Fix for 156802 - remove improper check in CRL decoding
authorjpierre%netscape.com
Fri, 19 Jul 2002 00:12:13 +0000
changeset 3334 dac9dd3992c4bb2431ad7266d25684fde0911fad
parent 3333 af5042113db66509b4643b2e6c1f237adcfe9c88
child 3335 817e42ba7d43b30c8b9ed82bdcfe0fdbf19aec1a
push idunknown
push userunknown
push dateunknown
bugs156802
Fix for 156802 - remove improper check in CRL decoding
security/nss/lib/certdb/crl.c
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -234,20 +234,16 @@ SECStatus cert_check_crl_version (CERTCr
 		PORT_SetError (SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
 		return (SECFailure);
 	    }
 	}
     }
 
 	
     if (crl->entries == NULL) {
-	if (hasCriticalExten == PR_FALSE && version == SEC_CRL_VERSION_2) {
-	    PORT_SetError (SEC_ERROR_BAD_DER);
-	    return (SECFailure);
-	}
         return (SECSuccess);
     }
     /* Look in the crl entry extensions.  If there is a critical extension,
        then the crl version must be v2; otherwise, it should be v1.
      */
     entries = crl->entries;
     while (*entries) {
 	entry = *entries;