wine-commits December 2009

wine-commits@winehq.org

3 participants
1233 discussions

Juan Lang : winhttp: Check the certificate in an https connection using the crypto api.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: 82d07c405168df59db17d298bc3b8476f13540e9 URL: http://source.winehq.org/git/wine.git/?a=commit;h=82d07c405168df59db17d298b… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Dec 3 11:28:40 2009 -0800 winhttp: Check the certificate in an https connection using the crypto api. --- dlls/winhttp/net.c | 174 +++++++++++++++++++++++++++++++++++++++++++--------- 1 files changed, 144 insertions(+), 30 deletions(-) diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index a86a5a6..3ed3b1b 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -212,15 +212,156 @@ static int sock_get_error( int err ) } #ifdef SONAME_LIBSSL +static PCCERT_CONTEXT X509_to_cert_context(X509 *cert) +{ + unsigned char *buffer, *p; + int len; + BOOL malloc = FALSE; + PCCERT_CONTEXT ret; + + p = NULL; + if ((len = pi2d_X509( cert, &p )) < 0) return NULL; + /* + * SSL 0.9.7 and above malloc the buffer if it is null. + * however earlier version do not and so we would need to alloc the buffer. + * + * see the i2d_X509 man page for more details. + */ + if (!p) + { + if (!(buffer = heap_alloc( len ))) return NULL; + p = buffer; + len = pi2d_X509( cert, &p ); + } + else + { + buffer = p; + malloc = TRUE; + } + + ret = CertCreateCertificateContext( X509_ASN_ENCODING, buffer, len ); + + if (malloc) free( buffer ); + else heap_free( buffer ); + + return ret; +} + +static BOOL netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store, + WCHAR *server ) +{ + BOOL ret; + CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } }; + PCCERT_CHAIN_CONTEXT chain; + char oid_server_auth[] = szOID_PKIX_KP_SERVER_AUTH; + char *server_auth[] = { oid_server_auth }; + DWORD err; + + TRACE("verifying %s\n", debugstr_w( server )); + chainPara.RequestedUsage.Usage.cUsageIdentifier = 1; + chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = server_auth; + if ((ret = CertGetCertificateChain( NULL, cert, NULL, store, &chainPara, 0, + NULL, &chain ))) + { + if (chain->TrustStatus.dwErrorStatus) + { + if (chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_NOT_TIME_VALID) + err = ERROR_WINHTTP_SECURE_CERT_DATE_INVALID; + else if (chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_UNTRUSTED_ROOT) + err = ERROR_WINHTTP_SECURE_INVALID_CA; + else if ((chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_OFFLINE_REVOCATION) || + (chain->TrustStatus.dwErrorStatus & + CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) + err = ERROR_WINHTTP_SECURE_CERT_REV_FAILED; + else if (chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_REVOKED) + err = ERROR_WINHTTP_SECURE_CERT_REVOKED; + else if (chain->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_NOT_VALID_FOR_USAGE) + err = ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE; + else + err = ERROR_WINHTTP_SECURE_INVALID_CERT; + set_last_error( err ); + ret = FALSE; + } + else + { + CERT_CHAIN_POLICY_PARA policyPara; + SSL_EXTRA_CERT_CHAIN_POLICY_PARA sslExtraPolicyPara; + CERT_CHAIN_POLICY_STATUS policyStatus; + + sslExtraPolicyPara.cbSize = sizeof(sslExtraPolicyPara); + sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER; + sslExtraPolicyPara.pwszServerName = server; + policyPara.cbSize = sizeof(policyPara); + policyPara.dwFlags = 0; + policyPara.pvExtraPolicyPara = &sslExtraPolicyPara; + ret = CertVerifyCertificateChainPolicy( CERT_CHAIN_POLICY_SSL, + chain, &policyPara, + &policyStatus ); + /* Any error in the policy status indicates that the + * policy couldn't be verified. + */ + if (ret && policyStatus.dwError) + { + if (policyStatus.dwError == CERT_E_CN_NO_MATCH) + err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID; + else + err = ERROR_WINHTTP_SECURE_INVALID_CERT; + set_last_error( err ); + ret = FALSE; + } + } + CertFreeCertificateChain( chain ); + } + TRACE("returning %d\n", ret); + return ret; +} + static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) { SSL *ssl; WCHAR *server; + BOOL ret = FALSE; ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() ); server = pSSL_get_ex_data( ssl, hostname_idx ); - FIXME("verify %s\n", debugstr_w(server)); - return preverify_ok; + if (preverify_ok) + { + HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL ); + + if (store) + { + X509 *cert; + int i; + PCCERT_CONTEXT endCert = NULL; + + ret = TRUE; + for (i = 0; ret && i < ctx->chain->num; i++) + { + PCCERT_CONTEXT context; + + cert = (X509 *)ctx->chain->data[i]; + if ((context = X509_to_cert_context( cert ))) + { + if (i == 0) + ret = CertAddCertificateContextToStore( store, context, + CERT_STORE_ADD_ALWAYS, &endCert ); + else + ret = CertAddCertificateContextToStore( store, context, + CERT_STORE_ADD_ALWAYS, NULL ); + CertFreeCertificateContext( context ); + } + } + if (ret) + ret = netconn_verify_cert( endCert, store, server ); + CertFreeCertificateContext( endCert ); + CertCloseStore( store, 0 ); + } + } + return ret; } #endif @@ -794,39 +935,12 @@ const void *netconn_get_certificate( netconn_t *conn ) { #ifdef SONAME_LIBSSL X509 *cert; - unsigned char *buffer, *p; - int len; - BOOL malloc = FALSE; const CERT_CONTEXT *ret; if (!conn->secure) return NULL; if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) return NULL; - p = NULL; - if ((len = pi2d_X509( cert, &p )) < 0) return NULL; - /* - * SSL 0.9.7 and above malloc the buffer if it is null. - * however earlier version do not and so we would need to alloc the buffer. - * - * see the i2d_X509 man page for more details. - */ - if (!p) - { - if (!(buffer = heap_alloc( len ))) return NULL; - p = buffer; - len = pi2d_X509( cert, &p ); - } - else - { - buffer = p; - malloc = TRUE; - } - - ret = CertCreateCertificateContext( X509_ASN_ENCODING, buffer, len ); - - if (malloc) free( buffer ); - else heap_free( buffer ); - + ret = X509_to_cert_context( cert ); return ret; #else return NULL;

