diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-21 19:27:36 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-21 19:27:36 +0000 |
| commit | 52f3fad3ed3ad8ccca2026dc253474bb531737d7 (patch) | |
| tree | c6c8e917a16396e1f88628b4caf08e34f3f9619f /net/base | |
| parent | 01fd08314ba10fc4c79666d2c2b66dcba51d15ee (diff) | |
| download | chromium_src-52f3fad3ed3ad8ccca2026dc253474bb531737d7.zip chromium_src-52f3fad3ed3ad8ccca2026dc253474bb531737d7.tar.gz chromium_src-52f3fad3ed3ad8ccca2026dc253474bb531737d7.tar.bz2 | |
Don't use NSS databases for non-essential purposes, such as remembering
the intermediate CA certificates we see, because NSS's connections to the
SQLite databases go bad if the file system where the databases reside is
gone, even just transiently.
Add the hostname to the error log message for CERT_PKIXVerifyCert failure.
R=eroman,ukai
BUG=15630
TEST=existing unit tests should pass.
Review URL: http://codereview.chromium.org/214028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26714 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index a018dc0..9b63b1e 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -543,7 +543,8 @@ int X509Certificate::Verify(const std::string& hostname, status = PKIXVerifyCert(cert_handle_, NULL, 0, cvout); if (status != SECSuccess) { int err = PORT_GetError(); - LOG(ERROR) << "CERT_PKIXVerifyCert failed err=" << err; + LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname + << " failed err=" << err; // CERT_PKIXVerifyCert rerports the wrong error code for // expired certificates (NSS bug 491174) if (err == SEC_ERROR_CERT_NOT_VALID && |