crypt32: Get CA flag from basic constraints extension of every cert in the chain.

cbabc9d6 · Juan Lang · Alexandre Julliard · f348e3fe · cbabc9d6
Commit cbabc9d6 authored Oct 19, 2009 by Juan Lang Committed by Alexandre Julliard Oct 21, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

chain.c dlls/crypt32/chain.c +2 -1

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -441,6 +441,7 @@ static BOOL CRYPT_CheckBasicConstraintsForCA(PCCERT_CONTEXT cert,
    if ((validBasicConstraints = CRYPT_DecodeBasicConstraints(cert,
     &constraints, isRoot)))
    {
+        chainConstraints->fCA = constraints.fCA;
        if (!constraints.fCA)
        {
            TRACE_(chain)("chain element %d can't be a CA\n", remainingCAs + 1);
@@ -858,7 +859,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
    PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1];
    int i;
    BOOL pathLengthConstraintViolated = FALSE;
-    CERT_BASIC_CONSTRAINTS2_INFO constraints = { TRUE, FALSE, 0 };
+    CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };

    TRACE_(chain)("checking chain with %d elements for time %s\n",
     chain->cElement, debugstr_w(filetime_to_str(time)));