openldap/openldap-nss-dont-overwrite-verify-cert-error.patch

MozNSS: do not overwrite error in tlsm_verify_cert

Author: Jan Vcelak <jvcelak@redhat.com>
Resolves: #810462
Upstream ITS: #7287
Upstream commit: dc3842fca318f00da20a8be1cfb5d690ccc7d482

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index b608551..4c18360 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1019,6 +1019,10 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
 				   is self issued */
 				if ( ( node->error == SEC_ERROR_CA_CERT_INVALID ) &&
 					 tlsm_cert_is_self_issued( node->cert ) ) {
+
+					PRErrorCode orig_error = PR_GetError();
+					PRInt32 orig_oserror = PR_GetOSError();
+
 					CERTBasicConstraints basicConstraint;
 					SECStatus rv = tlsm_get_basic_constraint_extension( node->cert, &basicConstraint );
 					if ( ( rv == SECSuccess ) && ( basicConstraint.isCA == PR_FALSE ) ) {
@@ -1032,6 +1036,9 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
 							   "TLS: certificate [%s] is not valid - CA cert is not valid\n",
 							   name, 0, 0 );
 					}
+
+					PR_SetError(orig_error, orig_oserror);
+
 				} else if ( errorToIgnore && ( node->error == errorToIgnore ) ) {
 					Debug( debug_level,
 						   "TLS: Warning: ignoring error for certificate [%s] - error %ld:%s.\n",
-- 
1.7.10.4
fix: TLS error messages overwriting in tlsm_verify_cert() Resolves: #810462 2012-06-27 11:36:51 +00:00			`MozNSS: do not overwrite error in tlsm_verify_cert`

			`Author: Jan Vcelak <jvcelak@redhat.com>`
			`Resolves: #810462`
			`Upstream ITS: #7287`
			`Upstream commit: dc3842fca318f00da20a8be1cfb5d690ccc7d482`

			`diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c`
			`index b608551..4c18360 100644`
			`--- a/libraries/libldap/tls_m.c`
			`+++ b/libraries/libldap/tls_m.c`
			`@@ -1019,6 +1019,10 @@ tlsm_verify_cert(CERTCertDBHandle handle, CERTCertificate cert, void *pinarg,`
			`is self issued */`
			`if ( ( node->error == SEC_ERROR_CA_CERT_INVALID ) &&`
			`tlsm_cert_is_self_issued( node->cert ) ) {`
			`+`
			`+ PRErrorCode orig_error = PR_GetError();`
			`+ PRInt32 orig_oserror = PR_GetOSError();`
			`+`
			`CERTBasicConstraints basicConstraint;`
			`SECStatus rv = tlsm_get_basic_constraint_extension( node->cert, &basicConstraint );`
			`if ( ( rv == SECSuccess ) && ( basicConstraint.isCA == PR_FALSE ) ) {`
			`@@ -1032,6 +1036,9 @@ tlsm_verify_cert(CERTCertDBHandle handle, CERTCertificate cert, void *pinarg,`
			`"TLS: certificate [%s] is not valid - CA cert is not valid\n",`
			`name, 0, 0 );`
			`}`
			`+`
			`+ PR_SetError(orig_error, orig_oserror);`
			`+`
			`} else if ( errorToIgnore && ( node->error == errorToIgnore ) ) {`
			`Debug( debug_level,`
			`"TLS: Warning: ignoring error for certificate [%s] - error %ld:%s.\n",`
			`--`
			`1.7.10.4`