Mercurial > mozreview > gecko / changeset / b179d3247d3e8d5eac2f3e3f7122d44a753912e2
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1309145 - if certificate validation fails update the status bits. r?dkeeler draft
authorAndi-Bogdan Postelnicu <bpostelnicu@mozilla.com>
Tue, 11 Oct 2016 13:20:04 +0300
changeset 423537 b179d3247d3e8d5eac2f3e3f7122d44a753912e2
parent 423365 723c2e894079d0c870a1b78679f971c7a1d3d31f
child 533478 73a7823aaa56134b8dcd6e06ab6db2f87605c579
push id31934
push userbmo:bpostelnicu@mozilla.com
push dateTue, 11 Oct 2016 10:21:00 +0000
reviewersdkeeler
bugs1309145
milestone52.0a1
Bug 1309145 - if certificate validation fails update the status bits. r?dkeeler MozReview-Commit-ID: JpX7aiPH4n1
security/manager/ssl/SSLServerCertVerification.cpp file | annotate | diff | comparison | revisions 
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -1390,47 +1390,47 @@ AuthCertificate(CertVerifier& certVerifi
     // The connection may get terminated, for example, if the server requires
     // a client cert. Let's provide a minimal SSLStatus
     // to the caller that contains at least the cert and its status.
     if (!status) {
       status = new nsSSLStatus();
       infoObject->SetSSLStatus(status);
     }
 
-    if (rv == Success) {
       // Certificate verification succeeded delete any potential record
       // of certificate error bits.
       RememberCertErrorsTable::GetInstance().RememberCertHasError(infoObject,
                                                                   nullptr,
                                                                   SECSuccess);
-    } else {
-      // Certificate verification failed, update the status' bits.
-      RememberCertErrorsTable::GetInstance().LookupCertErrorBits(
+  } else {
+    // Certificate validation failed; store the peer certificate chain on
+    // infoObject so it can be used for error reporting and update the status'
+    // bits.
+    infoObject->SetFailedCertChain(Move(peerCertChain));
+    PR_SetError(MapResultToPRErrorCode(rv), 0);
+    RememberCertErrorsTable::GetInstance().LookupCertErrorBits(
         infoObject, status);
-    }
+  }
 
     if (status && !status->HasServerCert()) {
       nsNSSCertificate::EVStatus evStatus;
       if (evOidPolicy == SEC_OID_UNKNOWN || rv != Success) {
         evStatus = nsNSSCertificate::ev_status_invalid;
       } else {
         evStatus = nsNSSCertificate::ev_status_valid;
       }
 
       status->SetServerCert(nsc, evStatus);
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
              ("AuthCertificate setting NEW cert %p\n", nsc.get()));
     }
-  }
 
   if (rv != Success) {
-    // Certificate validation failed; store the peer certificate chain on
-    // infoObject so it can be used for error reporting.
-    infoObject->SetFailedCertChain(Move(peerCertChain));
-    PR_SetError(MapResultToPRErrorCode(rv), 0);
+
+
   }
 
   return rv == Success ? SECSuccess : SECFailure;
 }
 
 /*static*/ SECStatus
 SSLServerCertVerificationJob::Dispatch(
   const RefPtr<SharedCertVerifier>& certVerifier,
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.