Module: wine Branch: stable Commit: 208b8181da76f1c05f2ee10224e7518a1d4c27bc URL: http://source.winehq.org/git/wine.git/?a=commit;h=208b8181da76f1c05f2ee10224...
Author: Juan Lang juan.lang@gmail.com Date: Thu Dec 16 10:31:47 2010 -0800
crypt32: Accept any matching CN when checking a certificate's name. (cherry picked from commit 667aeb3ede3ddad63b387fad248b66c03690c5a6)
---
dlls/crypt32/chain.c | 19 +++++++++++++++---- 1 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index e951ef8..206f2c8 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -3267,13 +3267,24 @@ static BOOL match_dns_to_subject_dn(PCCERT_CONTEXT cert, LPCWSTR server_name) } else { - PCERT_RDN_ATTR attr; + DWORD i, j;
/* If the certificate isn't using a DN attribute in the name, make - * make sure the common name matches. + * make sure at least one common name matches. From RFC 2818, + * section 3.1: + * "If more than one identity of a given type is present in the + * certificate (e.g., more than one dNSName name, a match in any + * one of the set is considered acceptable.)" */ - if ((attr = CertFindRDNAttr(szOID_COMMON_NAME, name))) - matches = match_common_name(server_name, attr); + for (i = 0; !matches && i < name->cRDN; i++) + for (j = 0; !matches && j < name->rgRDN[i].cRDNAttr; j++) + { + PCERT_RDN_ATTR attr = &name->rgRDN[i].rgRDNAttr[j]; + + if (attr->pszObjId && !strcmp(szOID_COMMON_NAME, + attr->pszObjId)) + matches = match_common_name(server_name, attr); + } } LocalFree(name); }
-
Alexandre Julliard