From: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 11 Aug 2011 18:56:40 +0000 (+0000)
Subject: Handle null criteria when trusted names are set
X-Git-Tag: 1.5.0~89
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=52efb376f0f859f5a26098f5b8be43e58120747f;hp=220cbd17fa4664955d9a96a2a19006a020bf5bdd;p=shibboleth%2Fcpp-xmltooling.git

Handle null criteria when trusted names are set
---

diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
index 25cdcb1..5d7a598 100644
--- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
+++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
@@ -692,7 +692,7 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
         return false;
     }
 
-    if ((criteria && criteria->getPeerName() && *(criteria->getPeerName())) || !m_trustedNames.empty()) {
+    if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
         log.debug("checking that the certificate name is acceptable");
         if (criteria && criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
             criteria->setUsage(Credential::SIGNING_CREDENTIAL);
@@ -701,6 +701,15 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
             return false;
         }
     }
+    else if (!m_trustedNames.empty()) {
+        log.debug("checking that the certificate name is acceptable");
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        if (!checkEntityNames(certEE,credResolver,cc)) {
+            log.error("certificate name was not acceptable");
+            return false;
+        }
+    }
     
     log.debug("performing certificate path validation...");