Juan Lang : crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint .
Alexandre Julliard
julliard at winehq.org
Wed Nov 18 09:40:40 CST 2009
Module: wine
Branch: master
Commit: c464875a6d7465fddb14239f7b35bb4ca099019e
URL: http://source.winehq.org/git/wine.git/?a=commit;h=c464875a6d7465fddb14239f7b35bb4ca099019e
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Nov 17 13:57:25 2009 -0800
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
---
dlls/crypt32/chain.c | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index a5b4141..72f5e24 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -987,18 +987,21 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
*trustErrorStatus |=
CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
}
- for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
+ if (nameConstraints->cPermittedSubtree)
{
- CERT_ALT_NAME_ENTRY *constraint =
- &nameConstraints->rgPermittedSubtree[i].Base;
+ BOOL match = FALSE;
- if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
+ for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
{
- if (!directory_name_matches(&constraint->u.DirectoryName,
- subjectName))
- *trustErrorStatus |=
- CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+ CERT_ALT_NAME_ENTRY *constraint =
+ &nameConstraints->rgPermittedSubtree[i].Base;
+
+ if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
+ match = directory_name_matches(&constraint->u.DirectoryName,
+ subjectName);
}
+ if (!match)
+ *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
}
}
More information about the wine-cvs
mailing list