20 #define NONAMELESSUNION 23 #define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS 24 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS 28 #include "wine/unicode.h" 34 #define DEFAULT_CYCLE_MODULUS 7 57 for (
i = 0;
i < cStores;
i++)
65 for (
i = 0;
i < cStores;
i++)
120 static const WCHAR caW[] = {
'C',
'A',0 };
121 static const WCHAR myW[] = {
'M',
'y',0 };
122 static const WCHAR trustW[] = {
'T',
'r',
'u',
's',
't',0 };
127 else if (
config->hRestrictedRoot)
156 if(
config->CycleDetectionModulus)
251 TRACE(
"(%p)\n", hChainEngine);
275 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
285 if (
info->AuthorityCertIssuer.cAltEntry &&
286 info->AuthorityCertSerialNumber.cbData)
291 for (
i = 0; !directoryName &&
292 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
293 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
296 &
info->AuthorityCertIssuer.rgAltEntry[
i];
305 FIXME(
"no supported name type in authority key id2\n");
309 else if (
info->KeyId.cbData)
330 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension)))
340 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
346 else if (
info->KeyId.cbData)
385 DWORD i,
j, cyclicCertIndex = 0;
388 for (
i = 0; !cyclicCertIndex &&
i <
chain->cElement;
i++)
389 for (
j =
i + 1; !cyclicCertIndex &&
j <
chain->cElement;
j++)
391 chain->rgpElement[
i]->pCertContext->pCertInfo,
392 chain->rgpElement[
j]->pCertContext->pCertInfo))
396 chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
399 for (
i = cyclicCertIndex + 1;
i <
chain->cElement;
i++)
402 chain->cElement = cyclicCertIndex + 1;
410 return chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwErrorStatus
435 if (!
chain->cElement)
440 if (
chain->rgpElement)
446 if (
chain->cElement > 1)
447 chain->rgpElement[
chain->cElement - 2]->TrustStatus.dwInfoStatus
472 for (
i = 0;
i <
chain->cElement;
i++)
500 TRACE_(
chain)(
"Last certificate's signature is invalid\n");
518 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
531 if (
info->SubjectType.cbData == 1)
540 cert->pCertInfo->cExtension,
cert->pCertInfo->rgExtension);
550 constraints->
fCA = defaultIfNotSpecified;
582 DWORD remainingCAs,
BOOL isRoot,
BOOL *pathLengthConstraintViolated)
584 BOOL validBasicConstraints, implicitCA =
FALSE;
611 &constraints, implicitCA)))
613 chainConstraints->
fCA = constraints.
fCA;
614 if (!constraints.
fCA)
616 TRACE_(
chain)(
"chain element %d can't be a CA\n", remainingCAs + 1);
617 validBasicConstraints =
FALSE;
628 TRACE_(
chain)(
"setting path length constraint to %d\n",
639 TRACE_(
chain)(
"remaining CAs %d exceed max path length %d\n",
641 validBasicConstraints =
FALSE;
642 *pathLengthConstraintViolated =
TRUE;
644 return validBasicConstraints;
665 if (constraint[0] ==
'.')
683 DWORD *trustErrorStatus)
697 WCHAR hostname_buf[255];
708 if (colon && *(colon + 1) ==
'/' && *(colon + 2) ==
'/')
723 for (colon = authority_end; colon >=
name && *colon !=
':' &&
724 *colon !=
'@'; colon--)
727 authority_end = colon;
738 hostname_buf[authority_end -
name] = 0;
752 DWORD *trustErrorStatus)
763 else if (
strchrW(constraint,
'@'))
776 DWORD *trustErrorStatus)
833 else if (
name->cbData ==
sizeof(
DWORD) &&
846 else if (
name->cbData == 16 && constraint->
cbData == 32)
851 subnet = constraint->
pbData;
899 name->u.pwszURL, trustErrorStatus);
903 name->u.pwszURL, trustErrorStatus);
907 name->u.pwszURL, trustErrorStatus);
911 &
name->u.IPAddress, trustErrorStatus);
915 &
name->u.DirectoryName);
918 ERR(
"name choice %d unsupported in this context\n",
960 cert->cExtension,
cert->rgExtension);
963 cert->cExtension,
cert->rgExtension);
976 &subjectAltName, &
size))
982 BOOL nameFormPresent;
994 TRACE_(
chain)(
"subject alternate name form %d excluded\n",
999 nameFormPresent =
FALSE;
1002 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1004 TRACE_(
chain)(
"subject alternate name form %d not permitted\n",
1006 *trustErrorStatus |=
1013 *trustErrorStatus |=
1070 for (
i = 0;
i <
name->cRDN;
i++)
1071 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
1075 BOOL nameFormPresent;
1084 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1088 "email address in subject name is excluded\n");
1089 *trustErrorStatus |=
1092 nameFormPresent =
FALSE;
1094 &
name->rgRDN[
i].rgRDNAttr[
j], nameConstraints,
1095 trustErrorStatus, &nameFormPresent) && nameFormPresent)
1098 "email address in subject name is not permitted\n");
1099 *trustErrorStatus |=
1106 *trustErrorStatus |=
1116 else if (
name->cbData == 2 &&
name->pbData[1] == 0)
1144 hasEmailConstraint =
TRUE;
1149 hasEmailConstraint =
TRUE;
1150 if (hasEmailConstraint)
1162 *trustErrorStatus |=
1183 hasDirectoryConstraint =
TRUE;
1188 if (hasDirectoryConstraint && !
match)
1198 DWORD *trustErrorStatus)
1222 cert->rgExtension)))
1227 ext->Value.pbData,
ext->Value.cbData,
1245 if (!
info->cPermittedSubtree && !
info->cExcludedSubtree)
1247 WARN_(
chain)(
"constraints contain no permitted nor excluded subtree\n");
1262 for (
i = 0;
ret &&
i <
info->cPermittedSubtree;
i++)
1263 if (
info->rgPermittedSubtree[
i].dwMinimum ||
1264 info->rgPermittedSubtree[
i].fMaximum)
1266 TRACE_(
chain)(
"found a minimum or maximum in permitted subtrees\n");
1269 for (
i = 0;
ret &&
i <
info->cExcludedSubtree;
i++)
1270 if (
info->rgExcludedSubtree[
i].dwMinimum ||
1271 info->rgExcludedSubtree[
i].fMaximum)
1273 TRACE_(
chain)(
"found a minimum or maximum in excluded subtrees\n");
1295 for (
i =
chain->cElement - 1;
i > 0;
i--)
1300 chain->rgpElement[
i]->pCertContext->pCertInfo)))
1303 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1307 for (
j =
i - 1;
j >= 0;
j--)
1309 DWORD errorStatus = 0;
1315 chain->rgpElement[
j]->pCertContext))
1318 chain->rgpElement[
j]->pCertContext->pCertInfo,
1322 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1325 &
chain->rgpElement[
i]->TrustStatus);
1328 chain->rgpElement[
i]->TrustStatus.dwInfoStatus |=
1345 cert->pCertInfo->rgExtension);
1374 FIXME(
"unsupported policy %s\n",
1385 for (
i =
chain->cElement - 1;
i > 0;
i--)
1391 for (
j =
i - 1;
j >= 0;
j--)
1393 DWORD errorStatus = 0;
1396 chain->rgpElement[
j]->pCertContext->pCertInfo, &errorStatus);
1399 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1402 &
chain->rgpElement[
i]->TrustStatus);
1430 switch (
entry->dwAltNameChoice)
1433 TRACE_(
chain)(
"CERT_ALT_NAME_OTHER_NAME, oid = %s\n",
1453 TRACE_(
chain)(
"CERT_ALT_NAME_IP_ADDRESS: %d bytes\n",
1454 entry->u.IPAddress.cbData);
1457 TRACE_(
chain)(
"CERT_ALT_NAME_REGISTERED_ID: %s\n",
1472 ext->Value.pbData,
ext->Value.cbData,
1478 for (
i = 0;
i <
name->cAltEntry;
i++)
1495 info->fPathLenConstraint ?
"has" :
"doesn't have");
1526 #define trace_usage_bit(bits, bit) \ 1527 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit) 1539 #undef trace_usage_bit 1548 TRACE_(
chain)(
"dwMinimum = %d, fMaximum = %d, dwMaximum = %d\n",
1558 ext->Value.pbData,
ext->Value.cbData,
1597 pszPolicyQualifierId));
1615 for (
i = 0;
i <
usage->cUsageIdentifier;
i++)
1629 #define trace_cert_type_bit(bits, bit) \ 1630 if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit) 1643 #undef trace_cert_type_bit 1650 ext->fCritical ?
"" :
"not ");
1681 if (!
time)
return "(null)";
1719 for (
i = 0;
i <
cert->pCertInfo->cExtension;
i++)
1731 cert->pCertInfo->rgExtension);
1742 else if (
usage.cbData > 2)
1782 WARN_(
chain)(
"keyCertSign not asserted on a CA cert\n");
1793 WARN_(
chain)(
"keyCertSign asserted on a non-CA cert\n");
1807 for (
i = 0;
ret &&
i <
cert->pCertInfo->cExtension;
i++)
1809 if (
cert->pCertInfo->rgExtension[
i].fCritical)
1811 LPCSTR oid =
cert->pCertInfo->rgExtension[
i].pszObjId;
1831 FIXME(
"unsupported critical extension %s\n",
1845 switch (
cert->pCertInfo->dwVersion)
1853 if (
cert->pCertInfo->IssuerUniqueId.cbData ||
1854 cert->pCertInfo->SubjectUniqueId.cbData)
1859 if (
cert->pCertInfo->cExtension)
1866 if (
cert->pCertInfo->cExtension)
1873 WARN_(
chain)(
"invalid cert version %d\n",
cert->pCertInfo->dwVersion);
1884 BOOL pathLengthConstraintViolated =
FALSE;
1888 TRACE_(
chain)(
"checking chain with %d elements for time %s\n",
1890 for (
i =
chain->cElement - 1;
i >= 0;
i--)
1896 if (
i ==
chain->cElement - 1)
1898 chain->rgpElement[
i]->pCertContext);
1906 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1910 chain->rgpElement[
i]->pCertContext->pCertInfo) != 0)
1911 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1918 (
void *)
chain->rgpElement[
i - 1]->pCertContext,
1920 (
void *)
chain->rgpElement[
i]->pCertContext, 0,
NULL))
1921 chain->rgpElement[
i - 1]->TrustStatus.dwErrorStatus |=
1926 if (pathLengthConstraintViolated)
1927 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1930 chain->rgpElement[
i]->pCertContext, &constraints,
i - 1, isRoot,
1931 &pathLengthConstraintViolated))
1932 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1945 chain->rgpElement[
i]->pCertContext, &constraints,
FALSE))
1946 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1950 isRoot, constraints.
fCA,
i))
1951 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1958 pathLengthConstraintViolated =
TRUE;
1959 chain->TrustStatus.dwErrorStatus |=
1965 chain->rgpElement[
i]->pCertContext))
1966 chain->rgpElement[
i]->TrustStatus.dwErrorStatus |=
1970 &
chain->rgpElement[
i]->TrustStatus);
2079 if (
info->CertIssuer.cbData &&
info->CertSerialNumber.cbData)
2082 memcpy(&
id.
u.IssuerSerialNumber.Issuer, &
info->CertIssuer,
2084 memcpy(&
id.
u.IssuerSerialNumber.SerialNumber,
2090 TRACE_(
chain)(
"issuer found by issuer/serial number\n");
2094 else if (
info->KeyId.cbData)
2123 if (
info->AuthorityCertIssuer.cAltEntry &&
2124 info->AuthorityCertSerialNumber.cbData)
2129 for (
i = 0; !directoryName &&
2130 i <
info->AuthorityCertIssuer.cAltEntry;
i++)
2131 if (
info->AuthorityCertIssuer.rgAltEntry[
i].dwAltNameChoice
2134 &
info->AuthorityCertIssuer.rgAltEntry[
i];
2138 memcpy(&
id.
u.IssuerSerialNumber.Issuer,
2140 memcpy(&
id.
u.IssuerSerialNumber.SerialNumber,
2141 &
info->AuthorityCertSerialNumber,
2147 TRACE_(
chain)(
"issuer found by directory name\n");
2152 FIXME(
"no supported name type in authority key id2\n");
2154 else if (
info->KeyId.cbData)
2191 &
chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2196 chain->rgpElement[
chain->cElement - 1]->TrustStatus.dwInfoStatus);
2205 TRACE_(
chain)(
"Couldn't find issuer, halting chain creation\n");
2274 chain->world = world;
2277 chain->context.cChain = 1;
2279 chain->context.rgpChain[0] = simpleChain;
2280 chain->context.cLowerQualityChainContext = 0;
2281 chain->context.rgpLowerQualityChainContext =
NULL;
2282 chain->context.fHasRevocationFreshnessTime =
FALSE;
2283 chain->context.dwRevocationFreshnessTime = 0;
2307 if (
copy->rgpElement)
2314 for (
i = 0;
ret &&
i <= iElement;
i++)
2323 chain->rgpElement[
i]->pCertContext);
2335 for (
i = 0;
i <= iElement;
i++)
2355 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2358 chain->context.cLowerQualityChainContext = 0;
2359 chain->context.rgpLowerQualityChainContext =
NULL;
2367 for (
i = 0;
i <
chain->context.cChain;
i++)
2391 copy->context.cLowerQualityChainContext = 0;
2392 copy->context.rgpLowerQualityChainContext =
NULL;
2393 copy->context.fHasRevocationFreshnessTime =
FALSE;
2394 copy->context.dwRevocationFreshnessTime = 0;
2397 if (
copy->context.rgpChain)
2406 for (
i = 0;
ret && iChain &&
i < iChain - 1;
i++)
2408 copy->context.rgpChain[
i] =
2410 chain->context.rgpChain[
i]->cElement - 1);
2411 if (!
copy->context.rgpChain[
i])
2419 copy->context.rgpChain[
i] =
2422 if (!
copy->context.rgpChain[
i])
2431 copy->context.cChain = iChain + 1;
2454 if (
chain->context.cLowerQualityChainContext)
2456 chain->context.cLowerQualityChainContext - 1];
2458 if (
chain->context.cChain <= 1 &&
chain->context.rgpChain[0]->cElement <= 1)
2466 for (
i = 0; !alternateIssuer &&
i <
chain->context.cChain;
i++)
2467 for (
j = 0; !alternateIssuer &&
2468 j <
chain->context.rgpChain[
i]->cElement - 1;
j++)
2471 chain->context.rgpChain[
i]->rgpElement[
j]->pCertContext;
2473 chain->context.rgpChain[
i]->rgpElement[
j + 1]->pCertContext);
2476 subject, prevIssuer,
flags, &infoStatus);
2478 if (alternateIssuer)
2510 TRACE(
"%p\n", alternate);
2514 #define CHAIN_QUALITY_SIGNATURE_VALID 0x16 2515 #define CHAIN_QUALITY_TIME_VALID 8 2516 #define CHAIN_QUALITY_COMPLETE_CHAIN 4 2517 #define CHAIN_QUALITY_BASIC_CONSTRAINTS 2 2518 #define CHAIN_QUALITY_TRUSTED_ROOT 1 2520 #define CHAIN_QUALITY_HIGHEST \ 2521 CHAIN_QUALITY_SIGNATURE_VALID | CHAIN_QUALITY_TIME_VALID | \ 2522 CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \ 2523 CHAIN_QUALITY_TRUSTED_ROOT 2525 #define IS_TRUST_ERROR_SET(TrustStatus, bits) \ 2526 (TrustStatus)->dwErrorStatus & (bits) 2565 for (
i = 0;
i <
chain->context.cLowerQualityChainContext;
i++)
2573 chain->context.cLowerQualityChainContext;
2575 chain->context.rgpLowerQualityChainContext;
2578 chain->context.cLowerQualityChainContext = 0;
2579 chain->context.rgpLowerQualityChainContext =
NULL;
2591 if (
chain->context.cLowerQualityChainContext)
2592 chain->context.rgpLowerQualityChainContext =
2594 (
chain->context.cLowerQualityChainContext + 1) *
2597 chain->context.rgpLowerQualityChainContext =
2599 if (
chain->context.rgpLowerQualityChainContext)
2601 chain->context.rgpLowerQualityChainContext[
2602 chain->context.cLowerQualityChainContext++] =
2619 if (iElement +
chain->rgpChain[
j]->cElement <
i)
2620 iElement +=
chain->rgpChain[
j]->cElement;
2645 for (
i = 0, cContext = 0;
i <
chain->cChain;
i++)
2647 if (i < chain->cChain - 1 ||
2649 cContext +=
chain->rgpChain[
i]->cElement;
2651 cContext +=
chain->rgpChain[
i]->cElement - 1;
2658 DWORD i,
j, iContext, revocationFlags;
2661 {
sizeof(revocationStatus), 0 };
2678 revocationPara.dwUrlRetrievalTimeout =
2680 revocationPara.fCheckFreshnessTime =
2682 revocationPara.dwFreshnessTime =
2685 for (
i = 0, iContext = 0; iContext < cContext &&
i <
chain->cChain;
i++)
2687 for (
j = 0; iContext < cContext &&
2688 j <
chain->rgpChain[
i]->cElement;
j++, iContext++)
2691 chain->rgpChain[
i]->rgpElement[
j]->pCertContext;
2693 if (j < chain->rgpChain[
i]->cElement - 1)
2695 chain->rgpChain[
i]->rgpElement[
j + 1]->pCertContext;
2700 revocationFlags, &revocationPara, &revocationStatus);
2712 switch (revocationStatus.
dwError)
2730 WARN(
"unmapped error %08x\n", revocationStatus.
dwError);
2749 pChainPara->RequestedUsage.Usage.cUsageIdentifier)
2756 endCert =
chain->rgpChain[0]->rgpElement[0]->pCertContext;
2791 validForUsage =
TRUE;
2792 for (
i = 0; validForUsage &&
2801 validForUsage =
FALSE;
2809 validForUsage =
FALSE;
2810 for (
i = 0; !validForUsage &&
2813 for (
j = 0; !validForUsage &&
2814 j <
usage->cUsageIdentifier;
j++)
2823 validForUsage =
FALSE;
2835 TRACE_(
chain)(
"requested usage from certificate with no usages\n");
2836 validForUsage =
TRUE;
2840 chain->TrustStatus.dwErrorStatus |=
2842 chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |=
2847 pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier)
2848 FIXME(
"unimplemented for RequestedIssuancePolicy\n");
2888 TRACE(
"(%p, %p, %s, %p, %p, %08x, %p, %p)\n", hChainEngine,
pCertContext,
2929 }
while (
ret && alternate);
2953 TRACE(
"(%p)\n", pChainContext);
2957 return pChainContext;
2964 TRACE(
"(%p)\n", pChainContext);
2977 FIXME(
"(%p, %08x, %08x, %d, %p, %p): stub\n", store, certEncodingType,
2978 findFlags, findType, findPara, prevChainContext);
2987 for (
i = 0;
i <
chain->cChain;
i++)
2988 for (
j = 0;
j <
chain->rgpChain[
i]->cElement;
j++)
2989 if (
chain->rgpChain[
i]->rgpElement[
j]->TrustStatus.dwErrorStatus &
3005 checks = pPolicyPara->
dwFlags;
3024 if (!pPolicyStatus->
dwError &&
3033 if (!pPolicyStatus->
dwError &&
3041 if (!pPolicyStatus->
dwError &&
3051 if (!pPolicyStatus->
dwError &&
3065 0x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
3066 0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
3067 0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
3068 0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
3069 0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
3071 0x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
3072 0xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
3073 0x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
3074 0x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
3075 0xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
3122 isMSTestRoot =
TRUE;
3162 ext->Value.pbData,
ext->Value.cbData,
3182 if (
subjectName->rgAltEntry[
i].u.pwszDNSName[0] ==
'*')
3199 if (server_name_dot)
3223 for (
j = 0;
j <
name->rgRDN[
i].cRDNAttr;
j++)
3225 name->rgRDN[
i].rgRDNAttr[
j].pszObjId))
3245 LPCWSTR allowed_ptr, server_ptr;
3248 *see_wildcard =
FALSE;
3250 if (server_len < allowed_len)
3252 WARN_(
chain)(
"domain component %s too short for %s\n",
3260 for (allowed_ptr = allowed_component, server_ptr = server_component;
3261 matches && allowed_ptr - allowed_component < allowed_len;
3262 allowed_ptr++, server_ptr++)
3264 if (*allowed_ptr ==
'*')
3266 if (allowed_ptr - allowed_component < allowed_len - 1)
3268 WARN_(
chain)(
"non-wildcard characters after wildcard not supported\n");
3271 else if (!allow_wildcards)
3273 WARN_(
chain)(
"wildcard after non-wildcard component\n");
3281 *see_wildcard =
TRUE;
3288 if (
matches && server_ptr - server_component < server_len)
3293 matches = *allowed_ptr ==
'*';
3301 LPCWSTR allowed_component = allowed;
3313 while (allowed_len && allowed_component[allowed_len - 1] == 0)
3333 LPCWSTR allowed_dot, server_dot;
3335 allowed_dot =
memchrW(allowed_component,
'.',
3336 allowed_len - (allowed_component - allowed));
3337 server_dot =
memchrW(server_component,
'.',
3340 if ((!allowed_dot && server_dot) || (allowed_dot && !server_dot))
3343 WARN_(
chain)(
"%s: too many components for CN=%s\n",
3346 WARN_(
chain)(
"%s: not enough components for CN=%s\n",
3352 LPCWSTR allowed_end, server_end;
3355 allowed_end = allowed_dot ? allowed_dot : allowed + allowed_len;
3356 server_end = server_dot ? server_dot :
server_name + server_len;
3358 allowed_end - allowed_component, server_component,
3359 server_end - server_component, allow_wildcards, &has_wildcard);
3364 allow_wildcards =
FALSE;
3367 allowed_component = allowed_dot ? allowed_dot + 1 : allowed_end;
3368 server_component = server_dot ? server_dot + 1 : server_end;
3371 }
while (
matches && allowed_component &&
3372 allowed_component - allowed < allowed_len &&
3373 server_component && server_component -
server_name < server_len);
3386 cert->pCertInfo->Subject.pbData,
cert->pCertInfo->Subject.cbData,
3400 WCHAR component[255];
3407 WARN_(
chain)(
"domain component %s too long\n",
3417 ptr = dot ? dot + 1 :
end;
3546 if (!pPolicyStatus->
dwError && pPolicyPara &&
3590 0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xdf,0x08,0xba,0xe3,0x3f,0x6e,
3591 0x64,0x9b,0xf5,0x89,0xaf,0x28,0x96,0x4a,0x07,0x8f,0x1b,0x2e,0x8b,0x3e,0x1d,
3592 0xfc,0xb8,0x80,0x69,0xa3,0xa1,0xce,0xdb,0xdf,0xb0,0x8e,0x6c,0x89,0x76,0x29,
3593 0x4f,0xca,0x60,0x35,0x39,0xad,0x72,0x32,0xe0,0x0b,0xae,0x29,0x3d,0x4c,0x16,
3594 0xd9,0x4b,0x3c,0x9d,0xda,0xc5,0xd3,0xd1,0x09,0xc9,0x2c,0x6f,0xa6,0xc2,0x60,
3595 0x53,0x45,0xdd,0x4b,0xd1,0x55,0xcd,0x03,0x1c,0xd2,0x59,0x56,0x24,0xf3,0xe5,
3596 0x78,0xd8,0x07,0xcc,0xd8,0xb3,0x1f,0x90,0x3f,0xc0,0x1a,0x71,0x50,0x1d,0x2d,
3597 0xa7,0x12,0x08,0x6d,0x7c,0xb0,0x86,0x6c,0xc7,0xba,0x85,0x32,0x07,0xe1,0x61,
3598 0x6f,0xaf,0x03,0xc5,0x6d,0xe5,0xd6,0xa1,0x8f,0x36,0xf6,0xc1,0x0b,0xd1,0x3e,
3599 0x69,0x97,0x48,0x72,0xc9,0x7f,0xa4,0xc8,0xc2,0x4a,0x4c,0x7e,0xa1,0xd1,0x94,
3600 0xa6,0xd7,0xdc,0xeb,0x05,0x46,0x2e,0xb8,0x18,0xb4,0x57,0x1d,0x86,0x49,0xdb,
3601 0x69,0x4a,0x2c,0x21,0xf5,0x5e,0x0f,0x54,0x2d,0x5a,0x43,0xa9,0x7a,0x7e,0x6a,
3602 0x8e,0x50,0x4d,0x25,0x57,0xa1,0xbf,0x1b,0x15,0x05,0x43,0x7b,0x2c,0x05,0x8d,
3603 0xbd,0x3d,0x03,0x8c,0x93,0x22,0x7d,0x63,0xea,0x0a,0x57,0x05,0x06,0x0a,0xdb,
3604 0x61,0x98,0x65,0x2d,0x47,0x49,0xa8,0xe7,0xe6,0x56,0x75,0x5c,0xb8,0x64,0x08,
3605 0x63,0xa9,0x30,0x40,0x66,0xb2,0xf9,0xb6,0xe3,0x34,0xe8,0x67,0x30,0xe1,0x43,
3606 0x0b,0x87,0xff,0xc9,0xbe,0x72,0x10,0x5e,0x23,0xf0,0x9b,0xa7,0x48,0x65,0xbf,
3607 0x09,0x88,0x7b,0xcd,0x72,0xbc,0x2e,0x79,0x9b,0x7b,0x02,0x03,0x01,0x00,0x01 };
3609 0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa9,0x02,0xbd,0xc1,0x70,0xe6,
3610 0x3b,0xf2,0x4e,0x1b,0x28,0x9f,0x97,0x78,0x5e,0x30,0xea,0xa2,0xa9,0x8d,0x25,
3611 0x5f,0xf8,0xfe,0x95,0x4c,0xa3,0xb7,0xfe,0x9d,0xa2,0x20,0x3e,0x7c,0x51,0xa2,
3612 0x9b,0xa2,0x8f,0x60,0x32,0x6b,0xd1,0x42,0x64,0x79,0xee,0xac,0x76,0xc9,0x54,
3613 0xda,0xf2,0xeb,0x9c,0x86,0x1c,0x8f,0x9f,0x84,0x66,0xb3,0xc5,0x6b,0x7a,0x62,
3614 0x23,0xd6,0x1d,0x3c,0xde,0x0f,0x01,0x92,0xe8,0x96,0xc4,0xbf,0x2d,0x66,0x9a,
3615 0x9a,0x68,0x26,0x99,0xd0,0x3a,0x2c,0xbf,0x0c,0xb5,0x58,0x26,0xc1,0x46,0xe7,
3616 0x0a,0x3e,0x38,0x96,0x2c,0xa9,0x28,0x39,0xa8,0xec,0x49,0x83,0x42,0xe3,0x84,
3617 0x0f,0xbb,0x9a,0x6c,0x55,0x61,0xac,0x82,0x7c,0xa1,0x60,0x2d,0x77,0x4c,0xe9,
3618 0x99,0xb4,0x64,0x3b,0x9a,0x50,0x1c,0x31,0x08,0x24,0x14,0x9f,0xa9,0xe7,0x91,
3619 0x2b,0x18,0xe6,0x3d,0x98,0x63,0x14,0x60,0x58,0x05,0x65,0x9f,0x1d,0x37,0x52,
3620 0x87,0xf7,0xa7,0xef,0x94,0x02,0xc6,0x1b,0xd3,0xbf,0x55,0x45,0xb3,0x89,0x80,
3621 0xbf,0x3a,0xec,0x54,0x94,0x4e,0xae,0xfd,0xa7,0x7a,0x6d,0x74,0x4e,0xaf,0x18,
3622 0xcc,0x96,0x09,0x28,0x21,0x00,0x57,0x90,0x60,0x69,0x37,0xbb,0x4b,0x12,0x07,
3623 0x3c,0x56,0xff,0x5b,0xfb,0xa4,0x66,0x0a,0x08,0xa6,0xd2,0x81,0x56,0x57,0xef,
3624 0xb6,0x3b,0x5e,0x16,0x81,0x77,0x04,0xda,0xf6,0xbe,0xae,0x80,0x95,0xfe,0xb0,
3625 0xcd,0x7f,0xd6,0xa7,0x1a,0x72,0x5c,0x3c,0xca,0xbc,0xf0,0x08,0xa3,0x22,0x30,
3626 0xb3,0x06,0x85,0xc9,0xb3,0x20,0x77,0x13,0x85,0xdf,0x02,0x03,0x01,0x00,0x01 };
3628 0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xf3,0x5d,0xfa,0x80,0x67,0xd4,
3629 0x5a,0xa7,0xa9,0x0c,0x2c,0x90,0x20,0xd0,0x35,0x08,0x3c,0x75,0x84,0xcd,0xb7,
3630 0x07,0x89,0x9c,0x89,0xda,0xde,0xce,0xc3,0x60,0xfa,0x91,0x68,0x5a,0x9e,0x94,
3631 0x71,0x29,0x18,0x76,0x7c,0xc2,0xe0,0xc8,0x25,0x76,0x94,0x0e,0x58,0xfa,0x04,
3632 0x34,0x36,0xe6,0xdf,0xaf,0xf7,0x80,0xba,0xe9,0x58,0x0b,0x2b,0x93,0xe5,0x9d,
3633 0x05,0xe3,0x77,0x22,0x91,0xf7,0x34,0x64,0x3c,0x22,0x91,0x1d,0x5e,0xe1,0x09,
3634 0x90,0xbc,0x14,0xfe,0xfc,0x75,0x58,0x19,0xe1,0x79,0xb7,0x07,0x92,0xa3,0xae,
3635 0x88,0x59,0x08,0xd8,0x9f,0x07,0xca,0x03,0x58,0xfc,0x68,0x29,0x6d,0x32,0xd7,
3636 0xd2,0xa8,0xcb,0x4b,0xfc,0xe1,0x0b,0x48,0x32,0x4f,0xe6,0xeb,0xb8,0xad,0x4f,
3637 0xe4,0x5c,0x6f,0x13,0x94,0x99,0xdb,0x95,0xd5,0x75,0xdb,0xa8,0x1a,0xb7,0x94,
3638 0x91,0xb4,0x77,0x5b,0xf5,0x48,0x0c,0x8f,0x6a,0x79,0x7d,0x14,0x70,0x04,0x7d,
3639 0x6d,0xaf,0x90,0xf5,0xda,0x70,0xd8,0x47,0xb7,0xbf,0x9b,0x2f,0x6c,0xe7,0x05,
3640 0xb7,0xe1,0x11,0x60,0xac,0x79,0x91,0x14,0x7c,0xc5,0xd6,0xa6,0xe4,0xe1,0x7e,
3641 0xd5,0xc3,0x7e,0xe5,0x92,0xd2,0x3c,0x00,0xb5,0x36,0x82,0xde,0x79,0xe1,0x6d,
3642 0xf3,0xb5,0x6e,0xf8,0x9f,0x33,0xc9,0xcb,0x52,0x7d,0x73,0x98,0x36,0xdb,0x8b,
3643 0xa1,0x6b,0xa2,0x95,0x97,0x9b,0xa3,0xde,0xc2,0x4d,0x26,0xff,0x06,0x96,0x67,
3644 0x25,0x06,0xc8,0xe7,0xac,0xe4,0xee,0x12,0x33,0x95,0x31,0x99,0xc8,0x35,0x08,
3645 0x4e,0x34,0xca,0x79,0x53,0xd5,0xb5,0xbe,0x63,0x32,0x59,0x40,0x36,0xc0,0xa5,
3646 0x4e,0x04,0x4d,0x3d,0xdb,0x5b,0x07,0x33,0xe4,0x58,0xbf,0xef,0x3f,0x53,0x64,
3647 0xd8,0x42,0x59,0x35,0x57,0xfd,0x0f,0x45,0x7c,0x24,0x04,0x4d,0x9e,0xd6,0x38,
3648 0x74,0x11,0x97,0x22,0x90,0xce,0x68,0x44,0x74,0x92,0x6f,0xd5,0x4b,0x6f,0xb0,
3649 0x86,0xe3,0xc7,0x36,0x42,0xa0,0xd0,0xfc,0xc1,0xc0,0x5a,0xf9,0xa3,0x61,0xb9,
3650 0x30,0x47,0x71,0x96,0x0a,0x16,0xb0,0x91,0xc0,0x42,0x95,0xef,0x10,0x7f,0x28,
3651 0x6a,0xe3,0x2a,0x1f,0xb1,0xe4,0xcd,0x03,0x3f,0x77,0x71,0x04,0xc7,0x20,0xfc,
3652 0x49,0x0f,0x1d,0x45,0x88,0xa4,0xd7,0xcb,0x7e,0x88,0xad,0x8e,0x2d,0xec,0x45,
3653 0xdb,0xc4,0x51,0x04,0xc9,0x2a,0xfc,0xec,0x86,0x9e,0x9a,0x11,0x97,0x5b,0xde,
3654 0xce,0x53,0x88,0xe6,0xe2,0xb7,0xfd,0xac,0x95,0xc2,0x28,0x40,0xdb,0xef,0x04,
3655 0x90,0xdf,0x81,0x33,0x39,0xd9,0xb2,0x45,0xa5,0x23,0x87,0x06,0xa5,0x55,0x89,
3656 0x31,0xbb,0x06,0x2d,0x60,0x0e,0x41,0x18,0x7d,0x1f,0x2e,0xb5,0x97,0xcb,0x11,
3657 0xeb,0x15,0xd5,0x24,0xa5,0x94,0xef,0x15,0x14,0x89,0xfd,0x4b,0x73,0xfa,0x32,
3658 0x5b,0xfc,0xd1,0x33,0x00,0xf9,0x59,0x62,0x70,0x07,0x32,0xea,0x2e,0xab,0x40,
3659 0x2d,0x7b,0xca,0xdd,0x21,0x67,0x1b,0x30,0x99,0x8f,0x16,0xaa,0x23,0xa8,0x41,
3660 0xd1,0xb0,0x6e,0x11,0x9b,0x36,0xc4,0xde,0x40,0x74,0x9c,0xe1,0x58,0x65,0xc1,
3661 0x60,0x1e,0x7a,0x5b,0x38,0xc8,0x8f,0xbb,0x04,0x26,0x7c,0xd4,0x16,0x40,0xe5,
3662 0xb6,0x6b,0x6c,0xaa,0x86,0xfd,0x00,0xbf,0xce,0xc1,0x35,0x02,0x03,0x01,0x00,
3693 &
root->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
3726 pPolicyPara, pPolicyStatus);
3732 switch (
LOWORD(szPolicyOID))
3750 FIXME(
"unimplemented for %d\n",
LOWORD(szPolicyOID));
3759 (
void **)&verifyPolicy, &hFunc);
3762 ret = verifyPolicy(szPolicyOID, pChainContext, pPolicyPara,
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
#define CHAIN_QUALITY_BASIC_CONSTRAINTS
static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain(const CERT_CHAIN_CONTEXT *chain, DWORD i)
static void CRYPT_FreeChainContext(CertificateChain *chain)
static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
#define CERT_NON_REPUDIATION_KEY_USAGE
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
static void CRYPT_CheckNameConstraints(const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus)
HCRYPTOIDFUNCSET WINAPI CryptInitOIDFunctionSet(LPCSTR pszFuncName, DWORD dwFlags)
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain **ppChain)
static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine, HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags, PCERT_SIMPLE_CHAIN *ppChain)
#define szOID_CERT_POLICIES
struct _CERT_CHAIN_CONTEXT CERT_CHAIN_CONTEXT
BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
#define CRYPT_E_REVOCATION_OFFLINE
#define SECURITY_FLAG_IGNORE_UNKNOWN_CA
#define CERT_CHAIN_REVOCATION_CHECK_END_CERT
struct _CertificateChainEngine CertificateChainEngine
#define CERT_TRUST_IS_NOT_TIME_VALID
#define CERT_E_UNTRUSTEDROOT
struct _CertificateChain CertificateChain
CERT_NAME_BLOB DirectoryName
#define CRYPT_CACHE_ONLY_RETRIEVAL
static BOOL find_matching_domain_component(const CERT_NAME_INFO *name, LPCWSTR component)
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
WINE_UNICODE_INLINE unsigned int strlenW(const WCHAR *str)
static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
#define X509_ENHANCED_KEY_USAGE
static void dump_basic_constraints2(const CERT_EXTENSION *ext)
static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
DWORD CycleDetectionModulus
LPSTR pszPolicyIdentifier
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
static void dump_netscape_cert_type(const CERT_EXTENSION *ext)
#define CERT_FIND_SHA1_HASH
HCERTSTORE hRestrictedRoot
static void dump_key_usage(const CERT_EXTENSION *ext)
#define CERT_ALT_NAME_DNS_NAME
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
CERT_POLICY_QUALIFIER_INFO * rgPolicyQualifier
CERT_POLICY_INFO * rgPolicyInfo
DWORD dwUrlRetrievalTimeout
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA _In_ DWORD _Reserved_ LPVOID _Out_ PCCERT_CHAIN_CONTEXT * ppChainContext
#define CERT_ALT_NAME_DIRECTORY_NAME
static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
#define NETSCAPE_SIGN_CERT_TYPE
static BYTE subjectName[]
WINE_UNICODE_INLINE WCHAR * strchrW(const WCHAR *str, WCHAR ch)
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
struct _CERT_CHAIN_CONTEXT * PCERT_CHAIN_CONTEXT
BOOL WINAPI CertVerifyRevocation(DWORD dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID rgpvContext[], DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara, PCERT_REVOCATION_STATUS pRevStatus)
#define CERT_TRUST_IS_CYCLIC
static const WCHAR rootW[]
INT WINAPI GetLocaleInfoA(LCID lcid, LCTYPE lctype, LPSTR buffer, INT len)
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE hAdditionalStore
static PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
#define CERT_FIND_SUBJECT_NAME
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
static PCCERT_CHAIN_CONTEXT
#define CERT_ALT_NAME_URL
#define X509_NAME_CONSTRAINTS
WINE_DEFAULT_DEBUG_CHANNEL(crypt)
BOOL WINAPI CertCreateCertificateChainEngine(PCERT_CHAIN_ENGINE_CONFIG pConfig, HCERTCHAINENGINE *phChainEngine)
