Module: wine Branch: master Commit: 9a40de08dec33cf1cba0ed2b508300d8286060a3 URL: http://source.winehq.org/git/wine.git/?a=commit;h=9a40de08dec33cf1cba0ed2b50...
Author: Juan Lang juan.lang@gmail.com Date: Mon Nov 16 18:16:34 2009 -0800
crypt32: Let caller set error codes when name constraints aren't met.
---
dlls/crypt32/chain.c | 24 +++++++++++++++--------- 1 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 89ce807..f92b906 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -720,9 +720,8 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, return match; }
-static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint, - const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus, - DWORD errorIfFound, DWORD errorIfNotFound) +static BOOL CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint, + const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus) { DWORD i; BOOL match = FALSE; @@ -759,7 +758,7 @@ static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint, } } } - *trustErrorStatus |= match ? errorIfFound : errorIfNotFound; + return match; }
static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert) @@ -793,14 +792,21 @@ static void CRYPT_CheckNameConstraints( DWORD i;
for (i = 0; i < nameConstraints->cExcludedSubtree; i++) - CRYPT_FindMatchingNameEntry( + { + if (CRYPT_FindMatchingNameEntry( &nameConstraints->rgExcludedSubtree[i].Base, subjectName, - trustErrorStatus, CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0); + trustErrorStatus)) + *trustErrorStatus |= + CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; + } for (i = 0; i < nameConstraints->cPermittedSubtree; i++) - CRYPT_FindMatchingNameEntry( + { + if (!CRYPT_FindMatchingNameEntry( &nameConstraints->rgPermittedSubtree[i].Base, subjectName, - trustErrorStatus, 0, - CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT); + trustErrorStatus)) + *trustErrorStatus |= + CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; + } LocalFree(subjectName); } else
-
Alexandre Julliard