Backed out changeset 1c3cce4e0395 (bug 1040889) for Windows bustage.
authorRyan VanderMeulen <ryanvm@gmail.com>
Thu, 31 Jul 2014 09:02:28 -0400
changeset 208206 3d310f9e5e5e
parent 208205 55731dcb4b17
child 208207 247751fedbeb
push id3767
push userryanvm@gmail.com
push date2014-07-31 13:02 +0000
treeherdermozilla-beta@3d310f9e5e5e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1040889
milestone32.0
backs out1c3cce4e0395
Backed out changeset 1c3cce4e0395 (bug 1040889) for Windows bustage.
security/certverifier/NSSCertDBTrustDomain.cpp
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -359,53 +359,39 @@ NSSCertDBTrustDomain::CheckRevocation(
 
   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
   if (!arena) {
     return SECFailure;
   }
 
   // Only request a response if we didn't have a cached indication of failure
   // (don't keep requesting responses from a failing server).
-  const SECItem* response;
-  bool attemptedRequest;
-  PRErrorCode error;
+  const SECItem* response = nullptr;
   if (cachedResponseErrorCode == 0 ||
       cachedResponseErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
       cachedResponseErrorCode == SEC_ERROR_OCSP_OLD_RESPONSE) {
     const SECItem* request(CreateEncodedOCSPRequest(arena.get(), cert,
                                                     issuerCert));
     if (!request) {
       return SECFailure;
     }
 
     response = DoOCSPRequest(arena.get(), url.get(), request,
                              OCSPFetchingTypeToTimeoutTime(mOCSPFetching),
                              mOCSPGetConfig == CertVerifier::ocsp_get_enabled);
-    if (!response) {
-      error = PR_GetError();
-    }
-    attemptedRequest = true;
-  } else {
-    error = cachedResponseErrorCode;
-    response = nullptr;
-    attemptedRequest = false;
   }
 
-  // If we don't have a response, either something went wrong when fetching it
-  // or we didn't attempt to fetch a response because of a failing responder.
   if (!response) {
-    MOZ_ASSERT(error != 0);
-    // If we haven't actually attempted to fetch a response, we have nothing
-    // new to tell the cache. Otherwise, we do.
-    if (attemptedRequest) {
-      PRTime timeout = time + ServerFailureDelay;
-      SECStatus rv = mOCSPCache.Put(cert, issuerCert, error, time, timeout);
-      if (rv != SECSuccess) {
-        return SECFailure;
-      }
+    PRErrorCode error = PR_GetError();
+    if (error == 0) {
+      error = cachedResponseErrorCode;
+    }
+    PRTime timeout = time + ServerFailureDelay;
+    if (mOCSPCache.Put(cert, issuerCert, error, time, timeout) != SECSuccess) {
+      return SECFailure;
     }
     PR_SetError(error, 0);
     if (mOCSPFetching != FetchOCSPForDVSoftFail) {
       PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
              ("NSSCertDBTrustDomain: returning SECFailure after "
               "OCSP request failure"));
       return SECFailure;
     }
@@ -440,17 +426,17 @@ NSSCertDBTrustDomain::CheckRevocation(
                                                         ResponseIsFromNetwork,
                                                         expired);
   if (rv == SECSuccess || mOCSPFetching != FetchOCSPForDVSoftFail) {
     PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
       ("NSSCertDBTrustDomain: returning after VerifyEncodedOCSPResponse"));
     return rv;
   }
 
-  error = PR_GetError();
+  PRErrorCode error = PR_GetError();
   if (error == SEC_ERROR_OCSP_UNKNOWN_CERT ||
       error == SEC_ERROR_REVOKED_CERTIFICATE) {
     return rv;
   }
 
   if (stapledOCSPResponseErrorCode != 0) {
     PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
            ("NSSCertDBTrustDomain: returning SECFailure from expired stapled "