remove unneeded hack, put in a couple of error checks

security/nss/lib/certdb/stanpcertdb.c

@@ -205,11 +205,6 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
     }
     context = STAN_GetDefaultCryptoContext();
     NSSCryptoContext_ImportCertificate(context, c);
-    /* This is a hack to work around the fact that an instance of the cert
-     * doesn't really exist until the import
-     */
-    cc->nssCertificate = NULL;
-    cc = STAN_GetCERTCertificate(c);
     return cc;
 loser:
     nssArena_Destroy(arena);

security/nss/lib/certhigh/certvfy.c

@@ -412,6 +412,10 @@ loser:
     nssUsage.nss3usage = usage;
     nssUsage.nss3lookingForCA = PR_TRUE;
     memset(chain, 0, 3*sizeof(NSSCertificate *));
+    if (!me) {
+	PORT_SetError (SEC_ERROR_BAD_DATABASE);
+	return NULL;
+    }
     (void)NSSCertificate_BuildChain(me, nssTime, &nssUsage, NULL, 
                                     chain, 2, NULL, &status);
     nss_ZFreeIf(nssTime);
@@ -433,6 +437,8 @@ loser:
 		return CERT_DupCertificate(rvc);
 	    }
 	}
+    } else {
+	PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
     }
     return NULL;
 #endif