crypt32: Check usage when verifying the SSL policy.
This commit is contained in:
parent
d74c4f7c15
commit
da11d66bff
|
@ -3328,6 +3328,15 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
|
||||||
CERT_TRUST_IS_NOT_TIME_VALID, &pPolicyStatus->lChainIndex,
|
CERT_TRUST_IS_NOT_TIME_VALID, &pPolicyStatus->lChainIndex,
|
||||||
&pPolicyStatus->lElementIndex);
|
&pPolicyStatus->lElementIndex);
|
||||||
}
|
}
|
||||||
|
else if (pChainContext->TrustStatus.dwErrorStatus &
|
||||||
|
CERT_TRUST_IS_NOT_VALID_FOR_USAGE &&
|
||||||
|
!(checks & SECURITY_FLAG_IGNORE_WRONG_USAGE))
|
||||||
|
{
|
||||||
|
pPolicyStatus->dwError = CERT_E_WRONG_USAGE;
|
||||||
|
find_element_with_error(pChainContext,
|
||||||
|
CERT_TRUST_IS_NOT_VALID_FOR_USAGE, &pPolicyStatus->lChainIndex,
|
||||||
|
&pPolicyStatus->lElementIndex);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
pPolicyStatus->dwError = NO_ERROR;
|
pPolicyStatus->dwError = NO_ERROR;
|
||||||
/* We only need bother checking whether the name in the end certificate
|
/* We only need bother checking whether the name in the end certificate
|
||||||
|
|
Loading…
Reference in New Issue