crypt32(13/17): Time validity nesting doesn't appear to be checked,
so don't check it
Juan Lang
juan.lang at gmail.com
Thu Aug 30 20:18:10 CDT 2007
--Juan
-------------- next part --------------
From 0a8d9d3ad717a74a2f69b4c621daf95521fa4b2f Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Thu, 30 Aug 2007 17:57:48 -0700
Subject: [PATCH] Time validity nesting doesn't appear to be checked, so don't check it
---
dlls/crypt32/chain.c | 19 +------------------
1 files changed, 1 insertions(+), 18 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index f0f3e56..58f3806 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -257,8 +257,7 @@ static inline BOOL CRYPT_IsSimpleChainCy
static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
PCCERT_CONTEXT cert, PDWORD pdwFlags)
{
- *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG |
- CERT_STORE_TIME_VALIDITY_FLAG;
+ *pdwFlags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
}
@@ -297,22 +296,6 @@ static BOOL CRYPT_AddCertToSimpleChain(P
if (dwFlags & CERT_STORE_SIGNATURE_FLAG)
element->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_NOT_SIGNATURE_VALID;
- if (dwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
- element->TrustStatus.dwErrorStatus |=
- CERT_TRUST_IS_NOT_TIME_VALID;
- if (chain->cElement)
- {
- PCERT_CHAIN_ELEMENT prevElement =
- chain->rgpElement[chain->cElement - 1];
-
- /* This cert is the issuer of the previous one in the chain, so
- * retroactively check the previous one's time validity nesting.
- */
- if (!CertVerifyValidityNesting(
- prevElement->pCertContext->pCertInfo, cert->pCertInfo))
- prevElement->TrustStatus.dwErrorStatus |=
- CERT_TRUST_IS_NOT_TIME_NESTED;
- }
/* FIXME: check valid usages and name constraints */
/* FIXME: initialize the rest of element */
chain->rgpElement[chain->cElement++] = element;
--
1.4.1
More information about the wine-patches
mailing list