The source project of this merge request has been removed.
Fix DNS name constraints bug
When 2 permitted X509 name constraints had empty intersection, nothing was added to the result making it accept any name. The commits refactor older name constraints tests for better comprehension, add new tests exposing the bug (both unit tests and a chain test) and fix the bug. Now, for every name constraints type that has non-empty permitted subtrees to start with and empty final intersection, a new universal excluded name constraint is added.