diff options
author | jpierre%netscape.com <devnull@localhost> | 2002-09-06 06:53:03 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2002-09-06 06:53:03 +0000 |
commit | 2e23efd88b6a54431b663a2fd476563504b63b05 (patch) | |
tree | 98ceafde65b1eb926e0a8cb84bb1d76afc071977 | |
parent | cc2074d617c25e17922eefd30fa5263c71c1a9ee (diff) | |
download | nss-hg-2e23efd88b6a54431b663a2fd476563504b63b05.tar.gz |
Fix for 162983 - consider all certs revoked if there is a bad CRL in the cache
-rw-r--r-- | security/nss/lib/certdb/crl.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index bf1e56e20..71dc1f83a 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -1270,6 +1270,13 @@ SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn, CERTCrlEntry** returned CERTCrlEntry* acrlEntry = NULL; if (!cache || !sn) { /* no cache or SN to look up, this is bad */ + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (PR_TRUE == cache->invalid) { + /* the cache contains a bad CRL, consider all certs revoked + as a security measure */ + PORT_SetError(SEC_ERROR_CRL_INVALID); return SECFailure; } if (!cache->full) { |