From f8044948bad5507fecdd0a3bdd5e409f010e3fa9 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Mon, 16 Nov 2009 18:12:16 -0800
Subject: [PATCH] crypt32: Remove an unnecessary if.

---
 dlls/crypt32/chain.c | 69 +++++++++++++++++++++++-----------------------------
 1 file changed, 31 insertions(+), 38 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 11010d5fa7e..89ce807ca1b 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -778,50 +778,43 @@ static void CRYPT_CheckNameConstraints(
  const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert,
  DWORD *trustErrorStatus)
 {
-    /* If there aren't any existing constraints, don't bother checking */
-    if (nameConstraints->cPermittedSubtree || nameConstraints->cExcludedSubtree)
+    CERT_EXTENSION *ext = get_subject_alt_name_ext(cert);
+
+    if (ext)
     {
-        CERT_EXTENSION *ext = get_subject_alt_name_ext(cert);
+        CERT_ALT_NAME_INFO *subjectName;
+        DWORD size;
 
-        if (ext)
+        if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
+         ext->Value.pbData, ext->Value.cbData,
+         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+         &subjectName, &size))
         {
-            CERT_ALT_NAME_INFO *subjectName;
-            DWORD size;
-
-            if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
-             ext->Value.pbData, ext->Value.cbData,
-             CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
-             &subjectName, &size))
-            {
-                DWORD i;
+            DWORD i;
 
-                for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
-                    CRYPT_FindMatchingNameEntry(
-                     &nameConstraints->rgExcludedSubtree[i].Base, subjectName,
-                     trustErrorStatus,
-                     CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0);
-                for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
-                    CRYPT_FindMatchingNameEntry(
-                     &nameConstraints->rgPermittedSubtree[i].Base, subjectName,
-                     trustErrorStatus, 0,
-                     CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
-                LocalFree(subjectName);
-            }
-            else
-                *trustErrorStatus |=
-                 CERT_TRUST_INVALID_EXTENSION |
-                 CERT_TRUST_INVALID_NAME_CONSTRAINTS;
+            for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
+                CRYPT_FindMatchingNameEntry(
+                 &nameConstraints->rgExcludedSubtree[i].Base, subjectName,
+                 trustErrorStatus, CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0);
+            for (i = 0; i < nameConstraints->cPermittedSubtree; i++)
+                CRYPT_FindMatchingNameEntry(
+                 &nameConstraints->rgPermittedSubtree[i].Base, subjectName,
+                 trustErrorStatus, 0,
+                 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT);
+            LocalFree(subjectName);
         }
         else
-        {
-            if (nameConstraints->cPermittedSubtree)
-                *trustErrorStatus |=
-                 CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
-                 CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
-            if (nameConstraints->cExcludedSubtree)
-                *trustErrorStatus |=
-                 CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
-        }
+            *trustErrorStatus |=
+             CERT_TRUST_INVALID_EXTENSION | CERT_TRUST_INVALID_NAME_CONSTRAINTS;
+    }
+    else
+    {
+        if (nameConstraints->cPermittedSubtree)
+            *trustErrorStatus |=
+             CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT |
+             CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
+        if (nameConstraints->cExcludedSubtree)
+            *trustErrorStatus |= CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT;
     }
 }
 
-- 
2.11.4.GIT