From 43e11ec7561bcb6cd9ae57b3a65a40cb15497439 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 23 Jun 2022 15:52:28 -0600
Subject: [PATCH] improve comments for subject name email matching

---
 wolfcrypt/src/asn.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 122135f51..d3fc9a5d3 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14359,7 +14359,13 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
             case ASN_RFC822_TYPE:
                 /* Shouldn't it validade E= in subject as well? */
                 name = cert->altEmailNames;
-                if (cert->subjectEmail != NULL) { /* add subject email to list*/
+
+                /* Add subject email to temporary list for checking.
+                 * In the case of no subject alt. names, the list will be a
+                 * single node having the subject name email address. The node
+                 * subjectDnsName is not needed after done being compared with
+                 * in this function */
+                if (cert->subjectEmail != NULL) {
                     /* RFC 5280 section 4.2.1.10
                      * "When constraints are imposed on the rfc822Name name
                      * form, but the certificate does not include a subject