26#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
27#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
36#define DEFAULT_CYCLE_MODULUS 7
59 for (
i = 0;
i < cStores;
i++)
67 for (
i = 0;
i < cStores;
i++)
123 else if (
config->hRestrictedRoot)
152 if(
config->CycleDetectionModulus)
226 TRACE(
"(%p, %p)\n", pConfig, phChainEngine);
237 *phChainEngine =
NULL;
242 return *phChainEngine !=
NULL;
247 TRACE(
"(%p)\n", hChainEngine);
271 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
281 if (
info->AuthorityCertIssuer.cAltEntry &&
282 info->AuthorityCertSerialNumber.cbData)
287 for (
i = 0; !directoryName &&
288 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
289 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
292 &
info->AuthorityCertIssuer.rgAltEntry[
i];
301 FIXME(
"no supported name type in authority key id2\n");
305 else if (
info->KeyId.cbData)
326 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
336 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
342 else if (
info->KeyId.cbData)
381 DWORD i,
j, cyclicCertIndex = 0;
384 for (
i = 0; !cyclicCertIndex &&
i <
chain->cElement;
i++)
385 for (
j =
i + 1; !cyclicCertIndex &&
j <
chain->cElement;
j++)
387 chain->rgpElement[
i]->pCertContext->pCertInfo,
388 chain->rgpElement[
j]->pCertContext->pCertInfo))
392 chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
395 for (
i = cyclicCertIndex + 1;
i <
chain->cElement;
i++)
398 chain->cElement = cyclicCertIndex + 1;
406 return chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwErrorStatus
431 if (!
chain->cElement)
436 if (
chain->rgpElement)
442 if (
chain->cElement > 1)
443 chain->rgpElement[
chain->cElement - 2]->TrustStatus.dwInfoStatus
468 for (
i = 0;
i <
chain->cElement;
i++)
496 TRACE_(
chain)(
"Last certificate's signature is invalid\n");
514 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
527 if (
info->SubjectType.cbData == 1)
536 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
546 constraints->
fCA = defaultIfNotSpecified;
578 DWORD remainingCAs,
BOOL isRoot,
BOOL *pathLengthConstraintViolated)
580 BOOL validBasicConstraints, implicitCA =
FALSE;
607 &constraints, implicitCA)))
609 chainConstraints->
fCA = constraints.
fCA;
610 if (!constraints.
fCA)
612 TRACE_(
chain)(
"chain element %ld can't be a CA\n", remainingCAs + 1);
613 validBasicConstraints =
FALSE;
624 TRACE_(
chain)(
"setting path length constraint to %ld\n",
635 TRACE_(
chain)(
"remaining CAs %ld exceed max path length %ld\n",
637 validBasicConstraints =
FALSE;
638 *pathLengthConstraintViolated =
TRUE;
640 return validBasicConstraints;
661 if (constraint[0] ==
'.')
679 DWORD *trustErrorStatus)
693 WCHAR hostname_buf[255];
704 if (colon && *(colon + 1) ==
'/' && *(colon + 2) ==
'/')
719 for (colon = authority_end; colon >=
name && *colon !=
':' &&
720 *colon !=
'@'; colon--)
723 authority_end = colon;
734 hostname_buf[authority_end -
name] = 0;
748 DWORD *trustErrorStatus)
759 else if (
wcschr(constraint,
'@'))
772 DWORD *trustErrorStatus)
829 else if (
name->cbData ==
sizeof(
DWORD) &&
842 else if (
name->cbData == 16 && constraint->
cbData == 32)
847 subnet = constraint->
pbData;
895 name->pwszURL, trustErrorStatus);
899 name->pwszURL, trustErrorStatus);
903 name->pwszURL, trustErrorStatus);
907 &
name->IPAddress, trustErrorStatus);
911 &
name->DirectoryName);
914 ERR(
"name choice %ld unsupported in this context\n",
956 cert->cExtension,
cert->rgExtension);
959 cert->cExtension,
cert->rgExtension);
972 &subjectAltName, &
size))
978 BOOL nameFormPresent;
990 TRACE_(
chain)(
"subject alternate name form %ld excluded\n",
995 nameFormPresent =
FALSE;
998 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1000 TRACE_(
chain)(
"subject alternate name form %ld not permitted\n",
1002 *trustErrorStatus |=
1009 *trustErrorStatus |=
1066 for (
i = 0;
i <
name->cRDN;
i++)
1067 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
1071 BOOL nameFormPresent;
1080 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1084 "email address in subject name is excluded\n");
1085 *trustErrorStatus |=
1088 nameFormPresent =
FALSE;
1090 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1091 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1094 "email address in subject name is not permitted\n");
1095 *trustErrorStatus |=
1102 *trustErrorStatus |=
1112 else if (
name->cbData == 2 &&
name->pbData[1] == 0)
1140 hasEmailConstraint =
TRUE;
1145 hasEmailConstraint =
TRUE;
1146 if (hasEmailConstraint)
1158 *trustErrorStatus |=
1179 hasDirectoryConstraint =
TRUE;
1184 if (hasDirectoryConstraint && !
match)
1194 DWORD *trustErrorStatus)
1218 cert->rgExtension)))
1223 ext->Value.pbData,
ext->Value.cbData,
1241 if (!
info->cPermittedSubtree && !
info->cExcludedSubtree)
1243 WARN_(
chain)(
"constraints contain no permitted nor excluded subtree\n");
1258 for (
i = 0;
ret &&
i <
info->cPermittedSubtree;
i++)
1259 if (
info->rgPermittedSubtree[
i].dwMinimum ||
1260 info->rgPermittedSubtree[
i].fMaximum)
1262 TRACE_(
chain)(
"found a minimum or maximum in permitted subtrees\n");
1265 for (
i = 0;
ret &&
i <
info->cExcludedSubtree;
i++)
1266 if (
info->rgExcludedSubtree[
i].dwMinimum ||
1267 info->rgExcludedSubtree[
i].fMaximum)
1269 TRACE_(
chain)(
"found a minimum or maximum in excluded subtrees\n");
1291 for (
i =
chain->cElement - 1;
i > 0;
i--)
1296 chain->rgpElement[
i]->pCertContext->pCertInfo)))
1299 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1303 for (
j =
i - 1;
j >= 0;
j--)
1305 DWORD errorStatus = 0;
1311 chain->rgpElement[
j]->pCertContext))
1314 chain->rgpElement[
j]->pCertContext->pCertInfo,
1318 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1321 &
chain->rgpElement[
i]->TrustStatus);
1324 chain->rgpElement[
i]->TrustStatus.dwInfoStatus |=
1341 cert->pCertInfo->rgExtension);
1370 FIXME(
"unsupported policy %s\n",
1381 for (
i =
chain->cElement - 1;
i > 0;
i--)
1387 for (
j =
i - 1;
j >= 0;
j--)
1389 DWORD errorStatus = 0;
1392 chain->rgpElement[
j]->pCertContext->pCertInfo, &errorStatus);
1395 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1398 &
chain->rgpElement[
i]->TrustStatus);
1426 switch (
entry->dwAltNameChoice)
1429 TRACE_(
chain)(
"CERT_ALT_NAME_OTHER_NAME, oid = %s\n",
1449 TRACE_(
chain)(
"CERT_ALT_NAME_IP_ADDRESS: %ld bytes\n",
1450 entry->IPAddress.cbData);
1453 TRACE_(
chain)(
"CERT_ALT_NAME_REGISTERED_ID: %s\n",
1468 ext->Value.pbData,
ext->Value.cbData,
1474 for (
i = 0;
i <
name->cAltEntry;
i++)
1491 info->fPathLenConstraint ?