1 0

Juan Lang : winhttp: Set callback to verify hostname with peer' s certificate.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: 48a7580135b03c270c2a6328cc4ba1df7b40fc2c URL: http://source.winehq.org/git/wine.git/?a=commit;h=48a7580135b03c270c2a6328c… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Dec 2 16:56:40 2009 -0800 winhttp: Set callback to verify hostname with peer's certificate. --- dlls/winhttp/net.c | 41 +++++++++++++++++++++++++++++++++-------- 1 files changed, 33 insertions(+), 8 deletions(-) diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index cf83f20..a86a5a6 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -110,9 +110,12 @@ MAKE_FUNCPTR( SSL_read ); MAKE_FUNCPTR( SSL_get_ex_new_index ); MAKE_FUNCPTR( SSL_get_ex_data ); MAKE_FUNCPTR( SSL_set_ex_data ); +MAKE_FUNCPTR( SSL_get_ex_data_X509_STORE_CTX_idx ); MAKE_FUNCPTR( SSL_get_verify_result ); MAKE_FUNCPTR( SSL_get_peer_certificate ); MAKE_FUNCPTR( SSL_CTX_set_default_verify_paths ); +MAKE_FUNCPTR( SSL_CTX_set_verify ); +MAKE_FUNCPTR( X509_STORE_CTX_get_ex_data ); MAKE_FUNCPTR( BIO_new_fp ); MAKE_FUNCPTR( CRYPTO_num_locks ); @@ -208,6 +211,19 @@ static int sock_get_error( int err ) return err; } +#ifdef SONAME_LIBSSL +static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx ) +{ + SSL *ssl; + WCHAR *server; + + ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() ); + server = pSSL_get_ex_data( ssl, hostname_idx ); + FIXME("verify %s\n", debugstr_w(server)); + return preverify_ok; +} +#endif + BOOL netconn_init( netconn_t *conn, BOOL secure ) { #if defined(SONAME_LIBSSL) && defined(SONAME_LIBCRYPTO) @@ -261,9 +277,12 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) LOAD_FUNCPTR( SSL_get_ex_new_index ); LOAD_FUNCPTR( SSL_get_ex_data ); LOAD_FUNCPTR( SSL_set_ex_data ); + LOAD_FUNCPTR( SSL_get_ex_data_X509_STORE_CTX_idx ); LOAD_FUNCPTR( SSL_get_verify_result ); LOAD_FUNCPTR( SSL_get_peer_certificate ); LOAD_FUNCPTR( SSL_CTX_set_default_verify_paths ); + LOAD_FUNCPTR( SSL_CTX_set_verify ); + LOAD_FUNCPTR( X509_STORE_CTX_get_ex_data ); #undef LOAD_FUNCPTR #define LOAD_FUNCPTR(x) \ @@ -297,6 +316,14 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) return FALSE; } hostname_idx = pSSL_get_ex_new_index( 0, (void *)"hostname index", NULL, NULL, NULL ); + if (hostname_idx == -1) + { + ERR("SSL_get_ex_new_index failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + set_last_error( ERROR_OUTOFMEMORY ); + LeaveCriticalSection( &init_ssl_cs ); + return FALSE; + } + pSSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, netconn_secure_verify ); pCRYPTO_set_id_callback(ssl_thread_id); num_ssl_locks = pCRYPTO_num_locks(); @@ -429,7 +456,6 @@ BOOL netconn_connect( netconn_t *conn, const struct sockaddr *sockaddr, unsigned BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) { #ifdef SONAME_LIBSSL - X509 *cert; long res; if (!(conn->ssl_conn = pSSL_new( ctx ))) @@ -438,22 +464,21 @@ BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) set_last_error( ERROR_OUTOFMEMORY ); goto fail; } - if (!pSSL_set_fd( conn->ssl_conn, conn->socket )) + if (!pSSL_set_ex_data( conn->ssl_conn, hostname_idx, hostname )) { - ERR("SSL_set_fd failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_set_ex_data failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; } - if (pSSL_connect( conn->ssl_conn ) <= 0) + if (!pSSL_set_fd( conn->ssl_conn, conn->socket )) { - ERR("SSL_connect failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_set_fd failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; } - pSSL_set_ex_data( conn->ssl_conn, hostname_idx, hostname ); - if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) + if (pSSL_connect( conn->ssl_conn ) <= 0) { - ERR("No certificate for server: %s\n", pERR_error_string( pERR_get_error(), 0 )); + ERR("SSL_connect failed: %s\n", pERR_error_string( pERR_get_error(), 0 )); set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; }

