winhttp: Let CertVerifyCertificateChainPolicy handle certain security flags.
This commit is contained in:
Juan Lang
Alexandre Julliard
parent
aa95bc4e31
commit
938767cae3
|
|
@ -326,6 +326,7 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
|
||||||
sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
|
sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
|
||||||
sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
|
sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
|
||||||
sslExtraPolicyPara.pwszServerName = server;
|
sslExtraPolicyPara.pwszServerName = server;
|
||||||
|
sslExtraPolicyPara.fdwChecks = security_flags;
|
||||||
policyPara.cbSize = sizeof(policyPara);
|
policyPara.cbSize = sizeof(policyPara);
|
||||||
policyPara.dwFlags = 0;
|
policyPara.dwFlags = 0;
|
||||||
policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
|
policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
|
||||||
|
|
@ -338,10 +339,7 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
|
||||||
if (ret && policyStatus.dwError)
|
if (ret && policyStatus.dwError)
|
||||||
{
|
{
|
||||||
if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
|
if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
|
||||||
{
|
err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
|
||||||
if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
|
|
||||||
err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
err = ERROR_WINHTTP_SECURE_INVALID_CERT;
|
err = ERROR_WINHTTP_SECURE_INVALID_CERT;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue