Bug 910438: Have CERT_VerifyCert return the correct result when certificate verification fails and a verifyLog is not used, r=briansmith, r=rrelyea NSS_3_15_3_RELEASE_BRANCH
authorBrian Smith <brian@briansmith.org>
Fri, 11 Oct 2013 01:41:13 -0700
branchNSS_3_15_3_RELEASE_BRANCH
changeset 10907 e36c33b6e2a7c01c4b8fe5de8d8af2a0eaac7571
parent 10906 8d2633bd8ebb13429f5af414dd7f36c144bf95f5
child 10908 742638de6ba3af57233bc9b6377a9a9be2a59724
push id201
push userkaie@kuix.de
push dateThu, 07 Nov 2013 13:21:57 +0000
reviewersbriansmith, rrelyea
bugs910438
Bug 910438: Have CERT_VerifyCert return the correct result when certificate verification fails and a verifyLog is not used, r=briansmith, r=rrelyea
lib/certhigh/certvfy.c
--- a/lib/certhigh/certvfy.c
+++ b/lib/certhigh/certvfy.c
@@ -1307,17 +1307,17 @@ CERT_VerifyCert(CERTCertDBHandle *handle
 	LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType);
     }
 
     rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted);
     if (rv  == SECFailure) {
 	PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
 	LOG_ERROR_OR_EXIT(log,cert,0,flags);
     } else if (trusted) {
-	goto winner;
+	goto done;
     }
 
 
     rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage,
 			      t, wincx, log);
     if (rv != SECSuccess) {
 	EXIT_IF_NOT_LOGGING(log);
     }
@@ -1335,17 +1335,20 @@ CERT_VerifyCert(CERTCertDBHandle *handle
 	    rv = (* statusConfig->statusChecker)(handle, cert,
 							 t, wincx);
 	    if (rv != SECSuccess) {
 		LOG_ERROR_OR_EXIT(log,cert,0,0);
 	    }
 	}
     }
 
-winner:
+done:
+    if (log && log->head) {
+      return SECFailure;
+    }
     return(SECSuccess);
 
 loser:
     rv = SECFailure;
     
     return(rv);
 }