Bug 867795: Fix problems in SSL_AuthCertificate. 1) Fix variable
authorWan-Teh Chang <wtc@google.com>
Wed, 01 May 2013 16:36:15 -0700
changeset 10752 44a46d334735e8c21b7d843780dbb520677aa668
parent 10751 4f4190cc5f9fbdb924fa02fdf13b34c643043ff7
child 10753 514f784e0402a4c5878fc62ab24c54c7646f015e
push id62
push userwtc@google.com
push dateWed, 01 May 2013 23:36:37 +0000
bugs867795
Bug 867795: Fix problems in SSL_AuthCertificate. 1) Fix variable declaration formatting. 2) Pass ss->pkcs11PinArg as the pwArg argument to CERT_CacheOCSPResponseFromSideChannel. 3) Pass ss->sec.peerCert only with &certStatusArray->items[0] to CERT_CacheOCSPResponseFromSideChannel. r=sleevi.
lib/ssl/sslauth.c
--- a/lib/ssl/sslauth.c
+++ b/lib/ssl/sslauth.c
@@ -208,33 +208,33 @@ SSL_SetPKCS11PinArg(PRFileDesc *s, void 
  */
 SECStatus
 SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
 {
     SECStatus          rv;
     CERTCertDBHandle * handle;
     sslSocket *        ss;
     SECCertUsage       certUsage;
-    const char *             hostname    = NULL;
+    const char *       hostname    = NULL;
     PRTime             now = PR_Now();
-    SECItemArray *certStatusArray;
-    unsigned int i;
+    SECItemArray *     certStatusArray;
     
     ss = ssl_FindSocket(fd);
     PORT_Assert(ss != NULL);
     if (!ss) {
 	return SECFailure;
     }
 
     handle = (CERTCertDBHandle *)arg;
     certStatusArray = &ss->sec.ci.sid->peerCertStatus;
 
-    for (i = 0; i < certStatusArray->len; ++i) {
+    if (certStatusArray->len) {
         CERT_CacheOCSPResponseFromSideChannel(handle, ss->sec.peerCert,
-					now, &certStatusArray->items[i], arg);
+					now, &certStatusArray->items[0],
+					ss->pkcs11PinArg);
     }
 
     /* this may seem backwards, but isn't. */
     certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
 
     rv = CERT_VerifyCert(handle, ss->sec.peerCert, checkSig, certUsage,
 			 now, ss->pkcs11PinArg, NULL);