diff options
author | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-07-11 22:06:23 +0000 |
---|---|---|
committer | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-07-11 22:06:23 +0000 |
commit | b6f20e0406b4aa0f437383d3e0a616ef10d528ba (patch) | |
tree | a88bd3be5997c2131c43abc740be10a8e8a31ece | |
parent | 19500ba2eac04d026e2ceb22290f9171930ddc3c (diff) | |
download | nss-hg-b6f20e0406b4aa0f437383d3e0a616ef10d528ba.tar.gz |
Bug 418544 ? Pathological OCSP inefficiency with libPKIX. Part two. r=nelson
-rwxr-xr-x | security/nss/lib/libpkix/pkix/top/pkix_build.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 1d30b006d..87e6121cc 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -1976,8 +1976,9 @@ pkix_Build_GatherCerts( void *plContext) { PKIX_Boolean certStoreIsCached = PKIX_FALSE; - PKIX_Boolean certStoreCanBeUsed = PKIX_FALSE; + PKIX_Boolean certStoreIsLocal = PKIX_FALSE; PKIX_Boolean foundInCache = PKIX_FALSE; + PKIX_Boolean listIsEmpty = PKIX_FALSE; PKIX_CertStore *certStore = NULL; PKIX_CertStore_CertCallback getCerts = NULL; PKIX_List *certsFound = NULL; @@ -1990,6 +1991,23 @@ pkix_Build_GatherCerts( nbioContext = *pNBIOContext; *pNBIOContext = NULL; + PKIX_CHECK( + PKIX_List_IsEmpty(state->candidateCerts, &listIsEmpty, plContext), + PKIX_LISTISEMPTYFAILED); + + /* The caller is responsible to make sure that the list is empty */ +#ifdef UNDEF + /* I suspect that the list will not be empty. Commenting the assertion + * out for now. More work needs to be done for bug 418544 to clean up + * code related to candidateCerts list */ + PORT_Assert(listIsEmpty); +#endif + if (!listIsEmpty) { + PKIX_DECREF(state->candidateCerts); + PKIX_CHECK(PKIX_List_Create(&state->candidateCerts, plContext), + PKIX_LISTCREATEFAILED); + } + while (state->certStoreIndex < state->buildConstants.numCertStores) { /* Get the current CertStore */ @@ -2000,15 +2018,11 @@ pkix_Build_GatherCerts( plContext), PKIX_LISTGETITEMFAILED); - if ((state->useOnlyLocal) == PKIX_FALSE) { - certStoreCanBeUsed = PKIX_TRUE; - } else { - PKIX_CHECK(PKIX_CertStore_GetLocalFlag - (certStore, &certStoreCanBeUsed, plContext), - PKIX_CERTSTOREGETLOCALFLAGFAILED); - } + PKIX_CHECK(PKIX_CertStore_GetLocalFlag + (certStore, &certStoreIsLocal, plContext), + PKIX_CERTSTOREGETLOCALFLAGFAILED); - if (certStoreCanBeUsed == PKIX_TRUE) { + if (state->useOnlyLocal == certStoreIsLocal) { /* If GATHERPENDING, we've already checked the cache */ if (state->status == BUILD_GATHERPENDING) { certStoreIsCached = PKIX_FALSE; @@ -3352,7 +3366,7 @@ cleanup: if (!*pValResult && !verifyError) { if (finalError) { pkixErrorResult = finalError; - pkixErrorCode = finalError->errCode; + pkixErrorCode = PKIX_BUILDFORWARDDEPTHFIRSTSEARCHFAILED; finalError = NULL; goto fatal; } |