crypt32: Correct trust error status for cyclic chains.

2008-10-22 15:02:15 -07:00 · 2008-10-22 15:02:15 -07:00 · 0556e9d966
parent 5a36d48926
commit 0556e9d966
2 changed files with 3 additions and 5 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -754,13 +754,11 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
        if (CRYPT_IsSimpleChainCyclic(chain))
        {
            /* If the chain is cyclic, then the path length constraints
-             * are violated, because the chain is infinitely long.  MS
-             * misleadingly also sets the not supported name constraint bit,
-             * whether or not name constraints were present.
+             * are violated, because the chain is infinitely long.
             */
            pathLengthConstraintViolated = TRUE;
            chain->TrustStatus.dwErrorStatus |=
-             CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
+             CERT_TRUST_IS_PARTIAL_CHAIN |
             CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
        }
        /* FIXME: check valid usages */
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -1527,7 +1527,7 @@ static ChainCheck chainCheck[] = {
   TODO_ERROR },
 { { sizeof(chain9) / sizeof(chain9[0]), chain9 },
   { { CERT_TRUST_IS_NOT_TIME_NESTED, CERT_TRUST_HAS_PREFERRED_ISSUER },
-     { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
+     { CERT_TRUST_IS_PARTIAL_CHAIN |
       CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
     1, simpleStatus9 },
   TODO_INFO },