Bug 910438: Have CERT_VerifyCert return the correct result when certificate verification fails and a verifyLog is not used, r=briansmith, r=rrelyea

author: Brian Smith <brian@briansmith.org> 2013-10-11 01:41:13 -0700
committer: Brian Smith <brian@briansmith.org> 2013-10-11 01:41:13 -0700
commit: 50dae5480dad5d0c26a3bc95ec083fbda98b4846 (patch)
tree: 2af92e2ca7946f442db76331dca02556611749c1 /lib/certhigh
parent: ab3d8596f260a69c7e2d386dc6f3b33b8c5b6cdf (diff)
download: nss-hg-50dae5480dad5d0c26a3bc95ec083fbda98b4846.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
index f364ceb5f..fbed385ee 100644
--- a/lib/certhigh/certvfy.c
+++ b/lib/certhigh/certvfy.c
@@ -1312,7 +1312,7 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
 	LOG_ERROR_OR_EXIT(log,cert,0,flags);
     } else if (trusted) {
-	goto winner;
+	goto done;
     }
 
 
@@ -1340,7 +1340,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
 	}
     }
 
-winner:
+done:
+    if (log && log->head) {
+      return SECFailure;
+    }
     return(SECSuccess);
 
 loser:
author	Brian Smith <brian@briansmith.org>	2013-10-11 01:41:13 -0700
committer	Brian Smith <brian@briansmith.org>	2013-10-11 01:41:13 -0700
commit	50dae5480dad5d0c26a3bc95ec083fbda98b4846 (patch)
tree	2af92e2ca7946f442db76331dca02556611749c1 /lib/certhigh
parent	ab3d8596f260a69c7e2d386dc6f3b33b8c5b6cdf (diff)
download	nss-hg-50dae5480dad5d0c26a3bc95ec083fbda98b4846.tar.gz