1 0

Juan Lang : winhttp: Store hostname for secure connection in its SSL context.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: be8f2ae98ee264a7855921fb63cad50ed22144f8 URL: http://source.winehq.org/git/wine.git/?a=commit;h=be8f2ae98ee264a7855921fb6… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 13:33:48 2009 -0800 winhttp: Store hostname for secure connection in its SSL context. --- dlls/winhttp/net.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index 5d5f9b7..cf83f20 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -91,6 +91,7 @@ static void *libcrypto_handle; static SSL_METHOD *method; static SSL_CTX *ctx; +static int hostname_idx; #define MAKE_FUNCPTR(f) static typeof(f) * p##f @@ -106,6 +107,9 @@ MAKE_FUNCPTR( SSL_connect ); MAKE_FUNCPTR( SSL_shutdown ); MAKE_FUNCPTR( SSL_write ); MAKE_FUNCPTR( SSL_read ); +MAKE_FUNCPTR( SSL_get_ex_new_index ); +MAKE_FUNCPTR( SSL_get_ex_data ); +MAKE_FUNCPTR( SSL_set_ex_data ); MAKE_FUNCPTR( SSL_get_verify_result ); MAKE_FUNCPTR( SSL_get_peer_certificate ); MAKE_FUNCPTR( SSL_CTX_set_default_verify_paths ); @@ -254,6 +258,9 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) LOAD_FUNCPTR( SSL_shutdown ); LOAD_FUNCPTR( SSL_write ); LOAD_FUNCPTR( SSL_read ); + LOAD_FUNCPTR( SSL_get_ex_new_index ); + LOAD_FUNCPTR( SSL_get_ex_data ); + LOAD_FUNCPTR( SSL_set_ex_data ); LOAD_FUNCPTR( SSL_get_verify_result ); LOAD_FUNCPTR( SSL_get_peer_certificate ); LOAD_FUNCPTR( SSL_CTX_set_default_verify_paths ); @@ -289,6 +296,7 @@ BOOL netconn_init( netconn_t *conn, BOOL secure ) LeaveCriticalSection( &init_ssl_cs ); return FALSE; } + hostname_idx = pSSL_get_ex_new_index( 0, (void *)"hostname index", NULL, NULL, NULL ); pCRYPTO_set_id_callback(ssl_thread_id); num_ssl_locks = pCRYPTO_num_locks(); @@ -442,6 +450,7 @@ BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR ); goto fail; } + pSSL_set_ex_data( conn->ssl_conn, hostname_idx, hostname ); if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) { ERR("No certificate for server: %s\n", pERR_error_string( pERR_get_error(), 0 ));

1 0

Juan Lang : winhttp: Pass hostname to netconn_secure_connect.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: a33c4bfd0b8be409012c46483d400bee4711d965 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a33c4bfd0b8be409012c46483… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Nov 12 13:28:23 2009 -0800 winhttp: Pass hostname to netconn_secure_connect. --- dlls/winhttp/net.c | 2 +- dlls/winhttp/request.c | 2 +- dlls/winhttp/winhttp_private.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c index 53911d6..5d5f9b7 100644 --- a/dlls/winhttp/net.c +++ b/dlls/winhttp/net.c @@ -418,7 +418,7 @@ BOOL netconn_connect( netconn_t *conn, const struct sockaddr *sockaddr, unsigned return ret; } -BOOL netconn_secure_connect( netconn_t *conn ) +BOOL netconn_secure_connect( netconn_t *conn, WCHAR *hostname ) { #ifdef SONAME_LIBSSL X509 *cert; diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c index 4d5be84..f6c9bce 100644 --- a/dlls/winhttp/request.c +++ b/dlls/winhttp/request.c @@ -957,7 +957,7 @@ static BOOL open_connection( request_t *request ) return FALSE; } } - if (!netconn_secure_connect( &request->netconn )) + if (!netconn_secure_connect( &request->netconn, connect->servername )) { netconn_close( &request->netconn ); heap_free( addressW ); diff --git a/dlls/winhttp/winhttp_private.h b/dlls/winhttp/winhttp_private.h index 64348a2..73ac5ba 100644 --- a/dlls/winhttp/winhttp_private.h +++ b/dlls/winhttp/winhttp_private.h @@ -219,7 +219,7 @@ void netconn_unload( void ); BOOL netconn_query_data_available( netconn_t *, DWORD * ); BOOL netconn_recv( netconn_t *, void *, size_t, int, int * ); BOOL netconn_resolve( WCHAR *, INTERNET_PORT, struct sockaddr *, socklen_t * ); -BOOL netconn_secure_connect( netconn_t * ); +BOOL netconn_secure_connect( netconn_t *, WCHAR * ); BOOL netconn_send( netconn_t *, const void *, size_t, int, int * ); DWORD netconn_set_timeout( netconn_t *, BOOL, int ); const void *netconn_get_certificate( netconn_t * );

