Juan Lang : crypt32: Let caller set error codes when name constraints aren' t met.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: 9a40de08dec33cf1cba0ed2b508300d8286060a3
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=9a40de08dec33cf1cba0ed2b508300d8286060a3

Author: Juan Lang <juan.lang at gmail.com>
Date:   Mon Nov 16 18:16:34 2009 -0800

crypt32: Let caller set error codes when name constraints aren't met.

---

 dlls/crypt32/chain.c |   24 +++++++++++++++---------
 1 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 89ce807..f92b906 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -720,9 +720,8 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
     return match;
 }
 
-static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
- const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus,
- DWORD errorIfFound, DWORD errorIfNotFound)
+static BOOL CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
+ const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus)
 {
     DWORD i;
     BOOL match = FALSE;
@@ -759,7 +758,7 @@ static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint,
             }
         }
     }
-    *trustErrorStatus |= match ? errorIfFound : errorIfNotFound;
+    return match;
 }
 
 static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
@@ -793,14 +792,21 @@ static void CRYPT_CheckNameConstraints(
             DWORD i;
 
             for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
-                CRYPT_FindMatchingNameEntry(
+            {
+                if (CRYPT_FindMatchingNameEntry(
                  &nameConstraints->rgExcludedSubtree[i].Base, subjectName,
-                 trustErrorStatus, CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0);
+                 trustErrorStatus))
+                    *trustErrorStatus |=
+                     CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
+            }
             for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
-                CRYPT_FindMatchingNameEntry(
+            {
+                if (!CRYPT_FindMatchingNameEntry(
                  &nameConstraints->rgPermittedSubtree[i].Base, subjectName,
-                 trustErrorStatus, 0,
-                 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
+                 trustErrorStatus))
+                    *trustErrorStatus |=
+                     CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+            }
             LocalFree(subjectName);
         }
         else