Fix error_depth in the name constraints common name check

Bug: 42290549
Change-Id: I41ca8c2139e05e5984930a2be65cb14b2eaf9012
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/96447
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>

crypto/x509/x509_vfy.cc

diff --git a/crypto/x509/x509_vfy.cc b/crypto/x509/x509_vfy.cc
index 0a5a88e..5405038 100644
--- a/crypto/x509/x509_vfy.cc
+++ b/crypto/x509/x509_vfy.cc
@@ -603,7 +603,7 @@
         return 0;
       default:
         ctx->error = rv;
-        ctx->error_depth = i;
+        ctx->error_depth = 0;
         ctx->current_cert = leaf;
         if (!call_verify_cb(0, ctx)) {
           return 0;