Module: wine Branch: master Commit: 8fcaa52d5d6523d22f01d781c8b1149b20e36477 URL: http://source.winehq.org/git/wine.git/?a=commit;h=8fcaa52d5d6523d22f01d781c8...
Author: Juan Lang juan.lang@gmail.com Date: Wed Nov 18 16:54:49 2009 -0800
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
---
dlls/crypt32/crl.c | 25 +++++++++++++++++++++++++ dlls/crypt32/tests/crl.c | 2 -- 2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/dlls/crypt32/crl.c b/dlls/crypt32/crl.c index 4f69a9d..03f9b78 100644 --- a/dlls/crypt32/crl.c +++ b/dlls/crypt32/crl.c @@ -121,6 +121,31 @@ static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType, issuer->dwCertEncodingType, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL); + if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG)) + { + PCERT_EXTENSION aki = CertFindExtension( + szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension, + pCrlContext->pCrlInfo->rgExtension); + + if (aki) + { + CERT_EXTENSION *ski; + + if ((ski = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, + issuer->pCertInfo->cExtension, + issuer->pCertInfo->rgExtension))) + { + if (aki->Value.cbData == ski->Value.cbData) + ret = !memcmp(aki->Value.pbData, ski->Value.pbData, + aki->Value.cbData); + else + ret = FALSE; + } + else + ret = FALSE; + } + /* else: a CRL without an AKI matches any cert */ + } } else ret = TRUE; diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c index d50d996..b012db1 100644 --- a/dlls/crypt32/tests/crl.c +++ b/dlls/crypt32/tests/crl.c @@ -683,11 +683,9 @@ static void testFindCRL(void) revoked_count++; } } while (context); - todo_wine { ok(count == 0, "expected 0 matching CRLs, got %d\n", count); ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n", revoked_count); - } count = revoked_count = 0; do { context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,