crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.

commit: 1db8a6abdad49a23510ed6a6a4dab5eb0fe32ec0 [log] [tgz]
author: Juan Lang <juan.lang@gmail.com> Tue Nov 17 14:01:11 2009 -0800
committer: Alexandre Julliard <julliard@winehq.org> Wed Nov 18 11:09:02 2009 +0100
tree: c7990f20de57c3411c576aca850d7e97b1810928
parent: a63affe5e0127c3e21898fff23167d0d096e2585 [diff]
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index df94523..2b2ac88 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c

@@ -1011,7 +1011,7 @@
      */
     if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName))
     {
-        BOOL match = FALSE;
+        BOOL match = FALSE, hasDirectoryConstraint = FALSE;
 
         for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
         {
@@ -1019,10 +1019,13 @@
              &nameConstraints->rgPermittedSubtree[i].Base;
 
             if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
+            {
+                hasDirectoryConstraint = TRUE;
                 match = directory_name_matches(&constraint->u.DirectoryName,
                  subjectName);
+            }
         }
-        if (!match)
+        if (hasDirectoryConstraint && !match)
             *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
     }
 }
commit	1db8a6abdad49a23510ed6a6a4dab5eb0fe32ec0	[log] [tgz]
author	Juan Lang <juan.lang@gmail.com>	Tue Nov 17 14:01:11 2009 -0800
committer	Alexandre Julliard <julliard@winehq.org>	Wed Nov 18 11:09:02 2009 +0100
tree	c7990f20de57c3411c576aca850d7e97b1810928
parent	a63affe5e0127c3e21898fff23167d0d096e2585 [diff]