From 6f2d3b5cd64d7c4ccddd4e9f2cc7d4ca059f0b0a Mon Sep 17 00:00:00 2001
From: "ian.mcgreer%sun.com" <ian.mcgreer%sun.com>
Date: Fri, 14 Dec 2001 18:50:49 +0000
Subject: [PATCH] missed as part of last checkin, hack needed when certs come
 out of crypto context or cache

---
 security/nss/lib/certhigh/certvfy.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index bd43be1b4495..85407ff445c0 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -421,8 +421,17 @@ loser:
 	    /* need to dupe since caller expects new cert */
 	    return CERT_DupCertificate(cert);
 	} else {
-	    /* this is the only instance */
-	    return STAN_GetCERTCertificate(chain[1]);
+	    CERTCertificate *rvc;
+	    /* XXX hack - if this is the only instance, return it, otherwise
+	     * the cert came out of the cache or a crypto context, in 
+	     * which case it needs to be duped
+	     */
+	    if (!chain[1]->decoding) {
+		return STAN_GetCERTCertificate(chain[1]);
+	    } else {
+		rvc = STAN_GetCERTCertificate(chain[1]);
+		return CERT_DupCertificate(rvc);
+	    }
 	}
     }
     return NULL;