crypt32(4/5): Set subject's info status from method used to find
issuer
Juan Lang
juan.lang at gmail.com
Tue Sep 11 14:54:35 CDT 2007
--Juan
-------------- next part --------------
From 6cdbe518e4968ded2016686c0087e34ae1eab171 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Tue, 11 Sep 2007 12:48:54 -0700
Subject: [PATCH] Set subject's info status from method used to find issuer
---
dlls/crypt32/chain.c | 27 ++++++++++++++++++++-------
1 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index ee95272..6e9d90f 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -508,7 +508,8 @@ static void CRYPT_CheckSimpleChain(PCert
}
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
{
- rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED;
+ rootElement->TrustStatus.dwInfoStatus |=
+ CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER;
CRYPT_CheckRootCert(engine->hRoot, rootElement);
}
/* FIXME: check revocation of every cert with CertVerifyRevocation */
@@ -516,12 +517,13 @@ static void CRYPT_CheckSimpleChain(PCert
}
static PCCERT_CONTEXT CRYPT_GetIssuer(HCERTSTORE store, PCCERT_CONTEXT subject,
- PCCERT_CONTEXT prevIssuer)
+ PCCERT_CONTEXT prevIssuer, DWORD *infoStatus)
{
PCCERT_CONTEXT issuer = NULL;
PCERT_EXTENSION ext;
DWORD size;
+ *infoStatus = 0;
if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
{
@@ -546,6 +548,8 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(HC
issuer = CertFindCertificateInStore(store,
subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id,
prevIssuer);
+ if (issuer)
+ *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
}
else if (info->KeyId.cbData)
{
@@ -554,6 +558,8 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(HC
issuer = CertFindCertificateInStore(store,
subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id,
prevIssuer);
+ if (issuer)
+ *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
}
LocalFree(info);
}
@@ -595,6 +601,8 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(HC
issuer = CertFindCertificateInStore(store,
subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id,
prevIssuer);
+ if (issuer)
+ *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
}
else
FIXME("no supported name type in authority key id2\n");
@@ -606,6 +614,8 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(HC
issuer = CertFindCertificateInStore(store,
subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id,
prevIssuer);
+ if (issuer)
+ *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
}
LocalFree(info);
}
@@ -615,6 +625,8 @@ static PCCERT_CONTEXT CRYPT_GetIssuer(HC
issuer = CertFindCertificateInStore(store,
subject->dwCertEncodingType, 0, CERT_FIND_SUBJECT_NAME,
&subject->pCertInfo->Issuer, prevIssuer);
+ if (issuer)
+ *infoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
}
return issuer;
}
@@ -631,11 +643,12 @@ static BOOL CRYPT_BuildSimpleChain(PCert
while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
!CRYPT_IsCertificateSelfSigned(cert))
{
- PCCERT_CONTEXT issuer = CRYPT_GetIssuer(world, cert, NULL);
+ DWORD infoStatus;
+ PCCERT_CONTEXT issuer = CRYPT_GetIssuer(world, cert, NULL, &infoStatus);
if (issuer)
{
- ret = CRYPT_AddCertToSimpleChain(engine, chain, issuer, 0);
+ ret = CRYPT_AddCertToSimpleChain(engine, chain, issuer, infoStatus);
cert = issuer;
}
else
@@ -888,7 +901,7 @@ static PCertificateChain CRYPT_BuildAlte
alternate = NULL;
else
{
- DWORD i, j;
+ DWORD i, j, infoStatus;
PCCERT_CONTEXT alternateIssuer = NULL;
alternate = NULL;
@@ -902,7 +915,7 @@ static PCertificateChain CRYPT_BuildAlte
chain->context.rgpChain[i]->rgpElement[j + 1]->pCertContext);
alternateIssuer = CRYPT_GetIssuer(prevIssuer->hCertStore,
- subject, prevIssuer);
+ subject, prevIssuer, &infoStatus);
}
if (alternateIssuer)
{
@@ -912,7 +925,7 @@ static PCertificateChain CRYPT_BuildAlte
if (alternate)
{
BOOL ret = CRYPT_AddCertToSimpleChain(engine,
- alternate->context.rgpChain[i], alternateIssuer, 0);
+ alternate->context.rgpChain[i], alternateIssuer, infoStatus);
if (ret)
{
--
1.4.1
More information about the wine-patches
mailing list