winhttp: Let CertVerifyCertificateChainPolicy handle certain security flags.

938767ca · Juan Lang · Alexandre Julliard · aa95bc4e · 938767ca
Commit 938767ca authored Oct 01, 2010 by Juan Lang Committed by Alexandre Julliard Oct 04, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 4 deletions

net.c dlls/winhttp/net.c +2 -4

No files found.
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -326,6 +326,7 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
            sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
            sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
            sslExtraPolicyPara.pwszServerName = server;
+            sslExtraPolicyPara.fdwChecks = security_flags;
            policyPara.cbSize = sizeof(policyPara);
            policyPara.dwFlags = 0;
            policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
@@ -338,10 +339,7 @@ static DWORD netconn_verify_cert( PCCERT_CONTEXT cert, HCERTSTORE store,
            if (ret && policyStatus.dwError)
            {
                if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
-                {
-                    if (!(security_flags & SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
-                        err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
-                }
+                    err = ERROR_WINHTTP_SECURE_CERT_CN_INVALID;
                else
                    err = ERROR_WINHTTP_SECURE_INVALID_CERT;
            }