diff options
author | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-03-14 23:41:03 +0000 |
---|---|---|
committer | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-03-14 23:41:03 +0000 |
commit | bba8eaf0881b25d8544fd62dc07a0766dc17f389 (patch) | |
tree | 72c3e5f97a0804faa7ea1aba3869dcca1cbb4799 | |
parent | 4ed1cd80c491abb072bdcd60d00f88e3e1bc77db (diff) | |
download | nss-hg-bba8eaf0881b25d8544fd62dc07a0766dc17f389.tar.gz |
390381 - libpkix rejects cert chain when root CA cert has no basic constraints.
Patch: log correct error info. r=nelson
-rw-r--r-- | security/nss/lib/certhigh/certvfypkix.c | 2 | ||||
-rwxr-xr-x | security/nss/lib/libpkix/pkix/top/pkix_build.c | 1 | ||||
-rwxr-xr-x | security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c | 2 |
3 files changed, 2 insertions, 3 deletions
diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index cae016667..713c1bf3e 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -835,7 +835,7 @@ cert_PkixErrorToNssCode( } if (pkixLog) { PR_LOG(pkixLog, 1, ("Error at level %d: %s\n", errLevel, - PKIX_ErrorText[error->errCode])); + PKIX_ErrorText[errPtr->errCode])); } errPtr = errPtr->cause; errLevel += 1; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index b150b3e06..c00900d63 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -1038,6 +1038,7 @@ cleanup: goto cleanup; \ } \ if (verifyNode) { \ + PKIX_DECREF(verifyNode->error); \ PKIX_INCREF(pkixErrorResult); \ verifyNode->error = pkixErrorResult; \ } \ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c index 133dfe266..19777d6fe 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c @@ -328,7 +328,6 @@ pkix_pl_EkuChecker_Check( void *plContext) { pkix_pl_EkuChecker *state = NULL; - PKIX_List *certEkuList = NULL; PKIX_Boolean checkPassed = PKIX_TRUE; PKIX_ENTER(EKUCHECKER, "pkix_pl_EkuChecker_Check"); @@ -357,7 +356,6 @@ pkix_pl_EkuChecker_Check( cleanup: - PKIX_DECREF(certEkuList); PKIX_DECREF(state); PKIX_RETURN(EKUCHECKER); |