crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.

2009-11-09 16:52:00 -08:00 · 2009-11-09 16:52:00 -08:00 · ee02d43731
parent 2503e9ec73
commit ee02d43731
2 changed files with 5 additions and 3 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -699,7 +699,8 @@ static void CRYPT_CheckNameConstraints(
                    CRYPT_FindMatchingNameEntry(
                     &nameConstraints->rgPermittedSubtree[i].Base, subjectName,
                     trustErrorStatus,
-                     0, CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
+                     CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT,
+                     CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
                LocalFree(subjectName);
            }
            else
@ -711,6 +712,7 @@ static void CRYPT_CheckNameConstraints(
        {
            if (nameConstraints->cPermittedSubtree)
                *trustErrorStatus |=
+                 CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
                 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
            if (nameConstraints->cExcludedSubtree)
                *trustErrorStatus |=
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -2731,7 +2731,7 @@ static ChainCheck chainCheck[] = {
     { CERT_TRUST_IS_UNTRUSTED_ROOT |
       CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, 0 },
     1, simpleStatus19 },
-   TODO_ERROR },
+   0 },
 { { sizeof(chain20) / sizeof(chain20[0]), chain20 },
   { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
       CERT_TRUST_HAS_PREFERRED_ISSUER },
@ -2746,7 +2746,7 @@ static ChainCheck chainCheck[] = {
     { CERT_TRUST_IS_UNTRUSTED_ROOT |
       CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT, 0 },
     1, simpleStatus21 },
-   TODO_ERROR },
+   0 },
 { { sizeof(chain22) / sizeof(chain22[0]), chain22 },
   { { CERT_TRUST_IS_NOT_TIME_NESTED | CERT_TRUST_IS_NOT_VALID_FOR_USAGE,
       CERT_TRUST_HAS_PREFERRED_ISSUER },