From 6a575d697e3fcfc4ec6a2deae1b9d20bcb2aaadb Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Fri, 23 Oct 2009 11:54:05 -0700
Subject: [PATCH] crypt32: Accept either the subject alt name 2 or subject alt
 name extensions, and prefer the former when both are present.

---
 dlls/crypt32/chain.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 547c74cfc75..160bcecfbd5 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -618,8 +618,12 @@ static void CRYPT_CheckNameConstraints(
     {
         CERT_EXTENSION *ext;
 
-        if ((ext = CertFindExtension(szOID_SUBJECT_ALT_NAME, cert->cExtension,
-         cert->rgExtension)))
+        ext = CertFindExtension(szOID_SUBJECT_ALT_NAME2, cert->cExtension,
+         cert->rgExtension);
+        if (!ext)
+            ext = CertFindExtension(szOID_SUBJECT_ALT_NAME, cert->cExtension,
+             cert->rgExtension);
+        if (ext)
         {
             CERT_ALT_NAME_INFO *subjectName;
             DWORD size;
@@ -1088,6 +1092,8 @@ static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
                 ret = TRUE;
             else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME))
                 ret = TRUE;
+            else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
+                ret = TRUE;
             else
             {
                 FIXME("unsupported critical extension %s\n",