Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
87405ade
Commit
87405ade
authored
Oct 19, 2009
by
Juan Lang
Committed by
Alexandre Julliard
Oct 20, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Add a safe default for unsupported critical extensions.
parent
b78d457e
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
43 additions
and
0 deletions
+43
-0
chain.c
dlls/crypt32/chain.c
+43
-0
No files found.
dlls/crypt32/chain.c
View file @
87405ade
...
...
@@ -814,6 +814,44 @@ static void dump_element(PCCERT_CONTEXT cert)
dump_extension
(
&
cert
->
pCertInfo
->
rgExtension
[
i
]);
}
static
BOOL
CRYPT_CriticalExtensionsSupported
(
PCCERT_CONTEXT
cert
)
{
BOOL
ret
=
TRUE
;
DWORD
i
;
for
(
i
=
0
;
ret
&&
i
<
cert
->
pCertInfo
->
cExtension
;
i
++
)
{
if
(
cert
->
pCertInfo
->
rgExtension
[
i
].
fCritical
)
{
LPCSTR
oid
=
cert
->
pCertInfo
->
rgExtension
[
i
].
pszObjId
;
if
(
!
strcmp
(
oid
,
szOID_BASIC_CONSTRAINTS
))
ret
=
TRUE
;
else
if
(
!
strcmp
(
oid
,
szOID_BASIC_CONSTRAINTS2
))
ret
=
TRUE
;
else
if
(
!
strcmp
(
oid
,
szOID_NAME_CONSTRAINTS
))
ret
=
TRUE
;
else
if
(
!
strcmp
(
oid
,
szOID_KEY_USAGE
))
{
static
int
warned
;
if
(
!
warned
++
)
FIXME
(
"key usage extension unsupported, ignoring
\n
"
);
ret
=
TRUE
;
}
else
if
(
!
strcmp
(
oid
,
szOID_SUBJECT_ALT_NAME
))
ret
=
TRUE
;
else
{
FIXME
(
"unsupported critical extension %s
\n
"
,
debugstr_a
(
oid
));
ret
=
FALSE
;
}
}
}
return
ret
;
}
static
void
CRYPT_CheckSimpleChain
(
PCertificateChainEngine
engine
,
PCERT_SIMPLE_CHAIN
chain
,
LPFILETIME
time
)
{
...
...
@@ -878,6 +916,11 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
CERT_TRUST_INVALID_BASIC_CONSTRAINTS
;
}
/* FIXME: check valid usages */
/* Check whether every critical extension is supported */
if
(
!
CRYPT_CriticalExtensionsSupported
(
chain
->
rgpElement
[
i
]
->
pCertContext
))
chain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
|=
CERT_TRUST_INVALID_EXTENSION
;
CRYPT_CombineTrustStatus
(
&
chain
->
TrustStatus
,
&
chain
->
rgpElement
[
i
]
->
TrustStatus
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment