From da11d66bffd7215806ae5c8ae1af99bd3552666c Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Wed, 29 Sep 2010 13:46:17 -0700
Subject: [PATCH] crypt32: Check usage when verifying the SSL policy.

---
 dlls/crypt32/chain.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index fe6093d8b9b..75259236855 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3328,6 +3328,15 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
          CERT_TRUST_IS_NOT_TIME_VALID, &pPolicyStatus->lChainIndex,
          &pPolicyStatus->lElementIndex);
     }
+    else if (pChainContext->TrustStatus.dwErrorStatus &
+     CERT_TRUST_IS_NOT_VALID_FOR_USAGE &&
+     !(checks & SECURITY_FLAG_IGNORE_WRONG_USAGE))
+    {
+        pPolicyStatus->dwError = CERT_E_WRONG_USAGE;
+        find_element_with_error(pChainContext,
+         CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
+         &pPolicyStatus->lElementIndex);
+    }
     else
         pPolicyStatus->dwError = NO_ERROR;
     /* We only need bother checking whether the name in the end certificate