Backed out changeset 4355f55afeb2 (Bug 1158489)

author: Martin Thomson <martin.thomson@gmail.com> 2015-08-12 09:44:25 -0700
committer: Martin Thomson <martin.thomson@gmail.com> 2015-08-12 09:44:25 -0700
commit: 225703849bf43ff466e4dcfd3b68c30486e8ad12 (patch)
tree: a6970da1dad182eb7e0d6a346cec7bb89205a789 /lib/certdb
parent: df18e4c7e5e9ad31fab45575896fba7d2bc24250 (diff)
download: nss-hg-225703849bf43ff466e4dcfd3b68c30486e8ad12.tar.gz
4 files changed, 50 insertions, 29 deletions
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
index f282bbb9f..2581be227 100644
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -2443,6 +2443,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
 {
     unsigned int i;
     CERTCertificate **certs = NULL;
+    SECStatus rv;
     unsigned int fcerts = 0;
 
     if ( ncerts ) {
@@ -2490,11 +2491,10 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
 		     * know which cert it belongs to. But we still may try
                      * the individual canickname from the cert itself.
 		     */
-                    /* Bug 1192442 - propagate errors from these calls. */
-		    (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
+		    rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL);
 		} else {
-		    (void)CERT_AddTempCertToPerm(certs[i],
-                                                 nickname?nickname:canickname, NULL);
+		    rv = CERT_AddTempCertToPerm(certs[i],
+                                                nickname?nickname:canickname, NULL);
 		}
 
                 PORT_Free(canickname);
@@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
 	}
     }
 
-    return (fcerts || !ncerts) ? SECSuccess : SECFailure;
+    return ((fcerts || !ncerts) ? SECSuccess : SECFailure);
 }
 
 /*
@@ -2893,16 +2893,15 @@ CERT_LockCertRefCount(CERTCertificate *cert)
 void
 CERT_UnlockCertRefCount(CERTCertificate *cert)
 {
+    PRStatus prstat;
+
     PORT_Assert(certRefCountLock != NULL);
     
-#ifdef DEBUG
-    {
-        PRStatus prstat = PZ_Unlock(certRefCountLock);
-        PORT_Assert(prstat == PR_SUCCESS);
-    }
-#else
-    PZ_Unlock(certRefCountLock);
-#endif
+    prstat = PZ_Unlock(certRefCountLock);
+    
+    PORT_Assert(prstat == PR_SUCCESS);
+
+    return;
 }
 
 static PZLock *certTrustLock = NULL;
@@ -2974,16 +2973,15 @@ cert_DestroyLocks(void)
 void
 CERT_UnlockCertTrust(const CERTCertificate *cert)
 {
+    PRStatus prstat;
+
     PORT_Assert(certTrustLock != NULL);
     
-#ifdef DEBUG
-    {
-        PRStatus prstat = PZ_Unlock(certTrustLock);
-        PORT_Assert(prstat == PR_SUCCESS);
-    }
-#else
-    PZ_Unlock(certTrustLock);
-#endif
+    prstat = PZ_Unlock(certTrustLock);
+    
+    PORT_Assert(prstat == PR_SUCCESS);
+
+    return;
 }
 
 
diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c
index c1a10ef59..9f9aa0b2a 100644
--- a/lib/certdb/crl.c
+++ b/lib/certdb/crl.c
@@ -627,6 +627,7 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
     CERTSignedCrl *oldCrl = NULL, *crl = NULL;
     PRBool deleteOldCrl = PR_FALSE;
     CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE;
+    SECStatus rv;
 
     PORT_Assert(newCrl);
     PORT_Assert(derCrl);
@@ -639,8 +640,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
 
     /* we can't use the cache here because we must look in the same
        token */
-    (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
-                                 &oldCrl, CRL_DECODE_SKIP_ENTRIES);
+    rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
+                                &oldCrl, CRL_DECODE_SKIP_ENTRIES);
     /* if there is an old crl on the token, make sure the one we are
        installing is newer. If not, exit out, otherwise delete the
        old crl.
@@ -2692,7 +2693,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
             }
             if (SECFailure == rv)
             {
-                (void)CERT_FindCRLEntryReasonExten(entry, &reason);
+                SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason);
                 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
             }
             break;
@@ -3049,7 +3050,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
 {
     NamedCRLCacheEntry* oldEntry, * newEntry = NULL;
     NamedCRLCache* ncc = NULL;
-    SECStatus rv = SECSuccess;
+    SECStatus rv = SECSuccess, rv2;
 
     PORT_Assert(namedCRLCache.lock);
     PORT_Assert(namedCRLCache.entries);
@@ -3087,7 +3088,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
                                         (void*) newEntry))
             {
                 PORT_Assert(0);
-                NamedCRLCacheEntry_Destroy(newEntry);
+                rv2 = NamedCRLCacheEntry_Destroy(newEntry);
+                PORT_Assert(SECSuccess == rv2);
                 rv = SECFailure;
             }
         }
@@ -3110,7 +3112,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
             }
             else
             {
-                PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+                rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
+                PORT_Assert(SECSuccess == rv2);
             }
             if (NULL == PL_HashTableAdd(namedCRLCache.entries,
                                       (void*) newEntry->canonicalizedName,
@@ -3157,7 +3160,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
                 }
                 else
                 {
-                    PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+                    rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
+                    PORT_Assert(SECSuccess == rv2);
                 }
                 if (NULL == PL_HashTableAdd(namedCRLCache.entries,
                                           (void*) newEntry->canonicalizedName,
@@ -3169,7 +3173,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
             }
         }
     }
-    PORT_AssertSuccess(cert_ReleaseNamedCRLCache(ncc));
+    rv2 = cert_ReleaseNamedCRLCache(ncc);
+    PORT_Assert(SECSuccess == rv2);
 
     return rv;
 }
diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c
index 6529a6a09..04c8a7712 100644
--- a/lib/certdb/genname.c
+++ b/lib/certdb/genname.c
@@ -67,6 +67,16 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = {
       sizeof(CERTGeneralName) }
 };
 
+static const SEC_ASN1Template CERTOtherName2Template[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
+      0, NULL, sizeof(CERTGeneralName) },
+    { SEC_ASN1_OBJECT_ID,
+	  offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) },
+    { SEC_ASN1_ANY,
+	  offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) },
+    { 0, } 
+};
+
 static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 ,
           offsetof(CERTGeneralName, name.other),
diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c
index 88a0cf75e..d070bbfc7 100644
--- a/lib/certdb/secname.c
+++ b/lib/certdb/secname.c
@@ -240,6 +240,14 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
     return 0;
 }
 
+/************************************************************************/
+/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
+static const SEC_ASN1Template cert_RDNTemplate[] = {
+    { SEC_ASN1_SET_OF,
+	  offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
+};
+
+
 CERTRDN *
 CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
 {
author	Martin Thomson <martin.thomson@gmail.com>	2015-08-12 09:44:25 -0700
committer	Martin Thomson <martin.thomson@gmail.com>	2015-08-12 09:44:25 -0700
commit	225703849bf43ff466e4dcfd3b68c30486e8ad12 (patch)
tree	a6970da1dad182eb7e0d6a346cec7bb89205a789 /lib/certdb
parent	df18e4c7e5e9ad31fab45575896fba7d2bc24250 (diff)
download	nss-hg-225703849bf43ff466e4dcfd3b68c30486e8ad12.tar.gz