Juan Lang : crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.

Mon Aug 16 12:25:06 CDT 2010

Module: wine
Branch: master
Commit: d6c9c7a08bc21435047f64bb1f5f6d608a1f0955
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=d6c9c7a08bc21435047f64bb1f5f6d608a1f0955

Author: Juan Lang <juan.lang at gmail.com>
Date:   Thu Aug 12 11:28:18 2010 -0700

crypt32: Honor SECURITY_FLAG_IGNORE_CERT_CN_INVALID.

---

 dlls/crypt32/chain.c       |    4 +++-
 dlls/crypt32/tests/chain.c |    7 +------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 5c63224..36ed1f3 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -23,6 +23,7 @@
 #define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
 #define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
 #include "wincrypt.h"
+#include "wininet.h"
 #include "wine/debug.h"
 #include "wine/unicode.h"
 #include "crypt32_private.h"
@@ -3331,7 +3332,8 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
         if (sslPara && sslPara->u.cbSize >= sizeof(HTTPSPolicyCallbackData))
         {
             if (sslPara->dwAuthType == AUTHTYPE_SERVER &&
-             sslPara->pwszServerName)
+             sslPara->pwszServerName &&
+             !(sslPara->fdwChecks & SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
             {
                 PCCERT_CONTEXT cert;
                 PCERT_EXTENSION altNameExt;
diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c
index 1f7a11f..707d62e 100644
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -3822,11 +3822,6 @@ static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = {
  { 0, 0, -1, -1, NULL}, NULL, 0
 };
 
-static const ChainPolicyCheck winehqPolicyCheckWithIgnoredNonMatchingName = {
- { sizeof(chain29) / sizeof(chain29[0]), chain29 },
- { 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
-};
-
 static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = {
  { sizeof(chain29) / sizeof(chain29[0]), chain29 },
  { 0, CERT_E_CN_NO_MATCH, 0, 0, NULL}, NULL, 0
@@ -4207,7 +4202,7 @@ static void check_ssl_policy(void)
     /* When specifying to ignore name mismatch: match */
     sslPolicyPara.fdwChecks |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
     checkChainPolicyStatus(CERT_CHAIN_POLICY_SSL, engine,
-     &winehqPolicyCheckWithIgnoredNonMatchingName, 0, &oct2007, &policyPara);
+     &winehqPolicyCheckWithMatchingName, 0, &oct2007, &policyPara);
     CertFreeCertificateChainEngine(engine);
     CertCloseStore(testRoot, 0);
 }


