Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
c79aad51
Commit
c79aad51
authored
May 20, 2010
by
Juan Lang
Committed by
Alexandre Julliard
May 21, 2010
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Implement wildcard domain name matching in subject alternative names.
parent
50ebc10d
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
2 deletions
+26
-2
chain.c
dlls/crypt32/chain.c
+25
-1
chain.c
dlls/crypt32/tests/chain.c
+1
-1
No files found.
dlls/crypt32/chain.c
View file @
c79aad51
...
@@ -3035,7 +3035,31 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
...
@@ -3035,7 +3035,31 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
{
{
TRACE_
(
chain
)(
"dNSName: %s
\n
"
,
debugstr_w
(
TRACE_
(
chain
)(
"dNSName: %s
\n
"
,
debugstr_w
(
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
));
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
));
if
(
!
strcmpiW
(
server_name
,
if
(
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
[
0
]
==
'*'
)
{
LPCWSTR
server_name_dot
;
/* Matching a wildcard: a wildcard matches a single name
* component, which is terminated by a dot. RFC 1034
* doesn't define whether multiple wildcards are allowed,
* but I will assume that they are not until proven
* otherwise. RFC 1034 also states that 'the "*" label
* always matches at least one whole label and sometimes
* more, but always whole labels.' Native crypt32 does not
* match more than one label with a wildcard, so I do the
* same here. Thus, a wildcard only accepts the first
* label, then requires an exact match of the remaining
* string.
*/
server_name_dot
=
strchrW
(
server_name
,
'.'
);
if
(
server_name_dot
)
{
if
(
!
strcmpiW
(
server_name_dot
,
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
+
1
))
matches
=
TRUE
;
}
}
else
if
(
!
strcmpiW
(
server_name
,
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
))
subjectName
->
rgAltEntry
[
i
].
u
.
pwszDNSName
))
matches
=
TRUE
;
matches
=
TRUE
;
}
}
...
...
dlls/crypt32/tests/chain.c
View file @
c79aad51
...
@@ -3818,7 +3818,7 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {
...
@@ -3818,7 +3818,7 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {
static
const
ChainPolicyCheck
winehqPolicyCheckWithMatchingName
=
{
static
const
ChainPolicyCheck
winehqPolicyCheckWithMatchingName
=
{
{
sizeof
(
chain29
)
/
sizeof
(
chain29
[
0
]),
chain29
},
{
sizeof
(
chain29
)
/
sizeof
(
chain29
[
0
]),
chain29
},
{
0
,
0
,
-
1
,
-
1
,
NULL
},
NULL
,
TODO_ERROR
{
0
,
0
,
-
1
,
-
1
,
NULL
},
NULL
,
0
};
};
static
const
ChainPolicyCheck
winehqPolicyCheckWithoutMatchingName
=
{
static
const
ChainPolicyCheck
winehqPolicyCheckWithoutMatchingName
=
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment