X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2Fimpl%2FAbstractPKIXTrustEngine.cpp;h=5d7a598fee3930110b9fe721330a97ffe54b05b3;hb=52efb376f0f859f5a26098f5b8be43e58120747f;hp=25cdcb1b79cc428b59c3044bc918964e81dce77b;hpb=220cbd17fa4664955d9a96a2a19006a020bf5bdd;p=shibboleth%2Fcpp-xmltooling.git

diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
index 25cdcb1..5d7a598 100644
--- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
+++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
@@ -692,7 +692,7 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
         return false;
     }
 
-    if ((criteria && criteria->getPeerName() && *(criteria->getPeerName())) || !m_trustedNames.empty()) {
+    if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
         log.debug("checking that the certificate name is acceptable");
         if (criteria && criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
             criteria->setUsage(Credential::SIGNING_CREDENTIAL);
@@ -701,6 +701,15 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
             return false;
         }
     }
+    else if (!m_trustedNames.empty()) {
+        log.debug("checking that the certificate name is acceptable");
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        if (!checkEntityNames(certEE,credResolver,cc)) {
+            log.error("certificate name was not acceptable");
+            return false;
+        }
+    }
     
     log.debug("performing certificate path validation...");