Bug 978528: Return the correct error message when no potential issuers are found during path bulding in insanitY::pkix, r=cviecco

--HG--
extra : rebase_source : 71f806312ad322bc2971e7efaea2da217b07efad
This commit is contained in:
Brian Smith 2014-03-01 20:55:51 -08:00
Родитель b289d5a44e
Коммит dbb4eb51fe
4 изменённых файлов: 5 добавлений и 21 удалений

Просмотреть файл

@ -98,15 +98,6 @@ AppTrustDomain::FindPotentialIssuers(const SECItem* encodedIssuerName,
results = CERT_CreateSubjectCertList(nullptr, CERT_GetDefaultCertDB(),
encodedIssuerName, time, true);
if (!results) {
// NSS sometimes returns this unhelpful error code upon failing to find any
// candidate certificates.
if (PR_GetError() == SEC_ERROR_BAD_DATABASE) {
PR_SetError(SEC_ERROR_UNKNOWN_ISSUER, 0);
}
return SECFailure;
}
return SECSuccess;
}

Просмотреть файл

@ -57,15 +57,6 @@ NSSCertDBTrustDomain::FindPotentialIssuers(
// "there was an error trying to retrieve the potential issuers."
results = CERT_CreateSubjectCertList(nullptr, CERT_GetDefaultCertDB(),
encodedIssuerName, time, true);
if (!results) {
// NSS sometimes returns this unhelpful error code upon failing to find any
// candidate certificates.
if (PR_GetError() == SEC_ERROR_BAD_DATABASE) {
PR_SetError(SEC_ERROR_UNKNOWN_ISSUER, 0);
}
return SECFailure;
}
return SECSuccess;
}

Просмотреть файл

@ -73,8 +73,11 @@ public:
// Find all certificates (intermediate and/or root) in the certificate
// database that have a subject name matching |encodedIssuerName| at
// the given time. Certificates where the given time is not within the
// certificate's validity period may be excluded. The results should be
// added to the |results| certificate list.
// certificate's validity period may be excluded. On input, |results|
// will be null on input. If no potential issuers are found, then this
// function should return SECSuccess with results being either null or
// an empty list. Otherwise, this function should construct a
// CERTCertList and return it in |results|, transfering ownership.
virtual SECStatus FindPotentialIssuers(const SECItem* encodedIssuerName,
PRTime time,
/*out*/ ScopedCERTCertList& results) = 0;

Просмотреть файл

@ -232,7 +232,6 @@ BuildForward(TrustDomain& trustDomain,
candidates) != SECSuccess) {
return MapSECStatus(SECFailure);
}
PORT_Assert(candidates.get());
if (!candidates) {
return Fail(RecoverableError, SEC_ERROR_UNKNOWN_ISSUER);
}