ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Let caller set error codes when name constraints aren't met.

This commit is contained in:
Juan Lang 2009-11-16 18:16:34 -08:00 committed by Alexandre Julliard
parent f8044948ba
commit 9a40de08de
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
dlls/crypt32/chain.c
View File

@ -720,9 +720,8 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
return match; return match;
} }
static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint, static BOOL CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus, const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus)
DWORD errorIfFound, DWORD errorIfNotFound)
{ {
DWORD i; DWORD i;
BOOL match = FALSE; BOOL match = FALSE;
@ -759,7 +758,7 @@ static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
} }
} }
} }
*trustErrorStatus |= match ? errorIfFound : errorIfNotFound; return match;
} }
static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert) static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
@ -793,14 +792,21 @@ static void CRYPT_CheckNameConstraints(
DWORD i; DWORD i;
for (i = 0; i < nameConstraints->cExcludedSubtree; i++) for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
CRYPT_FindMatchingNameEntry( {
if (CRYPT_FindMatchingNameEntry(
&nameConstraints->rgExcludedSubtree[i].Base, subjectName, &nameConstraints->rgExcludedSubtree[i].Base, subjectName,
trustErrorStatus, CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0); trustErrorStatus))
*trustErrorStatus |=
CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
}
for (i = 0; i < nameConstraints->cPermittedSubtree; i++) for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
CRYPT_FindMatchingNameEntry( {
if (!CRYPT_FindMatchingNameEntry(
&nameConstraints->rgPermittedSubtree[i].Base, subjectName, &nameConstraints->rgPermittedSubtree[i].Base, subjectName,
trustErrorStatus, 0, trustErrorStatus))
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT); *trustErrorStatus |=
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
}
LocalFree(subjectName); LocalFree(subjectName);
} }
else else