crlutil returns 0 when import fails, invalidates pkits test results

RESOLVED FIXED in 3.10

Status

P2
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: nelson, Assigned: nelson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

The nss utility command crlutil returns zero (success), even when it fails
to import the cert (under some conditions).  This causes the results of
the pkits.sh test script to be incorrect for numerous test cases.

Patch forthcoming.
(Assignee)

Comment 1

15 years ago
Created attachment 140483 [details] [diff] [review]
patch v1

This patch does the following things, all in function ImportCRL
a) sets rv=SECFailure if PK11_ImportCRL returns NULL.
b) conditionally compiles some time measurement code.
c) fixes some indentation and line wrapping.
(Assignee)

Comment 2

15 years ago
Comment on attachment 140483 [details] [diff] [review]
patch v1

Julien, please review.
Attachment #140483 - Flags: review?(jpierre)

Comment 3

15 years ago
Comment on attachment 140483 [details] [diff] [review]
patch v1

I'm not sure about that "not up to date" message when errString is zero . I
don't know why that should be there. But you are only changing the
formatting...

While you are at it, I think the SEC_DestroyCrl just below that I put last week
should be in an else statement, otherwise we will try to free NULL. Oops.
Attachment #140483 - Flags: review?(jpierre) → review+
(Assignee)

Comment 4

15 years ago
The patch I checked in included the additional changes suggested by julien.

/cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v  <--  crlutil.c
new revision: 1.23; previous revision: 1.22

One immediate consequence of this path is that many more pkits test cases
appear to be broken.  However, in some cases, this is merely because 
the pkits.sh test script invokes crlImport instead of crlImportn
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.