Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
5274777b
Commit
5274777b
authored
Nov 05, 2009
by
Juan Lang
Committed by
Alexandre Julliard
Nov 09, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Permit lack of basic constraints extension on root certificates.
parent
d94e4d31
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
3 deletions
+9
-3
chain.c
dlls/crypt32/chain.c
+9
-3
No files found.
dlls/crypt32/chain.c
View file @
5274777b
...
...
@@ -427,6 +427,10 @@ static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert,
* through out-of-band means or reject the certificate." Rejecting the
* certificate prohibits a large number of commonly used certificates, so
* accepting locally installed ones is a compromise.
* Root certificates are also allowed to be CAs even without a basic
* constraints extension. This is implied by RFC 5280, section 6.1: the
* root of a certificate chain's only requirement is that it was used to issue
* the next certificate in the chain.
* Updates chainConstraints with the element's constraints, if:
* 1. chainConstraints doesn't have a path length constraint, or
* 2. element's path length constraint is smaller than chainConstraints's
...
...
@@ -437,12 +441,14 @@ static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert,
*/
static
BOOL
CRYPT_CheckBasicConstraintsForCA
(
PCertificateChainEngine
engine
,
PCCERT_CONTEXT
cert
,
CERT_BASIC_CONSTRAINTS2_INFO
*
chainConstraints
,
DWORD
remainingCAs
,
BOOL
*
pathLengthConstraintViolated
)
DWORD
remainingCAs
,
BOOL
isRoot
,
BOOL
*
pathLengthConstraintViolated
)
{
BOOL
validBasicConstraints
,
implicitCA
=
FALSE
;
CERT_BASIC_CONSTRAINTS2_INFO
constraints
;
if
(
cert
->
pCertInfo
->
dwVersion
==
CERT_V1
||
if
(
isRoot
)
implicitCA
=
TRUE
;
else
if
(
cert
->
pCertInfo
->
dwVersion
==
CERT_V1
||
cert
->
pCertInfo
->
dwVersion
==
CERT_V2
)
{
BYTE
hash
[
20
];
...
...
@@ -1307,7 +1313,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
chain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
|=
CERT_TRUST_INVALID_BASIC_CONSTRAINTS
;
else
if
(
!
CRYPT_CheckBasicConstraintsForCA
(
engine
,
chain
->
rgpElement
[
i
]
->
pCertContext
,
&
constraints
,
i
-
1
,
chain
->
rgpElement
[
i
]
->
pCertContext
,
&
constraints
,
i
-
1
,
isRoot
,
&
pathLengthConstraintViolated
))
chain
->
rgpElement
[
i
]
->
TrustStatus
.
dwErrorStatus
|=
CERT_TRUST_INVALID_BASIC_CONSTRAINTS
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