1 0

Juan Lang : cryptnet: Implement getting the certificate issuer URL from a cert' s authority info access extension.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: 59820c2e5cdd915399687968f381914e0923dac5 URL: http://source.winehq.org/git/wine.git/?a=commit;h=59820c2e5cdd915399687968f… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Dec 3 10:53:45 2009 -0800 cryptnet: Implement getting the certificate issuer URL from a cert's authority info access extension. --- dlls/cryptnet/cryptnet_main.c | 145 +++++++++++++++++++++------------------ dlls/cryptnet/tests/cryptnet.c | 1 - 2 files changed, 78 insertions(+), 68 deletions(-) diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index 34bbc58..fef7837 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -120,61 +120,6 @@ static const char *url_oid_to_str(LPCSTR oid) typedef BOOL (WINAPI *UrlDllGetObjectUrlFunc)(LPCSTR, LPVOID, DWORD, PCRYPT_URL_ARRAY, DWORD *, PCRYPT_URL_INFO, DWORD *, LPVOID); -static LPWSTR name_value_to_str(CERT_NAME_BLOB *name) -{ - DWORD len = CertNameToStrW(X509_ASN_ENCODING, name, CERT_SIMPLE_NAME_STR, - NULL, 0); - LPWSTR str = NULL; - - if (len) - { - str = CryptMemAlloc(len * sizeof(WCHAR)); - if (str) - CertNameToStrW(X509_ASN_ENCODING, name, CERT_SIMPLE_NAME_STR, - str, len); - } - return str; -} - -static void dump_alt_name_entry(CERT_ALT_NAME_ENTRY *entry) -{ - LPWSTR str; - - switch (entry->dwAltNameChoice) - { - case CERT_ALT_NAME_OTHER_NAME: - TRACE("CERT_ALT_NAME_OTHER_NAME, oid = %s\n", - debugstr_a(entry->u.pOtherName->pszObjId)); - break; - case CERT_ALT_NAME_RFC822_NAME: - TRACE("CERT_ALT_NAME_RFC822_NAME: %s\n", - debugstr_w(entry->u.pwszRfc822Name)); - break; - case CERT_ALT_NAME_DNS_NAME: - TRACE("CERT_ALT_NAME_DNS_NAME: %s\n", - debugstr_w(entry->u.pwszDNSName)); - break; - case CERT_ALT_NAME_DIRECTORY_NAME: - str = name_value_to_str(&entry->u.DirectoryName); - TRACE("CERT_ALT_NAME_DIRECTORY_NAME: %s\n", debugstr_w(str)); - CryptMemFree(str); - break; - case CERT_ALT_NAME_URL: - TRACE("CERT_ALT_NAME_URL: %s\n", debugstr_w(entry->u.pwszURL)); - break; - case CERT_ALT_NAME_IP_ADDRESS: - TRACE("CERT_ALT_NAME_IP_ADDRESS: %d bytes\n", - entry->u.IPAddress.cbData); - break; - case CERT_ALT_NAME_REGISTERED_ID: - TRACE("CERT_ALT_NAME_REGISTERED_ID: %s\n", - debugstr_a(entry->u.pszRegisteredID)); - break; - default: - TRACE("dwAltNameChoice = %d\n", entry->dwAltNameChoice); - } -} - static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved) @@ -200,23 +145,89 @@ static BOOL WINAPI CRYPT_GetUrlFromCertificateIssuer(LPCSTR pszUrlOid, &aia, &size); if (ret) { - DWORD i; + DWORD i, cUrl, bytesNeeded = sizeof(CRYPT_URL_ARRAY); - TRACE("%d access descriptions:\n", aia->cAccDescr); - for (i = 0; i < aia->cAccDescr; i++) - { + for (i = 0, cUrl = 0; i < aia->cAccDescr; i++) if (!strcmp(aia->rgAccDescr[i].pszAccessMethod, - szOID_PKIX_OCSP)) - TRACE("OCSP:\n"); - else if (!strcmp(aia->rgAccDescr[i].pszAccessMethod, szOID_PKIX_CA_ISSUERS)) - TRACE("CA issuers:\n"); - dump_alt_name_entry(&aia->rgAccDescr[i].AccessLocation); + { + if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice == + CERT_ALT_NAME_URL) + { + if (aia->rgAccDescr[i].AccessLocation.u.pwszURL) + { + cUrl++; + bytesNeeded += sizeof(LPWSTR) + + (lstrlenW(aia->rgAccDescr[i].AccessLocation.u. + pwszURL) + 1) * sizeof(WCHAR); + } + } + else + FIXME("unsupported alt name type %d\n", + aia->rgAccDescr[i].AccessLocation.dwAltNameChoice); + } + if (!pcbUrlArray) + { + SetLastError(E_INVALIDARG); + ret = FALSE; + } + else if (!pUrlArray) + *pcbUrlArray = bytesNeeded; + else if (*pcbUrlArray < bytesNeeded) + { + SetLastError(ERROR_MORE_DATA); + *pcbUrlArray = bytesNeeded; + ret = FALSE; + } + else + { + LPWSTR nextUrl; + + *pcbUrlArray = bytesNeeded; + pUrlArray->cUrl = 0; + pUrlArray->rgwszUrl = + (LPWSTR *)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY)); + nextUrl = (LPWSTR)((BYTE *)pUrlArray + sizeof(CRYPT_URL_ARRAY) + + cUrl * sizeof(LPWSTR)); + for (i = 0; i < aia->cAccDescr; i++) + if (!strcmp(aia->rgAccDescr[i].pszAccessMethod, + szOID_PKIX_CA_ISSUERS)) + { + if (aia->rgAccDescr[i].AccessLocation.dwAltNameChoice + == CERT_ALT_NAME_URL) + { + if (aia->rgAccDescr[i].AccessLocation.u.pwszURL) + { + lstrcpyW(nextUrl, + aia->rgAccDescr[i].AccessLocation.u.pwszURL); + pUrlArray->rgwszUrl[pUrlArray->cUrl++] = + nextUrl; + nextUrl += (lstrlenW(nextUrl) + 1); + } + } + } + } + if (ret) + { + if (pcbUrlInfo) + { + FIXME("url info: stub\n"); + if (!pUrlInfo) + *pcbUrlInfo = sizeof(CRYPT_URL_INFO); + else if (*pcbUrlInfo < sizeof(CRYPT_URL_INFO)) + { + *pcbUrlInfo = sizeof(CRYPT_URL_INFO); + SetLastError(ERROR_MORE_DATA); + ret = FALSE; + } + else + { + *pcbUrlInfo = sizeof(CRYPT_URL_INFO); + memset(pUrlInfo, 0, sizeof(CRYPT_URL_INFO)); + } + } } LocalFree(aia); - FIXME("authority info access unsupported\n"); - SetLastError(CRYPT_E_NOT_FOUND); - ret = FALSE; } } else diff --git a/dlls/cryptnet/tests/cryptnet.c b/dlls/cryptnet/tests/cryptnet.c index acbfa32..83060b6 100644 --- a/dlls/cryptnet/tests/cryptnet.c +++ b/dlls/cryptnet/tests/cryptnet.c @@ -265,7 +265,6 @@ static void test_getObjectUrl(void) */ ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL); - todo_wine ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError()); if (ret) {

1 0

Juan Lang : cryptnet: Add tests for getting the certificate issuer URL from a cert' s authority info access extension.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: a7c236a0664d16e97f7cf4e33fc30b68ef482668 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a7c236a0664d16e97f7cf4e33… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Dec 3 10:45:10 2009 -0800 cryptnet: Add tests for getting the certificate issuer URL from a cert's authority info access extension. --- dlls/cryptnet/tests/cryptnet.c | 63 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 63 insertions(+), 0 deletions(-) diff --git a/dlls/cryptnet/tests/cryptnet.c b/dlls/cryptnet/tests/cryptnet.c index 99df4a0..acbfa32 100644 --- a/dlls/cryptnet/tests/cryptnet.c +++ b/dlls/cryptnet/tests/cryptnet.c @@ -60,6 +60,29 @@ static const BYTE certWithCRLDistPoint[] = { 0x25,0x06,0x03,0x55,0x1d,0x1f,0x01,0x01,0xff,0x04,0x1b,0x30,0x19,0x30,0x17, 0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69, 0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67, }; +static const BYTE certWithAIAWithCAIssuers[] = { +0x30,0x82,0x01,0x3c,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,0x30,0x0b,0x06, +0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,0x14,0x31,0x12,0x30, +0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61, +0x6e,0x67,0x30,0x1e,0x17,0x0d,0x30,0x39,0x31,0x30,0x32,0x38,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x31,0x32,0x37,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03, +0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x30,0x81,0xa5,0x30, +0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x95, +0x00,0x06,0x02,0x00,0x00,0x00,0x24,0x00,0x00,0x52,0x53,0x41,0x31,0x00,0x04, +0x00,0x00,0x01,0x00,0x01,0x00,0x2f,0xb2,0x8c,0xff,0x6c,0xf1,0xb1,0x61,0x9c, +0x3a,0x8f,0x5e,0x35,0x2f,0x1f,0xd5,0xcf,0x2a,0xf6,0x9e,0x37,0xe8,0x89,0xa2, +0xb1,0x1c,0xc0,0x1c,0xb6,0x72,0x45,0x97,0xe5,0x88,0x3d,0xfe,0xa6,0x27,0xea, +0xd6,0x07,0x0f,0xcd,0xba,0x49,0x06,0x16,0xdb,0xad,0x06,0x76,0x39,0x4c,0x15, +0xdf,0xe2,0x07,0xc5,0x99,0x1b,0x98,0x4b,0xc3,0x8e,0x89,0x12,0x95,0x9e,0x3b, +0xb9,0x59,0xfe,0x91,0x33,0xc1,0x1f,0xce,0x8f,0xab,0x93,0x25,0x01,0x3e,0xde, +0xf1,0x58,0x3b,0xe7,0x7a,0x03,0x14,0x07,0x09,0x0a,0x21,0x2d,0x12,0x11,0x08, +0x78,0x07,0x9e,0x34,0xc3,0xc5,0xde,0xb2,0xd8,0xd7,0x86,0x0d,0x0d,0xcd,0x81, +0xa4,0x2d,0x7c,0x82,0x50,0xca,0x2a,0xc2,0x99,0xe5,0xf3,0xca,0x7e,0xad,0xa3, +0x31,0x30,0x2f,0x30,0x2d,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01, +0x04,0x21,0x30,0x1f,0x30,0x1d,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30, +0x02,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68, +0x71,0x2e,0x6f,0x72,0x67 }; static void compareUrlArray(const CRYPT_URL_ARRAY *expected, const CRYPT_URL_ARRAY *got) @@ -231,6 +254,46 @@ static void test_getObjectUrl(void) "Expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); CertFreeCertificateContext(cert); } + cert = CertCreateCertificateContext(X509_ASN_ENCODING, + certWithAIAWithCAIssuers, sizeof(certWithAIAWithCAIssuers)); + if (cert) + { + PCRYPT_URL_ARRAY urlArray; + + /* This has an AIA extension with the CA Issuers set, so expect it + * to succeed: + */ + ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, + (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL); + todo_wine + ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError()); + if (ret) + { + urlArray = HeapAlloc(GetProcessHeap(), 0, urlArraySize); + if (urlArray) + { + ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, + (void *)cert, CRYPT_GET_URL_FROM_EXTENSION, urlArray, + &urlArraySize, NULL, NULL, NULL); + ok(ret, "CryptGetObjectUrl failed: %08x\n", GetLastError()); + if (ret) + { + LPWSTR pUrl = url; + CRYPT_URL_ARRAY expectedUrl = { 1, &pUrl }; + + compareUrlArray(&expectedUrl, urlArray); + } + HeapFree(GetProcessHeap(), 0, urlArray); + } + } + /* It doesn't have a CRL dist points extension, so this should fail */ + SetLastError(0xdeadbeef); + ret = CryptGetObjectUrl(URL_OID_CERTIFICATE_CRL_DIST_POINT, + (void *)cert, 0, NULL, &urlArraySize, NULL, NULL, NULL); + ok(!ret && GetLastError() == CRYPT_E_NOT_FOUND, + "expected CRYPT_E_NOT_FOUND, got %08x\n", GetLastError()); + CertFreeCertificateContext(cert); + } } static void make_tmp_file(LPSTR path)

1 0

Juan Lang : wincrypt.h: Add missing URL OIDs.
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: cb035848c42926181e3671700cf84249d7ff07ec URL: http://source.winehq.org/git/wine.git/?a=commit;h=cb035848c42926181e3671700… Author: Juan Lang <juan.lang(a)gmail.com> Date: Thu Dec 3 11:00:42 2009 -0800 wincrypt.h: Add missing URL OIDs. --- include/wincrypt.h | 20 ++++++++++++-------- 1 files changed, 12 insertions(+), 8 deletions(-) diff --git a/include/wincrypt.h b/include/wincrypt.h index cbde406..ad51e09 100644 --- a/include/wincrypt.h +++ b/include/wincrypt.h @@ -1339,14 +1339,18 @@ typedef struct _CRYPT_URL_INFO { DWORD *rgcGroupEntry; } CRYPT_URL_INFO, *PCRYPT_URL_INFO; -#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) -#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2) -#define URL_OID_CTL_ISSUER ((LPCSTR)3) -#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) -#define URL_OID_CRL_ISSUER ((LPCSTR)5) -#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) -#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) -#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) +#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) +#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2) +#define URL_OID_CTL_ISSUER ((LPCSTR)3) +#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) +#define URL_OID_CRL_ISSUER ((LPCSTR)5) +#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) +#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) +#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) +#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9) +#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10) +#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11) +#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12) #define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl"

1 0

Juan Lang : crypt32: Correct AKI extension used in end certificate and CRL when checking revocation .
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: 6acd82fa7944830ffd48f8b9048e69a03375c865 URL: http://source.winehq.org/git/wine.git/?a=commit;h=6acd82fa7944830ffd48f8b90… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Dec 2 15:30:02 2009 -0800 crypt32: Correct AKI extension used in end certificate and CRL when checking revocation. --- dlls/crypt32/tests/cert.c | 58 ++++++++++++++++++++++---------------------- 1 files changed, 29 insertions(+), 29 deletions(-) diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c index a107250..0566797 100644 --- a/dlls/crypt32/tests/cert.c +++ b/dlls/crypt32/tests/cert.c @@ -3099,7 +3099,7 @@ static const BYTE rootWithKeySignAndCRLSign[] = { 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a, 0x2e,0x84,0xee }; static const BYTE eeCert[] = { -0x30,0x82,0x01,0xbb,0x30,0x82,0x01,0x24,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, +0x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05, 0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43, 0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30, @@ -3116,40 +3116,40 @@ static const BYTE eeCert[] = { 0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85, 0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2, 0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72, -0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x25,0x30,0x23,0x30,0x21,0x06,0x03,0x55, -0x1d,0x23,0x04,0x1a,0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe, -0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, -0x03,0x81,0x81,0x00,0x91,0xd2,0x78,0xe5,0xdc,0x10,0xa3,0x08,0x5e,0x20,0x85, -0xec,0x57,0x09,0x83,0x68,0x45,0xbe,0x4c,0xab,0x09,0x7b,0xe9,0x8f,0x71,0x43, -0x29,0x02,0x7e,0x26,0x55,0xc6,0xf1,0xfa,0xb2,0xbf,0x17,0x8f,0x37,0x30,0x57, -0x75,0x63,0xce,0xb8,0x5f,0x7e,0x3f,0xfd,0xc2,0x7a,0xa0,0x61,0x5f,0x41,0x6c, -0x94,0x6a,0xc3,0x04,0x0c,0xd7,0xcf,0x6f,0x4a,0x1e,0xdb,0x42,0xd2,0xa0,0x45, -0xeb,0xd4,0x4d,0x3a,0x3d,0x98,0x05,0x03,0x61,0x87,0x81,0xae,0xe7,0x8a,0xfd, -0x92,0x8c,0xb9,0xe1,0x48,0xf9,0xe2,0x0e,0x0f,0xef,0x72,0xe6,0x6e,0x7e,0x41, -0xc2,0x8c,0x99,0xa9,0xbe,0x3a,0x01,0xa0,0x55,0x1d,0x65,0x7e,0x2a,0xb7,0x93, -0xc5,0x09,0x7d,0x81,0x76,0xa8,0x50,0xff,0x48,0xe5,0xec,0x72 }; +0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55, +0x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2, +0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81, +0x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d, +0x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00, +0x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e, +0xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9, +0x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d, +0xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92, +0xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3, +0xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77, +0x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 }; static const BYTE rootSignedCRL[] = { -0x30,0x82,0x01,0x21,0x30,0x81,0x8b,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30, 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d, 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14, 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30, -0x30,0x30,0x30,0x30,0x5a,0xa0,0x31,0x30,0x2f,0x30,0x0a,0x06,0x03,0x55,0x1d, -0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x21,0x06,0x03,0x55,0x1d,0x23,0x04,0x1a, -0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89, -0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00, -0x66,0x62,0xcd,0xcf,0x5e,0x70,0xa5,0xf2,0x5b,0x39,0x86,0x5c,0x93,0x7b,0xd2, -0xde,0x51,0x29,0x1e,0x87,0x0c,0xe1,0xae,0xfe,0xf6,0x34,0x64,0x5a,0xd7,0xa9, -0x7c,0xa0,0x7b,0x98,0x2c,0x39,0x3a,0x43,0x2a,0xd8,0xe4,0x5c,0x4b,0x3d,0x99, -0xbb,0x04,0x10,0xe8,0xe4,0xfa,0x26,0xf5,0x83,0x6f,0xf5,0x81,0x6a,0xf4,0x23, -0xd0,0x68,0x52,0x2b,0x62,0x7c,0xe8,0xb1,0x69,0x21,0x99,0x80,0xd7,0x2d,0x16, -0xd8,0x4f,0xf2,0xd9,0xac,0x99,0xf1,0xb5,0xbb,0xd0,0x5e,0xeb,0xa5,0x31,0x99, -0x79,0xd2,0x81,0x24,0x8c,0x64,0xc6,0xa7,0x3d,0x2f,0x77,0xa2,0x08,0xad,0x00, -0x8b,0x65,0xde,0x00,0x8b,0xd5,0x8e,0x29,0xb9,0xdf,0x9c,0x5c,0x57,0x76,0xe1, -0x17,0x4c,0x47,0x4b,0xfa,0xf2,0xa4,0x38 }; +0x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d, +0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18, +0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58, +0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf, +0x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6, +0x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65, +0xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a, +0x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06, +0xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce, +0x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9, +0xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34, +0xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3, +0x91,0xe8,0x93,0x4f,0xd4,0x2f }; static void testVerifyRevocation(void) {

