The nss utility command crlutil returns zero (success), even when it fails to import the cert (under some conditions). This causes the results of the pkits.sh test script to be incorrect for numerous test cases. Patch forthcoming.
Created attachment 140483 [details] [diff] [review] patch v1 This patch does the following things, all in function ImportCRL a) sets rv=SECFailure if PK11_ImportCRL returns NULL. b) conditionally compiles some time measurement code. c) fixes some indentation and line wrapping.
Comment on attachment 140483 [details] [diff] [review] patch v1 Julien, please review.
Attachment #140483 - Flags: review?(jpierre)
Comment on attachment 140483 [details] [diff] [review] patch v1 I'm not sure about that "not up to date" message when errString is zero . I don't know why that should be there. But you are only changing the formatting... While you are at it, I think the SEC_DestroyCrl just below that I put last week should be in an else statement, otherwise we will try to free NULL. Oops.
Attachment #140483 - Flags: review?(jpierre) → review+
The patch I checked in included the additional changes suggested by julien. /cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v <-- crlutil.c new revision: 1.23; previous revision: 1.22 One immediate consequence of this path is that many more pkits test cases appear to be broken. However, in some cases, this is merely because the pkits.sh test script invokes crlImport instead of crlImportn
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.