crypt32: Correct trust error status for cyclic chains.

0556e9d9 · Juan Lang · Alexandre Julliard · 5a36d489 · 0556e9d9 · 0556e9d9
Commit 0556e9d9 authored Oct 22, 2008 by Juan Lang Committed by Alexandre Julliard Oct 23, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 5 deletions

chain.c dlls/crypt32/chain.c +2 -4

chain.c dlls/crypt32/tests/chain.c +1 -1

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -754,13 +754,11 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
        if (CRYPT_IsSimpleChainCyclic(chain))
        {
            /* If the chain is cyclic, then the path length constraints
-             * are violated, because the chain is infinitely long.  MS
-             * misleadingly also sets the not supported name constraint bit,
-             * whether or not name constraints were present.
+             * are violated, because the chain is infinitely long.
             */
            pathLengthConstraintViolated = TRUE;
            chain->TrustStatus.dwErrorStatus |=
-             CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
+             CERT_TRUST_IS_PARTIAL_CHAIN |
             CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
        }
        /* FIXME: check valid usages */

--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@@ -1527,7 +1527,7 @@ static ChainCheck chainCheck[] = {
   TODO_ERROR },
 { { sizeof(chain9) / sizeof(chain9[0]), chain9 },
   { { CERT_TRUST_IS_NOT_TIME_NESTED, CERT_TRUST_HAS_PREFERRED_ISSUER },
-     { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
+     { CERT_TRUST_IS_PARTIAL_CHAIN |
       CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
     1, simpleStatus9 },
   TODO_INFO },