"has" :
"doesn't have");
1522#define trace_usage_bit(bits, bit) \
1523 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1535#undef trace_usage_bit
1544 TRACE_(
chain)(
"dwMinimum = %ld, fMaximum = %d, dwMaximum = %ld\n",
1554 ext->Value.pbData,
ext->Value.cbData,
1593 pszPolicyQualifierId));
1611 for (
i = 0;
i <
usage->cUsageIdentifier;
i++)
1625#define trace_cert_type_bit(bits, bit) \
1626 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
1639#undef trace_cert_type_bit
1646 ext->fCritical ?
"" :
"not ");
1677 if (!
time)
return "(null)";
1715 for (
i = 0;
i <
cert->pCertInfo->cExtension;
i++)
1727 cert->pCertInfo->rgExtension);
1738 else if (
usage.cbData > 2)
1778 WARN_(
chain)(
"keyCertSign not asserted on a CA cert\n");
1789 WARN_(
chain)(
"keyCertSign asserted on a non-CA cert\n");
1803 for (
i = 0;
ret &&
i <
cert->pCertInfo->cExtension;
i++)
1805 if (
cert->pCertInfo->rgExtension[
i].fCritical)
1807 LPCSTR oid =
cert->pCertInfo->rgExtension[
i].pszObjId;
1827 FIXME(
"unsupported critical extension %s\n",
1841 switch (
cert->pCertInfo->dwVersion)
1849 if (
cert->pCertInfo->IssuerUniqueId.cbData ||
1850 cert->pCertInfo->SubjectUniqueId.cbData)
1855 if (
cert->pCertInfo->cExtension)
1862 if (
cert->pCertInfo->cExtension)
1869 WARN_(
chain)(
"invalid cert version %ld\n",
cert->pCertInfo->dwVersion);
1880 BOOL pathLengthConstraintViolated =
FALSE;
1884 TRACE_(
chain)(
"checking chain with %ld elements for time %s\n",
1886 for (
i =
chain->cElement - 1;
i >= 0;
i--)
1892 if (
i ==
chain->cElement - 1)
1894 chain->rgpElement[
i]->pCertContext);
1902 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1906 chain->rgpElement[
i]->pCertContext->pCertInfo) != 0)
1907 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1914 (
void *)
chain->rgpElement[
i - 1]->pCertContext,
1916 (
void *)
chain->rgpElement[
i]->pCertContext, 0,
NULL))
1917 chain->rgpElement[
i - 1]->TrustStatus.dwErrorStatus |=
1922 if (pathLengthConstraintViolated)
1923 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1926 chain->rgpElement[
i]->pCertContext, &constraints,
i - 1, isRoot,
1927 &pathLengthConstraintViolated))
1928 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1941 chain->rgpElement[
i]->pCertContext, &constraints,
FALSE))
1942 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1946 isRoot, constraints.
fCA,
i))
1947 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1954 pathLengthConstraintViolated =
TRUE;
1955 chain->TrustStatus.dwErrorStatus |=
1961 chain->rgpElement[
i]->pCertContext))
1962 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1966 &
chain->rgpElement[
i]->TrustStatus);
2075 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
2078 memcpy(&
id.IssuerSerialNumber.Issuer, &
info->CertIssuer,
2080 memcpy(&
id.IssuerSerialNumber.SerialNumber,
2086 TRACE_(
chain)(
"issuer found by issuer/serial number\n");
2090 else if (
info->KeyId.cbData)
2119 if (
info->AuthorityCertIssuer.cAltEntry &&
2120 info->AuthorityCertSerialNumber.cbData)
2125 for (
i = 0; !directoryName &&
2126 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
2127 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
2130 &
info->AuthorityCertIssuer.rgAltEntry[
i];
2134 memcpy(&
id.IssuerSerialNumber.Issuer,
2136 memcpy(&
id.IssuerSerialNumber.SerialNumber,
2137 &
info->AuthorityCertSerialNumber,
2143 TRACE_(
chain)(
"issuer found by directory name\n");
2148 FIXME(
"no supported name type in authority key id2\n");
2150 else if (
info->KeyId.cbData)
2187 &
chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2192 chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2201 TRACE_(
chain)(
"Couldn't find issuer, halting chain creation\n");
2258 if (hAdditionalStore)
2270 chain->world = world;
2273 chain->context.cChain = 1;
2275 chain->context.rgpChain[0] = simpleChain;
2276 chain->context.cLowerQualityChainContext = 0;
2277 chain->context.rgpLowerQualityChainContext =
NULL;
2278 chain->context.fHasRevocationFreshnessTime =
FALSE;
2279 chain->context.dwRevocationFreshnessTime = 0;
2303 if (
copy->rgpElement)
2310 for (
i = 0;
ret &&
i <= iElement;
i++)
2319 chain->rgpElement[
i]->pCertContext);
2331 for (
i = 0;
i <= iElement;
i++)
2351 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2354 chain->context.cLowerQualityChainContext = 0;
2355 chain->context.rgpLowerQualityChainContext =
NULL;
2363 for (
i = 0;
i <
chain->context.cChain;
i++)
2387 copy->context.cLowerQualityChainContext = 0;
2388 copy->context.rgpLowerQualityChainContext =
NULL;
2389 copy->context.fHasRevocationFreshnessTime =
FALSE;
2390 copy->context.dwRevocationFreshnessTime = 0;
2393 if (
copy->context.rgpChain)
2402 for (
i = 0;
ret && iChain &&
i < iChain - 1;
i++)
2404 copy->context.rgpChain[
i] =
2406 chain->context.rgpChain[
i]->cElement - 1);
2407 if (!
copy->context.rgpChain[
i])
2415 copy->context.rgpChain[
i] =
2418 if (!
