optimizations, certificate verification, code cleanup

2025-10-29 20:59:45 +01:00 · 2014-10-09 20:54:07 +02:00
parent 5b0fa2e06a
commit 80952e11d1
10 changed files with 596 additions and 397 deletions
--- a/NetSSL_Win/src/Context.cpp
+++ b/NetSSL_Win/src/Context.cpp
@@ -48,6 +48,7 @@ Context::Context(Usage usage,
 	_usage(usage),
 	_mode(verMode),
 	_options(options),
+	_extendedCertificateVerification(true),
 	_certNameOrPath(certNameOrPath),
 	_certStoreName(certStore),
 	_hMemCertStore(0),
@@ -126,6 +127,12 @@ void Context::init()
 }


+void Context::enableExtendedCertificateVerification(bool flag)
+{
+	_extendedCertificateVerification = flag;
+}
+
+
 void Context::addTrustedCert(const Poco::Net::X509Certificate& cert)
 {
 	Poco::FastMutex::ScopedLock lock(_mutex);
@@ -278,7 +285,7 @@ void Context::acquireSchannelCredentials(CredHandle& credHandle) const

 	if (isForServerUse())
 	{
-		if (_mode == Context::VERIFY_STRICT)
+		if (_mode >= Context::VERIFY_STRICT)
 			schannelCred.dwFlags |= SCH_CRED_NO_SYSTEM_MAPPER;

 		if (_mode == Context::VERIFY_NONE)
@@ -286,13 +293,16 @@ void Context::acquireSchannelCredentials(CredHandle& credHandle) const
 	}
 	else
 	{
-		if (_mode == Context::VERIFY_STRICT)
+		if (_mode >= Context::VERIFY_STRICT)
 			schannelCred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
 		else
 			schannelCred.dwFlags |= SCH_CRED_USE_DEFAULT_CREDS;

 		if (_mode == Context::VERIFY_NONE)
 			schannelCred.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK;
+
+		if (!_extendedCertificateVerification)
+			schannelCred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
 	}
 	
 #if defined(SCH_USE_STRONG_CRYPTO)