diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-05 17:36:27 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-05 17:36:27 +0000 |
| commit | b1ade49d8e06ff9044f7a9973793c1bc35a75ccd (patch) | |
| tree | f431fda8e5983ae8683c27304b2faa93c8a21c06 /net/base | |
| parent | 90b721e6713f6429a24fe03d4f0dbab588f7dc46 (diff) | |
| download | chromium_src-b1ade49d8e06ff9044f7a9973793c1bc35a75ccd.zip chromium_src-b1ade49d8e06ff9044f7a9973793c1bc35a75ccd.tar.gz chromium_src-b1ade49d8e06ff9044f7a9973793c1bc35a75ccd.tar.bz2 | |
Our HTTP client callback functions for NSS must set an NSS/NSPR error
code on failure to prevent NSS from using a residual error code from
an earlier, unrelated failure.
When we retry CERT_PKIXVerifyCert with AIA certificate fetch enabled,
handle two more error codes that may be set by the AIA certificate
fetch code on failure.
R=eroman,ukai
BUG=33126,36371
TEST=Visit https://student-partners.com/default.aspx. We should get
the certificate not trusted error page rather than net::ERR_FAILED.
Review URL: http://codereview.chromium.org/1600009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43624 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 6255f85..976435d 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -462,6 +462,8 @@ SECStatus RetryPKIXVerifyCertWithWorkarounds( int new_nss_error = PORT_GetError(); if (new_nss_error == SEC_ERROR_INVALID_ARGS || new_nss_error == SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE || + new_nss_error == SEC_ERROR_BAD_HTTP_RESPONSE || + new_nss_error == SEC_ERROR_BAD_LDAP_RESPONSE || !IS_SEC_ERROR(new_nss_error)) { // Use the original error code because of cert_pi_useAIACertFetch's // bad error reporting. |