copy->context.rgpChain[
i])
2427 copy->context.cChain = iChain + 1;
2445 hAdditionalStore,
chain);
2450 if (
chain->context.cLowerQualityChainContext)
2452 chain->context.cLowerQualityChainContext - 1];
2454 if (
chain->context.cChain <= 1 &&
chain->context.rgpChain[0]->cElement <= 1)
2462 for (
i = 0; !alternateIssuer &&
i <
chain->context.cChain;
i++)
2463 for (
j = 0; !alternateIssuer &&
2464 j <
chain->context.rgpChain[
i]->cElement - 1;
j++)
2467 chain->context.rgpChain[
i]->rgpElement[
j]->pCertContext;
2469 chain->context.rgpChain[
i]->rgpElement[
j + 1]->pCertContext);
2472 subject, prevIssuer,
flags, &infoStatus);
2474 if (alternateIssuer)
2506 TRACE(
"%p\n", alternate);
2510#define CHAIN_QUALITY_SIGNATURE_VALID 0x16
2511#define CHAIN_QUALITY_TIME_VALID 8
2512#define CHAIN_QUALITY_COMPLETE_CHAIN 4
2513#define CHAIN_QUALITY_BASIC_CONSTRAINTS 2
2514#define CHAIN_QUALITY_TRUSTED_ROOT 1
2516#define CHAIN_QUALITY_HIGHEST \
2517 CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \
2518 CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
2519 CHAIN_QUALITY_TRUSTED_ROOT
2521#define IS_TRUST_ERROR_SET(TrustStatus, bits) \
2522 (TrustStatus)->dwErrorStatus & (bits)
2530 quality &= ~CHAIN_QUALITY_TRUSTED_ROOT;
2533 quality &= ~CHAIN_QUALITY_BASIC_CONSTRAINTS;
2536 quality &= ~CHAIN_QUALITY_COMPLETE_CHAIN;
2539 quality &= ~CHAIN_QUALITY_TIME_VALID;
2542 quality &= ~CHAIN_QUALITY_SIGNATURE_VALID;
2561 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2569 chain->context.cLowerQualityChainContext;
2571 chain->context.rgpLowerQualityChainContext;
2574 chain->context.cLowerQualityChainContext = 0;
2575 chain->context.rgpLowerQualityChainContext =
NULL;
2587 if (
chain->context.cLowerQualityChainContext)
2588 chain->context.rgpLowerQualityChainContext =
2590 (
chain->context.cLowerQualityChainContext + 1) *
2593 chain->context.rgpLowerQualityChainContext =
2595 if (
chain->context.rgpLowerQualityChainContext)
2597 chain->context.rgpLowerQualityChainContext[
2598 chain->context.cLowerQualityChainContext++] =
2615 if (iElement +
chain->rgpChain[
j]->cElement <
i)
2616 iElement +=
chain->rgpChain[
j]->cElement;
2641 for (
i = 0, cContext = 0;
i <
chain->cChain;
i++)
2643 if (i < chain->cChain - 1 ||
2645 cContext +=
chain->rgpChain[
i]->cElement;
2647 cContext +=
chain->rgpChain[
i]->cElement - 1;
2654 DWORD i,
j, iContext, revocationFlags;
2657 {
sizeof(revocationStatus), 0 };
2666 if (hAdditionalStore)
2670 revocationPara.
hCrlStore = hAdditionalStore;
2674 revocationPara.dwUrlRetrievalTimeout =
2675 pChainPara->dwUrlRetrievalTimeout;
2676 revocationPara.fCheckFreshnessTime =
2677 pChainPara->fCheckRevocationFreshnessTime;
2678 revocationPara.dwFreshnessTime =
2679 pChainPara->dwRevocationFreshnessTime;
2681 for (
i = 0, iContext = 0; iContext < cContext &&
i <
chain->cChain;
i++)
2683 for (
j = 0; iContext < cContext &&
2684 j <
chain->rgpChain[
i]->cElement;
j++, iContext++)
2687 chain->rgpChain[
i]->rgpElement[
j]->pCertContext;
2689 if (j < chain->rgpChain[
i]->cElement - 1)
2691 chain->rgpChain[
i]->rgpElement[
j + 1]->pCertContext;
2696 revocationFlags, &revocationPara, &revocationStatus);
2708 switch (revocationStatus.
dwError)
2726 WARN(
"unmapped error %08lx\n", revocationStatus.
dwError);
2752 endCert =
chain->rgpChain[0]->rgpElement[0]->pCertContext;
2787 validForUsage =
TRUE;
2788 for (
i = 0; validForUsage &&
2797 validForUsage =
FALSE;
2805 validForUsage =
FALSE;
2806 for (
i = 0; !validForUsage &&
2809 for (
j = 0; !validForUsage &&
2810 j <
usage->cUsageIdentifier;
j++)
2819 validForUsage =
FALSE;
2831 TRACE_(
chain)(
"requested usage from certificate with no usages\n");
2832 validForUsage =
TRUE;
2836 chain->TrustStatus.dwErrorStatus |=
2838 chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |=
2843 pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier)
2844 FIXME(
"unimplemented for RequestedIssuancePolicy\n");
2868 &pChainPara->RequestedIssuancePolicy);
2869 TRACE_(
chain)(
"%ld\n", pChainPara->dwUrlRetrievalTimeout);
2870 TRACE_(
chain)(
"%d\n", pChainPara->fCheckRevocationFreshnessTime);
2871 TRACE_(
chain)(
"%ld\n", pChainPara->dwRevocationFreshnessTime);
2884 TRACE(
"(%p, %p, %s, %p, %p, %08lx, %p, %p)\n", hChainEngine, pCertContext,
2893 *ppChainContext =
NULL;
2925 }
while (
ret && alternate);
2936 *ppChainContext = pChain;
2949 TRACE(
"(%p)\n", pChainContext);
2953 return pChainContext;
2960 TRACE(
"(%p)\n", pChainContext);
2973 FIXME(
"(%p, %08lx, %08lx, %ld, %p, %p): stub\n", store, certEncodingType,
2974 findFlags, findType, findPara, prevChainContext);
2983 for (
i = 0;
i <
chain->cChain;
i++)
2984 for (
j = 0;
j <
chain->rgpChain[
i]->cElement;
j++)
2985 if (
chain->rgpChain[
i]->rgpElement[
j]->TrustStatus.dwErrorStatus &
3001 checks = pPolicyPara->
dwFlags;
3020 if (!pPolicyStatus->
dwError &&
3029 if (!pPolicyStatus->
dwError &&
3038 if (!pPolicyStatus->
dwError &&
3048 if (!pPolicyStatus->
dwError &&
30620x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
30630x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
30640x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
30650x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
30660x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
30680x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
30690xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
30700x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
30710x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
30720xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
3119 isMSTestRoot =
TRUE;
3159 ext->Value.pbData,
ext->Value.cbData,
3196 if (server_name_dot)
3214 const WCHAR *component,
size_t len)
3218 for (
i = 0;
i <
name->cRDN;
i++)
3219 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
3221 name->rgRDN[
i].rgRDNAttr[
j].pszObjId))
3242 LPCWSTR allowed_ptr, server_ptr;
3245 *see_wildcard =
FALSE;
3247 if (server_len < allowed_len)
3249 WARN_(
chain)(
"domain component %s too short for %s\n",
3257 for (allowed_ptr = allowed_component, server_ptr = server_component;
3258 matches && allowed_ptr - allowed_component < allowed_len;
3259 allowed_ptr++, server_ptr++)
3261 if (*allowed_ptr ==
'*')
3263 if (allowed_ptr - allowed_component < allowed_len - 1)
3265 WARN_(
chain)(
"non-wildcard characters after wildcard not supported\n");
3268 else if (!allow_wildcards)
3270 WARN_(
chain)(
"wildcard after non-wildcard component\n");
3278 *see_wildcard =
TRUE;
3285 if (
matches && server_ptr - server_component < server_len)
3290 matches = *allowed_ptr ==
'*';
3298 LPCWSTR allowed_component = allowed;
3310 while (allowed_len && allowed_component[allowed_len - 1] == 0)
3330 LPCWSTR allowed_dot, server_dot;
3332 allowed_dot =
wmemchr(allowed_component,
'.',
3333 allowed_len - (allowed_component - allowed));
3334 server_dot =
wmemchr(server_component,
'.',
3337 if ((!allowed_dot && server_dot) || (allowed_dot && !server_dot))
3340 WARN_(
chain)(
"%s: too many components for CN=%s\n",
3343 WARN_(
chain)(
"%s: not enough components for CN=%s\n",
3349 LPCWSTR allowed_end, server_end;
3352 allowed_end = allowed_dot ? allowed_dot : allowed + allowed_len;
3353 server_end = server_dot ? server_dot :
server_name + server_len;
3355 allowed_end - allowed_component, server_component,
3356 server_end - server_component, allow_wildcards, &has_wildcard);
3361 allow_wildcards =
FALSE;
3364 allowed_component = allowed_dot ? allowed_dot + 1 : allowed_end;
3365 server_component = server_dot ? server_dot + 1 : server_end;
3368 }
while (
matches && allowed_component &&
3369 allowed_component - allowed < allowed_len &&
3370 server_component && server_component -
server_name < server_len);
3383 cert->pCertInfo->Subject.pbData,
cert->pCertInfo->Subject.cbData,
3403 WARN_(
chain)(
"domain component %s too long\n",
3409 ptr = dot ? dot + 1 :
end;
3455 DWORD checks = 0, baseChecks = 0;
3459 baseChecks = pPolicyPara->
dwFlags;
3543 if (!pPolicyStatus->
dwError && pPolicyPara &&
35870x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,
35880x64,0x9b,0xf5,0x89,0xaf,0x28,0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,
35890xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce,0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,
35900x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32,0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,
35910xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09,0xc9,0x2c,0x6f,0xa6,0xc2,0x60,
35920x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2,0x59,0x56,0x24,0xf3,0xe5,
35930x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a,0x71,0x50,0x1d,0x2d,
35940xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32,0x07,0xe1,0x61,
35950x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b,0xd1,0x3e,
35960x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1,0x94,
35970xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb,
35980x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,
35990x8e,0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,
36000xbd,0x3d,0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,
36010x61,0x98,0x65,0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,
36020x63,0xa9,0x30,0x40,0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,
36030x0b,0x87,0xff,0xc9,0xbe,0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,
36040x09,0x88,0x7b,0xcd,0x72,0xbc,0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01 };
36060x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,
36070x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78,0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,
36080x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d,0xa2,0x20,0x3e,0x7c,0x51,0xa2,
36090x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79,0xee,0xac,0x76,0xc9,0x54,
36100xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3,0xc5,0x6b,0x7a,0x62,
36110x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf,0x2d,0x66,0x9a,
36120x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1,0x46,0xe7,
36130x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3,0x84,
36140x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9,
36150x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,
36160x2b,0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,
36170x87,0xf7,0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,
36180xbf,0x3a,0xec,0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,
36190xcc,0x96,0x09,0x28,0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,
36200x3c,0x56,0xff,0x5b,0xfb,0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,
36210xb6,0x3b,0x5e,0x16,0x81,0x77,0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,
36220xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c,0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,
36230xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13,0x85,0xdf,0x02,0x03,0x01,0x00,0x01 };
36250x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,
36260x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35,0x08,0x3c,0x75,0x84,0xcd,0xb7,
36270x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa,0x91,0x68,0x5a,0x9e,0x94,
36280x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94,0x0e,0x58,0xfa,0x04,
36290x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b,0x93,0xe5,0x9d,
36300x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e,0xe1,0x09,
36310x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3,0xae,
36320x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7,
36330xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,
36340xe4,0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,
36350x91,0xb4,0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,
36360x6d,0xaf,0x90,0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,
36370xb7,0xe1,0x11,0x60,0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,
36380xd5,0xc3,0x7e,0xe5,0x92,0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,
36390xf3,0xb5,0x6e,0xf8,0x9f,0x33,0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,
