diff options
author | jpierre%netscape.com <devnull@localhost> | 2003-09-30 01:18:55 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2003-09-30 01:18:55 +0000 |
commit | cfe289bb6c40451d87ee0afc1728c73d714dfaa5 (patch) | |
tree | e825973ca503a24d29059a6247362dfd671cd9d4 | |
parent | fb7c8672ff324d7348ef90b0b235ba7ab30203fd (diff) | |
download | nss-hg-cfe289bb6c40451d87ee0afc1728c73d714dfaa5.tar.gz |
Fix for bug 94413 - OCSP needs more fine tuned error messages. r=wtc
-rw-r--r-- | security/nss/cmd/lib/SECerrs.h | 3 | ||||
-rw-r--r-- | security/nss/lib/certhigh/ocsp.c | 4 | ||||
-rw-r--r-- | security/nss/lib/util/secerr.h | 3 |
3 files changed, 8 insertions, 2 deletions
diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h index e566e3983..218d43be1 100644 --- a/security/nss/cmd/lib/SECerrs.h +++ b/security/nss/cmd/lib/SECerrs.h @@ -474,3 +474,6 @@ ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), "Unrecognized Object IDentifier.") + +ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), +"Invalid OCSP signing certificate in OCSP response.") diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 909b0ad5d..a705b26aa 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -2478,8 +2478,10 @@ ocsp_CheckSignature(ocspSignature *signature, void *tbs, */ rv = CERT_VerifyCert(handle, signerCert, PR_TRUE, certUsage, checkTime, pwArg, NULL); - if (rv != SECSuccess) + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT); goto finish; + } /* * Now get the public key from the signer's certificate; we need diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index e69449e7f..d1bb335fc 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -189,7 +189,8 @@ SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140), /* error codes used by elliptic curve code */ SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), -SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143) +SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), +SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144) } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ |