Skip to content

Intermediate Certificate Validation Windows 2012+ fix#277

Merged
JoeShook merged 2 commits intoDirectProject:masterfrom
wshelor:Intermediate-Anchor-Validation-Fix
Aug 1, 2017
Merged

Intermediate Certificate Validation Windows 2012+ fix#277
JoeShook merged 2 commits intoDirectProject:masterfrom
wshelor:Intermediate-Anchor-Validation-Fix

Conversation

@wshelor
Copy link
Copy Markdown

@wshelor wshelor commented Jul 19, 2017

Fix for a problem with validating certificates in which the intermediate certificate, not the root, was used as an anchor

Fix for a problem with validating certificates in which the intermedi…
64dd9f3 
…ate certificate, not the root, was used as an anchor
@wshelor wshelor changed the title Intermediate Certificate Validation 2012 fix Intermediate Certificate Validation Windows 2012+ fix Jul 19, 2017
@JoeShook
Copy link
Copy Markdown
Contributor

JoeShook commented Jul 19, 2017
edited
Loading

Do we have a test that can assert this fix? If not can we create one?
I understand this is an issue because only self signed CAs would have worked in the current state. With the CERT_CHAIN_EXCLUSIVE_ENABLE_CA_FLAG flag set on dwExclusiveFlags will allow us to treat a non-root ca an anchor.

But what happens if there is still another intermediate certificate resolved between the public cert and installed anchor?

I want to ensure this is still working.

@JoeShook JoeShook merged commit 062f966 into DirectProject:master Aug 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@johnstairs johnstairs johnstairs approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wshelor @JoeShook @johnstairs