36400xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3,0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,
36410x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12,0x33,0x95,0x31,0x99,0xc8,0x35,0x08,
36420x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63,0x32,0x59,0x40,0x36,0xc0,0xa5,
36430x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58,0xbf,0xef,0x3f,0x53,0x64,
36440xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04,0x4d,0x9e,0xd6,0x38,
36450x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5,0x4b,0x6f,0xb0,
36460x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3,0x61,0xb9,
36470x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f,0x28,
36480x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc,
36490x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,
36500xdb,0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,
36510xce,0x53,0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,
36520x90,0xdf,0x81,0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,
36530x31,0xbb,0x06,0x2d,0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,
36540xeb,0x15,0xd5,0x24,0xa5,0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,
36550x5b,0xfc,0xd1,0x33,0x00,0xf9,0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,
36560x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b,0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,
36570xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde,0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,
36580x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04,0x26,0x7c,0xd4,0x16,0x40,0xe5,
36590xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1,0x35,0x02,0x03,0x01,0x00,
36630x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xb9,0x08,0x9e,0x28,0xe4,0xe4,
36640xec,0x06,0x4e,0x50,0x68,0xb3,0x41,0xc5,0x7b,0xeb,0xae,0xb6,0x8e,0xaf,0x81,
36650xba,0x22,0x44,0x1f,0x65,0x34,0x69,0x4c,0xbe,0x70,0x40,0x17,0xf2,0x16,0x7b,
36660xe2,0x79,0xfd,0x86,0xed,0x0d,0x39,0xf4,0x1b,0xa8,0xad,0x92,0x90,0x1e,0xcb,
36670x3d,0x76,0x8f,0x5a,0xd9,0xb5,0x91,0x10,0x2e,0x3c,0x05,0x8d,0x8a,0x6d,0x24,
36680x54,0xe7,0x1f,0xed,0x56,0xad,0x83,0xb4,0x50,0x9c,0x15,0xa5,0x17,0x74,0x88,
36690x59,0x20,0xfc,0x08,0xc5,0x84,0x76,0xd3,0x68,0xd4,0x6f,0x28,0x78,0xce,0x5c,
36700xb8,0xf3,0x50,0x90,0x44,0xff,0xe3,0x63,0x5f,0xbe,0xa1,0x9a,0x2c,0x96,0x15,
36710x04,0xd6,0x07,0xfe,0x1e,0x84,0x21,0xe0,0x42,0x31,0x11,0xc4,0x28,0x36,0x94,
36720xcf,0x50,0xa4,0x62,0x9e,0xc9,0xd6,0xab,0x71,0x00,0xb2,0x5b,0x0c,0xe6,0x96,
36730xd4,0x0a,0x24,0x96,0xf5,0xff,0xc6,0xd5,0xb7,0x1b,0xd7,0xcb,0xb7,0x21,0x62,
36740xaf,0x12,0xdc,0xa1,0x5d,0x37,0xe3,0x1a,0xfb,0x1a,0x46,0x98,0xc0,0x9b,0xc0,
36750xe7,0x63,0x1f,0x2a,0x08,0x93,0x02,0x7e,0x1e,0x6a,0x8e,0xf2,0x9f,0x18,0x89,
36760xe4,0x22,0x85,0xa2,0xb1,0x84,0x57,0x40,0xff,0xf5,0x0e,0xd8,0x6f,0x9c,0xed,
36770xe2,0x45,0x31,0x01,0xcd,0x17,0xe9,0x7f,0xb0,0x81,0x45,0xe3,0xaa,0x21,0x40,
36780x26,0xa1,0x72,0xaa,0xa7,0x4f,0x3c,0x01,0x05,0x7e,0xee,0x83,0x58,0xb1,0x5e,
36790x06,0x63,0x99,0x62,0x91,0x78,0x82,0xb7,0x0d,0x93,0x0c,0x24,0x6a,0xb4,0x1b,
36800xdb,0x27,0xec,0x5f,0x95,0x04,0x3f,0x93,0x4a,0x30,0xf5,0x97,0x18,0xb3,0xa7,
36810xf9,0x19,0xa7,0x93,0x33,0x1d,0x01,0xc8,0xdb,0x22,0x52,0x5c,0xd7,0x25,0xc9,
36820x46,0xf9,0xa2,0xfb,0x87,0x59,0x43,0xbe,0x9b,0x62,0xb1,0x8d,0x2d,0x86,0x44,
36830x1a,0x46,0xac,0x78,0x61,0x7e,0x30,0x09,0xfa,0xae,0x89,0xc4,0x41,0x2a,0x22,
36840x66,0x03,0x91,0x39,0x45,0x9c,0xc7,0x8b,0x0c,0xa8,0xca,0x0d,0x2f,0xfb,0x52,
36850xea,0x0c,0xf7,0x63,0x33,0x23,0x9d,0xfe,0xb0,0x1f,0xad,0x67,0xd6,0xa7,0x50,
36860x03,0xc6,0x04,0x70,0x63,0xb5,0x2c,0xb1,0x86,0x5a,0x43,0xb7,0xfb,0xae,0xf9,
36870x6e,0x29,0x6e,0x21,0x21,0x41,0x26,0x06,0x8c,0xc9,0xc3,0xee,0xb0,0xc2,0x85,
36880x93,0xa1,0xb9,0x85,0xd9,0xe6,0x32,0x6c,0x4b,0x4c,0x3f,0xd6,0x5d,0xa3,0xe5,
36890xb5,0x9d,0x77,0xc3,0x9c,0xc0,0x55,0xb7,0x74,0x00,0xe3,0xb8,0x38,0xab,0x83,
36900x97,0x50,0xe1,0x9a,0x42,0x24,0x1d,0xc6,0xc0,0xa3,0x30,0xd1,0x1a,0x5a,0xc8,
36910x52,0x34,0xf7,0x73,0xf1,0xc7,0x18,0x1f,0x33,0xad,0x7a,0xec,0xcb,0x41,0x60,
36920xf3,0x23,0x94,0x20,0xc2,0x48,0x45,0xac,0x5c,0x51,0xc6,0x2e,0x80,0xc2,0xe2,
36930x77,0x15,0xbd,0x85,0x87,0xed,0x36,0x9d,0x96,0x91,0xee,0x00,0xb5,0xa3,0x70,
36940xec,0x9f,0xe3,0x8d,0x80,0x68,0x83,0x76,0xba,0xaf,0x5d,0x70,0x52,0x22,0x16,
36950xe2,0x66,0xfb,0xba,0xb3,0xc5,0xc2,0xf7,0x3e,0x2f,0x77,0xa6,0xca,0xde,0xc1,
36960xa6,0xc6,0x48,0x4c,0xc3,0x37,0x51,0x23,0xd3,0x27,0xd7,0xb8,0x4e,0x70,0x96,
36970xf0,0xa1,0x44,0x76,0xaf,0x78,0xcf,0x9a,0xe1,0x66,0x13,0x02,0x03,0x01,0x00,
37010x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xb2,0x80,0x41,0xaa,0x35,0x38,
37020x4d,0x13,0x72,0x32,0x68,0x22,0x4d,0xb8,0xb2,0xf1,0xff,0xd5,0x52,0xbc,0x6c,
37030xc7,0xf5,0xd2,0x4a,0x8c,0x36,0xee,0xd1,0xc2,0x5c,0x7e,0x8c,0x8a,0xae,0xaf,
37040x13,0x28,0x6f,0xc0,0x73,0xe3,0x3a,0xce,0xd0,0x25,0xa8,0x5a,0x3a,0x6d,0xef,
37050xa8,0xb8,0x59,0xab,0x13,0x23,0x68,0xcd,0x0c,0x29,0x87,0xd1,0x6f,0x80,0x5c,
37060x8f,0x44,0x7f,0x5d,0x90,0x01,0x52,0x58,0xac,0x51,0xc5,0x5f,0x2a,0x87,0xdc,
37070xdc,0xd8,0x0a,0x1d,0xc1,0x03,0xb9,0x7b,0xb0,0x56,0xe8,0xa3,0xde,0x64,0x61,
37080xc2,0x9e,0xf8,0xf3,0x7c,0xb9,0xec,0x0d,0xb5,0x54,0xfe,0x4c,0xb6,0x65,0x4f,
37090x88,0xf0,0x9c,0x48,0x99,0x0c,0x42,0x0b,0x09,0x7c,0x31,0x59,0x17,0x79,0x06,
37100x78,0x28,0x8d,0x89,0x3a,0x4c,0x03,0x25,0xbe,0x71,0x6a,0x5c,0x0b,0xe7,0x84,
37110x60,0xa4,0x99,0x22,0xe3,0xd2,0xaf,0x84,0xa4,0xa7,0xfb,0xd1,0x98,0xed,0x0c,
37120xa9,0xde,0x94,0x89,0xe1,0x0e,0xa0,0xdc,0xc0,0xce,0x99,0x3d,0xea,0x08,0x52,
37130xbb,0x56,0x79,0xe4,0x1f,0x84,0xba,0x1e,0xb8,0xb4,0xc4,0x49,0x5c,0x4f,0x31,
37140x4b,0x87,0xdd,0xdd,0x05,0x67,0x26,0x99,0x80,0xe0,0x71,0x11,0xa3,0xb8,0xa5,
37150x41,0xe2,0xa4,0x53,0xb9,0xf7,0x32,0x29,0x83,0x0c,0x13,0xbf,0x36,0x5e,0x04,
37160xb3,0x4b,0x43,0x47,0x2f,0x6b,0xe2,0x91,0x1e,0xd3,0x98,0x4f,0xdd,0x42,0x07,
37170xc8,0xe8,0x1d,0x12,0xfc,0x99,0xa9,0x6b,0x3e,0x92,0x7e,0xc8,0xd6,0x69,0x3a,
37180xfc,0x64,0xbd,0xb6,0x09,0x9d,0xca,0xfd,0x0c,0x0b,0xa2,0x9b,0x77,0x60,0x4b,
