Bug 1309145 - if certificate validation fails update the status bits. r?dkeeler
MozReview-Commit-ID: JpX7aiPH4n1
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -1390,47 +1390,47 @@ AuthCertificate(CertVerifier& certVerifi
// The connection may get terminated, for example, if the server requires
// a client cert. Let's provide a minimal SSLStatus
// to the caller that contains at least the cert and its status.
if (!status) {
status = new nsSSLStatus();
infoObject->SetSSLStatus(status);
}
- if (rv == Success) {
// Certificate verification succeeded delete any potential record
// of certificate error bits.
RememberCertErrorsTable::GetInstance().RememberCertHasError(infoObject,
nullptr,
SECSuccess);
- } else {
- // Certificate verification failed, update the status' bits.
- RememberCertErrorsTable::GetInstance().LookupCertErrorBits(
+ } else {
+ // Certificate validation failed; store the peer certificate chain on
+ // infoObject so it can be used for error reporting and update the status'
+ // bits.
+ infoObject->SetFailedCertChain(Move(peerCertChain));
+ PR_SetError(MapResultToPRErrorCode(rv), 0);
+ RememberCertErrorsTable::GetInstance().LookupCertErrorBits(
infoObject, status);
- }
+ }
if (status && !status->HasServerCert()) {
nsNSSCertificate::EVStatus evStatus;
if (evOidPolicy == SEC_OID_UNKNOWN || rv != Success) {
evStatus = nsNSSCertificate::ev_status_invalid;
} else {
evStatus = nsNSSCertificate::ev_status_valid;
}
status->SetServerCert(nsc, evStatus);
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("AuthCertificate setting NEW cert %p\n", nsc.get()));
}
- }
if (rv != Success) {
- // Certificate validation failed; store the peer certificate chain on
- // infoObject so it can be used for error reporting.
- infoObject->SetFailedCertChain(Move(peerCertChain));
- PR_SetError(MapResultToPRErrorCode(rv), 0);
+
+
}
return rv == Success ? SECSuccess : SECFailure;
}
/*static*/ SECStatus
SSLServerCertVerificationJob::Dispatch(
const RefPtr<SharedCertVerifier>& certVerifier,