Module: wine Branch: master Commit: 552fec4002ad1760c4c4738e0d133e6268928739 URL: http://source.winehq.org/git/wine.git/?a=commit;h=552fec4002ad1760c4c4738e0d...
Author: Juan Lang juan.lang@gmail.com Date: Wed Oct 28 16:50:33 2009 -0700
crypt32: Add basic constraints to chain quality selection algorithm.
---
dlls/crypt32/chain.c | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 3b618fa..7bb72fa 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -1704,14 +1704,16 @@ static PCertificateChain CRYPT_BuildAlternateContextFromChain( return alternate; }
-#define CHAIN_QUALITY_SIGNATURE_VALID 8 -#define CHAIN_QUALITY_TIME_VALID 4 -#define CHAIN_QUALITY_COMPLETE_CHAIN 2 -#define CHAIN_QUALITY_TRUSTED_ROOT 1 +#define CHAIN_QUALITY_SIGNATURE_VALID 0x16 +#define CHAIN_QUALITY_TIME_VALID 8 +#define CHAIN_QUALITY_COMPLETE_CHAIN 4 +#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2 +#define CHAIN_QUALITY_TRUSTED_ROOT 1
#define CHAIN_QUALITY_HIGHEST \ CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \ - CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_TRUSTED_ROOT + CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \ + CHAIN_QUALITY_TRUSTED_ROOT
#define IS_TRUST_ERROR_SET(TrustStatus, bits) \ (TrustStatus)->dwErrorStatus & (bits) @@ -1724,6 +1726,9 @@ static DWORD CRYPT_ChainQuality(const CertificateChain *chain) CERT_TRUST_IS_UNTRUSTED_ROOT)) quality &= ~CHAIN_QUALITY_TRUSTED_ROOT; if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus, + CERT_TRUST_INVALID_BASIC_CONSTRAINTS)) + quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS; + if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus, CERT_TRUST_IS_PARTIAL_CHAIN)) quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN; if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,