Juan Lang : crypt32: Trace reasons for name constraint failure.

Alexandre Julliard julliard at winehq.org
Wed Nov 18 09:40:40 CST 2009


Module: wine
Branch: master
Commit: d6958d76600503d69dfde8837b7ba687cf75ea23
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=d6958d76600503d69dfde8837b7ba687cf75ea23

Author: Juan Lang <juan.lang at gmail.com>
Date:   Tue Nov 17 14:06:44 2009 -0800

crypt32: Trace reasons for name constraint failure.

---

 dlls/crypt32/chain.c |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 2b2ac88..bb7a6e1 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -849,14 +849,22 @@ static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt,
             if (alt_name_matches_excluded_name(
              &subjectAltName->rgAltEntry[i], nameConstraints,
              trustErrorStatus))
+            {
+                TRACE_(chain)("subject alternate name form %d excluded\n",
+                 subjectAltName->rgAltEntry[i].dwAltNameChoice);
                 *trustErrorStatus |=
                  CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
+            }
             nameFormPresent = FALSE;
             if (!alt_name_matches_permitted_name(
              &subjectAltName->rgAltEntry[i], nameConstraints,
              trustErrorStatus, &nameFormPresent) && nameFormPresent)
+            {
+                TRACE_(chain)("subject alternate name form %d not permitted\n",
+                 subjectAltName->rgAltEntry[i].dwAltNameChoice);
                 *trustErrorStatus |=
                  CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+            }
         }
         LocalFree(subjectAltName);
     }
@@ -934,14 +942,22 @@ static void compare_subject_with_email_constraints(
                     if (rfc822_attr_matches_excluded_name(
                      &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
                      trustErrorStatus))
+                    {
+                        TRACE_(chain)(
+                         "email address in subject name is excluded\n");
                         *trustErrorStatus |=
                          CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
+                    }
                     nameFormPresent = FALSE;
                     if (!rfc822_attr_matches_permitted_name(
                      &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
                      trustErrorStatus, &nameFormPresent) && nameFormPresent)
+                    {
+                        TRACE_(chain)(
+                         "email address in subject name is not permitted\n");
                         *trustErrorStatus |=
                          CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+                    }
                 }
         LocalFree(name);
     }
@@ -1000,8 +1016,11 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
 
         if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME &&
          directory_name_matches(&constraint->u.DirectoryName, subjectName))
+        {
+            TRACE_(chain)("subject name is excluded\n");
             *trustErrorStatus |=
              CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
+        }
     }
     /* RFC 5280, section 4.2.1.10:
      * "Restrictions apply only when the specified name form is present.
@@ -1026,7 +1045,10 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
             }
         }
         if (hasDirectoryConstraint && !match)
+        {
+            TRACE_(chain)("subject name is not permitted\n");
             *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+        }
     }
 }
 




More information about the wine-cvs mailing list