Juan Lang : crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
Alexandre Julliard
julliard at winehq.org
Thu Nov 19 10:15:22 CST 2009
Module: wine
Branch: master
Commit: 8fcaa52d5d6523d22f01d781c8b1149b20e36477
URL: http://source.winehq.org/git/wine.git/?a=commit;h=8fcaa52d5d6523d22f01d781c8b1149b20e36477
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Nov 18 16:54:49 2009 -0800
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
---
dlls/crypt32/crl.c | 25 +++++++++++++++++++++++++
dlls/crypt32/tests/crl.c | 2 --
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/dlls/crypt32/crl.c b/dlls/crypt32/crl.c
index 4f69a9d..03f9b78 100644
--- a/dlls/crypt32/crl.c
+++ b/dlls/crypt32/crl.c
@@ -121,6 +121,31 @@ static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
issuer->dwCertEncodingType,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext,
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL);
+ if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG))
+ {
+ PCERT_EXTENSION aki = CertFindExtension(
+ szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension,
+ pCrlContext->pCrlInfo->rgExtension);
+
+ if (aki)
+ {
+ CERT_EXTENSION *ski;
+
+ if ((ski = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER,
+ issuer->pCertInfo->cExtension,
+ issuer->pCertInfo->rgExtension)))
+ {
+ if (aki->Value.cbData == ski->Value.cbData)
+ ret = !memcmp(aki->Value.pbData, ski->Value.pbData,
+ aki->Value.cbData);
+ else
+ ret = FALSE;
+ }
+ else
+ ret = FALSE;
+ }
+ /* else: a CRL without an AKI matches any cert */
+ }
}
else
ret = TRUE;
diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c
index d50d996..b012db1 100644
--- a/dlls/crypt32/tests/crl.c
+++ b/dlls/crypt32/tests/crl.c
@@ -683,11 +683,9 @@ static void testFindCRL(void)
revoked_count++;
}
} while (context);
- todo_wine {
ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
revoked_count);
- }
count = revoked_count = 0;
do {
context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
More information about the wine-cvs
mailing list