37190x03,0x94,0xa4,0x30,0x69,0x12,0xd6,0x42,0x2d,0xc1,0x41,0x4c,0xca,0xdc,0xaa,
37200xfd,0x8f,0x5b,0x83,0x46,0x9a,0xd9,0xfc,0xb1,0xd1,0xe3,0xb3,0xc9,0x7f,0x48,
37210x7a,0xcd,0x24,0xf0,0x41,0x8f,0x5c,0x74,0xd0,0xac,0xb0,0x10,0x20,0x06,0x49,
37220xb7,0xc7,0x2d,0x21,0xc8,0x57,0xe3,0xd0,0x86,0xf3,0x03,0x68,0xfb,0xd0,0xce,
37230x71,0xc1,0x89,0x99,0x4a,0x64,0x01,0x6c,0xfd,0xec,0x30,0x91,0xcf,0x41,0x3c,
37240x92,0xc7,0xe5,0xba,0x86,0x1d,0x61,0x84,0xc7,0x5f,0x83,0x39,0x62,0xae,0xb4,
37250x92,0x2f,0x47,0xf3,0x0b,0xf8,0x55,0xeb,0xa0,0x1f,0x59,0xd0,0xbb,0x74,0x9b,
37260x1e,0xd0,0x76,0xe6,0xf2,0xe9,0x06,0xd7,0x10,0xe8,0xfa,0x64,0xde,0x69,0xc6,
37270x35,0x96,0x88,0x02,0xf0,0x46,0xb8,0x3f,0x27,0x99,0x6f,0xcb,0x71,0x89,0x29,
37280x35,0xf7,0x48,0x16,0x02,0x35,0x8f,0xd5,0x79,0x7c,0x4d,0x02,0xcf,0x5f,0xeb,
37290x8a,0x83,0x4f,0x45,0x71,0x88,0xf9,0xa9,0x0d,0x4e,0x72,0xe9,0xc2,0x9c,0x07,
37300xcf,0x49,0x1b,0x4e,0x04,0x0e,0x63,0x51,0x8c,0x5e,0xd8,0x00,0xc1,0x55,0x2c,
37310xb6,0xc6,0xe0,0xc2,0x65,0x4e,0xc9,0x34,0x39,0xf5,0x9c,0xb3,0xc4,0x7e,0xe8,
37320x61,0x6e,0x13,0x5f,0x15,0xc4,0x5f,0xd9,0x7e,0xed,0x1d,0xce,0xee,0x44,0xec,
37330xcb,0x2e,0x86,0xb1,0xec,0x38,0xf6,0x70,0xed,0xab,0x5c,0x13,0xc1,0xd9,0x0f,
37340x0d,0xc7,0x80,0xb2,0x55,0xed,0x34,0xf7,0xac,0x9b,0xe4,0xc3,0xda,0xe7,0x47,
37350x3c,0xa6,0xb5,0x8f,0x31,0xdf,0xc5,0x4b,0xaf,0xeb,0xf1,0x02,0x03,0x01,0x00,
3761 unsigned int key_count;
3765 keys = keyBlobs_approot;
3774 for (
i = 0; !isMSRoot &&
i < key_count;
i++)
3779 &
root->pCertInfo->SubjectPublicKeyInfo, &msPubKey)) isMSRoot =
TRUE;
3816 pPolicyPara, pPolicyStatus);
3822 switch (
LOWORD(szPolicyOID))
3840 FIXME(
"unimplemented for %d\n",
LOWORD(szPolicyOID));
3849 (
void **)&verifyPolicy, &hFunc);
3852 ret = verifyPolicy(szPolicyOID, pChainContext, pPolicyPara,
#define InterlockedIncrement
#define InterlockedDecrement
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
INT copy(TCHAR source[MAX_PATH], TCHAR dest[MAX_PATH], INT append, DWORD lpdwFlags, BOOL bTouch)
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
DWORD cert_name_to_str_with_indent(DWORD dwCertEncodingType, DWORD indent, const CERT_NAME_BLOB *pName, DWORD dwStrType, LPWSTR psz, DWORD csz)
BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
static const WCHAR empty[1]
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID rgpvContext[], DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType, DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN)
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2)
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo)
BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1, PCRYPT_INTEGER_BLOB pInt2)
PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
static void dump_netscape_cert_type(const CERT_EXTENSION *ext)
BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores)
static BOOL find_matching_domain_component(const CERT_NAME_INFO *name, const WCHAR *component, size_t len)
static CertificateChainEngine * default_lm_engine
static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain **ppChain)
static void CRYPT_CheckPolicies(const CERT_POLICIES_INFO *policies, CERT_INFO *cert, DWORD *errorStatus)
static BOOL CRYPT_AddAlternateChainToChain(CertificateChain *chain, const CertificateChain *alternate)
static BOOL match_dns_to_subject_alt_name(const CERT_EXTENSION *ext, LPCWSTR server_name)
static CertificateChainEngine * get_chain_engine(HCERTCHAINENGINE handle, BOOL allow_default)
static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain, LPFILETIME pTime, HCERTSTORE hAdditionalStore, const CERT_CHAIN_PARA *pChainPara, DWORD chainFlags)
struct _CERT_CHAIN_PARA_NO_EXTRA_FIELDS CERT_CHAIN_PARA_NO_EXTRA_FIELDS
static void free_chain_engine(CertificateChainEngine *engine)
static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
#define CHAIN_QUALITY_HIGHEST
static void dump_policy_para(PCERT_CHAIN_POLICY_PARA para)
static void dump_extension(const CERT_EXTENSION *ext)
static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
void default_chain_engine_free(void)
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
static BOOL url_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
static BYTE msTestPubKey2[]
static void dump_basic_constraints(const CERT_EXTENSION *ext)
static void dump_key_usage(const CERT_EXTENSION *ext)
static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine, PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
#define IS_TRUST_ERROR_SET(TrustStatus, bits)
struct _CertificateChain CertificateChain
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
void WINAPI CertFreeCertificateChainEngine(HCERTCHAINENGINE hChainEngine)
static BOOL rfc822_attr_matches_excluded_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static void dump_enhanced_key_usage(const CERT_EXTENSION *ext)
struct _CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT
static BOOL dns_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL domain_name_matches(LPCWSTR constraint, LPCWSTR name)
BOOL WINAPI CertCreateCertificateChainEngine(PCERT_CHAIN_ENGINE_CONFIG pConfig, HCERTCHAINENGINE *phChainEngine)
static void dump_basic_constraints2(const CERT_EXTENSION *ext)
static void find_element_with_error(PCCERT_CHAIN_CONTEXT chain, DWORD error, LONG *iChain, LONG *iElement)
static CertificateChain * CRYPT_CopyChainToElement(CertificateChain *chain, DWORD iChain, DWORD iElement)
static BOOL CRYPT_IsValidNameConstraint(const CERT_NAME_CONSTRAINTS_INFO *info)
static void dump_alt_name(LPCSTR type, const CERT_EXTENSION *ext)
static void dump_ssl_extra_chain_policy_para(HTTPSPolicyCallbackData *sslPara)
static CERT_POLICIES_INFO * CRYPT_GetPolicies(PCCERT_CONTEXT cert)
static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static BOOL rfc822_attr_matches_permitted_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
#define DEFAULT_CYCLE_MODULUS
static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store, PCCERT_CONTEXT cert)
PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore(HCERTSTORE store, DWORD certEncodingType, DWORD findFlags, DWORD findType, const void *findPara, PCCERT_CHAIN_CONTEXT prevChainContext)
static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain, const CERT_CHAIN_PARA *pChainPara)
static void dump_usage_match(LPCSTR name, const CERT_USAGE_MATCH *usageMatch)
static BOOL CRYPT_IsCertVersionValid(PCCERT_CONTEXT cert)
static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
static LPCSTR debugstr_filetime(LPFILETIME pTime)
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
static BOOL CRYPT_CheckBasicConstraintsForCA(CertificateChainEngine *engine, PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
#define trace_cert_type_bit(bits, bit)
static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
static CertificateChain * CRYPT_BuildAlternateContextFromChain(CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain *chain)
static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
static CertificateChain * CRYPT_ChooseHighestQualityChain(CertificateChain *chain)
static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain(const CERT_CHAIN_CONTEXT *chain, DWORD i)
static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
static void CRYPT_CheckNameConstraints(const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus)
static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
static BOOL CRYPT_IsEmptyName(const CERT_NAME_BLOB *name)
#define trace_usage_bit(bits, bit)
static void dump_alt_name_entry(const CERT_ALT_NAME_ENTRY *entry)
static BOOL match_common_name(LPCWSTR server_name, const CERT_RDN_ATTR *nameAttr)
static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement(const CERT_SIMPLE_CHAIN *chain, DWORD iElement)
static LPCSTR filetime_to_str(const FILETIME *time)
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
static void CRYPT_CheckRootCert(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
static void dump_name_constraints(const CERT_EXTENSION *ext)
static CERT_NAME_CONSTRAINTS_INFO * CRYPT_GetNameConstraints(CERT_INFO *cert)
static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name, const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
static void dump_authenticode_extra_chain_policy_para(AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA *extraPara)
static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
static void CRYPT_AddStoresToCollection(HCERTSTORE collection, DWORD cStores, HCERTSTORE *stores)
static CertificateChainEngine * default_cu_engine
static BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
static void dump_general_subtree(const CERT_GENERAL_SUBTREE *subtree)
static void CRYPT_FreeChainContext(CertificateChain *chain)
static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static BYTE msTestPubKey1[]
struct _CertificateChainEngine CertificateChainEngine
static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine, HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len, LPCWSTR server_component, DWORD server_len, BOOL allow_wildcards, BOOL *see_wildcard)
static void compare_subject_with_email_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
static void dump_cert_policies(const CERT_EXTENSION *ext)
static void dump_chain_para(const CERT_CHAIN_PARA *pChainPara)
static void dump_element(PCCERT_CONTEXT cert)
static BOOL alt_name_matches_permitted_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine, HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags, PCERT_SIMPLE_CHAIN *ppChain)
BOOL(WINAPI * CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, const CERT_CONTEXT *cert, HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
VOID WINAPI CryptMemFree(LPVOID pv)
static WCHAR issuer[MAX_STRING_RESOURCE_LEN]
HCRYPTOIDFUNCSET WINAPI CryptInitOIDFunctionSet(LPCSTR pszFuncName, DWORD dwFlags)
BOOL WINAPI CryptGetOIDFunctionAddress(HCRYPTOIDFUNCSET hFuncSet, DWORD dwEncodingType, LPCSTR pszOID, DWORD dwFlags, void **ppvFuncAddr, HCRYPTOIDFUNCADDR *phFuncAddr)
BOOL WINAPI CryptFreeOIDFunctionAddress(HCRYPTOIDFUNCADDR hFuncAddr, DWORD dwFlags)
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
HCERTSTORE WINAPI CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubSystemProtocol)
DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, void *type_para, LPWSTR name_string, DWORD name_len)
const char * wine_dbg_sprintf(const char *format,...)
#define WINE_DECLARE_DEBUG_CHANNEL(x)
static const WCHAR *const ext[]
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
INT WINAPI GetLocaleInfoA(LCID lcid, LCTYPE lctype, LPSTR buffer, INT len)
int WINAPI lstrcmpiW(LPCWSTR str1, LPCWSTR str2)
_ACRTIMP int __cdecl memcmp(const void *, const void *, size_t)
_ACRTIMP int __cdecl strcmp(const char *, const char *)
static wchar_t * wmemchr(const wchar_t *s, wchar_t c, size_t n)
#define check(expected, result)
GLuint GLuint GLsizei GLenum type
GLenum GLuint GLenum GLsizei const GLchar * buf
GLenum const GLvoid * addr
GLsizeiptr const GLvoid GLenum usage
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
HLOCAL NTAPI LocalFree(HLOCAL hMem)
#define InterlockedCompareExchangePointer
#define memcpy(s1, s2, n)
static BYTE subjectName[]
static LPCWSTR LPVOID pvReserved
static ICollection collection
_In_ LPWSTR _In_ DWORD _In_ DWORD _In_ DWORD dwFlags
#define LOCALE_SYSTEM_DEFAULT
CRYPT_DATA_BLOB IPAddress
CERT_NAME_BLOB DirectoryName
PCERT_ALT_NAME_ENTRY rgAltEntry
DWORD dwPathLenConstraint
PCERT_SIMPLE_CHAIN * rgpChain
DWORD cLowerQualityChainContext
CERT_TRUST_STATUS TrustStatus
PCCERT_CHAIN_CONTEXT * rgpLowerQualityChainContext
PCCERT_CONTEXT pCertContext
CERT_TRUST_STATUS TrustStatus
DWORD MaximumCachedCertificates
DWORD CycleDetectionModulus
HCERTSTORE hRestrictedTrust
HCERTSTORE * rghAdditionalStore
HCERTSTORE hRestrictedOther
HCERTSTORE hRestrictedRoot
DWORD dwUrlRetrievalTimeout
HCERTSTORE hRestrictedRoot
CERT_USAGE_MATCH RequestedUsage
PCERT_EXTENSION rgExtension
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm
PCERT_GENERAL_SUBTREE rgPermittedSubtree
