crypt32: Correct another chain status discrepancy with Windows.

eeec9bf3 · Juan Lang · Alexandre Julliard · 25698f89 · eeec9bf3 · eeec9bf3
Commit eeec9bf3 authored Oct 16, 2008 by Juan Lang Committed by Alexandre Julliard Oct 17, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

chain.c dlls/crypt32/chain.c +4 -1

chain.c dlls/crypt32/tests/chain.c +1 -1

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -754,10 +754,13 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
        if (CRYPT_IsSimpleChainCyclic(chain))
        {
            /* If the chain is cyclic, then the path length constraints
-             * are violated, because the chain is infinitely long.
+             * are violated, because the chain is infinitely long.  MS
+             * misleadingly also sets the not supported name constraint bit,
+             * whether or not name constraints were present.
             */
            pathLengthConstraintViolated = TRUE;
            chain->TrustStatus.dwErrorStatus |=
+             CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
             CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
        }
        /* FIXME: check valid usages */

--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1530,7 +1530,7 @@ static ChainCheck chainCheck[] = {
     { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
       CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
     1, simpleStatus9 },
-   TODO_ERROR | TODO_INFO },
+   TODO_INFO },
 { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
   { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
     { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },