- if (!x509trust->validate(chain.front(), chain, *(policy.getIssuerMetadata()), true,
- policy.getMetadataProvider()->getKeyResolver())) {
+ // Set up criteria object, including peer name to enforce cert name checking.
+ MetadataCredentialCriteria cc(*(policy.getIssuerMetadata()));
+ auto_ptr_char pn(policy.getIssuer()->getName());
+ cc.setPeerName(pn.get());
+ cc.setUsage(Credential::TLS_CREDENTIAL);
+
+ if (!x509trust->validate(chain.front(), chain, *(policy.getMetadataProvider()), &cc)) {
+ if (m_errorFatal)
+ throw SecurityPolicyException("Client certificate supplied, but could not be verified.");