diff options
author | wtc%netscape.com <devnull@localhost> | 2002-07-10 15:16:10 +0000 |
---|---|---|
committer | wtc%netscape.com <devnull@localhost> | 2002-07-10 15:16:10 +0000 |
commit | 75d9d4a182e1eb00112400455fb0a78e0f2ca53f (patch) | |
tree | f68f5e9b93b515c9382c62d516e33087eefeb8a7 | |
parent | 94b69605cf2f63d32f21febae460f255aef09664 (diff) | |
download | nss-hg-75d9d4a182e1eb00112400455fb0a78e0f2ca53f.tar.gz |
Bug 155626: Handle the failure of ocsp_CreateCertID and use the new
CERT_GetOCSPResponseStatus function.
-rw-r--r-- | security/nss/lib/certhigh/ocsp.c | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index a4807a44c..b84e36148 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -738,6 +738,10 @@ CERT_CreateOCSPCertID(CERTCertificate *cert, int64 time) return NULL; certID = ocsp_CreateCertID(arena, cert, time); + if (!certID) { + PORT_FreeArena(arena, PR_FALSE); + return NULL; + } certID->poolp = arena; return certID; } @@ -3330,29 +3334,7 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, * Otherwise, we continue to find the actual per-cert status * in the response. */ - switch (response->statusValue) { - case ocspResponse_successful: - break; - case ocspResponse_malformedRequest: - PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST); - goto loser; - case ocspResponse_internalError: - PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR); - goto loser; - case ocspResponse_tryLater: - PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER); - goto loser; - case ocspResponse_sigRequired: - /* XXX We *should* retry with a signature, if possible. */ - PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG); - goto loser; - case ocspResponse_unauthorized: - PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); - goto loser; - case ocspResponse_other: - case ocspResponse_unused: - default: - PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); + if (CERT_GetOCSPResponseStatus(response) != SECSuccess) { goto loser; } |