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo
DWORD WINAPI GetLastError(VOID)
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
struct _CERT_CHAIN_PARA_NO_EXTRA_FIELDS CERT_CHAIN_PARA_NO_EXTRA_FIELDS
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC
#define CERT_NAME_ISSUER_FLAG
WINE_DECLARE_DEBUG_CHANNEL(chain)
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
#define PKCS_7_ASN_ENCODING
#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY
DWORD MaximumCachedCertificates
HCERTSTORE WINAPI CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubSystemProtocol)
static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
#define szOID_COMMON_NAME
#define SECURITY_FLAG_IGNORE_CERT_CN_INVALID
#define CERT_STORE_ADD_NEW
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
#define CERT_KEY_CERT_SIGN_KEY_USAGE
#define CERT_NAME_SIMPLE_DISPLAY_TYPE
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER
static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
#define CERT_CA_SUBJECT_FLAG
#define szOID_NETSCAPE_CERT_TYPE
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
#define CERT_STORE_PROV_COLLECTION
static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
#define CERT_E_CN_NO_MATCH
#define HCCE_CURRENT_USER
struct _CERT_CHAIN_ELEMENT CERT_CHAIN_ELEMENT
#define szOID_BASIC_CONSTRAINTS2
#define CRYPT_E_NO_REVOCATION_DLL
#define CERT_SYSTEM_STORE_LOCAL_MACHINE
static BOOL CRYPT_CheckBasicConstraintsForCA(CertificateChainEngine *engine, PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
#define CHAIN_QUALITY_TRUSTED_ROOT
BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
static BOOL CRYPT_AddAlternateChainToChain(CertificateChain *chain, const CertificateChain *alternate)
int WINAPI lstrcmpiW(LPCWSTR lpString1, LPCWSTR lpString2)
static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
#define HCCE_LOCAL_MACHINE
static BOOL dns_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
const char * wine_dbg_sprintf(const char *format,...)
#define CERT_KEY_IDENTIFIER_PROP_ID
#define CRYPT_AIA_RETRIEVAL
#define SECURITY_FLAG_IGNORE_REVOCATION
static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
#define CERT_TRUST_IS_SELF_SIGNED
#define CERT_TRUST_IS_REVOKED
static void dump_name_constraints(const CERT_EXTENSION *ext)
struct _CERT_SIMPLE_CHAIN CERT_SIMPLE_CHAIN
GLenum GLuint GLenum GLsizei const GLchar * buf
#define X509_ASN_ENCODING
static BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
#define URL_OID_CERTIFICATE_ISSUER
LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo)
PCCERT_CHAIN_CONTEXT * rgpLowerQualityChainContext
static LPCSTR filetime_to_str(const FILETIME *time)
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
DWORD dwUrlRetrievalTimeout
#define CERT_CHAIN_POLICY_SSL
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
namespace GUID const ADDRINFOEXW ADDRINFOEXW struct timeval OVERLAPPED LPLOOKUPSERVICE_COMPLETION_ROUTINE HANDLE * handle
static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine, PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
#define CERT_STORE_CREATE_NEW_FLAG
#define CERT_VERIFY_REV_CHAIN_FLAG
static void free_chain_engine(CertificateChainEngine *engine)
DWORD cLowerQualityChainContext
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
#define CERT_CHAIN_POLICY_BASE
BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
DWORD CycleDetectionModulus
static void dump_general_subtree(const CERT_GENERAL_SUBTREE *subtree)
static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
PCCERT_CONTEXT pCertContext
static void dump_usage_match(LPCSTR name, const CERT_USAGE_MATCH *usageMatch)
#define CERT_E_WRONG_USAGE
#define InterlockedCompareExchangePointer
#define CERT_CONTEXT_REVOCATION_TYPE
#define X509_CERT_POLICIES
PCERT_EXTENSION rgExtension