diff options
| author | alexei.volkov.bugs%sun.com <devnull@localhost> | 2009-04-10 21:44:14 +0000 |
|---|---|---|
| committer | alexei.volkov.bugs%sun.com <devnull@localhost> | 2009-04-10 21:44:14 +0000 |
| commit | 6424413517ef2e3511cdd91625eb0eb6b13cae3f (patch) | |
| tree | 95cce1daefe5d9902732be0b87d8ccc3a983251d /security/nss/lib/libpkix/pkix_pl_nss | |
| parent | 65a3130787bc41c35fd09299184ac8e6d5d0e60e (diff) | |
| download | nss-hg-6424413517ef2e3511cdd91625eb0eb6b13cae3f.tar.gz | |
420991 - libPKIX returns wrong NSS error code. r=nelson
Diffstat (limited to 'security/nss/lib/libpkix/pkix_pl_nss')
4 files changed, 30 insertions, 14 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c index 3be401691..bf40ea3f8 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c @@ -910,7 +910,6 @@ pkix_pl_CollectionCertStoreContext_GetSelectedCert( PKIX_List *selectCertList = NULL; PKIX_PL_Cert *certItem = NULL; PKIX_CertSelector_MatchCallback certSelectorMatch = NULL; - PKIX_Boolean pass = PKIX_TRUE; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; @@ -942,10 +941,10 @@ pkix_pl_CollectionCertStoreContext_GetSelectedCert( if (!PKIX_ERROR_RECEIVED){ PKIX_CHECK_ONLY_FATAL (certSelectorMatch - (selector, certItem, &pass, plContext), + (selector, certItem, plContext), PKIX_CERTSELECTORMATCHFAILED); - if (!PKIX_ERROR_RECEIVED && pass){ + if (!PKIX_ERROR_RECEIVED){ PKIX_CHECK_ONLY_FATAL (PKIX_List_AppendItem (selectCertList, @@ -1098,6 +1097,7 @@ PKIX_Error * pkix_pl_CollectionCertStore_GetCert( PKIX_CertStore *certStore, PKIX_CertSelector *selector, + PKIX_VerifyNode *verifyNode, void **pNBIOContext, PKIX_List **pCerts, void *plContext) diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c index fc3ab3c1e..b2776e802 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c @@ -590,6 +590,7 @@ PKIX_Error * pkix_pl_HttpCertStore_GetCert( PKIX_CertStore *store, PKIX_CertSelector *selector, + PKIX_VerifyNode *verifyNode, void **pNBIOContext, PKIX_List **pCertList, void *plContext) @@ -668,6 +669,7 @@ PKIX_Error * pkix_pl_HttpCertStore_GetCertContinue( PKIX_CertStore *store, PKIX_CertSelector *selector, + PKIX_VerifyNode *verifyNode, void **pNBIOContext, PKIX_List **pCertList, void *plContext) diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c index 04022cca8..964cec1f1 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c @@ -568,6 +568,7 @@ PKIX_Error * pkix_pl_LdapCertStore_GetCert( PKIX_CertStore *store, PKIX_CertSelector *selector, + PKIX_VerifyNode *verifyNode, void **pNBIOContext, PKIX_List **pCertList, void *plContext) @@ -737,6 +738,7 @@ PKIX_Error * pkix_pl_LdapCertStore_GetCertContinue( PKIX_CertStore *store, PKIX_CertSelector *selector, + PKIX_VerifyNode *verifyNode, void **pNBIOContext, PKIX_List **pCertList, void *plContext) diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index e7c13295f..4a94161a9 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -680,6 +680,7 @@ PKIX_Error * pkix_pl_Pk11CertStore_GetCert( PKIX_CertStore *store, PKIX_CertSelector *selector, + PKIX_VerifyNode *parentVerifyNode, void **pNBIOContext, PKIX_List **pCertList, void *plContext) @@ -689,11 +690,12 @@ pkix_pl_Pk11CertStore_GetCert( PKIX_PL_Cert *candidate = NULL; PKIX_List *selected = NULL; PKIX_List *filtered = NULL; - PKIX_CertSelector_MatchCallback callback = NULL; + PKIX_CertSelector_MatchCallback selectorCallback = NULL; PKIX_CertStore_CheckTrustCallback trustCallback = NULL; PKIX_ComCertSelParams *params = NULL; - PKIX_Boolean pass = PKIX_TRUE; PKIX_Boolean cacheFlag = PKIX_FALSE; + PKIX_VerifyNode *verifyNode = NULL; + PKIX_Error *selectorError = NULL; PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_GetCert"); PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList); @@ -701,7 +703,7 @@ pkix_pl_Pk11CertStore_GetCert( *pNBIOContext = NULL; /* We don't use non-blocking I/O */ PKIX_CHECK(PKIX_CertSelector_GetMatchCallback - (selector, &callback, plContext), + (selector, &selectorCallback, plContext), PKIX_CERTSELECTORGETMATCHCALLBACKFAILED); PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams @@ -740,12 +742,9 @@ pkix_pl_Pk11CertStore_GetCert( continue; /* just skip bad certs */ } - PKIX_CHECK_ONLY_FATAL(callback - (selector, candidate, &pass, plContext), - PKIX_CERTSELECTORFAILED); - - if (!(PKIX_ERROR_RECEIVED) && pass) { - + selectorError = + selectorCallback(selector, candidate, plContext); + if (!selectorError) { PKIX_CHECK(PKIX_PL_Cert_SetCacheFlag (candidate, cacheFlag, plContext), PKIX_CERTSETCACHEFLAGFAILED); @@ -761,8 +760,19 @@ pkix_pl_Pk11CertStore_GetCert( (PKIX_PL_Object *)candidate, plContext), PKIX_LISTAPPENDITEMFAILED); + } else if (parentVerifyNode) { + PKIX_CHECK_FATAL( + pkix_VerifyNode_Create(candidate, 0, selectorError, + &verifyNode, plContext), + PKIX_VERIFYNODECREATEFAILED); + PKIX_CHECK_FATAL( + pkix_VerifyNode_AddToTree(parentVerifyNode, + verifyNode, + plContext), + PKIX_VERIFYNODEADDTOTREEFAILED); + PKIX_DECREF(verifyNode); } - + PKIX_DECREF(selectorError); PKIX_DECREF(candidate); } @@ -773,11 +783,13 @@ pkix_pl_Pk11CertStore_GetCert( filtered = NULL; cleanup: - +fatal: PKIX_DECREF(filtered); PKIX_DECREF(candidate); PKIX_DECREF(selected); PKIX_DECREF(params); + PKIX_DECREF(verifyNode); + PKIX_DECREF(selectorError); PKIX_RETURN(CERTSTORE); } |