PCERT_GENERAL_SUBTREE rgExcludedSubtree
CERT_POLICY_INFO * rgPolicyInfo
CERT_POLICY_QUALIFIER_INFO * rgPolicyQualifier
LPSTR pszPolicyIdentifier
CERT_RDN_VALUE_BLOB Value
PCCERT_CONTEXT pIssuerCert
CERT_TRUST_STATUS TrustStatus
PCERT_CHAIN_ELEMENT * rgpElement
LPSTR * rgpszUsageIdentifier
DWORD MaximumCachedCertificates
DWORD dwUrlRetrievalTimeout
DWORD CycleDetectionModulus
CERT_CHAIN_CONTEXT context
DWORD WINAPI GetLastError(void)
struct _CERT_CHAIN_ELEMENT CERT_CHAIN_ELEMENT
#define CERT_FIND_CERT_ID
#define CERT_CHAIN_POLICY_MICROSOFT_ROOT
#define X509_AUTHORITY_KEY_ID2
#define szOID_AUTHORITY_KEY_IDENTIFIER
#define CERT_ID_ISSUER_SERIAL_NUMBER
#define CONTEXT_OID_CERTIFICATE
#define USAGE_MATCH_TYPE_AND
struct _CERT_SIMPLE_CHAIN CERT_SIMPLE_CHAIN
#define CERT_KEY_ENCIPHERMENT_KEY_USAGE
#define CERT_CHAIN_POLICY_BASE
#define CRYPT_DECODE_NOCOPY_FLAG
#define CERT_KEY_IDENTIFIER_PROP_ID
#define NETSCAPE_SSL_CA_CERT_TYPE
#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS
#define CERT_NON_REPUDIATION_KEY_USAGE
const CERT_CHAIN_CONTEXT * PCCERT_CHAIN_CONTEXT
#define URL_OID_CERTIFICATE_ISSUER
#define CERT_TRUST_IS_REVOKED
#define X509_UNICODE_NAME
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS
#define CERT_NAME_SIMPLE_DISPLAY_TYPE
#define CERT_STORE_PROV_COLLECTION
#define HCCE_CURRENT_USER
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN
#define CERT_ALT_NAME_URL
#define NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE
#define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS
#define szOID_BASIC_CONSTRAINTS2
#define CERT_ALT_NAME_DIRECTORY_NAME
#define CERT_TRUST_IS_CYCLIC
#define NETSCAPE_SIGN_CERT_TYPE
#define CERT_CHAIN_REVOCATION_CHECK_END_CERT
#define CERT_ID_KEY_IDENTIFIER
#define CERT_ALT_NAME_IP_ADDRESS
#define szOID_NAME_CONSTRAINTS
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
#define CERT_STORE_CREATE_NEW_FLAG
#define NETSCAPE_SIGN_CA_CERT_TYPE
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
#define CERT_TRUST_INVALID_EXTENSION
#define szOID_ISSUER_ALT_NAME2
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
#define CERT_ALT_NAME_RFC822_NAME
#define CERT_ALT_NAME_OTHER_NAME
#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER
#define CERT_CRL_SIGN_KEY_USAGE
#define HCCE_LOCAL_MACHINE
#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
#define CERT_DIGITAL_SIGNATURE_KEY_USAGE
#define CERT_TRUST_IS_NOT_TIME_NESTED
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
#define X509_ASN_ENCODING
#define szOID_ANY_CERT_POLICY
#define szOID_BASIC_CONSTRAINTS
#define CERT_CHAIN_POLICY_AUTHENTICODE
#define CRYPT_AIA_RETRIEVAL
#define CERT_TRUST_IS_SELF_SIGNED
#define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT
#define CRYPT_DECODE_ALLOC_FLAG
#define CERT_STORE_PROV_MEMORY
#define CERT_TRUST_IS_OFFLINE_REVOCATION
#define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
#define CERT_TRUST_HAS_KEY_MATCH_ISSUER
#define X509_AUTHORITY_KEY_ID
#define CERT_ENCIPHER_ONLY_KEY_USAGE
#define CERT_SIMPLE_NAME_STR
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
#define szOID_RSA_emailAddr
#define NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE
#define X509_CERT_POLICIES
#define CERT_CA_SUBJECT_FLAG
#define szOID_NETSCAPE_CERT_TYPE
#define CERT_DECIPHER_ONLY_KEY_USAGE
#define CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG
#define NETSCAPE_SMIME_CERT_TYPE
struct _CERT_CHAIN_CONTEXT CERT_CHAIN_CONTEXT
#define CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG
#define szOID_SUBJECT_ALT_NAME
#define szOID_CERT_POLICIES
#define CERT_SYSTEM_STORE_LOCAL_MACHINE
#define CERT_CHAIN_POLICY_SSL
#define CERT_ALT_NAME_DNS_NAME
#define szOID_ENHANCED_KEY_USAGE
#define CERT_STORE_ADD_NEW
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
#define szOID_SUBJECT_ALT_NAME2
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
#define CERT_HASH_PROP_ID
#define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
#define CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG
#define CERT_NAME_ISSUER_FLAG
#define CERT_CONTEXT_REVOCATION_TYPE
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER
#define CERT_STORE_PROV_SYSTEM_W
#define CERT_FIND_SUBJECT_NAME
#define CERT_FIND_SHA1_HASH
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC
#define CERT_TRUST_IS_PARTIAL_CHAIN
#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
#define CERT_KEY_AGREEMENT_KEY_USAGE
#define CERT_SYSTEM_STORE_CURRENT_USER
#define X509_ALTERNATE_NAME
#define szOID_AUTHORITY_KEY_IDENTIFIER2
#define szOID_COMMON_NAME
#define PKCS_7_ASN_ENCODING
#define NETSCAPE_SMIME_CA_CERT_TYPE
#define X509_NAME_CONSTRAINTS
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
#define CERT_KEY_CERT_SIGN_KEY_USAGE
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
#define szOID_DOMAIN_COMPONENT
#define CERT_DATA_ENCIPHERMENT_KEY_USAGE
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
struct _CERT_CHAIN_CONTEXT * PCERT_CHAIN_CONTEXT
#define CERT_VERIFY_REV_CHAIN_FLAG
struct _CERT_BASIC_CONSTRAINTS2_INFO CERT_BASIC_CONSTRAINTS2_INFO
#define CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG
#define CERT_ALT_NAME_REGISTERED_ID
#define X509_ENHANCED_KEY_USAGE
#define CRYPT_CACHE_ONLY_RETRIEVAL
#define CERT_TRUST_IS_UNTRUSTED_ROOT
#define CERT_TRUST_IS_NOT_TIME_VALID
#define szOID_ISSUER_ALT_NAME
#define CERT_E_REVOCATION_FAILURE
#define CERT_E_UNTRUSTEDROOT
#define CERT_E_UNTRUSTEDTESTROOT
#define CRYPT_E_NO_REVOCATION_DLL
#define CRYPT_E_NOT_IN_REVOCATION_DATABASE
#define CERT_E_WRONG_USAGE
#define TRUST_E_CERT_SIGNATURE
#define TRUST_E_BASIC_CONSTRAINTS
#define CRYPT_E_NO_REVOCATION_CHECK
#define CERT_E_CN_NO_MATCH
#define CRYPT_E_REVOCATION_OFFLINE
#define ERROR_INVALID_DATA
#define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
#define SECURITY_FLAG_IGNORE_UNKNOWN_CA
#define SECURITY_FLAG_IGNORE_CERT_CN_INVALID
#define SECURITY_FLAG_IGNORE_WRONG_USAGE
#define SECURITY_FLAG_IGNORE_REVOCATION
#define LOCALE_SSHORTDATE