[System]: ChainValidationHelper: always set 'status11' on error.

diff --git a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
index b1921208fc85962e2152d26a75af67518eb98e37..929e88e2295149ca35dcc8ba8227daf95d2be184 100644 (file)
--- a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
+++ b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
@@ -335,14 +335,15 @@ namespace Mono.Net.Security
                        result = provider.ValidateCertificate (this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11);
                        errors = (SslPolicyErrors)xerrors;
 
+                       if (status11 == 0 && errors != 0) {
+                               // TRUST_E_FAIL
+                               status11 = unchecked ((int)0x800B010B);
+                       }
+
                        if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null)) {
                                ServicePoint sp = null;
                                if (request != null)
                                        sp = request.ServicePointNoLock;
-                               if (status11 == 0 && errors != 0) {
-                                       // TRUST_E_FAIL
-                                       status11 = unchecked ((int)0x800B010B);
-                               }
 
                                // pre 2.0 callback
                                result = policy.CheckValidationResult (sp, leaf, request, status11);