232937 - crlutil returns 0 when import fails, invalidates pkits test results

Status: RESOLVED FIXED

(NSS :: Tools, defect, P2)

Description

[Nelson Bolyard (seldom reads bugmail)]

The nss utility command crlutil returns zero (success), even when it fails
to import the cert (under some conditions).  This causes the results of
the pkits.sh test script to be incorrect for numerous test cases.

Patch forthcoming.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Attachment: patch v1

This patch does the following things, all in function ImportCRL
a) sets rv=SECFailure if PK11_ImportCRL returns NULL.
b) conditionally compiles some time measurement code.
c) fixes some indentation and line wrapping.

Comment 2

[Nelson Bolyard (seldom reads bugmail)]

Comment on attachment 140483 [details] [diff] [review]
patch v1

Julien, please review.

Comment 3

[Julien Pierre]

Comment on attachment 140483 [details] [diff] [review]
patch v1

I'm not sure about that "not up to date" message when errString is zero . I
don't know why that should be there. But you are only changing the
formatting...

While you are at it, I think the SEC_DestroyCrl just below that I put last week
should be in an else statement, otherwise we will try to free NULL. Oops.

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

The patch I checked in included the additional changes suggested by julien.

/cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v  <--  crlutil.c
new revision: 1.23; previous revision: 1.22

One immediate consequence of this path is that many more pkits test cases
appear to be broken.  However, in some cases, this is merely because 
the pkits.sh test script invokes crlImport instead of crlImportn