From 9f6cd2663e53f3617656a5462fdae7a78e3975c3 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Wed, 29 Sep 2010 14:19:23 -0700
Subject: [PATCH] wininet: Let CertVerifyCertificateChainPolicy handle certain
 security flags.

---
 dlls/wininet/netconnection.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/dlls/wininet/netconnection.c b/dlls/wininet/netconnection.c
index e06a2539f33..004b213020e 100644
--- a/dlls/wininet/netconnection.c
+++ b/dlls/wininet/netconnection.c
@@ -282,6 +282,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
             sslExtraPolicyPara.u.cbSize = sizeof(sslExtraPolicyPara);
             sslExtraPolicyPara.dwAuthType = AUTHTYPE_SERVER;
             sslExtraPolicyPara.pwszServerName = server;
+            sslExtraPolicyPara.fdwChecks = security_flags;
             policyPara.cbSize = sizeof(policyPara);
             policyPara.dwFlags = 0;
             policyPara.pvExtraPolicyPara = &sslExtraPolicyPara;
@@ -293,11 +294,7 @@ static DWORD netconn_verify_cert(PCCERT_CONTEXT cert, HCERTSTORE store,
             if (ret && policyStatus.dwError)
             {
                 if (policyStatus.dwError == CERT_E_CN_NO_MATCH)
-                {
-                    if (!(security_flags &
-                          SECURITY_FLAG_IGNORE_CERT_CN_INVALID))
-                        err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
-                }
+                    err = ERROR_INTERNET_SEC_CERT_CN_INVALID;
                 else
                     err = ERROR_INTERNET_SEC_INVALID_CERT;
             }
-- 
2.11.4.GIT