390381 - libpkix rejects cert chain when root CA cert has no basic constraints.

Patch: log correct error info. r=nelson git-svn-id: svn://10.0.0.236/trunk@247880 18797224-902f-48f8-a5cc-f745e15eee43
2008-03-14 23:41:03 +00:00 · 2008-03-14 23:41:03 +00:00 · bcf6f9b92c
commit bcf6f9b92c
parent 6e7b7dba1d
3 changed files with 2 additions and 3 deletions
--- a/mozilla/security/nss/lib/certhigh/certvfypkix.c
+++ b/mozilla/security/nss/lib/certhigh/certvfypkix.c
@ -835,7 +835,7 @@ cert_PkixErrorToNssCode(
        }
        if (pkixLog) {
            PR_LOG(pkixLog, 1, ("Error at level %d: %s\n", errLevel,
-                                PKIX_ErrorText[error->errCode]));
+                                PKIX_ErrorText[errPtr->errCode]));
        }
        errPtr = errPtr->cause;
        errLevel += 1; 
--- a/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c
+++ b/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c
@ -1038,6 +1038,7 @@ cleanup:
            goto cleanup; \
        } \
        if (verifyNode) { \
+            PKIX_DECREF(verifyNode->error); \
            PKIX_INCREF(pkixErrorResult); \
            verifyNode->error = pkixErrorResult; \
        } \
--- a/mozilla/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c
+++ b/mozilla/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.c
@ -328,7 +328,6 @@ pkix_pl_EkuChecker_Check(
        void *plContext)
 {
        pkix_pl_EkuChecker *state = NULL;
-        PKIX_List *certEkuList = NULL;
        PKIX_Boolean checkPassed = PKIX_TRUE;

        PKIX_ENTER(EKUCHECKER, "pkix_pl_EkuChecker_Check");
@ -357,7 +356,6 @@ pkix_pl_EkuChecker_Check(

 cleanup:

-        PKIX_DECREF(certEkuList);
        PKIX_DECREF(state);

        PKIX_RETURN(EKUCHECKER);