Juan Lang : crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint .

Module: wine Branch: master Commit: c464875a6d7465fddb14239f7b35bb4ca099019e URL: http://source.winehq.org/git/wine.git/?a=commit;h=c464875a6d7465fddb14239f7b...

Author: Juan Lang juan.lang@gmail.com Date: Tue Nov 17 13:57:25 2009 -0800

crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.

---

dlls/crypt32/chain.c | 19 +++++++++++-------- 1 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index a5b4141..72f5e24 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -987,18 +987,21 @@ static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, *trustErrorStatus |= CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; } - for (i = 0; i < nameConstraints->cPermittedSubtree; i++) + if (nameConstraints->cPermittedSubtree) { - CERT_ALT_NAME_ENTRY *constraint = - &nameConstraints->rgPermittedSubtree[i].Base; + BOOL match = FALSE;

- if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME) + for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++) { - if (!directory_name_matches(&constraint->u.DirectoryName, - subjectName)) - *trustErrorStatus |= - CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; + CERT_ALT_NAME_ENTRY *constraint = + &nameConstraints->rgPermittedSubtree[i].Base; + + if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME) + match = directory_name_matches(&constraint->u.DirectoryName, + subjectName); } + if (!match) + *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; } }