crypt32: Accept end certificates with no extended key usage extension if a…

crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.

crypt32: Accept end certificates with no extended key usage extension if a…
01a7cbf8 · Juan Lang · Alexandre Julliard · 350cdd2f · 01a7cbf8
Commit 01a7cbf8 authored Dec 11, 2009 by Juan Lang Committed by Alexandre Julliard Dec 11, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

chain.c dlls/crypt32/chain.c +4 -3

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2541,10 +2541,11 @@ static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain,
             *  key usage extension be present and that a particular purpose
             *  be indicated in order for the certificate to be acceptable to
             *  that application."
-             * For now I'm being more conservative and disallowing it.
+             * Not all web sites include the extended key usage extension, so
+             * accept chains without it.
             */
-            WARN_(chain)("requested usage from a certificate with no usages\n");
-            validForUsage = FALSE;
+            TRACE_(chain)("requested usage from certificate with no usages\n");
+            validForUsage = TRUE;
        }
        if (!validForUsage)
        {