Juan Lang : crypt32: Only fail directory name comparison if a directory name constraint is present and doesn 't match.
Alexandre Julliard
julliard at winehq.org
Wed Nov 18 09:40:40 CST 2009
Module: wine
Branch: master
Commit: 1db8a6abdad49a23510ed6a6a4dab5eb0fe32ec0
URL: http://source.winehq.org/git/wine.git/?a=commit;h=1db8a6abdad49a23510ed6a6a4dab5eb0fe32ec0
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Nov 17 14:01:11 2009 -0800
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
---
dlls/crypt32/chain.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index df94523..2b2ac88 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -1011,7 +1011,7 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
*/
if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName))
{
- BOOL match = FALSE;
+ BOOL match = FALSE, hasDirectoryConstraint = FALSE;
for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
{
@@ -1019,10 +1019,13 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName,
&nameConstraints->rgPermittedSubtree[i].Base;
if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
+ {
+ hasDirectoryConstraint = TRUE;
match = directory_name_matches(&constraint->u.DirectoryName,
subjectName);
+ }
}
- if (!match)
+ if (hasDirectoryConstraint && !match)
*trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
}
}
More information about the wine-cvs
mailing list