system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-11-05 18:01:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypt32: Use helper function to find the subject alternate name extension wherever it's needed.

Browse source
This commit is contained in:
Juan Lang 2009-11-09 16:43:32 -08:00 committed by Alexandre Julliard
parent ae6e884142
commit 2503e9ec73
1 changed files with 14 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
dlls/crypt32/chain.c
View file

@ -657,6 +657,18 @@ static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
*trustErrorStatus |= match ? errorIfFound : errorIfNotFound; *trustErrorStatus |= match ? errorIfFound : errorIfNotFound;
} }
static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
{
PCERT_EXTENSION ext;
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME2,
cert->cExtension, cert->rgExtension);
if (!ext)
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME,
cert->cExtension, cert->rgExtension);
return ext;
}
static void CRYPT_CheckNameConstraints( static void CRYPT_CheckNameConstraints(
const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert,
DWORD *trustErrorStatus) DWORD *trustErrorStatus)
@ -664,13 +676,8 @@ static void CRYPT_CheckNameConstraints(
/* If there aren't any existing constraints, don't bother checking */ /* If there aren't any existing constraints, don't bother checking */
if (nameConstraints->cPermittedSubtree || nameConstraints->cExcludedSubtree) if (nameConstraints->cPermittedSubtree || nameConstraints->cExcludedSubtree)
{ {
CERT_EXTENSION *ext; CERT_EXTENSION *ext = get_subject_alt_name_ext(cert);
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME2, cert->cExtension,
cert->rgExtension);
if (!ext)
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME, cert->cExtension,
cert->rgExtension);
if (ext) if (ext)
{ {
CERT_ALT_NAME_INFO *subjectName; CERT_ALT_NAME_INFO *subjectName;
@ -2346,18 +2353,6 @@ static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID,
return TRUE; return TRUE;
} }
static inline PCERT_EXTENSION get_subject_alt_name_ext(PCCERT_CONTEXT cert)
{
PCERT_EXTENSION ext;
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME2,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
if (!ext)
ext = CertFindExtension(szOID_SUBJECT_ALT_NAME,
cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
return ext;
}
static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext, static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
LPCWSTR server_name) LPCWSTR server_name)
{ {
@ -2545,7 +2540,7 @@ static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID,
BOOL matches; BOOL matches;
cert = pChainContext->rgpChain[0]->rgpElement[0]->pCertContext; cert = pChainContext->rgpChain[0]->rgpElement[0]->pCertContext;
altNameExt = get_subject_alt_name_ext(cert); altNameExt = get_subject_alt_name_ext(cert->pCertInfo);
/* If the alternate name extension exists, the name it contains /* If the alternate name extension exists, the name it contains
* is bound to the certificate, so make sure the name matches * is bound to the certificate, so make sure the name matches
* it. Otherwise, look for the server name in the subject * it. Otherwise, look for the server name in the subject