Commit 9f6cd266 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

wininet: Let CertVerifyCertificateChainPolicy handle certain security flags.

parent 15c1670a
...@@ -282,6 +282,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store, ...@@ -282,6 +282,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara); sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER; sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
sslExtraPolicyPara.pwszServerName = server; sslExtraPolicyPara.pwszServerName = server;
sslExtraPolicyPara.fdwChecks = security_flags;
policyPara.cbSize = sizeof(policyPara); policyPara.cbSize = sizeof(policyPara);
policyPara.dwFlags = 0; policyPara.dwFlags = 0;
policyPara.pvExtraPolicyPara = &sslExtraPolicyPara; policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
...@@ -293,11 +294,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store, ...@@ -293,11 +294,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
if (ret && policyStatus.dwError) if (ret && policyStatus.dwError)
{ {
if (policyStatus.dwError == CERT_E_CN_NO_MATCH) if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
{
if (!(security_flags &
SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
err = ERROR_INTERNET_SEC_CERT_CN_INVALID; err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
}
else else
err = ERROR_INTERNET_SEC_INVALID_CERT; err = ERROR_INTERNET_SEC_INVALID_CERT;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment