crypt32: Correct another chain status discrepancy with Windows.

2025-02-27 08:15:36 +00:00 · 2008-10-16 16:56:56 -07:00 · 2008-10-16 16:56:56 -07:00 · eeec9bf349
commit eeec9bf349
parent 25698f8938
2 changed files with 5 additions and 2 deletions
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@ -754,10 +754,13 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
        if (CRYPT_IsSimpleChainCyclic(chain))
        {
            /* If the chain is cyclic, then the path length constraints
-             * are violated, because the chain is infinitely long.
+             * are violated, because the chain is infinitely long.  MS
+             * misleadingly also sets the not supported name constraint bit,
+             * whether or not name constraints were present.
             */
            pathLengthConstraintViolated = TRUE;
            chain->TrustStatus.dwErrorStatus |=
+             CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
             CERT_TRUST_INVALID_BASIC_CONSTRAINTS;
        }
        /* FIXME: check valid usages */
--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c
@ -1530,7 +1530,7 @@ static ChainCheck chainCheck[] = {
     { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT |
       CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 },
     1, simpleStatus9 },
-   TODO_ERROR | TODO_INFO },
+   TODO_INFO },
 { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
   { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER },
     { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 }, 0 },