crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.

2024-10-05 18:15:26 +00:00 · 2009-12-11 08:12:54 -08:00 · 2009-12-11 08:12:54 -08:00 · 01a7cbf843
parent 350cdd2fe5
commit 01a7cbf843
1 changed files with 4 additions and 3 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -2541,10 +2541,11 @@ static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain,
             *  key usage extension be present and that a particular purpose
             *  be indicated in order for the certificate to be acceptable to
             *  that application."
-             * For now I'm being more conservative and disallowing it.
+             * Not all web sites include the extended key usage extension, so
+             * accept chains without it.
             */
-            WARN_(chain)("requested usage from a certificate with no usages\n");
-            validForUsage = FALSE;
+            TRACE_(chain)("requested usage from certificate with no usages\n");
+            validForUsage = TRUE;
        }
        if (!validForUsage)
        {