nss/lib/certdb/crl.c - Issue 1017413002: Uprev NSS to 3.18 RTM

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: nss/lib/certdb/crl.c

Issue 1017413002: Uprev NSS to 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev

Patch Set: Rebased Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: nss/lib/certdb/crl.c

diff --git a/nss/lib/certdb/crl.c b/nss/lib/certdb/crl.c

index 1551cd1bb1a91063c2dc6ec340f10a8ae69620bc..9f9aa0b2afac44e106296cbba6fa610bc2b52600 100644

--- a/nss/lib/certdb/crl.c

+++ b/nss/lib/certdb/crl.c

@@ -1123,9 +1123,9 @@ static SECStatus DPCache_Destroy(CRLDPCache* cache)

PORT_Free(cache->crls);

}

/* destroy the cert */

- if (cache->issuer)

+ if (cache->issuerDERCert)

{

- CERT_DestroyCertificate(cache->issuer);

+ SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE);

}

/* free the subject */

if (cache->subject)

@@ -1571,14 +1571,20 @@ static SECStatus CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject,

else

{

SECStatus signstatus = SECFailure;

- if (cache->issuer)

+ if (cache->issuerDERCert)

{

- signstatus = CERT_VerifyCRL(crlobject->crl, cache->issuer, vfdate,

+ CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle,

+ cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);

+ if (issuer) {

+ signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate,

wincx);

+ CERT_DestroyCertificate(issuer);

+ }

}

if (SECSuccess != signstatus)

{

- if (!cache->issuer)

+ if (!cache->issuerDERCert)

{

/* we tried to verify without an issuer cert . This is

because this CRL came through a call to SEC_FindCrlByName.

@@ -1925,15 +1931,16 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate*

}

/* add issuer certificate if it was previously unavailable */

- if (issuer && (NULL == cache->issuer) &&

+ if (issuer && (NULL == cache->issuerDERCert) &&

(SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN)))

{

/* if we didn't have a valid issuer cert yet, but we do now. add it */

DPCache_LockWrite();

- if (!cache->issuer)

+ if (!cache->issuerDERCert)

{

dirty = PR_TRUE;

- cache->issuer = CERT_DupCertificate(issuer);

+ cache->dbHandle = issuer->dbhandle;

+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);

}

DPCache_UnlockWrite();

}

@@ -1944,7 +1951,7 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate*

SEC_FindCrlByName, or through manual insertion, rather than through a

certificate verification (CERT_CheckCRL) */

- if (cache->issuer && vfdate )

+ if (cache->issuerDERCert && vfdate )

{

mustunlock = PR_FALSE;

/* re-process all unverified CRLs */

@@ -2201,7 +2208,8 @@ static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,

}

if (issuer)

{

- cache->issuer = CERT_DupCertificate(issuer);

+ cache->dbHandle = issuer->dbhandle;

+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);

}

cache->distributionPoint = SECITEM_DupItem(dp);

cache->subject = SECITEM_DupItem(subject);

« no previous file with comments | « nss/lib/certdb/certv3.c ('k') | nss/lib/certdb/xconst.c » ('j') | no next file with comments »