Juan Lang : crypt32: Check basic constraints extension for end certs too. - wine-commits

21 Oct 2009

Module: wine
Branch: master
Commit: f348e3feb7113dd208e05f2e6e9bace628608b0f
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=f348e3feb7113dd208e05f2e6e...
Author: Juan Lang juan.lang@gmail.com
Date:   Tue Oct 20 18:00:45 2009 -0700
crypt32: Check basic constraints extension for end certs too.
---
dlls/crypt32/chain.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index c9f7618..6c44d4c 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -905,6 +905,14 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
                 constraints.dwPathLenConstraint--;
             }
         }
+        else
+        {
+            /* Check whether end cert has a basic constraints extension */
+            if (!CRYPT_DecodeBasicConstraints(
+             chain->rgpElement[i]->pCertContext, &constraints, FALSE))
+                chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+                 CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
+        }
         if (CRYPT_IsSimpleChainCyclic(chain))
         {
             /* If the chain is cyclic, then the path length constraints

    