Fix for bug 351897 . OCSP check should only be skipped for certificateStausResponder usage alone.

Patch by Julien Pierre r=rrelyea, r=nelson a=beltzner
author: kaie%kuix.de <devnull@localhost> 2006-09-30 11:46:27 +0000
committer: kaie%kuix.de <devnull@localhost> 2006-09-30 11:46:27 +0000
commit: 383ebef5e35d023525d32eb8de8372e660545841 (patch)
tree: 5082ad016a3b898e6335e3b92ccc52e1f1395eac
parent: 7a10ad65b8e246bd3b39992389ba2a433b7b67f3 (diff)
download: nss-hg-383ebef5e35d023525d32eb8de8372e660545841.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index e55ede89d..3f9bcb80d 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -1399,7 +1399,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
         if (PR_FALSE == checkedOCSP) {
             checkedOCSP = PR_TRUE; /* only check OCSP once */
             statusConfig = CERT_GetStatusConfig(handle);
-            if ( (! (requiredUsages & certificateUsageStatusResponder)) &&
+            if ( (! (requiredUsages == certificateUsageStatusResponder)) &&
                 statusConfig != NULL) {
                 if (statusConfig->statusChecker != NULL) {
                     rv = (* statusConfig->statusChecker)(handle, cert,
author	kaie%kuix.de <devnull@localhost>	2006-09-30 11:46:27 +0000
committer	kaie%kuix.de <devnull@localhost>	2006-09-30 11:46:27 +0000
commit	383ebef5e35d023525d32eb8de8372e660545841 (patch)
tree	5082ad016a3b898e6335e3b92ccc52e1f1395eac
parent	7a10ad65b8e246bd3b39992389ba2a433b7b67f3 (diff)
download	nss-hg-383ebef5e35d023525d32eb8de8372e660545841.tar.gz