus.dwInfoStatus & ~CERT_TRUST_IS_SELF_SIGNED; + CRYPT_CombineTrustStatus(&chain->TrustStatus, + &rootElement->TrustStatus); } if (!ret) {
1
0
0
0
Juan Lang : crypt32: Don't fail chain creation if signature doesn't match.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: c39696eb14c9a61ecf5fe14a394f0b89dd96b104 URL:
http://source.winehq.org/git/wine.git/?a=commit;h=c39696eb14c9a61ecf5fe14a3…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:56:45 2007 -0700 crypt32: Don't fail chain creation if signature doesn't match. --- dlls/crypt32/chain.c | 18 ++++-------------- dlls/crypt32/tests/chain.c | 2 +- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 658b7c7..e6a0df8 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -252,24 +252,14 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain) } /* Gets cert's issuer from store, and returns the validity flags associated - * with it. Returns NULL if no issuer whose public key matches cert's - * signature could be found. + * with it. Returns NULL if no issuer signature could be found. */ static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store, PCCERT_CONTEXT cert, PDWORD pdwFlags) { - PCCERT_CONTEXT issuer = NULL; - - /* There might be more than issuer with the same name, so keep looking until - * one produces the correct signature for this cert. - */ - do { - *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG | - CERT_STORE_TIME_VALIDITY_FLAG; - issuer = CertGetIssuerCertificateFromStore(store, cert, issuer, - pdwFlags); - } while (issuer && (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)); - return issuer; + *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG | + CERT_STORE_TIME_VALIDITY_FLAG; + return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags); } static BOOL CRYPT_AddCertToSimpleChain(PCertificateChainEngine engine, diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 3ec4dba..565cf50 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1491,7 +1491,7 @@ static ChainCheck chainCheck[] = { { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_SIGNATURE_VALID | CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus1 }, - TODO_CHAIN | TODO_ERROR | TODO_INFO }, + TODO_ERROR | TODO_INFO }, { { sizeof(chain2) / sizeof(chain2[0]), chain2 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT | CERT_TRUST_IS_NOT_TIME_VALID, 0 },
1
0
0
0
Juan Lang : crypt32: Don't fail chain creation if root isn't self-signed.
by Alexandre Julliard
31 Aug '07
31 Aug '07
Module: wine Branch: master Commit: 1540f24e9247a7418449b43aa45068afca1f76ed URL:
http://source.winehq.org/git/wine.git/?a=commit;h=1540f24e9247a7418449b43aa…
Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Aug 30 17:55:43 2007 -0700 crypt32: Don't fail chain creation if root isn't self-signed. --- dlls/crypt32/chain.c | 42 ++++++++++++++++++++++-------------------- dlls/crypt32/tests/chain.c | 3 +-- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 1372ad8..658b7c7 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain) CryptMemFree(chain); } +static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, + PCERT_CHAIN_ELEMENT rootElement) +{ + BYTE hash[20]; + DWORD size = sizeof(hash); + CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; + PCCERT_CONTEXT trustedRoot; + + CertGetCertificateContextProperty(rootElement->pCertContext, + CERT_HASH_PROP_ID, hash, &size); + trustedRoot = CertFindCertificateInStore(hRoot, + rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, + &blob, NULL); + if (!trustedRoot) + rootElement->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_UNTRUSTED_ROOT; + else + CertFreeCertificateContext(trustedRoot); +} + static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_SIMPLE_CHAIN *ppChain) @@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, chain->rgpElement[chain->cElement - 1]; PCCERT_CONTEXT root = rootElement->pCertContext; - if (!(ret = CRYPT_IsCertificateSelfSigned(root))) - TRACE("Last certificate is not self-signed\n"); - else + if (CRYPT_IsCertificateSelfSigned(root)) { rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED; @@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, rootElement->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_SIGNATURE_VALID; } - } - if (CRYPT_IsCertificateSelfSigned(root)) - { - BYTE hash[20]; - DWORD size = sizeof(hash); - CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; - PCCERT_CONTEXT trustedRoot; - - CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash, - &size); - trustedRoot = CertFindCertificateInStore(engine->hRoot, - root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL); - if (!trustedRoot) - rootElement->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_UNTRUSTED_ROOT; - else - CertFreeCertificateContext(trustedRoot); + CRYPT_CheckTrustedStatus(engine->hRoot, rootElement); } chain->TrustStatus.dwErrorStatus |= rootElement->TrustStatus.dwErrorStatus; diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 2d42ccb..3ec4dba 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1529,13 +1529,12 @@ static ChainCheck chainCheck[] = { CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus8 }, TODO_ERROR | TODO_INFO }, - /* This (cyclic) chain fails in Wine */ { { sizeof(chain9) / sizeof(chain9[0]), chain9 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT | CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 }, 1, simpleStatus9 }, - TODO_CHAIN | TODO_ERROR | TODO_INFO }, + TODO_ERROR | TODO_INFO }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },
1
0
0
0
← Newer
1
2
3
4
...
109
Older →
Jump to page:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
Results per page:
10
25
50
100
200