wininet: Let CertVerifyCertificateChainPolicy handle certain security flags.

2010-09-29 14:19:23 -07:00 · 2010-09-29 14:19:23 -07:00 · 9f6cd2663e
parent 15c1670a5c
commit 9f6cd2663e
1 changed files with 2 additions and 5 deletions
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@ -282,6 +282,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
            sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
            sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
            sslExtraPolicyPara.pwszServerName = server;
+            sslExtraPolicyPara.fdwChecks = security_flags;
            policyPara.cbSize = sizeof(policyPara);
            policyPara.dwFlags = 0;
            policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
@ -293,11 +294,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
            if (ret && policyStatus.dwError)
            {
                if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
-                {
-                    if (!(security_flags &
-                          SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
-                        err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
-                }
+                    err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
                else
                    err = ERROR_INTERNET_SEC_INVALID_CERT;
            }