Juan Lang : crypt32: Accept any matching CN when checking a certificate' s name.
Alexandre Julliard
julliard at winehq.org
Thu Apr 7 07:36:46 CDT 2011
Module: wine
Branch: stable
Commit: 208b8181da76f1c05f2ee10224e7518a1d4c27bc
URL: http://source.winehq.org/git/wine.git/?a=commit;h=208b8181da76f1c05f2ee10224e7518a1d4c27bc
Author: Juan Lang <juan.lang at gmail.com>
Date: Thu Dec 16 10:31:47 2010 -0800
crypt32: Accept any matching CN when checking a certificate's name.
(cherry picked from commit 667aeb3ede3ddad63b387fad248b66c03690c5a6)
---
dlls/crypt32/chain.c | 19 +++++++++++++++----
1 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index e951ef8..206f2c8 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3267,13 +3267,24 @@ static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name)
}
else
{
- PCERT_RDN_ATTR attr;
+ DWORD i, j;
/* If the certificate isn't using a DN attribute in the name, make
- * make sure the common name matches.
+ * make sure at least one common name matches. From RFC 2818,
+ * section 3.1:
+ * "If more than one identity of a given type is present in the
+ * certificate (e.g., more than one dNSName name, a match in any
+ * one of the set is considered acceptable.)"
*/
- if ((attr = CertFindRDNAttr(szOID_COMMON_NAME, name)))
- matches = match_common_name(server_name, attr);
+ for (i = 0; !matches && i < name->cRDN; i++)
+ for (j = 0; !matches && j < name->rgRDN[i].cRDNAttr; j++)
+ {
+ PCERT_RDN_ATTR attr = &name->rgRDN[i].rgRDNAttr[j];
+
+ if (attr->pszObjId && !strcmp(szOID_COMMON_NAME,
+ attr->pszObjId))
+ matches = match_common_name(server_name, attr);
+ }
}
LocalFree(name);
}
More information about the wine-cvs
mailing list