1 0

Juan Lang : cryptnet: Correct AKI extension used in end certificate and CRL when checking revocation .
by Alexandre Julliard 04 Dec '09

04 Dec '09

Module: wine Branch: master Commit: f7e7f09a4b8b22632c8950804d99f87b701102ed URL: http://source.winehq.org/git/wine.git/?a=commit;h=f7e7f09a4b8b22632c8950804… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Dec 2 15:28:14 2009 -0800 cryptnet: Correct AKI extension used in end certificate and CRL when checking revocation. --- dlls/cryptnet/tests/cryptnet.c | 58 ++++++++++++++++++++-------------------- 1 files changed, 29 insertions(+), 29 deletions(-) diff --git a/dlls/cryptnet/tests/cryptnet.c b/dlls/cryptnet/tests/cryptnet.c index ee7e1fc..99df4a0 100644 --- a/dlls/cryptnet/tests/cryptnet.c +++ b/dlls/cryptnet/tests/cryptnet.c @@ -431,7 +431,7 @@ static const BYTE rootWithKeySignAndCRLSign[] = { 0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a, 0x2e,0x84,0xee }; static const BYTE eeCert[] = { -0x30,0x82,0x01,0xbb,0x30,0x82,0x01,0x24,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, +0x30,0x82,0x01,0xb9,0x30,0x82,0x01,0x22,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, 0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05, 0x00,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43, 0x65,0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30, @@ -448,40 +448,40 @@ static const BYTE eeCert[] = { 0x6a,0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85, 0x85,0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2, 0xd3,0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72, -0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x25,0x30,0x23,0x30,0x21,0x06,0x03,0x55, -0x1d,0x23,0x04,0x1a,0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe, -0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a, -0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, -0x03,0x81,0x81,0x00,0x91,0xd2,0x78,0xe5,0xdc,0x10,0xa3,0x08,0x5e,0x20,0x85, -0xec,0x57,0x09,0x83,0x68,0x45,0xbe,0x4c,0xab,0x09,0x7b,0xe9,0x8f,0x71,0x43, -0x29,0x02,0x7e,0x26,0x55,0xc6,0xf1,0xfa,0xb2,0xbf,0x17,0x8f,0x37,0x30,0x57, -0x75,0x63,0xce,0xb8,0x5f,0x7e,0x3f,0xfd,0xc2,0x7a,0xa0,0x61,0x5f,0x41,0x6c, -0x94,0x6a,0xc3,0x04,0x0c,0xd7,0xcf,0x6f,0x4a,0x1e,0xdb,0x42,0xd2,0xa0,0x45, -0xeb,0xd4,0x4d,0x3a,0x3d,0x98,0x05,0x03,0x61,0x87,0x81,0xae,0xe7,0x8a,0xfd, -0x92,0x8c,0xb9,0xe1,0x48,0xf9,0xe2,0x0e,0x0f,0xef,0x72,0xe6,0x6e,0x7e,0x41, -0xc2,0x8c,0x99,0xa9,0xbe,0x3a,0x01,0xa0,0x55,0x1d,0x65,0x7e,0x2a,0xb7,0x93, -0xc5,0x09,0x7d,0x81,0x76,0xa8,0x50,0xff,0x48,0xe5,0xec,0x72 }; +0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,0x23,0x30,0x21,0x30,0x1f,0x06,0x03,0x55, +0x1d,0x23,0x04,0x18,0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2, +0x28,0x89,0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81, +0x81,0x00,0x8a,0x49,0xa9,0x86,0x5e,0xc9,0x33,0x7e,0xfd,0xab,0x64,0x1f,0x6d, +0x00,0xd7,0x9b,0xec,0xd1,0x5b,0x38,0xcc,0xd6,0xf3,0xf2,0xb4,0x75,0x70,0x00, +0x82,0x9d,0x37,0x58,0xe1,0xcd,0x2c,0x61,0xb3,0x28,0xe7,0x8a,0x00,0xbe,0x6e, +0xca,0xe8,0x55,0xd5,0xad,0x3a,0xea,0xaf,0x13,0x20,0x1c,0x44,0xfc,0xb4,0xf9, +0x29,0x2b,0xdc,0x8a,0x2d,0x1b,0x27,0x9e,0xb9,0x3b,0x4a,0x71,0x9d,0x47,0x7d, +0xf7,0x92,0x6b,0x21,0x7f,0xfa,0x88,0x79,0x94,0x33,0xf6,0xdd,0x92,0x04,0x92, +0xd6,0x5e,0x0a,0x74,0xf2,0x85,0xa6,0xd5,0x3c,0x28,0xc0,0x89,0x5d,0xda,0xf3, +0xa6,0x01,0xc2,0xe9,0xa3,0xc1,0xb7,0x21,0x08,0xba,0x18,0x07,0x45,0xeb,0x77, +0x7d,0xcd,0xc6,0xe7,0x2a,0x7b,0x46,0xd2,0x3d,0xb5 }; static const BYTE rootSignedCRL[] = { -0x30,0x82,0x01,0x21,0x30,0x81,0x8b,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x30,0x82,0x01,0x1f,0x30,0x81,0x89,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a, 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30, 0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d, 0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, 0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14, 0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30, -0x30,0x30,0x30,0x30,0x5a,0xa0,0x31,0x30,0x2f,0x30,0x0a,0x06,0x03,0x55,0x1d, -0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x21,0x06,0x03,0x55,0x1d,0x23,0x04,0x1a, -0x30,0x18,0x80,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89, -0xa0,0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09, -0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00, -0x66,0x62,0xcd,0xcf,0x5e,0x70,0xa5,0xf2,0x5b,0x39,0x86,0x5c,0x93,0x7b,0xd2, -0xde,0x51,0x29,0x1e,0x87,0x0c,0xe1,0xae,0xfe,0xf6,0x34,0x64,0x5a,0xd7,0xa9, -0x7c,0xa0,0x7b,0x98,0x2c,0x39,0x3a,0x43,0x2a,0xd8,0xe4,0x5c,0x4b,0x3d,0x99, -0xbb,0x04,0x10,0xe8,0xe4,0xfa,0x26,0xf5,0x83,0x6f,0xf5,0x81,0x6a,0xf4,0x23, -0xd0,0x68,0x52,0x2b,0x62,0x7c,0xe8,0xb1,0x69,0x21,0x99,0x80,0xd7,0x2d,0x16, -0xd8,0x4f,0xf2,0xd9,0xac,0x99,0xf1,0xb5,0xbb,0xd0,0x5e,0xeb,0xa5,0x31,0x99, -0x79,0xd2,0x81,0x24,0x8c,0x64,0xc6,0xa7,0x3d,0x2f,0x77,0xa2,0x08,0xad,0x00, -0x8b,0x65,0xde,0x00,0x8b,0xd5,0x8e,0x29,0xb9,0xdf,0x9c,0x5c,0x57,0x76,0xe1, -0x17,0x4c,0x47,0x4b,0xfa,0xf2,0xa4,0x38 }; +0x30,0x30,0x30,0x30,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x0a,0x06,0x03,0x55,0x1d, +0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1f,0x06,0x03,0x55,0x1d,0x23,0x04,0x18, +0x30,0x18,0x80,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58, +0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0xa3,0xcf, +0x17,0x5d,0x7a,0x08,0xab,0x11,0x1a,0xbd,0x5c,0xde,0x9a,0x22,0x92,0x38,0xe6, +0x96,0xcc,0xb1,0xc5,0x42,0x86,0xa6,0xae,0xad,0xa3,0x1a,0x2b,0xa0,0xb0,0x65, +0xaa,0x9c,0xd7,0x2d,0x44,0x8c,0xae,0x61,0xc7,0x30,0x17,0x89,0x84,0x3b,0x4a, +0x8f,0x17,0x08,0x06,0x37,0x1c,0xf7,0x2d,0x4e,0x47,0x07,0x61,0x50,0xd9,0x06, +0xd1,0x46,0xed,0x0a,0xbb,0xc3,0x9b,0x36,0x0b,0xa7,0x27,0x2f,0x2b,0x55,0xce, +0x2a,0xa5,0x60,0xc6,0x53,0x28,0xe8,0xee,0xad,0x0e,0x2b,0xe8,0xd7,0x5f,0xc9, +0xa5,0xed,0xf9,0x77,0xb0,0x3c,0x81,0xcf,0xcc,0x49,0xb2,0x1a,0xc3,0xfd,0x34, +0xd5,0xbc,0xb0,0xd5,0xa5,0x9c,0x1b,0x72,0xc3,0x0f,0xa3,0xe3,0x3c,0xf0,0xc3, +0x91,0xe8,0x93,0x4f,0xd4,0x2f }; BOOL (WINAPI *pCertVerifyRevocation)(DWORD, DWORD, DWORD, void **, DWORD, PCERT_REVOCATION_PARA, PCERT_REVOCATION_STATUS);

