From 01a7cbf843213459495790e01be6dfa0fbc2e2b2 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Fri, 11 Dec 2009 08:12:54 -0800
Subject: [PATCH] crypt32: Accept end certificates with no extended key usage
 extension if a particular key usage is requested.

---
 dlls/crypt32/chain.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index dd92af2b7d5..e5ad7dcf40c 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2541,10 +2541,11 @@ static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain,
              *  key usage extension be present and that a particular purpose
              *  be indicated in order for the certificate to be acceptable to
              *  that application."
-             * For now I'm being more conservative and disallowing it.
+             * Not all web sites include the extended key usage extension, so
+             * accept chains without it.
              */
-            WARN_(chain)("requested usage from a certificate with no usages\n");
-            validForUsage = FALSE;
+            TRACE_(chain)("requested usage from certificate with no usages\n");
+            validForUsage = TRUE;
         }
         if (!validForUsage)
         {