diff options
author | kaie%kuix.de <devnull@localhost> | 2006-09-30 11:46:27 +0000 |
---|---|---|
committer | kaie%kuix.de <devnull@localhost> | 2006-09-30 11:46:27 +0000 |
commit | 383ebef5e35d023525d32eb8de8372e660545841 (patch) | |
tree | 5082ad016a3b898e6335e3b92ccc52e1f1395eac | |
parent | 7a10ad65b8e246bd3b39992389ba2a433b7b67f3 (diff) | |
download | nss-hg-383ebef5e35d023525d32eb8de8372e660545841.tar.gz |
Fix for bug 351897 . OCSP check should only be skipped for certificateStausResponder usage alone.
Patch by Julien Pierre
r=rrelyea, r=nelson
a=beltzner
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index e55ede89d..3f9bcb80d 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -1399,7 +1399,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert, if (PR_FALSE == checkedOCSP) { checkedOCSP = PR_TRUE; /* only check OCSP once */ statusConfig = CERT_GetStatusConfig(handle); - if ( (! (requiredUsages & certificateUsageStatusResponder)) && + if ( (! (requiredUsages == certificateUsageStatusResponder)) && statusConfig != NULL) { if (statusConfig->statusChecker != NULL) { rv = (* statusConfig->statusChecker)(handle, cert, |