Juan Lang : crypt32: Add basic constraints to chain quality selection algorithm.
Alexandre Julliard
julliard at winehq.org
Fri Oct 30 11:04:30 CDT 2009
Module: wine
Branch: master
Commit: 552fec4002ad1760c4c4738e0d133e6268928739
URL: http://source.winehq.org/git/wine.git/?a=commit;h=552fec4002ad1760c4c4738e0d133e6268928739
Author: Juan Lang <juan.lang at gmail.com>
Date: Wed Oct 28 16:50:33 2009 -0700
crypt32: Add basic constraints to chain quality selection algorithm.
---
dlls/crypt32/chain.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 3b618fa..7bb72fa 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -1704,14 +1704,16 @@ static PCertificateChain CRYPT_BuildAlternateContextFromChain(
return alternate;
}
-#define CHAIN_QUALITY_SIGNATURE_VALID 8
-#define CHAIN_QUALITY_TIME_VALID 4
-#define CHAIN_QUALITY_COMPLETE_CHAIN 2
-#define CHAIN_QUALITY_TRUSTED_ROOT 1
+#define CHAIN_QUALITY_SIGNATURE_VALID 0x16
+#define CHAIN_QUALITY_TIME_VALID 8
+#define CHAIN_QUALITY_COMPLETE_CHAIN 4
+#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
+#define CHAIN_QUALITY_TRUSTED_ROOT 1
#define CHAIN_QUALITY_HIGHEST \
CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
- CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_TRUSTED_ROOT
+ CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
+ CHAIN_QUALITY_TRUSTED_ROOT
#define IS_TRUST_ERROR_SET(TrustStatus, bits) \
(TrustStatus)->dwErrorStatus & (bits)
@@ -1724,6 +1726,9 @@ static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
CERT_TRUST_IS_UNTRUSTED_ROOT))
quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
+ CERT_TRUST_INVALID_BASIC_CONSTRAINTS))
+ quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
+ if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
CERT_TRUST_IS_PARTIAL_CHAIN))
quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;
if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
More information about the wine-cvs
mailing list