Closed Bug 642697 Opened 12 years ago Closed 11 years ago

Incomplete/confusing error handling in nsNSSBadCertHandler

Tracking

()

Status:

RESOLVED DUPLICATE of bug 674147

People

(Reporter: briansmith, Unassigned)

Details

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Description

•

12 years ago

See bug 642395 comment 36 and the following comments in that bug. 

The code is:

  if (!collected_errors)
  {
    NS_NOTREACHED("why did NSS call our bad cert handler if \
                   all looks good? Let's cancel the connection");
    return SECFailure;
  }

The assertion is reached when the fix for bug 642395 is used and (probably) when a revoked certificate has been encountered, so the NS_NOTREACHED assertion is invalid.

Additionally, all other return statements are of the form:

   nsHandleSSLError(infoObject, i_node->error);
   PR_SetError(...);
   return cancel_and_failure(infoObject);

If nsHandleSSLError and/or cancel_and_failure are not needed, then the code should be documented with a note as to why they are not needed in this specific case.

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Comment 1

•

11 years ago

Fixed in the patch for bug 674147.

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Incomplete/confusing error handling in nsNSSBadCertHandler

Categories

(Core :: Security: PSM, defect)

Tracking

()

People

(Reporter: briansmith, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1