diff options
| author | Brian Smith <brian@briansmith.org> | 2013-10-11 01:41:13 -0700 |
|---|---|---|
| committer | Brian Smith <brian@briansmith.org> | 2013-10-11 01:41:13 -0700 |
| commit | 897f15082519cb9612b892fdfea27581ec9f5d27 (patch) | |
| tree | 28731211a48e37b02007e16f5544dfec142381af | |
| parent | be0bf70a77d2ffeffc59c5ae2750c98cee9c914e (diff) | |
| download | nss-hg-897f15082519cb9612b892fdfea27581ec9f5d27.tar.gz | |
Bug 910438: Have CERT_VerifyCert return the correct result when certificate verification fails and a verifyLog is not used, r=briansmith, r=rrelyea
| -rw-r--r-- | lib/certhigh/certvfy.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c index f364ceb5f..fbed385ee 100644 --- a/lib/certhigh/certvfy.c +++ b/lib/certhigh/certvfy.c @@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); LOG_ERROR_OR_EXIT(log,cert,0,flags); } else if (trusted) { - goto winner; + goto done; } @@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, } } -winner: +done: + if (log && log->head) { + return SECFailure; + } return(SECSuccess); loser: |