Juan Lang : cryptnet: Check CRL with verify time in CertDllVerifyRevocation .
Alexandre Julliard
julliard at winehq.org
Mon Nov 23 08:49:48 CST 2009
Module: wine
Branch: master
Commit: ff57ba9d7c633c2e263f8a88392448087c1eca13
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ff57ba9d7c633c2e263f8a88392448087c1eca13
Author: Juan Lang <juan.lang at gmail.com>
Date: Fri Nov 20 12:09:21 2009 -0800
cryptnet: Check CRL with verify time in CertDllVerifyRevocation.
---
dlls/cryptnet/cryptnet_main.c | 46 +++++++++++++++++++++++++++++++++--------
1 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index 3744e68..a37c0d6 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1441,6 +1441,15 @@ BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid,
return ret;
}
+typedef struct _CERT_REVOCATION_PARA_NO_EXTRA_FIELDS {
+ DWORD cbSize;
+ PCCERT_CONTEXT pIssuerCert;
+ DWORD cCertStore;
+ HCERTSTORE *rgCertStore;
+ HCERTSTORE hCrlStore;
+ LPFILETIME pftTimeToUse;
+} CERT_REVOCATION_PARA_NO_EXTRA_FIELDS, *PCERT_REVOCATION_PARA_NO_EXTRA_FIELDS;
+
typedef struct _OLD_CERT_REVOCATION_STATUS {
DWORD cbSize;
DWORD dwIndex;
@@ -1457,6 +1466,8 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
{
DWORD error = 0, i;
BOOL ret;
+ FILETIME now;
+ LPFILETIME pTime = NULL;
TRACE("(%08x, %d, %d, %p, %08x, %p, %p)\n", dwEncodingType, dwRevType,
cContext, rgpvContext, dwFlags, pRevPara, pRevStatus);
@@ -1472,6 +1483,14 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
SetLastError(E_INVALIDARG);
return FALSE;
}
+ if (pRevPara && pRevPara->cbSize >=
+ sizeof(CERT_REVOCATION_PARA_NO_EXTRA_FIELDS))
+ pTime = pRevPara->pftTimeToUse;
+ if (!pTime)
+ {
+ GetSystemTimeAsFileTime(&now);
+ pTime = &now;
+ }
memset(&pRevStatus->dwIndex, 0, pRevStatus->cbSize - sizeof(DWORD));
if (dwRevType != CERT_CONTEXT_REVOCATION_TYPE)
{
@@ -1524,18 +1543,27 @@ BOOL WINAPI CertDllVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType,
(void **)&crl, NULL, NULL, NULL, NULL);
if (ret)
{
- PCRL_ENTRY entry = NULL;
-
- CertFindCertificateInCRL(
- rgpvContext[i], crl, 0, NULL,
- &entry);
- if (entry)
+ if (CertVerifyCRLTimeValidity(pTime, crl->pCrlInfo))
{
- error = CRYPT_E_REVOKED;
- pRevStatus->dwIndex = i;
+ /* The CRL isn't time valid */
+ error = CRYPT_E_NO_REVOCATION_CHECK;
ret = FALSE;
}
- else if (timeout)
+ else
+ {
+ PCRL_ENTRY entry = NULL;
+
+ CertFindCertificateInCRL(
+ rgpvContext[i], crl, 0, NULL,
+ &entry);
+ if (entry)
+ {
+ error = CRYPT_E_REVOKED;
+ pRevStatus->dwIndex = i;
+ ret = FALSE;
+ }
+ }
+ if (ret && timeout)
{
DWORD time = GetTickCount();
More information about the wine-cvs
mailing list