1 0

André Hentschel : AppDB: add open search (try 2)
by Alexander Nicolaysen Sørnes 03 Dec '09

03 Dec '09

Module: appdb Branch: master Commit: 631f530f4a055cfeb1478c9cca37a4378e524428 URL: http://source.winehq.org/git/appdb.git/?a=commit;h=631f530f4a055cfeb1478c9c… Author: André Hentschel <nerv(a)dawncrow.de> Date: Sun Nov 15 16:20:23 2009 +0100 AppDB: add open search (try 2) --- include/header.php | 1 + opensearch.xml | 10 ++++++++++ 2 files changed, 11 insertions(+), 0 deletions(-) diff --git a/include/header.php b/include/header.php index 99941e9..2eeb779 100644 --- a/include/header.php +++ b/include/header.php @@ -25,6 +25,7 @@ <script src="<?php echo BASE; ?>scripts.js" type="text/javascript"></script> <link rel="icon" type="image/png" href="<?php echo BASE; ?>images/winehq_logo_16.png"> <link rel="shortcut icon" type="image/png" href="<?php echo BASE; ?>images/winehq_logo_16.png"> + <link title="AppDB" type="application/opensearchdescription+xml" rel="search" href="<?php echo BASE; ?>opensearch.xml"> </head> <body> diff --git a/opensearch.xml b/opensearch.xml new file mode 100644 index 0000000..f9b2dce --- /dev/null +++ b/opensearch.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"> +<ShortName>AppDB</ShortName> +<Description>AppDB Quick Search</Description> +<Tags>AppDB</Tags> +<Image height="16" width="16" type="image/png">http://appdb.winehq.org/images/winehq_logo_16.png</Image> +<Url type="text/html" method="GET" template="http://appdb.winehq.org/objectManager.php?sClass=application&bIsQueue=f…" /> +<InputEncoding>UTF-8</InputEncoding> +<OutputEncoding>UTF-8</OutputEncoding> +</OpenSearchDescription>

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-commits December 2009