Juan Lang : crypt32: Check basic constraints extension for end certs too.
Alexandre Julliard
julliard at winehq.org
Wed Oct 21 13:14:06 CDT 2009
Module: wine
Branch: master
Commit: f348e3feb7113dd208e05f2e6e9bace628608b0f
URL: http://source.winehq.org/git/wine.git/?a=commit;h=f348e3feb7113dd208e05f2e6e9bace628608b0f
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Oct 20 18:00:45 2009 -0700
crypt32: Check basic constraints extension for end certs too.
---
dlls/crypt32/chain.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index c9f7618..6c44d4c 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -905,6 +905,14 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
constraints.dwPathLenConstraint--;
}
}
+ else
+ {
+ /* Check whether end cert has a basic constraints extension */
+ if (!CRYPT_DecodeBasicConstraints(
+ chain->rgpElement[i]->pCertContext, &constraints, FALSE))
+ chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+ CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
+ }
if (CRYPT_IsSimpleChainCyclic(chain))
{
/* If the chain is cyclic, then the path length constraints
More information about the wine-cvs
mailing list