Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
7871a9f8
Commit
7871a9f8
authored
Apr 04, 2011
by
Juan Lang
Committed by
Alexandre Julliard
Apr 05, 2011
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Accept CA certificates without a key usage extension.
parent
b372faec
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
20 deletions
+4
-20
chain.c
dlls/crypt32/chain.c
+4
-20
No files found.
dlls/crypt32/chain.c
View file @
7871a9f8
...
...
@@ -1760,28 +1760,12 @@ static BOOL CRYPT_KeyUsageValid(PCertificateChainEngine engine,
* extensions as CA certs. V1 and V2 certificates did not have
* extensions, and many root certificates are V1 certificates, so
* perhaps this is prudent. On the other hand, MS also accepts V3
* certs without key usage extensions. We are more restrictive:
* we accept locally installed V1 or V2 certs as CA certs.
* We also accept a lack of key usage extension on root certs,
* which is implied in RFC 5280, section 6.1: the trust anchor's
* only requirement is that it was used to issue the next
* certificate in the chain.
* certs without key usage extensions. Because some CAs, e.g.
* Certum, also do not include key usage extensions in their
* intermediate certificates, we are forced to accept V3
* certificates without key usage extensions as well.
*/
if
(
isRoot
)
ret
=
TRUE
;
else
if
(
cert
->
pCertInfo
->
dwVersion
==
CERT_V1
||
cert
->
pCertInfo
->
dwVersion
==
CERT_V2
)
{
PCCERT_CONTEXT
localCert
=
CRYPT_FindCertInStore
(
engine
->
hWorld
,
cert
);
ret
=
localCert
!=
NULL
;
CertFreeCertificateContext
(
localCert
);
}
else
ret
=
FALSE
;
if
(
!
ret
)
WARN_
(
chain
)(
"no key usage extension on a CA cert
\n
"
);
}
else
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment